The Lateral Movement

Sign in Subscribe

ai-tools-grc

Building Your First ISMS: What ISO 27001 Actually Requires (vs. What Consultants Tell You It Does)

Building Your First ISMS: What ISO 27001 Actually Requires (vs. What Consultants Tell You It Does)

ISO 27001 projects routinely cost two or three times what they should. Not because the standard is that demanding, but because nobody's telling you what it actually requires.

A laptop showing an n8n workflow

Claude Routines vs. Self-Hosted n8n: Which Belongs in a Security-Conscious Org?

Most comparisons of Claude Routines and n8n focus on capability. That's the wrong frame for a security-conscious organization. The question that matters is which tool puts your data where, under whose terms, with what visibility.

Anthropic Quietly Became an Automation Platform. Here's What That Means for Security Teams.

On April 14, Anthropic shipped a feature called Routines as part of Claude Code. It's in research preview, the rough edges are acknowledged, and the developer coverage has been enthusiastic. What it means for security teams has received considerably less attention, which is worth correcting, because Routines represents

Your AI Vendor Risk Assessment Is Missing Half the Story

Your AI Vendor Risk Assessment Is Missing Half the Story

Your standard vendor risk questionnaire will pass Anthropic without breaking a sweat. That doesn't mean you've actually assessed the risk. Here's what to ask instead.

A top-down image a mobile phone showing the Claude launch scree next to two drinks with square ice cubes in them.

Is Claude Safe for Enterprise Use? A GRC Practitioner's Breakdown

Most organizations using Claude are on the wrong plan for the work they're doing with it. Here's what the data policies actually say, what your employees are probably doing right now, and what a real vendor risk assessment looks like.