Analysis 13 articles

AI Code in Production: Swiss SDLC Risk Guide 2026

Half of engineering teams run AI-generated code in production while AI features fail pentests 2.7x more often. Swiss SDLC controls must adapt.

Financial Vendor Breaches Up 6.5x: Swiss Bank Risk 2026

Black Kite's 2026 report shows breaches among the top financial vendors rose from 6 to 39 in a year. What concentration risk means for Swiss banks.

Claude Fable 5's 19-Day Ban: How a Jailbreak Report Triggered US Export Controls on Anthropic's Flagship Model

US export controls pulled Claude Fable 5 offline for 19 days. The verified timeline, the jailbreak behind it, and what it means for Swiss AI governance.

WEF Cybersecurity Outlook 2026: Lessons for Swiss CISOs

WEF 2026 report: AI drives 87% of cyber risk perceptions and identity is the dominant attack path. Priorities for Swiss security leaders.

Sovereign Cloud: How EU Regulations Reshape Swiss Cloud 2026

DORA, NIS2, and the EU AI Act are creating hard data residency constraints for Swiss FinTech and HealthTech firms dependent on US hyperscalers.

Security ROI Metrics for Swiss Board Reporting 2026

A practical framework for translating security posture into financial risk metrics aligned with FINMA Circular 2023/1 board governance expectations.

The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could

A first-person account of the Supply Chain & Third Party Risk event in Chiasso — the second CISO gathering in Ticino in as many weeks — centred on an interactive crisis simulation that put 50 security leaders around the table to make real decisions under pressure.

Claude Mythos and Project Glasswing: Separating Fact from Hype on the AI Model Too Dangerous to Release

Anthropic's Claude Mythos can autonomously find zero-day vulnerabilities. A confirmed unauthorised access incident has already occurred. Swiss security teams need facts, not hype.

AI Security at the Crossroads: 10 Takeaways from the Swiss Cyber AI Conference

Ten takeaways from the Swiss Cyber AI Conference — identity, least privilege for AI agents, poisoned agents, voice biometric deprecation, and the F1 security paradigm.

When the Safety-First AI Lab Ships Its Own Source Code to npm: Lessons from the Claude Code Leak

A source map misconfiguration in Claude Code v2.1.88 exposed Anthropic's internal codebase — 1,906 files and 44 hidden feature flags — via npm.

NCSC Semi-Annual Report H2 2025: What the First Mandatory Critical Infrastructure Data Tells Us

On 30 March 2026, the NCSC published its H2 2025 report — the first to integrate mandatory infrastructure notifications with voluntary reports.

The Scammers Are Evolving? No — We Are Not

A phishing email spoofing Microsoft via 'rnicrosoft.com' went viral. The technique is 20 years old. The surprise is that it still works.

NCSC Annual Report 2025: Key Takeaways for Swiss Security Teams

The NCSC published its 2025 Annual Report on 16 February 2026. 64,733 incident reports, 222 mandatory notifications.