https://arnaudwiehe.com Cybersecurity executive, author, and international speaker specializing in AI, emerging technologies, and digital risk. en Thu, 04 Jun 2026 00:00:00 GMT https://arnaudwiehe.com/articles/ai-agent-debt/ https://arnaudwiehe.com/articles/ai-agent-debt/ Tue, 02 Jun 2026 00:00:00 GMT AI agent debt is the accumulation of abandoned, forgotten, or ungoverned AI agents that continue running with access nobody remembers granting and ownership nobody can identify. Organisations are deploying agents faster than they can govern them, and the lifecycle conversation has barely started. AI Governance https://arnaudwiehe.com/articles/ai-induced-misconfiguration/ https://arnaudwiehe.com/articles/ai-induced-misconfiguration/ Sun, 03 May 2026 00:00:00 GMT Between March 31 and April 8, 2026, Palo Alto Networks Unit 42 published three separate research reports on AI agent security. Together they paint a clear picture: the near-term AI risk is not that models will produce bad content. It is that organizations will deploy AI-enabled systems with unsafe permissions, weak defaults, and incomplete controls. AI Security https://arnaudwiehe.com/articles/agent-governance-kill-switch/ https://arnaudwiehe.com/articles/agent-governance-kill-switch/ Sun, 03 May 2026 00:00:00 GMT In March 2026, Meta experienced a SEV1 security incident caused by an AI agent. The agent gave flawed technical advice on an internal forum. An engineer acted on that advice, and sensitive company and user data became accessible to unauthorized employees for nearly two hours. The failure was not just a hallucination — it was a chain of trust without verification. AI Governance https://arnaudwiehe.com/articles/ai-governance-is-about-visibility/ https://arnaudwiehe.com/articles/ai-governance-is-about-visibility/ Sat, 02 May 2026 00:00:00 GMT Most organizations do not have an AI governance problem because they lack ambition. They have a governance problem because they lack visibility. The first move is practical: find the AI usage, classify it, assign an owner, assess the risk, and keep the register alive. This article draws from Chapter 1 of my AI Governance Guide and outlines the six-step AI Inventory Audit every organization should complete. AI Governance https://arnaudwiehe.com/articles/vulnerability-timeline-compression-hero/ https://arnaudwiehe.com/articles/vulnerability-timeline-compression-hero/ Fri, 01 May 2026 00:00:00 GMT On April 14, 2026, Cloudflare published a framing of agents as non-human identity problems — exactly the right way to think about them. The industry is converging on a runtime-first defense model. Your vendor questionnaire should be updated to reflect this. AI Security https://arnaudwiehe.com/articles/prompt-injection-runtime-controls/ https://arnaudwiehe.com/articles/prompt-injection-runtime-controls/ Sat, 02 May 2026 00:00:00 GMT Google's field data shows a 32% increase in prompt injection attacks in a single quarter. Two research papers, published the same day, converge on the same architecture: runtime controls, not better prompts, are the correct defense. Here's why your AI governance committee can't stop prompt injection — and what can. AI Security https://arnaudwiehe.com/articles/future-crimes/ https://arnaudwiehe.com/articles/future-crimes/ Sat, 02 May 2026 00:00:00 GMT The most dangerous cyber threat isn't a new zero-day. It's a target shift. For thirty years, cybersecurity was built around keeping bad actors out. The next wave of crime is about taking control of the systems we already trust — cars, homes, hospitals, satellites, and AI agents. Cybersecurity https://arnaudwiehe.com/articles/ai-vendor-questionnaire-obsolete/ https://arnaudwiehe.com/articles/ai-vendor-questionnaire-obsolete/ Sat, 02 May 2026 00:00:00 GMT GlassWorm's 73 sleeper extensions, elementary-data's CI/CD pipeline hijack, and Cloudflare's non-human identity reframe all point to the same conclusion: your AI vendor questionnaire is asking about 2023 risks. Here are the questions you should be asking in 2026. AI Governance https://arnaudwiehe.com/articles/mcp-security-new-attack-surface/ https://arnaudwiehe.com/articles/mcp-security-new-attack-surface/ Mon, 27 Apr 2026 00:00:00 GMT MCP is becoming a critical dependency layer for AI systems. The real question is no longer what the model can do — it is what it can reach. AI Security https://arnaudwiehe.com/articles/ai-security-2026/ https://arnaudwiehe.com/articles/ai-security-2026/ Wed, 22 Apr 2026 00:00:00 GMT AI Security in 2026: The shift from model intelligence to connected autonomy, tool use, and containment. AI Security https://arnaudwiehe.com/articles/trusted-feature-breach/ https://arnaudwiehe.com/articles/trusted-feature-breach/ Thu, 16 Apr 2026 00:00:00 GMT Many future AI incidents may not start with attackers breaking in. They may start with trusted features doing exactly what they were allowed to do, inside workflows that were never governed tightly enough. AI Governance https://arnaudwiehe.com/articles/board-oversight-operating-model/ https://arnaudwiehe.com/articles/board-oversight-operating-model/ Sun, 12 Apr 2026 00:00:00 GMT AI has clearly entered the boardroom. Directors are asking harder questions. Regulators are raising obligations. Audit and risk committees increasingly want to know where AI is used, who is accountable, and what could go wrong. That is progress. But in many organizations, the visible maturity is still misleading. The board deck looks polished. The principles sound sensible. The policy exists. The steering committee has been announced. And underneath that, the operating model is still missing. Article https://arnaudwiehe.com/articles/the-ai-agent-problem/ https://arnaudwiehe.com/articles/the-ai-agent-problem/ Fri, 10 Apr 2026 00:00:00 GMT Enterprise leaders say they expect a major AI agent security incident within the next year, but most still lack the governance, visibility, and accountability needed to manage that risk. Article https://arnaudwiehe.com/articles/ncsc-vibe-coding-safeguards/ https://arnaudwiehe.com/articles/ncsc-vibe-coding-safeguards/ Wed, 08 Apr 2026 00:00:00 GMT The NCSC's clear signal to security leaders: AI-generated "vibe coding" is inevitable. The question isn't whether to adopt it, but how to control it before it scales insecurity across your organization. Article https://arnaudwiehe.com/articles/ai-governance-journey/ https://arnaudwiehe.com/articles/ai-governance-journey/ Tue, 07 Apr 2026 00:00:00 GMT Stop treating AI governance like a spreadsheet exercise. Framework implementation is not a checklist—it is a transformation journey. And increasingly, it is a competitive differentiator. Article https://arnaudwiehe.com/articles/iso-42001-compliance-final/ https://arnaudwiehe.com/articles/iso-42001-compliance-final/ Sat, 04 Apr 2026 00:00:00 GMT In December 2023, ISO/IEC 42001 became the world’s first certifiable AI management system standard. Here’s what it requires, how it relates to the EU AI Act and NIST AI RMF, and what boards should ask before pursuing certification. ai-governance https://arnaudwiehe.com/articles/owasp-top-10-agentic-ai/ https://arnaudwiehe.com/articles/owasp-top-10-agentic-ai/ Wed, 01 Apr 2026 00:00:00 GMT OWASP’s Top 10 for Agentic Applications is one of the clearest early frameworks for understanding how autonomous AI systems change the cybersecurity risk landscape. Here is why it matters for security leaders now. ai-security https://arnaudwiehe.com/articles/shadow-ai-guide-2026/ https://arnaudwiehe.com/articles/shadow-ai-guide-2026/ Wed, 25 Mar 2026 00:00:00 GMT In 2023, Samsung employees inadvertently uploaded sensitive information to ChatGPT—becoming the most cited example of shadow AI. With 28% of employees now using unapproved AI tools at work, organizations need a Shadow AI Discovery and Response Programme. The EU AI Act now imposes fines up to €15 million for deploying high-risk AI without proper governance. ai-governance https://arnaudwiehe.com/articles/boards-cyber-agenda-2026/ https://arnaudwiehe.com/articles/boards-cyber-agenda-2026/ Wed, 25 Mar 2026 00:00:00 GMT Something fundamental shifted in how boards must approach cybersecurity. Directors are now expected to understand cyber as a business resilience issue, a fiduciary responsibility, and increasingly, a personal liability concern. Here are the five questions that should now be standard in every boardroom. board-governance https://arnaudwiehe.com/articles/ai-governance-cybersecurity/ https://arnaudwiehe.com/articles/ai-governance-cybersecurity/ Wed, 25 Mar 2026 00:00:00 GMT The good news is that effective AI governance does not require inventing entirely new frameworks. Organizations that have built robust cybersecurity governance already have the foundation. The challenge is extending those structures to address AI's unique risks. ai-governance https://arnaudwiehe.com/articles/year-of-autonomous-agents/ https://arnaudwiehe.com/articles/year-of-autonomous-agents/ Sun, 22 Mar 2026 00:00:00 GMT Autonomous agents change the security model fundamentally. Why 2026 feels like an inflection point for AI governance, accountability, and agent security. ai-governance https://arnaudwiehe.com/articles/openclaw-security-crisis-5-cves-2026/ https://arnaudwiehe.com/articles/openclaw-security-crisis-5-cves-2026/ Fri, 20 Mar 2026 00:00:00 GMT The shift to agentic computing has begun, but security is still DIY. This week, five new vulnerabilities dropped for OpenClaw — five ways your AI agent can be turned against you. Just like early web commerce needed SSL and fraud protection to become mainstream, AI agents need security to achieve widespread adoption. Here's why early adopters must roll their own security — and what that means for leaders deploying OpenClaw today. cybersecurity https://arnaudwiehe.com/articles/openclaw-security-best-practices/ https://arnaudwiehe.com/articles/openclaw-security-best-practices/ Wed, 18 Mar 2026 00:00:00 GMT Practical security best practices for OpenClaw deployments. Learn how to harden your AI agent setup with actionable tips for credentials, network security, and configuration management. cybersecurity https://arnaudwiehe.com/articles/rise-of-openclaw/ https://arnaudwiehe.com/articles/rise-of-openclaw/ Mon, 16 Mar 2026 00:00:00 GMT OpenClaw is the fastest-growing AI agent framework. Here's why developers are flocking to it and what it means for the future of work, automation, and human-AI collaboration. industry-trends