Posts

Showing posts with the label SaaS

The AI Didn’t Go Rogue. Guardrails Were Never There.

The lesson from the PocketOS database deletion is not that agentic AI is dangerous. It’s about governance and controls. You have probably seen some version of the headline by now: “AI Agent Deletes Company’s Entire Database in 9 Seconds.” It is a compelling story. But the headline, while technically accurate, obscures the far more important lesson buried in the details. So what actually happened? PocketOS, a small SaaS company that makes software for car rental businesses, was using a popular AI-powered code editor running on Anthropic’s Claude Opus 4.6 model. The AI agent was tasked with resolving a routine issue in a staging environment. When it hit a credential mismatch, the agent decided on its own initiative to “ fix” the problem by deleting a volume on Railway, the company’s cloud hosting provider . The agent found a password in an unrelated file and used it to execute a deletion command. Because of permissions made available to the agent and the way access to the infrastructure...

Moving Beyond Checkbox Diligence with SOC Reports

Escalating vendor cyber risk, tighter regulatory expectations and fast-moving AI-driven threats increasingly make checkbox diligence insufficient. In this episode, 360 Advanced’s Director of Compliance Strategy, Eric Ratcliffe, joins co-hosts Damon Silver and Joe Lazzarotti  to discuss system and organizational control framework reports and how businesses can use them to address critical gaps and make vendor assessments.  Tube Spotify Apple Transcript Damon Silver Principal, New York City Welcome to the We Get Privacy podcast. I'm Damon Silver, and I'm joined by my co-host, Joe Lazzarotti. Joe and I co-lead the Privacy, AI, and Cybersecurity group at Jackson Lewis. In that role, we receive a variety of questions every day from our clients, all of which boil down to one core question: how we handle our data safely. In other words, how do we leverage all the great things data can do for our organizations without running headfirst into a wall of legal risk, and how can we manage ...

Delaware Supreme Court Expands Cyber Liability Exposure for SaaS & Managed Service Providers

What the Blackbaud decision means for managed service providers (MSPs) and the clients who rely on them A recent decision by the Delaware Supreme Court in  Travelers Casualty and Surety Company of America v. Blackbaud, Inc.   materially shifts the litigation landscape for cybersecurity incidents involving Software as a Service (SaaS) providers and MSPs. Key takeaways: Lower pleading burden for plaintiffs (including insurers) Less emphasis on proximate cause at early stages Aggregated claims allowed across multiple customers Higher litigation costs and increased settlement pressure Expanded expectations around what constitutes "commercially reasonable" cybersecurity Bottom line: Cyber incidents are now significantly more likely to survive early dismissal and proceed into expensive discovery. What Happened Blackbaud, a SaaS provider hosting sensitive donor data, experienced a ransomware attack exposing highly sensitive personal and financial information. Its customers (nonprof...