Kiteworks

Kiteworks is excited to announce that it now supports 80% of Canada's new CPCSC cyber security certification controls, helping defense suppliers get audit-ready before requirements hit this Summer 2026. With Level 1 self-assessments entering select defense contracts this summer, and Level 2 third-party assessments on the horizon, suppliers need to move now. The challenge is real: U.S. data from the same NIST 800-171 control set shows only 46% of defense contractors feel prepared, and 57% haven't even completed a gap analysis. 79 of 98 ITSP.10.171 Level 2 controls are pre-mapped and audit-ready in Kiteworks. And because CPCSC and U.S. CMMC are built on the same foundational standard, one deployment gets you certified for both Canadian and U.S. defense contracts. Canadian data sovereignty is built in too. Your specified information stays in Canada, full stop. Read the press release to learn more: https://hubs.ly/Q04d7pMK0 #CPCSC #Cybersecurity #DataSovereignty #Compliance

AI agents don't hesitate. They don't second-guess. They just access your most sensitive data at machine speed. Exciting, right? For compliance teams, "we'll add guardrails at the model layer" is basically the new "we'll patch it later." Prompt filters can be worked around. Model-layer safety controls can be bypassed. And when an AI agent connects to your file systems, it has no idea what's CUI, what's PHI, or what your SOX retention policy says. It just goes. The only layer that enforces compliance is the data layer. Not the model. Not the prompt. The data layer. Kiteworks Compliant AI governs every agent interaction before anything moves: identity verification, real-time ABAC policy enforcement, FIPS 140-3 validated encryption, and a tamper-evident audit trail. Whether the agent is navigating folders, managing files, or generating intake forms, nothing happens outside policy. No surprises at audit time. No "we think the agent only accessed what it was supposed to." Full attribution, every time. If your organization is deploying AI against regulated data and still relying on model-layer controls to keep you compliant, this brief is worth your time. https://hubs.ly/Q04cLL7K0 #AIGovernance #Cybersecurity #CompliantAI #Compliance

It's Earth Day, and we're taking a moment to celebrate the planet that makes everything possible. 🌎 Small actions, big impact. From the choices we make at work to the ones we make at home, we all have a role to play in protecting our environment for future generations. Here's to taking care of the only home we've got. 💚 #EarthDay #EarthDay2026 #Sustainability

Six AI vulnerabilities. Three security gaps. Most organizations are only closing one of them. Researchers disclosed critical flaws in Microsoft Copilot, Salesforce Agentforce, Google Gemini, Grafana, and the OpenAI plugin ecosystem over the past year. In every single case, model-level guardrails failed. The fire alarm is installed. The sprinklers are not. On May 12, Kiteworks + BigID are hosting a live webinar to break down the three gaps these vulnerabilities exposed and what data-layer governance looks like as the architectural answer. Register now: https://hubs.ly/Q04cN6-M0 #AIGovernance #Cybersecurity #DataSecurity #DataGovernance

Your AI agents can be fully sandboxed, tightly controlled, and running exactly as designed… and you can still fail an audit. Because the real question isn’t how your agents run. It’s what data they touch, who authorized it, how it was protected, and whether you can prove it after the fact. Most OpenClaw strategies focus on securing the runtime layer, but that’s not what auditors or regulators care about. They’re going to ask what data was accessed, whether it was authorized, how it was protected, and where the audit trail is. That’s where most organizations don’t have a clear answer. The problem is that compliance and control don’t live in the runtime. AI agents can be manipulated, operate beyond their intended scope, and access data across systems. Local execution and shadow AI only expand that risk, especially without centralized governance. That’s why the data layer is what ultimately determines whether AI can scale. Without consistent enforcement, encryption, and auditability, organizations are left exposed and unable to prove compliance. Kiteworks Compliant AI delivers that missing layer by governing every interaction between AI and sensitive data with zero-trust access, ABAC enforcement, FIPS 140-3 encryption, and tamper-evident audit trails. If you’re deploying AI without governing the data layer, you’re not scaling. You’re gambling. #AI #Cybersecurity #DataGovernance #Compliance #ZeroTrust

Manufacturing leads every major cybersecurity threat category. Ransomware. DDoS shutdowns. Data breaches. Year after year, the numbers go up, the headlines get worse, and the industry keeps doing largely the same things and expecting different results. Kiteworks Chief Strategy Officer Tim Freestone joined Jeff Reinke on the Security Breach podcast (Manufacturing Business Technology) to tackle the cybersecurity challenges keeping manufacturers up at night. From AI leveling the playing field against attackers to why only 36% of organizations have visibility into how external partners use their data, Tim breaks down what is at stake and what manufacturers need to do differently. They also dig into why response plans should focus on the big rocks and not the little ones, the IT/OT silo problem that demands a paradigm shift, how CMMC could reshape security far beyond the defense supply chain, and why regulation may be the most powerful driver of real change. Catch the full episode: https://hubs.ly/Q04cz6Mw0 #Cybersecurity #Manufacturing #AI #DataSecurity #Kiteworks #SecurityBreach

EchoLeak. ForcedLeak. GeminiJack. Reprompt. GrafanaGhost. OpenAI plugin supply chain. Six critical disclosures across platforms your organization probably runs — in under a year. The industry treated each one as an isolated incident. They're not. They're evidence of three structural gaps that vendor patches don't close: → External data processed by AI without validation → AI authenticating once, then accessing everything in scope → Back-end processes with functional capabilities they were never designed to use Model guardrails failed every time. Grafana's fell to one keyword. Salesforce's CSP cost five dollars to bypass. "Our model was instructed not to" isn't a control, and no auditor will treat it as one. The patches are in. The gaps aren't closed. Which pattern did you leave open? Read the full breakdown, six vulnerabilities, three patterns, and what addresses each one: https://hubs.ly/Q04csgnS0 #AISecuity #Cybersecurity #ZeroTrust #DataSecurity #AISecurity

Earlier this month, our Singapore team took on HYROX APAC, a hybrid fitness racing competition, as part of the corporate relay alongside 100+ teams. 💪 Huge congratulations to the team for crossing that finish line and representing Kiteworks so well. This is what our culture looks like in action: supporting one another, pushing limits, and celebrating every finish line. Well done, team! #HYROX #HYROXSingapore #Kiteworks

€7.1 billion in GDPR fines… and most of that happened in just the last few years. That’s not a slow-moving regulation anymore. That’s enforcement at scale, and it’s accelerating. Our latest newsletter breaks down what’s really happening behind the numbers and why so many organizations are still unprepared. Regulators aren’t just going after Big Tech anymore. They’re widening the net across industries, increasing breach scrutiny, and expecting proof not promises when it comes to compliance. At the same time: • 443 breach notifications are filed every single day • U.S. privacy laws are stacking up fast • AI regulation is about to raise the stakes even higher And here’s the uncomfortable truth: most organizations still can’t produce the evidence regulators are asking for when it matters most. If your compliance strategy still relies on assumptions, siloed tools, or fragmented logs… it’s probably not going to hold up. Read the full breakdown in our latest newsletter 👇 #DataPrivacy #GDPR #Cybersecurity #Compliance #AIRegulation

Something interesting happened when Anthropic's Claude Mythos started finding thousands of zero-day vulnerabilities across every major OS and browser. The security industry panicked. A 27-year-old flaw in OpenBSD didn't appear because of AI. It was already there. What Mythos did was collapse the gap between what defenders know and what attackers know, and in doing so, it made a long-overdue point: you cannot patch your way to safety anymore. When AI can find exploitable bugs faster than humans can triage them, and the average time to exploit is now negative seven days (meaning attacks start before patches exist), application-layer security stops being a primary defense and starts being a holding pattern. The real question becomes: when a breach succeeds, what does the attacker find? That shifts the whole conversation toward data-layer security, encryption that travels with the file, access controls that are embedded in the data itself, and keys that no third party holds. Read the full blog to see why the scariest AI moment of 2026 might be the wake-up call the industry needed. https://hubs.ly/Q04cz0Zk0 #CyberSecurity #DataSecurity #ZeroTrust #AI #DataProtection #CyberRisk