1. Article: AuditBoard Rebrands as Optro
AuditBoard started as a SOX tool and ended up as one of the larger GRC platforms in the market (It’s always in the top spots in most analyst reports.)
The name change (aka rebrand) to Optro seems to indicate a move towards “agentic systems of action.” Quote from CEO Raul Villar Jr.:
Optro represents who we’ve become and where we’re headed next
Lets see if any of their future product offerings back up that vision.
Link: https://optro.ai/blog/auditboard-is-now-optro
Check out my list of GRC tools here: https://allaboutgrc.com/grc-tools/
2. Article: UK Government Cuts Cyber Attack Fix Times by 84%
When done well, government services are just a better alternative. I read about this phenomenal Vulnerability Monitoring Service of the UK govt.
- The Vulnerability Monitoring Service (VMS) scans 6,000 public sector bodies across the UK
- It detects approximately 1,000 vulnerability types and resolves around 400 confirmed vulnerabilities per month
- The backlog of critical unresolved vulnerabilities fell by 75%
- A new Government Cyber Profession launches with a Cyber Academy, a dedicated Cyber Resourcing Hub, and Manchester as the primary hub
3. Resource: CISA’s Guide to Building an Insider Threat Management Team
CISA has a POEM framework (Plan, Organize, Execute, Maintain) that covers the full team lifecycle from setup to ongoing adaptation. Not many companies have this requirement. But it is quite interesting that like most security topics, this too requires a multi-disciplinary process with people beyond security.
- Recommended members include HR, General Counsel, Operations, CISO, and Chief Security Officer
- CISA also suggests considering behavioral analysts, psychologists, and mental health specialists
- The guide advises against naming the team “Insider Threat Team” — names like “Case Management Team” build more workforce trust
4. Article: UAE Central Bank Issues AI Guidance for Financial Institutions
UAE Central Bank has come out with an AI Guidance. Quite interesting that they frame it as a consumer protection document first.
Quote from the document:
“It is expected LFIs will refer to this Guidance as they develop their own internal policies and guidance on the ethical and responsible use of AI and ML with respect to consumers.”
- It was issued on February 23, 2026 by the Central Bank of the UAE (CBUAE), applying to all licensed financial institutions (LFIs) and insurance providers operating in the UAE
- Establishes six principles: governance and accountability, fairness and non-discrimination, transparency and explainability, effective human oversight, data management, and privacy protection
- CBUAE encourages institutions to collaborate with peers and academia to develop industry standards for trustworthy AI
5. Resource: Six AI Security Risk Categories for Enterprise Teams
I read this post from CheckPoint and it is one of the more structured breakdowns of enterprise AI security risk I have come across. Obviously, its a plug for their solution but the numbers seem quite interesting:
- Risky AI prompts nearly doubled in 2025, a 97% increase; 90% of organizations have encountered them
- 40% of 10,000 analyzed MCP servers contained security weaknesses
- The six risk categories: data exposure, shadow AI, GenAI app vulnerabilities, excessive AI agency, AI-enhanced cyberthreats, and governance and compliance gaps
- Recommended controls include AI visibility tooling, specialized DLP, runtime monitoring, and red-team testing
Check Point also publishes an AI Security Report 2025 that you might want to check out.
Link: https://www.checkpoint.com/cyber-hub/what-is-ai-security/ai-security-for-enterprises/
Report (Registration Required): https://engage.checkpoint.com/2025-ai-security-report
