Kiteworks

Your employees are not missing phishing red flags. The red flags barely exist anymore. Today’s phishing emails sound like real coworkers, reference real vendors, and arrive perfectly written because AI generated them in seconds. Cisco Talos just reported phishing reclaimed the number 1 initial access vector in Q1 2026, while CrowdStrike documented an 89% increase in AI-enabled attacks. That changes the security equation. Filters and awareness training were built for identifying suspicious messages after they arrive. AI changes the economics by making every lure personalized at scale. Our latest newsletter breaks down why email security now requires policy-based governance at the data layer, not just smarter filtering.

AI governance keeps failing for the same reason: the enforcement lives inside the thing being governed. System prompts can be manipulated. Safety filters can be bypassed. Model behavior changes with every update. And when auditors ask for evidence, “the AI was told not to” doesn’t count. Kiteworks Compliant AI takes a different approach by governing the sensitive data itself through authenticated identity, ABAC enforcement, FIPS 140-3 validated encryption, and tamper-evident audit trails. Watch the video to see why the data layer is the real control point for AI.

"The safety guardrails of several prominent large language models (LLM) can be bypassed if a user tricks the LLM into having a multi-pronged, ongoing conversation, researchers at Cisco have warned. The researchers examined commonly used LLMs and frontier AI models including OpenAI’s ChatGPT, Anthropic’s Claude, Google Gemini, Amazon Nova, xAI’s Grok and others to test how their built-in safety guardrails held up against potential threats from real-world attackers. They found that many of the models could be tricked into performing actions they should not be able to." https://hubs.ly/Q04jd1qQ0 Kiteworks provides zero-trust data exchange controls, featuring least-privilege access defined at the content layer and next-gen DRM capabilities that block downloads from AI ingestion. Visit our website to learn more.

We are heading to the Gartner Security & Risk Management Summit June 1-3 and we want to see you there! Stop by Booth 203 to see how Kiteworks delivers Compliant AI that controls agent data access and use for regulatory compliance. Governing AI agents is not optional, and we are ready to show you exactly how it is done. See you soon! #GartnerSEC

AI agent adoption is outpacing the governance frameworks meant to control it. Most organizations have agentic AI on their 2026 roadmap, but can't enforce purpose limits on those agents, stop a misbehaving one, or produce the audit trail a regulator would accept. That's the gap we're closing with the Innovators in AI Program, which we're unveiling at the Gartner Security & Risk Management Summit 2026. The program gives any org adopting AI a fast path to governed, compliant agent deployments: Secure MCP Server, ABAC policy controls, and full-fidelity audit logs. Free for Kiteworks customers, deployable in days. Don't miss Chief Strategy Officer Tim Freestone's featured session, "Controlling Data Access and Use by AI Agents for Compliant AI," Monday, June 1 at 3:15 PM. Then stop by Booth 203 for a live demo. https://hubs.ly/Q04hS-4X0

Most security teams think Shadow AI is an awareness problem. Train people better, communicate the policy more clearly, and the behavior changes. It doesn't. A developer on a product team is four hours into debugging a gnarly authentication issue. She opens her personal ChatGPT account, pastes the relevant function, and has an answer in 90 seconds. Nobody flagged it. Nobody saw it. The source code is now on infrastructure your legal team has never reviewed. Governance that lives in a document cannot outrun a productivity tool that lives in a browser tab. The 2026 Verizon DBIR just measured what that looks like at scale. Source code was the top data type flowing into ungoverned AI systems, across nearly a million DLP events. Not customer data. Not spreadsheets. The actual work product. So, here's what that raises: if your engineers are already doing this daily, what else is in those prompts that nobody has counted yet? https://hubs.ly/Q04hwLq10

Heading to Bank IT on June 1st? Come meet the Kiteworks executive team at One WTC, New York City. We're there for one reason: real conversations with banking and financial services leaders about the data risks keeping you up at night. Whether you're evaluating a new MFT solution, working toward DORA compliance, or looking to get full visibility and control over how sensitive data moves across your systems, users, and third parties, we'd love to dig into what you're solving. Take control of sensitive financial data. Reduce risk. Strengthen compliance. Secure how it's shared inside and outside your organization. Schedule time with us here: https://hubs.ly/Q04g9JNG0 #bankitusa

"The Verizon 2026 Data Breach Investigations Report (DBIR), published May 19, revealed that vulnerability exploitation is now the top initial access vector for breaches, while organizations struggle to catch up with a growing volume of critical vulnerabilities. … Exploitation of vulnerabilities now makes up 31% of initial access vectors, a 20% increase from last year’s numbers. Vulnerabilities exceeded credential abuse and phishing for the first time during the DBIR 2026 data period between Nov. 1, 2024, and Oct. 31, 2025, with a total of more than 22,000 data breaches and 31,000 total incidents from that period analyzed for the report." https://hubs.ly/Q04hx8Xq0 With Kiteworks, organizations effectively manage third-party risk with maximum visibility and control over the PII, PHI, and IP employees share with third parties. Visit our website to learn more.

Your AI governance strategy probably assumes employees are breaking the rules on purpose. The 2026 Verizon DBIR says otherwise. A clinician drops patient notes into a chatbot to finish documentation faster. A developer pastes code into an LLM to hit a deadline. It doesn’t feel like exfiltration. It feels like productivity. That’s why the DBIR’s 858,440 shadow AI events matter. Shadow AI is now the third most common insider action. The motive isn’t malice. It’s convenience. And that changes the governance math. Policies don’t stop workflow pressure. Identity tools don’t see the data itself. By the time DLP detects the transfer, the data already left. AI governance is no longer about controlling the model. It’s about governing the data. Read our latest newsletter to learn more.

You think your AI agent is working for you. It isn’t. It’s working for whoever built the workflow, following whatever instructions it was given, accessing whatever data it can reach. Your governance policies? Never heard of them. An AI agent pulls a confidential vendor contract to draft a routine supplier email, but sends the wrong details to the wrong party before anyone notices. No malicious intent. No audit trail. Just an agent doing exactly what it was designed to do. Here’s the principle: governing AI agents isn’t AI problem. It’s a data access problem. And you already know how to solve those. Catch Kiteworks Chief Strategy Officer Tim Freestone live at the Gartner Security & Risk Management Summit, June 1 at 3:15 PM in the Annapolis Room, as he tackles "Controlling Data Access and Use by AI Agents for Compliant AI" head on. The question he leaves on the table: if your agents can access it, who is actually responsible when they do? #GartnerSEC