You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
risk management
About this tag
Risk management on WindowsForum covers the governance, auditing, and transfer of risk in enterprise AI deployments, including insurance for autonomous agents, governed retrieval-augmented generation (RAG) for field engineers, and platforms for cataloguing and risk-ranking AI models. Topics also include practical governance steps for accounting firms, limited government AI guidance, credentialing frameworks for AI systems, and unified security dashboards for monitoring AI risk across Microsoft Defender, Entra, and Purview. A software vulnerability (CVE-2021-32292) illustrates technical risk from stack overflows. Recurring themes are visibility, audit trails, and balancing AI speed with liability.
AI insurance is emerging in 2026 because cheaper inference, larger agent deployments, and explicit generative-AI exclusions in commercial policies are pushing enterprises toward software that can govern, audit, and transfer the risk of autonomous AI actions. The pitch is not that every...
Spyglass MTG and FM have deployed a Microsoft Azure-based AI engineering knowledge platform, announced in early June 2026 and recently profiled by Microsoft, to give more than 1,500 FM field engineers faster access to the insurer’s technical standards and risk guidance. The headline is not that...
SAS is moving deeper into the AI governance market with SAS AI Navigator, a standalone SaaS platform designed to help enterprises discover, catalogue, and govern the growing sprawl of AI models, agents, and large language model use cases across the business. Announced at SAS Innovate 2026, the...
Every firm that expects to survive—and thrive—in 2026 must pair an AI ambition with a concrete governance plan: the productivity upside of generative AI is real, but so are the legal, ethical and operational risks if organisations treat AI as a feature switch rather than a managed capability...
The handful of short stories claiming "the U.S. Senate has approved ChatGPT, Gemini and Microsoft Copilot for government operations" capture a headline-ready idea — but they flatten a careful, conditional rollout into a blanket endorsement that never happened. The accurate, verifiable record...
PressReader's recent republication of a Santa Fe New Mexican piece framing the idea of a “driver’s license for AI” has crystallized a deceptively simple question into a policy battleground: what would it mean — technically, legally, and socially — to credential artificial intelligence systems or...
Microsoft’s new Security Dashboard for AI arrives as a pragmatic — and urgently needed — response to a problem CISOs have been warning about for months: enterprise AI is proliferating faster than governance, and visibility is the first line of defense when human oversight can’t scale. Announced...
The json-c library’s long‑running reputation for light‑weight JSON parsing took a sharp turn in 2023 when a stack‑buffer‑overflow in the auxiliary sample program json_parse was assigned CVE‑2021‑32292 — a defect that can be triggered by crafted input to the parseit() function and which, in...
Microsoft’s decision to expand the Secure Development Lifecycle into a dedicated SDL for AI marks a pivotal moment in how enterprises should think about security for generative systems, agents, and model-driven pipelines — and it deserves close attention from every security leader wrestling with...
Microsoft’s decision to stop routine security updates for Windows 10 on October 14, 2025 left millions of machines facing a clear decision: upgrade, pay for a limited Extended Security Updates (ESU) bridge, migrate to another OS, or accept increasing risk — and a growing number of users and...
Microsoft’s choice to label CVE-2026-20950 an Excel “Remote Code Execution” vulnerability while publishing a CVSS vector with Attack Vector = Local (AV:L) is deliberate, not a classification error: the CVE title signals the attacker’s origin and the potential operational impact, whereas the CVSS...
When Microsoft set a hard end-of-support date for mainstream Windows 10 on October 14, 2025, many IT teams reacted as if every Windows 10 machine suddenly became a ticking cybersecurity time bomb—but for operational technology (OT) environments the reality has always been more nuanced, and the...
Microsoft’s Copilot Usage Report 2025 is not a sleepy vendor marketing brief — it is a practical intelligence report that forces corporate compliance teams to rethink the scope, scale, and style of AI risk they manage. By analyzing 37.5 million de-identified Copilot conversations, Microsoft and...
Microsoft’s long-running safety net for Windows 10 — the monthly security updates that quietly fixed the most dangerous bugs — has been withdrawn, and that shift changes the risk calculus for millions of PCs and the organisations that rely on them. The headline is simple: Windows 10 no longer...
The cybersecurity community has reached a rare, consensus-sounding alarm: AI-powered browsers — the new generation of agentic, LLM-driven web clients — introduce a novel attack surface that many organizations should treat as unacceptable risk today, with leading advisory firms and government...
The debate over whether, when and how to "pull the plug" on artificial intelligence has moved from philosophy seminars into courtrooms, regulator briefings and boardrooms — and the practical answer being argued by lawyers, technologists and regulators is emphatically not a single moment of...
A new public database that catalogs instances of AI “hallucinations” in court filings has quickly become a central reference point for judges, ethics committees, and tech teams wrestling with how to use large language models (LLMs) safely in legal workflows — and early entries show that...
The Louvre’s security humiliation—reports that a surveillance server could be accessed with the password “LOUVRE”—has turned a sensational daytime robbery of the Galerie d’Apollon into a wider institutional reckoning over museum cybersecurity, procurement failures and the real-world consequences...
The October robbery at the Louvre that stripped the Galerie d'Apollon of eight pieces of the French Crown Jewels — an audacious daylight heist carried out in under eight minutes — has produced an almost surreal postscript: according to investigative reporting, the museum's video-surveillance...
The Louvre’s security collapse reads like a cautionary tale written for IT teams: a daylight heist that lasted under eight minutes exposed not only a physical breach of priceless objects but decades of deferred cybersecurity maintenance, trivial credential hygiene, and unsupported vendor...