Blog

Supercharge Your AI Data Governance with Riscosity’s F5 BIG-IP SSL Orchestrator Integration

When AI Agents Leak

AI agents are easier to build than ever. With platforms like n8n for workflow automation and LangChain for intelligent orchestration, anyone with moderate technical skill can spin up agents that connect communication apps, ticketing systems, and databases. This democratization is powerful—but it carries a dangerous side effect: AI agents can unknowingly shuttle sensitive data across systems, creating silent data leaks that compliance teams never see.

Illuminate AI Adoption with AIBOMS

AI rarely arrives as a single platform. It appears inside tools already in use: a chat feature in a CRM, a meeting‑summary plug‑in, an agent that files tickets, or a few SDK pilots run by engineering teams. Each may touch sensitive data and send it elsewhere. When it isn’t clear what these AI tools handle, where data goes, and under what terms, visibility and risk assessment suffer.

AI Agents Complicate GRC

Artificial intelligence is rapidly embedding itself into enterprise workflows. From marketing automation to code generation, “AI agents” are proliferating across organizations—often outside of IT’s oversight. While these tools accelerate productivity, they create a blind spot that makes compliance with frameworks like SOC 2, ISO 27001, and FedRAMP dramatically harder.

DOJ’s Sensitive Data Rule - Analyzed!

The Department of Justice’s new Sensitive Data Rule marks one of the most significant shifts in federal compliance and national security oversight in recent years. Designed to curb the risk of sensitive personal, corporate, and national security information flowing into the hands of foreign adversaries, the rule dramatically expands obligations for businesses that handle—or indirectly expose—protected data.

COPPA Compliance - Now!

Introducing the Riscosity AI Firewall

What’s new in Riscosity: August 2025

Check out Riscosity's recent product updates!

Announcing Secure Data Exchange for Agentic AI

One of the latest AI innovations that everyone is talking about is agentic AI, which can be leveraged to automate tasks and drive innovation like never before. Despite being a relatively new concept, agentic AI is already being adopted at a record pace.

Riscosity Launches The DFPM Trust Center

Compliance is more than a checkbox today, in fact it is a core expectation from enterprise customers, auditors, and regulators. As organizations increasingly rely on software vendors to manage sensitive data, automate workflows, and secure digital infrastructure, one thing becomes clear: software companies must be able to demonstrate that they meet relevant compliance standards. Failing to do so not only risks losing business but also undermines trust at a time when security and transparency are paramount.

The Future is Now with Intelligent DLP

Identifying sensitive data accurately is critical for security teams. In this post, we explore how Riscosity’s Intelligent DLP improves on traditional detection methods to reduce false positives and save time.

Riscosity’s Approach to Managing Dependencies

One of Riscosity's goals is to discover and provide visibility of third party vendors that organizations use. In this spirit, we strive to make sure that the dependencies related to Riscosity aren’t inherently risky or have security vulnerabilities that would increase the risk of a data breach.

How We Support Enterprise Adoption of MCP, A2A, and AI Integrations

At Riscosity, we use our own software. It’s the best way to know what our customers experience. With all the announcements and excitement around new ways to extend AI functionality, we found the best way to understand the hype was to build our own MCP server. The outcome of our experiment was a success and we're happy to announce that now any of our customers can use our Model Context Protocol (MCP) server to query their Riscosity data!

Riscosity Partner Program

Riscosity is thrilled to announce our official Riscosity Partner Program. Together with our partners, we are revolutionizing the discovery and protection of data in motion.

What’s new in Riscosity: April 2025

Check out Riscosity's recent product updates!

What’s new in Riscosity: March 2025

Check out Riscosity's recent product updates!

What’s new in Riscosity: February 2025

Check out Riscosity's recent product updates!

Where the Shadows Lie

Shadow, APIs, AI, IT, Data… There's a lot of risk lurking in the shadows. Shadow technology can lead to data exposure, vulnerabilities, compliance risks, and plain old inefficiencies if not properly dealt with. Organizations rightfully want to get on top of the problem and are seeking help.

How DFPM Protects Data in the Age of GenAI

Welcome the third and final article in our AI Series. Today, we’ll break down how Data Flow Posture Management (DFPM) solutions like Riscosity pick up where the legacy landscape leaves off.

Automating Data Privacy Confidence with a PIA

Manual PII inventory for PIAs is error-prone and outdated. In this blog, we explore how automation enhances accuracy, saves time, and strengthens compliance, ensuring organizations stay audit-ready.

Why The Legacy Tool Landscape Falls Short For GenAI

Secure adoption of AI tools is an imperative. The legacy landscape is unfortunately not well suited for the challenge. In Part II of our AI Series, we break down the legacy options for protecting data and discuss their strengths and weaknesses.

How AI complicates GDPR, DPDP, PDPL, and CPRA Compliance

As enterprises rapidly adopt Artificial Intelligence (AI) to drive efficiency, innovation, and personalization, they face an escalating challenge: navigating the intricate requirements of data protection regulations like the General Data Protection Regulation (GDPR), Digital Personal Data Protection Act (DPDP), Personal Data Protection Law (PDPL), and California Privacy Rights Act (CPRA). These frameworks, designed to safeguard data privacy and security, are becoming harder to comply with as AI systems proliferate, processing vast amounts of sensitive data in ways that often defy traditional governance models.

The User Personas of Riscosity

User Personas are at the foundation of how we think about tackling the problems that Riscosity addresses for our customers. In order to truly understand the unmet needs a product can address and how to effectively design a solution to a problem that a user is having, it is critical to constantly refine our understanding of who our users are. In order to create effective User Personas, we have taken the time to understand our users’ roles at their organizations, their challenges, their motivations, and how Riscosity fits into all of that.

Delivering Effective Customer Notifications

I recently had the opportunity to speak at an event about crafting customer notifications. The audience was largely security practitioners but my core message was about preparing our customer facing teams for the unfortunately all too common event of a data breach. As security practitioners we often spend time in a security bubble and take for granted a certain level of knowledge and understanding of process but we should also spend time thinking about how the rest of our organization will operate during a data breach.

Securing Data Flows into Your Cloud Data Warehouse

For Chief Data Officers (CDOs) and their teams, the cloud has revolutionized data warehousing and analytics. Platforms like Snowflake, Databricks, BigQuery, and Redshift offer unprecedented scalability and flexibility. But this increased agility also introduces new privacy risks, especially when sensitive data is on the move. We explore these challenges and how a data flow security platform like Riscosity can provide a critical layer of governance.

A Practical Guide to Enterprise AI for Business Leaders

Artificial intelligence is no longer a futuristic concept; it's a present-day reality impacting every facet of business. This guide provides actionable insights for business leaders already familiar with enterprise AI, focusing on strategic implementation and practical considerations. We'll move beyond the hype and delve into how you can effectively leverage AI to drive tangible business value. We’ll follow up with Parts II and III, delving deeper into how to secure enterprise AI no matter how you leverage it.

Ranking Regulatory Frameworks

In an era where data is the backbone of digital transformation, regulatory frameworks have emerged to enforce stringent standards on data security, privacy, and governance. These regulations compel organizations to adopt best practices for handling sensitive information, often imposing heavy penalties for non-compliance. However, these frameworks vary in complexity, scope, and enforcement, making some more challenging to comply with than others. Here’s an analysis of key IT and security regulatory frameworks ranked by the difficulty of compliance.

Strategies and Tradeoffs when Running AI Models on Lean Resources

The rapid adoption of artificial intelligence (AI) models across industries has driven a parallel increase in demand for computing resources. While AI training and inference often require powerful hardware, many organizations and individuals cannot afford top-tier infrastructure. The good news is that with careful planning and optimization, AI models can be run on lean resources, balancing cost, performance, and utility.

David Schlesinger: Why I Joined Riscosity

Exploiting vulnerabilities in third-party vendors is one of the most popular attack vectors. It’s a problem I became all too familiar with in my previous roles and one for which I evaluated many solutions. I was really impressed by how the team at Riscosity developed a no-code, no-agent solution for securing data in transit and gaining complete vendor visibility.

What’s new in Riscosity: January 2025

Check out Riscosity's recent product updates!

Why Traditional DLP Fails on Data At Rest

As organizations grapple with the challenge of safeguarding sensitive data, traditional Data Loss Prevention (DLP) solutions often rely on regular expressions (regex) to classify and identify potential issues. While regex-based solutions can be useful in narrow, controlled contexts, they fail to scale effectively in environments with vast amounts of unstructured or semi-structured data. This article explores the inherent limitations of regex-based DLP, provides examples of its shortcomings, and argues that focusing on data in motion with AI-enhanced classification offers a more practical and scalable solution.

The Life of Pi - Privacy Leaders and Their Everyday

This article details the various markers that Chief Data Privacy Officers, Chief Privacy Officers and Chief Data Officers look for on a day-to-day basis to set success metrics. We discuss how these leaders formulate strategies and how privacy can be simplified with the right processes and support in place.

Why I Joined Riscosity and the Future of Data Security/Privacy

As an experienced Product Leader, critical decisions are a part of my everyday work-life that involve a complex set of criteria. When I recently decided to join Riscosity as the Lead Product Manager, I treated the opportunity as I would any other critical decision. I thought I would explain why I chose to join Riscosity and what the future holds for data security/privacy.

Meeting the Mandate - Analyzing the Cybersecurity Executive Order for Government Agencies

The Jan 16th Executive Order on Strengthening and Promoting Innovation in the Nation's Cybersecurity represents a watershed moment in the United States' approach to digital security. This directive, issued by the White House, establishes a series of comprehensive requirements designed to fortify the nation's cyber defenses across both the public and private sectors. This analysis provides government agencies with a detailed understanding of the order's key provisions.

Salt Typhoon, The Shadow in the Digital Storm

Salt Typhoon is the moniker given to a sophisticated cyber-espionage group believed to operate with nation-state backing. Known for their highly targeted attacks on telecommunications companies, they aim to steal sensitive data, disrupt communications, and exploit vulnerabilities in digital infrastructure. Over the past few years, Salt Typhoon has become a stark reminder of the necessity for robust cybersecurity measures, particularly in industries that serve as the backbone of modern communication.

Why CASB Solutions Are Unsuitable for Detecting AI Usage in Organizations

Cloud Access Security Brokers (CASBs) are essential tools for many enterprises, acting as intermediaries between users and cloud services to provide visibility, enforce security policies, and ensure compliance. While CASBs excel at managing traditional SaaS (Software-as-a-Service) applications, they fall short when it comes to detecting and managing the use of AI tools within an organization.

The Complexities of AI for Privacy and Compliance Officers

Artificial Intelligence (AI) is transforming enterprises, offering new capabilities in customer engagement, analytics, and decision-making. However, for Chief Privacy Officers (CPOs) and compliance teams, the rapid adoption of AI has introduced significant challenges in maintaining data privacy, ensuring compliance, and upholding governance standards. This article explores the specific challenges AI introduces for privacy and compliance officers, the types of data exchanged with AI tools, and how AI changes reporting and governance requirements. It also highlights why data flow posture management solutions are essential for mitigating these risks.

Decoding Hugging Face Model Metrics: A Guide to Understanding and Interpreting Parameters

Hugging Face is a leading hub for AI models, offering pre-trained solutions for tasks such as text generation, translation, and classification. Each model on Hugging Face comes with detailed metrics and parameters that users must understand to make informed decisions. In this article, we break down key metrics and terms, explain how to interpret benchmark performance, and provide guidance on estimating operational costs with an example using AWS EC2 pricing.

Understanding ROPA: Who, What, Why?

The Record of Processing Activities (ROPA) is a cornerstone of modern data protection and privacy compliance. Mandated by regulations such as the EU’s General Data Protection Regulation (GDPR) and other global data protection laws, ROPA serves as an organizational map of data processing activities. It details what data is processed, for what purpose, where it is stored, who it is shared with, and for how long it is retained. In essence, a ROPA is the living documentation of an organization’s data ecosystem.

The HIPAA to HISAA transformation

This article talks about HISAA, the next iteration of the well known HIPAA - the law the protects patient information in the hands of healthcare providers and more. We discuss what are the proposed upcoming changes and how they affect the patient and healthcare providers.

Understanding Operational Technology (OT) and Its Security Challenges

Operational Technology (OT) refers to the hardware and software used to monitor and control industrial processes, physical devices, and infrastructure. OT systems are prevalent in industries like manufacturing, energy, transportation, and utilities, where they manage critical functions such as assembly lines, power distribution, and rail network operations. Unlike traditional IT systems, OT systems prioritize availability and reliability over all else, given their role in maintaining critical infrastructure.

DPDP, India’s Privacy Law

This article talks about the main privacy protection law in India, The DPDP. We discuss what are the main points that CIOs, CPOs, CDOs need to keep in mind and what are some strategies to succeed without stumbling along the way.

LLMs - The what, why and how

Large Language Models (LLMs) have revolutionized fields like natural language processing (NLP), powering applications from chatbots to automated content creation. But what exactly goes into creating these models? Why do they sometimes generate incorrect or fabricated responses (hallucinations)? And how can you build your own LLM using an AWS instance? Let’s dive into the mechanics of LLMs, the data and methods used to train them, and practical steps to develop one.

Cyber Insurance Premiums: and Data Security

Cyber insurance is no longer a luxury—it is an essential shield for companies facing increasing cyber threats. However, calculating premiums for cyber insurance is a complex process influenced by numerous variables. Among these, one of the most critical yet opaque factors is understanding and managing third-party data exchanges. This article explores the variables that cyber insurance underwriters use to determine premiums, provides concrete pricing examples, and builds a case for implementing Data Flow Posture Management (DFPM) to lower cyber insurance costs.

Riscosity and Microsoft Azure: A Powerful Partnership for Data Security

We're excited to announce that Riscosity is now available on the Microsoft Azure Marketplace! This partnership brings together Riscosity's cutting-edge data flow security platform with the vast reach and capabilities of Microsoft Azure, offering unparalleled benefits to organizations seeking to protect their sensitive data.

Challenges with Data Security Posture Management (DSPM)

In this article we list out the main concerns and challenges that companies face when evaluating and using DSPM products. We outline some potential solution strategies to effectively overcome these issues.

GDPR and CPRA: A Unified Call for Data Transparency and Accountability

In this article we discuss the two most privacy enteric laws that are very well known across our industry, GDPR and CPRA. We highlight the evolution of these laws and then dive deep into what it means from a security and privacy perspective.

Privacy Engineering is Dead

In this article we discuss what is privacy engineering, how it works in the current landscape of technology and compliance. We discuss the challenges being faced by customers using legacy privacy centric solutions and what they are demanding.

Securing Identities in Business Data Flows

In this article we discuss the problem of discovering and securing machine identities used in business data transactions.

Okta and Long Usernames

This article describes the Okta long username vulnerability and discusses what it is, who is affected, and what users can do to protect themselves against this issue.