Cyber Risk.

Threat intelligence, security assessments, and risk quantification for enterprise and private equity clients.

All Cyber Risk AI & Data M&A Due Diligence AI & Cybersecurity Professional Services AI in Practice Regulatory Compliance

Cyber Risk·6 min read

MCP Server Security: The Protocol Connecting AI Agents to Your Infrastructure

The Model Context Protocol connects AI agents to external tools. Real 2026 CVEs show the attack surface is already being exploited.

April 29, 2026Read

Cyber Risk·5 min read

What Risk Committees Need to Know About AI Coding Tools

AI coding tools are adopted team by team, below committee line of sight. Three questions separate oversight from assurance.

April 28, 2026Read

Cyber Risk·5 min read

From AI Principles to Proof of Control

Boards approved AI principles. The next 18 months are about proving those principles operate as controls. The gap is where regulatory risk sits.

April 23, 2026Read

Cyber Risk·7 min read

When Your Coding Copilot Installs Malware: Securing AI in the SDLC

RoguePilot, CamoLeak, and Comment-and-Control attacks prove AI coding tools are a live attack surface. A practical control set for development teams.

April 20, 2026Read

Cyber Risk·5 min read

Three Questions Boards Should Ask About AI Agents

Most boards hear the AI productivity pitch but not the identity, permission, and accountability model underneath. Three questions surface the gap.

April 17, 2026Read

Cyber Risk·5 min read

Three Convergence Points Reshaping Enterprise Security Intelligence

AI agents, data governance, and regulatory enforcement are converging into a single challenge. Treating them separately creates blind spots.

April 15, 2026Read

Cyber Risk·7 min read

You Cannot Secure AI Agents with Human-Era Identity Models

Machine identities will outnumber human identities in most enterprises this year. 78% have no formal policies for AI identity lifecycle management.

April 13, 2026Read

Cyber Risk·6 min read

The New Baseline: Why AI Changed What 'Secure Enough' Means

AI-assisted attack tools find vulnerabilities faster than organizations can patch. Framework compliance alone no longer defines adequate security.

April 9, 2026Read

Cyber Risk·7 min read

Project Glasswing and the New Baseline for Cybersecurity Assessment

Project Glasswing resets the baseline for cybersecurity assessment. When AI finds 27-year-old flaws, traditional assessment methodologies need to catch up.

April 8, 2026Read

Cyber Risk·8 min read

Claude Code Source Leak: When Your AI Vendor Becomes the Vulnerability

Anthropic shipped Claude Code's complete source in a routine npm update. With 41,500 forks and exposed feature flags, AI vendor risk needs rethinking.

April 2, 2026Read

Cyber Risk·8 min read

McKinsey Lilli Breach: Old Vulnerability, New AI Risk

A 1998-era SQL injection reportedly exposed McKinsey's AI platform Lilli. The vulnerability class is old. The consequences for enterprise AI are not.

March 11, 2026Read

Cybersecurity·5 min read

AI-Powered Cyber Attacks in 2026: What Boards and CFOs Need to Act On

AI-powered attacks and deepfake fraud are the defining threats of 2026. A plain-language briefing for boards and CFOs, with the 12 controls that change the risk profile.

February 11, 2026Read

Cyber Risk·6 min read

Cyber Insurance Underwriting: The Technical Assessment Gap

Document-only reviews miss up to 75% of material cyber risks. Technical validation gives underwriters 35-45% better loss ratios.

December 9, 2025Read