惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
aimingoo的专栏
aimingoo的专栏
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
D
Docker
博客园 - 叶小钗
Recent Announcements
Recent Announcements
人人都是产品经理
人人都是产品经理
云风的 BLOG
云风的 BLOG
Vercel News
Vercel News
Hugging Face - Blog
Hugging Face - Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
美团技术团队
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
Microsoft Security Blog
Microsoft Security Blog
H
Heimdal Security Blog
有赞技术团队
有赞技术团队
The Cloudflare Blog
S
Secure Thoughts
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
The Blog of Author Tim Ferriss
M
MIT News - Artificial intelligence
Google DeepMind News
Google DeepMind News
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
小众软件
小众软件
C
Cybersecurity and Infrastructure Security Agency CISA
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - Franky
T
Tenable Blog
The Last Watchdog
The Last Watchdog
腾讯CDC
量子位
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
雷峰网
雷峰网
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Cyberwarzone
Cyberwarzone
S
Securelist
Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
InfoQ
Spread Privacy
Spread Privacy
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
What to know about red team testing and the law
2026-04-06 · via Search Security Resources and Information from TechTarget

Phil Sweeney

By

Published: 06 Apr 2026

While red team testing isn't always required by law, it has effectively become a compulsory cybersecurity measure.

That was the view of panelists at an RSAC 2026 session that zeroed in on the legal aspects of red team security testing. "Red teaming has emerged as an essential infosec discipline, and it is rapidly becoming a legal standard," said Scott Giordano, a partner with The CISO Law Firm.

From a legal perspective, results matter, and good intentions do not, said David Patariu, an attorney who has worked with Lenovo, Motorola and other tech companies. CISOs should be asking themselves how regulators and company boards will evaluate an organization's security program and testing practices. "They're going to say, 'Show me what you did, show me the documentation, show me how you approach these issues,'" Patariu said.

Adversarial testing is not only a good idea from a security standpoint, said CrowdStrike red team specialist Joey Melo, but it is moving closer to becoming necessary. Melo predicted that regulators and insurance companies will increasingly require companies to perform this type of testing.

Why testers and lawyers need to be on the same page

An organization that spends money on red teaming has a lot to think about, including whether test results should be granted attorney-client privilege.

"Those records could be discoverable in the case of a lawsuit," said Kip Boyle, a fractional CISO and founder of consulting firm Cyber Risk Opportunities. "Don't be sloppy about this. You can't get privileged just by copying attorneys on emails. That's not enough."

Boyle said attorney-client privilege could be especially important when an organization chooses not to mitigate a finding revealed by red team testing. That detail, he cautioned, could become a smoking gun in some eventual lawsuit.

What's essential is preparation, Patariu said. Trying to assert attorney-client privilege after an engineering group or product team conducts red team testing won't stand up to a challenge in court, he said. "It's going to look like you're just trying to hide the documents."

To create a proper red team testing initiative, Patariu advised seeking legal advice before testing begins. In-house testers can't unilaterally assert attorney-client privilege. "If there's no lawyer in the to or the from field, that is the first place that assertion will fail," Patariu said.

A formal testing program matters, the panelists said, because it can serve as a basis for determining whether a business is taking reasonable cybersecurity precautions. An organization that has documented its adversarial testing will be in a much better position to respond to difficult questions should they face regulatory action or a lawsuit.

"Is it going to be a bunch of scattered Jira tickets and people in meetings saying, 'Oh, yeah, I think we do testing,'" Patariu said. "You have to have results. And then the question is: How did you mitigate it? What did you do after the fact? That's all part of this."

With AI, the testing is different

AI expands the attack surface, and agentic AI expands it even further.

Testing an AI model is important, of course, but so is testing where that AI goes next. A business that puts an AI model into action in a product or service also needs to test how securely the AI performs in that product or service, Patariu said.

Security teams also need to be concerned about the potentially harmful actions an AI agent could take while completing its assigned task. "It's very different than just looking at an output," Patariu said. "You're going to say, 'Well, do I have to test for that?' And the answer is: Of course you do."

The 2025 incident in which a vibe coding agent deleted a production database is one such example of how agentic AI can go wrong. The risks might be new, but they aren't unheard of.

"We've all heard about the person who let the AI agent into their email and [the agent] was deleting all sorts of email. These things are known," Patariu said. "It's out there in the press. So, you have to think about these known issues. And are you testing for them?"

An organization that can't prove it did the testing will give the impression that its security program is inadequate, Patariu said.

That proof will take the form of reports adversarial testers provide, and the quality of those reports will matter. "If you're hiring a red team, focus on the reports," Melo said. "Get samples if you can." It's important to know how testers communicate their findings, he said, especially if authorities and regulators start asking questions.

AI models want to be helpful, and, as Melo pointed out, they are designed to provide as much help as possible. They are simply not good at saying no. That reality makes native guardrails insufficient and red teaming all the more important, Melo said.

Phil Sweeney is an industry editor and writer focused on cybersecurity topics.

Dig Deeper on Risk management