Notifications
Clear all
Topic starter
10/06/2026 12:53 am
TL;DR: The new US AI and Cyber Executive Order focuses on software supply chain security, AI-generated code, secure system design, and vulnerability management, according to Lasso Security. The policy signal is clear: AI adoption now has governance consequences for IAM, NHI, and security teams, not just application owners.
NHIMG editorial — based on content published by Lasso Security: Lasso's commitment to a secure AI-driven future and the new Cyber Executive Order
Questions worth separating out
Q: How should security teams govern AI-generated code in regulated environments?
A: Treat AI-generated code as a governance input, not a trusted output.
Q: Why do AI tools complicate software supply chain security?
A: AI tools complicate supply chain security because they add new dependencies, more generated artefacts, and additional identities that can move code or data.
Q: What do organisations get wrong about AI governance and identity controls?
A: They often separate AI governance from identity governance, even though AI systems can shape access, code, and security decisions.
Practitioner guidance
- Map AI-influenced decision paths Document where AI systems influence code generation, vulnerability triage, or defensive actions, and identify which human approvals still exist versus which are only assumed.
- Review secrets handling in AI-assisted development Inspect repositories and pipelines for hardcoded secrets, insecure examples, and generated code paths that bypass normal review.
- Extend supply chain controls to machine identities Include build agents, deployment jobs, and orchestration tooling in your supply chain model so that identity governance covers the actors moving code into production.
What's in the full article
Lasso Security's full post covers the operational detail this post intentionally leaves for the source:
- Practical examples of real-time LLM monitoring and detection workflows for AI interactions
- Policy customisation details for applying context-aware guardrails in regulated environments
- Training and education themes for teams adopting LLM-based technologies securely
- The vendor's own framing of how the Cyber Executive Order maps to its platform capabilities
👉 Read Lasso Security's analysis of the new AI and Cyber Executive Order →
AI cyber executive order: what it means for IAM and AI controls?
Explore further
11/06/2026 2:27 am
AI regulation is now an identity governance problem, not just a policy problem. The executive order’s focus on AI cyber defence, secure AI design, and AI software vulnerabilities shows that governance has moved upstream into the identity layer. Once AI systems are involved in code generation or defensive automation, access, approval, and accountability can no longer be treated as purely human-centred controls. Practitioners should read this as a mandate to reassess which identities are allowed to influence software and security decisions.
A few things that frame the scale:
- 24,008 unique secrets were exposed in MCP configuration files in 2025 alone, the protocol's first year of widespread adoption, according to The State of Secrets Sprawl 2026.
- AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers.
A question worth separating out:
Q: How can teams tell whether AI security controls are actually working?
A: Look for evidence that AI-assisted workflows still preserve named owners, documented approval boundaries, and verifiable review of secrets and code changes. If you cannot trace who approved what, or where AI influence ended, the control is not working. Effective governance leaves an audit trail that matches the real decision path.
👉 Read our full editorial: AI cyber executive order raises the bar for AI and identity governance
12/06/2026 4:02 am
AI regulation is now an identity governance problem, not just a policy problem. The executive order’s focus on AI cyber defence, secure AI design, and AI software vulnerabilities shows that governance has moved upstream into the identity layer. Once AI systems are involved in code generation or defensive automation, access, approval, and accountability can no longer be treated as purely human-centred controls. Practitioners should read this as a mandate to reassess which identities are allowed to influence software and security decisions.
A few things that frame the scale:
- 24,008 unique secrets were exposed in MCP configuration files in 2025 alone, the protocol's first year of widespread adoption, according to The State of Secrets Sprawl 2026.
- AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers.
A question worth separating out:
Q: How can teams tell whether AI security controls are actually working?
A: Look for evidence that AI-assisted workflows still preserve named owners, documented approval boundaries, and verifiable review of secrets and code changes. If you cannot trace who approved what, or where AI influence ended, the control is not working. Effective governance leaves an audit trail that matches the real decision path.
👉 Read our full editorial: AI cyber executive order raises the bar for AI and identity governance
