Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data Governance vs. Data Security

Most organizations treat data security and data governance as parallel tracks managed by separate teams with separate tooling. Security owns the controls; governance owns the policies. The two programs rarely share a roadmap, and the gaps between them are where data risk actually lives. Governance without security enforcement leaves policy on paper. Security without governance context produces alerts without the underlying understanding of what the data is, who owns it, or why it matters.

How DSPM Improves Data Access Governance

Data access governance (DAG) is the set of policies, controls, and processes that determine who can access sensitive data, under what conditions, and with what level of oversight. For most organizations, the policies exist. What's harder to verify is whether those policies reflect the actual state of data across cloud storage, SaaS platforms, and data pipelines.

Your Sensitive Data Isn't in One Place Anymore - It's in 47 Copies

In this video, you will learn why locking down source systems like your CRM, HR database, and S3 buckets leaves your real risk surface exposed, how one regulated file fragments into CSV exports, screenshots, scripts, and AI prompts that shed their security context at every hop, and why both legacy DLP and traditional DSPM fail to act on these invisible derivatives. You will also learn how lineage-focused DSPM tracks the provenance of the data payload itself — every copy, paste, and save — so you can enforce policy on fragments instead of guessing from patterns.

GDPR Data Security: How DLP and DSPM Support Article 32 Compliance

Article 32 of the General Data Protection Regulation (GDPR) does not specify which tools to use, however it requires organizations to implement "appropriate technical and organisational measures" to protect personal data, proportionate to the risk. What that standard’s vague wording demands in practice is where most compliance programs run into trouble.

Shadow AI Is Not a People Problem. It's a Governance Problem

Most organizations responded to shadow AI the way they responded to shadow IT a decade ago: awareness campaigns, acceptable use policies, and training programs. The assumption was that if employees understood the risk, they would stop using unsanctioned tools. That approach did not work for shadow IT, and it won't work for shadow AI. The key difference is governance architecture.

The CIO's AI Security Checklist: 10 Questions Before Deploying Agents

You approved the AI tools. You funded the infrastructure. Now your teams want to deploy AI agents, and the ask sounds reasonable: automate the research workflow, connect the agent to the CRM, let it draft and send. The productivity case is clear. What is less clear is who owns the security exposure when that agent starts moving data across systems it was never explicitly authorized to touch. The answer, increasingly, is you.

Cyberhaven Selected for Anthropic's Cyber Verification Program to Advance Defensive AI Security Research

Anthropic has selected Cyberhaven for its Cyber Verification Program, an application-based program that supports legitimate defensive cybersecurity work involving advanced AI capabilities. The approval gives designated Cyberhaven teams access to advanced AI capabilities with fewer interruptions from default safeguards for certain high-risk, dual-use cybersecurity tasks, subject to Anthropic's applicable policies and program requirements.

Preventing IP Theft and Trade Secret Loss in Manufacturing

A manufacturer's most valuable assets rarely sit in a vault. They live in CAD files, chemical formulations, process parameters, supplier contracts, and tooling specifications that move every day between engineers, plants, partners, and contractors. That movement is what makes the business run, and it is also what makes trade secrets easy to lose. A departing engineer copies a design folder. A contractor forwards a spec sheet to a personal account.

AI Security for Autonomous Agents | Cyberhaven Product Launch (Part 1 of 4)

Autonomous AI agents are running on enterprise endpoints right now, accessing files, processing sensitive data, and executing actions outside the visibility of most security programs. This is Part 1 of Cyberhaven's four-part AI Security product launch series. What this video covers: Most AI security tools were built for browsers and SaaS apps. They cannot see agents operating at the OS level, coding assistants running in IDEs and CLIs, or MCP servers executing in the background. Cyberhaven's AI Security platform was built to close that gap.