California FEHA AI rules make policies mandatory

Trump AI EO makes patching a compliance issue

AI security just became an operational requirement, not a policy discussion. New federal direction is pushing vulnerability management and rapid patching into enforceable territory, with implications that extend well beyond large tech companies. For professional service firms, this shift will show up in client demands, audits, and engagement terms. The ability to prove disciplined security practices is quickly becoming a prerequisite for winning and keeping work. At the same time, leading firms are productizing their expertise, compressing delivery timelines, and changing how services are priced and delivered. We also cover Kirkland and Ellis partnering with Palantir, a fast-moving developer security exploit, and Aprio's continued push toward a multidisciplinary firm model. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Ramp Stack launches agentic close for accounting

Automation is moving from assistance to execution inside accounting firms. Ramp's new Stack platform signals a shift where AI agents can run the monthly close end to end, with auditability built in. That changes how work gets done and how firms price it. For firm leaders, this is not just another tool. It challenges the labor model behind core revenue. At the same time, risks are expanding at the identity layer, large firms are acquiring implementation capability, and platforms are opening to direct agent access. The common thread is clear: control is shifting toward systems that execute, not just advise. Also covered: a Microsoft 365 mobile security concern, Grant Thornton's acquisition strategy, Morgan Stanley opening platforms to AI agents, and key signals from GitLab, Coralogix, Google, Meta, and Uber. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Workday launches Agent Passport for AI verification

AI is moving faster than the systems designed to control it. Today's episode focuses on how governance, verification, and security are becoming the real constraints as firms adopt AI inside sensitive environments. Workday's new Agent Passport signals a shift from building AI to proving it is safe. At the same time, Cisco and Anthropic are accelerating the pace of vulnerability discovery and response, forcing firms to rethink how they handle patching, monitoring, and vendor risk. The result is a new operating reality where speed without control creates exposure. We also cover a major supply chain attack tied to Red Hat packages and what it reveals about CI pipeline risk, along with key moves in M&A, SaaS financing, and AI-related litigation. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

CaronBletzer launches Atlura practice ops platform

A CPA firm just launched a platform it built for itself, and it highlights a deeper shift in how professional service firms are expected to operate. This episode breaks down Atlura and why scheduling, not features, is becoming the center of firm performance. For firm leaders, the message is direct. Disconnected systems are no longer just inefficient. They are a competitive risk. At the same time, consolidation is accelerating, AI accountability is tightening in the courts, and new types of cyber disruptions are exposing operational weak points. We also cover a major accounting acquisition, new AI enforcement from the Florida Supreme Court, and why a password manager outage should change how you think about access risk. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Germany approves draft law for active cyber defense

Cyber policy, AI cost, and cryptography are all shifting at the same time, and the direction is clear. Governments are moving toward active intervention, AI pricing is normalizing, and post-quantum readiness is becoming an operational requirement. For professional service firms, this is not abstract. Faster government response means higher expectations for your own security posture. Rising AI costs mean margins can erode if usage is not managed tightly. And without a clear inventory of where encryption lives, future compliance and migration will become expensive and disruptive. We also cover the spread of uncensored AI models, new fraud detection approaches from Mastercard, a major breach at Carnival, and why vulnerability management is breaking under scale. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]