For the National Australia Bank (NAB), operating across multiple cloud environments and delivery platforms is a necessity but results in a critical challenge - fragmented visibility and the costly reality of "design once, build thrice" security controls. Learn how NAB moved beyond compliance to empower every engineering team with a unified view of risk, achieving security at speed and scale.
What this session is about
Playbook
Editorial commentary · what to actually do about this on Monday
The concept
Multi-cloud security via unified posture management. Stop "design once, build thrice" by abstracting policy from cloud-specific primitives.
Why it matters
Banks live multi-cloud whether they want to or not — M&A, regional regulations, vendor diversification, redundancy. Single-cloud policies don't scale.
The hard parts
Each cloud's primitives differ. Abstractions leak. A policy that works for IAM on AWS doesn't translate cleanly to Azure RBAC.
Playbook moves
(1) Codify policies in a cloud-agnostic layer — a CSPM tool or policy-as-code framework. (2) Push enforcement into dev pipelines (block at PR), not at runtime. (3) Accept that some policies will need cloud-specific implementations; document why.
The surprise
Multi-cloud security is mostly a *metadata* problem. What assets exist, where, owned by whom, classified how? Solve metadata first; controls fall out of metadata. Most orgs put the controls before the metadata and end up with controls they can't enforce.
---
Independent editorial perspective — not an official AWS or speaker statement. Designed for executives evaluating what to brief their teams on next.
Live updates related to this session LIVE
Sourced via Parallel AI Monitor — continuous web watch on 21 topical streams. Updated .
- proofpoint.com Agent governance & policy gating
proofpoint.com
Proofpoint provides an MCP Security Platform to secure AI connectivity at scale by routing MCP traffic through a central gateway. The platform enables centralized discovery and risk classification of 'shadow' MCP servers, enforces authentication via OAuth 2.0, controls user and a
- digitalapplied.com high confidence Agent safety & prompt injection
Prompt Injection in Production Agents: 2026 Taxonomy
Security Disclosure: Microsoft disclosed two critical vulnerabilities in the Semantic Kernel framework that enable Remote Code Execution (RCE) and sandbox escapes via prompt injection. 1) CVE-2026-26030: A vulnerability in the In-Memory Vector Store's filter function (using unsaf
- cybernews.com high confidence Agent safety & prompt injection
CISA and partners publish new advice on AI agent safety
Policy Proposal/Guidance: CISA and international partners released the 'Guide to Secure Adoption of Agentic AI' in May 2026. The guide provides developers, vendors, and operators with best practices for securing agentic AI systems and recommends specific actions to defend against
- newsroom.servicenow.com high confidence Agent governance & policy gating
newsroom.servicenow.com
ServiceNow announced a major expansion of its Autonomous Workforce at Knowledge 2026, launching 'AI Specialists' for IT, customer relationship management (CRM), employee service teams, and security and risk. These AI specialists are designed to complete entire business processes
- proofpoint.com Agent safety & prompt injection
Proofpoint Unveils Industry's Newest Intent-Based AI ...
Research Publication: The Cloud Security Alliance (CSA) released a research note on May 8, 2026, formalizing 'Promptware'—a class of prompt injection attacks that function as malware to create Agentic Command and Control (C2) infrastructure. Risk: The research highlights that L
External links matched to this session via topic relevance. The KB does not endorse third-party content; verify before citing.