Cloud Security Alliance

The Visibility Gap in Autonomous AI Agents

Explores discovery and traceability gaps in autonomous AI agents, real-time registries, and identity governance across cloud ...
Cloud Security Alliance

Breaking Down the SOC 2 Trust Services Criteria: Privacy

Explore how privacy fits into the SOC 2 Trust Services Criteria, its components, challenges, and practical steps to build ...
Cloud Security Alliance

How CSA STAR Helps Cloud-First Organizations Tackle Modern Identity Security Risks

Explains how CSA STAR guides cloud-first organizations to manage identity risk, govern access, and continuously assure cloud ...
Cloud Security Alliance

Token Sprawl in the Age of AI

Explore how AI accelerates token sprawl, why legacy IAM struggles, and practical steps to shrink non-human identity risk.
Cloud Security Alliance

AI Security: IAM Delivered at Agent Velocity

AI agents expand the attack surface at machine speed. This article covers the Replit incident, consent fatigue, and runtime policy-based authorization.
Cloud Security Alliance

Why Zero Trust Needs to Start at the Session Layer

Explains why Zero Trust must start at the session layer, via NHP, to hide endpoints and reduce AI-driven attack surfaces.
Cloud Security Alliance

OpenClaw Threat Model: MAESTRO Framework Analysis

This document applies MAESTRO Framework (7-layer Agentic AI Threat Model) to the OpenClaw codebase, identifying specific threats at each layer and detailing mitigation strategies based on the actual ...
Cloud Security Alliance

Minimizing Permissions for Cloud Forensics: A Practical Guide to Tightening Access in the Cloud

Practical, security-first strategies to enable cloud forensics with least privilege, dedicated accounts, temporary credentials, and tag-based access.