BLOG

Cyber Risk Dashboards for CISOs: From Data to Decisions

By: Oriane Dorai, Solution Architect, Commugen Why Cyber Risk Feels Like a Foreign Language in the Boardroom As a Solution Architect at Commugen, I’ve worked with global CISOs and Risk & Compliance leaders, who all face a similar problem: They speak in terms of risk metrics, while their boards only speak in terms of business impact. In an era defined by AI-driven attacks, ransomware evolution, and multi-framework complexity (NIST, ISO, SOC2, EU DORA) risk communication is a c

How Did We Develop AI for Stronger Cyber Posture in Enterprises?

By: Anna Schwartz, Senior Solution Architect, Commugen The Unseen Price of AI Risk As a Solution Architect at Commugen, I work hand-in-hand with global CISOs, compliance officers, and IT leaders across industries. One truth stands out: strengthening cyber posture today means embracing AI, not fearing it. Our clients aren’t just looking to manage AI risk; they’re seeking to use AI to enhance resilience, streamline governance, and build smarter, more secure operations. That’s w

The Cost of AI Risk: What CISOs Should Prepare For

By: Itai Sassoon, Commugen CEO The Unseen Price of AI Risk Every CISO I’ve spoken to in the past year says, "Even with the strongest processes and the sharpest teams, it will find its way in.” They’re not talking about ransomware, nation-state hackers, or insider risk. They’re talking about AI, and the risk it creates. Employees are embedding ChatGPT, Gemini, and Copilot into their workflows. While the benefits are visible - faster drafts, quicker responses, streamlined proce

Shadow AI in Action: 5 Steps to Shadow AI Governance

By: Yitav Cohen, Head of Professional Services, Commugen In 2025, generative AI is deeply embedded across departments—from marketing using ChatGPT to developers leveraging Copilot. Shadow AI is no longer a theoretical concern. It’s already shaping daily workflows, often invisibly. For CISOs, Compliance Leaders, and Risk Managers, the challenge isn't whether Shadow AI is present—it’s how to govern it. This article explores the operational side of Shadow AI governance, based on

How to Discover and Audit Shadow AI Tools in the Enterprise

By: Eldad Levi, Q-GRC Manager, Commugen As Q-GRC Manager, my role blends quality assurance with GRC operations, so I see firsthand how fast Shadow AI tools like ChatGPT or Copilot slip into daily workflows unapproved, unlogged, and invisible to traditional audits. This post shares how we approach Shadow AI discovery, risk scoring, and AI governance in a way that aligns with frameworks like GDPR, NIS2, and the EU AI Act without slowing innovation or relying on outdated spreads

AI Dev Tools & Copilot: Shadow AI Risks CISOs Can’t Ignore

By: Vladimir Tyomin, Commugen’s CTO Generative AI tools like GitHub Copilot, CodeWhisperer, and ChatGPT are transforming software delivery, introducing speed, agility, and innovation. But for CISOs and cyber GRC leaders, they’re also quietly introducing Shadow AI risks that most organizations aren't equipped to manage. These tools operate inside IDEs and browsers, bypassing traditional cybersecurity controls and flying under the radar of most GRC frameworks. It’s not a theore