European regulations
EU AI Act
EU Regulation 2024/1689 governing artificial intelligence systems. Distinguishes prohibitions, high-risk systems (Annex III), transparency requirements and obligations for upstream providers. Phased application 2025-2027. See: EU AI Act high-risk systems.
Cyber Resilience Act (CRA)
EU Regulation 2024/2847 imposing cybersecurity requirements on products with digital elements placed on the European market. Full application December 11, 2027 with mandatory CE-Cyber marking. See: CRA roadmap 2026-2027.
NIS2
European Directive 2022/2555 expanding cybersecurity obligations to essential and important entities across 18 sectors. 24h / 72h / 1 month incident notification. Transposed in France in 2025.
DORA
Digital Operational Resilience Act, EU Regulation 2022/2554, applicable since January 17, 2025 to financial entities and their ICT providers. Five pillars: ICT risk management, incident reporting, resilience testing, third-party management, threat intel sharing.
GDPR
General Data Protection Regulation (EU 2016/679), in force since May 25, 2018. Protects personal data of EU residents. Sanctions up to €20M or 4% of worldwide annual turnover. Complementary to the EU AI Act for AI systems processing personal data.
Standards and certifications
ISO 27001
International ISO/IEC 27001 standard (2022 edition) defining requirements for an information security management system (ISMS). Annex A 2022 contains 93 controls grouped into 4 themes. Certificate valid for 3 years with annual surveillance audits.
ISO 42001
ISO/IEC 42001:2023 standard, the first international AI management standard (AIMS — Artificial Intelligence Management System). Compatible with ISO 27001 and useful for EU AI Act compliance.
ISO 27002
Implementation guide accompanying ISO 27001. Details the 93 Annex A controls, their objectives and implementation. Current edition 2022.
PCI DSS
Payment Card Industry Data Security Standard. Standard imposed on organizations handling payment card data. Version 4.0.1 applicable since March 2025.
SOC 2 Type II
AICPA audit report evaluating an organization's controls against Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) over a 6-12 month period. De facto standard for B2B SaaS selling to US enterprise clients.
NIST CSF
NIST Cybersecurity Framework. American voluntary framework for managing cyber risk, structured around 6 functions (Govern, Identify, Protect, Detect, Respond, Recover). Version 2.0 published in 2024.
NIST AI RMF
NIST AI Risk Management Framework. American voluntary framework (published January 2023) for managing risks related to AI systems, structured into 4 functions: Govern, Map, Measure, Manage. Generative AI Profile (NIST AI 600-1) published in July 2024.
OWASP Top 10
Ranking published by the OWASP Foundation of the 10 most critical web application security risks. Reference framework used in SAST, DAST and threat modeling.
OWASP LLM Top 10
OWASP ranking of the 10 security risks specific to applications using large language models: prompt injection, insecure output handling, training data poisoning, model DoS, supply chain, etc.
AI security concepts
Prompt injection
Class of attacks against LLM systems consisting of inserting malicious instructions in inputs or contextual data to alter model behavior. Distinction between direct prompt injection (direct user) and indirect (via documents, RAG, MCP). See: Threat modeling LLM.
Jailbreak
Technique to bypass an LLM's safety guardrails to make it produce content forbidden by its usage policy. Known patterns: DAN, roleplay, encoding (base64, ROT13), multi-turn.
Threat modeling LLM
Structured process of identifying threats specific to applications using LLMs: prompt injection, data leakage, jailbreak, model manipulation, agent hijacking, and their specific vectors. See: Threat modeling LLM full guide.
RAG (Retrieval Augmented Generation)
Architecture combining an LLM with an external knowledge base: user query is converted to embedding, relevant documents are retrieved via vector similarity, then injected into the LLM context. Specific risks: index poisoning, cross-tenant leakage, indirect prompt injection.
MCP (Model Context Protocol)
Open protocol launched by Anthropic in November 2024 allowing LLMs to access tools, data and external services through a standardized interface. Became de facto standard for tool-using agents in 2025-2026.
Constitutional AI
Alignment approach developed by Anthropic since 2022 where the model is trained via RLHF then refined with a 'constitution' of principles the model learns to respect. Integrated in Claude Opus, Sonnet, Haiku 4.x and Mythos.
Project Glasswing
Anthropic initiative announced in April 2026 mobilizing Claude Mythos Preview to identify and fix vulnerabilities in critical software. Partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks.
Claude Mythos Preview
Anthropic AI model unveiled in April 2026, particularly performant in cybersecurity. Successfully reproduced existing vulnerabilities in over 83% of cases and identified thousands of zero-days in major OS and browsers. Not publicly available due to its offensive potential.
GPAI (General Purpose AI)
Category defined by the EU AI Act for general-purpose AI models (typically foundation models). Subject to specific obligations: technical documentation, copyright respect policy, public training data summary. Reinforced regime for systemic-risk GPAI (FLOPs > 10^25).
Agent hijacking
Attack consisting of compromising an autonomous agent (Claude Agent SDK, LangGraph, AutoGen) via an injected instruction so it executes malicious actions using accessible tools. Risk amplified in multi-agent architectures.
Shadow AI
Uncontrolled use of AI tools in professional contexts: ChatGPT, Claude, Gemini consumer versions, browser plugins, AI features integrated in SaaS without IT/security validation. Major risk of data leakage and unmastered compliance footprint.
Watermarking AI
Imperceptible cryptographic marking of AI-generated content allowing later detection. 2026 standards: SynthID (Google), C2PA (Adobe/Microsoft/BBC), AudioSeal (Meta). Required by the EU AI Act Article 50 for certain generated content.
C2PA
Coalition for Content Provenance and Authenticity. Open standard (Adobe, Microsoft, BBC, Sony, Intel) attaching cryptographically signed metadata to content to trace its provenance. Adopted by Sony Alpha, iPhone 16+, TikTok, Instagram, OpenAI DALL-E.
DevSecOps concepts
Sigstore
CNCF project for cryptographic signing of software artifacts (containers, binaries, SBOM) without persistent key management. Uses an OIDC identity to sign (keyless signing). Components: cosign (CLI), Fulcio (CA), Rekor (transparency log). Adopted by Kubernetes, Python (PyPI), npm, Linux Foundation.
SBOM (Software Bill of Materials)
Structured and machine-readable list of software components: name, version, supplier, hash, license, dependencies. Standard formats: SPDX (ISO/IEC 5962:2021) and CycloneDX (OWASP). Required by the CRA for 'important' and 'critical' products from 2027.
SLSA
Supply chain Levels for Software Artifacts. CNCF standard defining 4 levels of reproducible and auditable provenance for software artifacts. SLSA Level 2+ recommended in 2026 to demonstrate verifiable provenance.
DevSecOps
Practice of integrating security throughout the software development and operations lifecycle. Includes SAST, DAST, SCA, secret detection, IaC scanning in CI/CD, threat modeling and continuous compliance.
SAST
Static Application Security Testing. Static analysis of source code to detect vulnerabilities without execution. 2026 tools: SonarQube, Semgrep, Snyk Code, CodeQL, Checkmarx, Fortify.
DAST
Dynamic Application Security Testing. Dynamic testing of a running application to detect runtime vulnerabilities (headers, CSRF, broken access controls, injection). 2026 tools: OWASP ZAP, Burp Suite Enterprise, Detectify.
SCA
Software Composition Analysis. Analysis of an application's third-party dependencies to detect known CVEs. 2026 tools: Snyk Open Source, Dependabot, Renovate, OWASP Dependency-Check.
Passkey / FIDO2
Cryptographic authentication method bound to the origin domain, structurally resistant to phishing. Progressively replaces traditional MFA (SMS, TOTP, push) which can be bypassed by Adversary-in-the-Middle attacks. Recommended for all admin accounts in 2026.
Stakeholders and institutions
ENISA
European Union Agency for Cybersecurity. EU cybersecurity agency, based in Athens. Receives notably CRA and NIS2 incident notifications within 24h / 72h.
ANSSI
Agence Nationale de la Sécurité des Systèmes d'Information. French national cybersecurity authority. Coordinates CERT-FR, designates OIVs, ensures French transposition of European directives.
Programs
VDP (Vulnerability Disclosure Program)
Structured program for receiving and processing vulnerability reports. Includes a channel (security.txt, email, form), triage procedure, response SLAs, and coordination mechanism with the researcher. Required by the CRA from September 11, 2026.
Fractional CISO / vCISO
Cybersecurity leadership engagement model where an experienced CISO provides strategic guidance and operational oversight on a part-time basis (typically 2 to 10 days per month). Ideal for SMBs and scale-ups not yet justifying a full-time CISO. Costs typically €4-13K/month vs €120-180K/year for an in-house CISO.