Cloud Security Alliance

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

Explores LPCI, a new security vulnerability in agentic AI, its lifecycle, attack methods, and proposed defenses.
Cloud Security Alliance

Certificate of Cloud Security Knowledge (CCSK)

The CCSK certificate is highly regarded as the benchmark for cloud security expertise. It provides a comprehensive and unbiased understanding of how to effectively secure data in the cloud. Earning ...
Cloud Security Alliance

Bridging the Gap Between Cloud Security Controls and Adversary Behaviors: A CSA–MITRE CTID Collaboration

As the cloud threat landscape evolves, so too must the methodologies we use to defend against it. By bridging the gap between threat frameworks (MITRE ATT&CK) and control frameworks (CSA CCM), this ...
Cloud Security Alliance

Non-Human Identity Governance: Why IGA Falls Short

Explains why traditional IGA fails for non-human identities and outlines continuous, context-driven governance for AI agents ...
Cloud Security Alliance

Securing Autonomous AI Agents

Stay connected with the cloud security community by attending local events, workshops, and global CSA conferences. Engage with industry leaders, gain new insights, and build valuable professional ...
Cloud Security Alliance

The Agentic Trust Framework: Zero Trust Governance for AI Agents

Written by Josh Woodruff, Founder and CEO, MassiveScale.AI. This blog post presents the Agentic Trust Framework (ATF), an open governance specification designed specifically for the unique challenges ...
Cloud Security Alliance

Why DNS TXT Records Deserve Governance in Security Programs

DNS TXT records play a critical role in modern cloud environments. They underpin email authentication, domain ownership verification, SaaS onboarding, and even security tooling integrations. Despite ...