Crestvale Newsroom

California FEHA AI rules make policies mandatory

California's new rules for AI use in hiring raise the risk floor for every employer operating in the state. This episode explains what is changing, why the exposure has already begun, and what firm leaders need to put in place before staff AI use turns into a compliance problem. We also break down the rise of the system of intelligence, the shift inside modern finance tools, and why AI security posture management is becoming a required control. These changes matter because firms face growing pressure to align staff behavior, client data, and internal systems with a clear and enforceable AI approach. Supporting stories include new moves in no‑code app generation, enterprise automation in major platforms, an operational miss at Starbucks, and the rise of AI search optimization. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

NY warns AI-fueled cyber risk is board-level now

New York's financial regulator has issued a sharp warning that frontier AI has compressed the cyber threat timeline from years to months. This episode breaks down what the shift means for firms that handle sensitive client data and why board‑level attention is no longer optional. We explain why this matters for founders and firm leaders, especially as AI driven exploitation becomes faster and harder to detect. You will also hear how states are moving to regulate AI in human resources, how Zscaler's acquisition of Symmetry Systems signals a new era of AI access governance, and what recent workforce studies reveal about building AI with employees instead of imposing it on them. We also cover key supporting moves across wealth tech, cybersecurity, construction tech, and industrial guidance. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Tenable OPEN unifies fragmented tools for MSP security

Tenable's new OPEN platform takes aim at the core problem inside many security programs: fragmented data that slows down action. By unifying exposure details across tools, it offers firms a cleaner path to deliver higher-value remediation without forcing clients to rebuild their stack. This matters for founders and managing partners because client expectations are shifting fast. MSPs are deploying AI that resolves routine issues on its own, attackers are turning open source into a high-frequency supply chain threat, and ransomware groups are buying trust through criminal code-signing services. Each of these forces pressures firms to modernize workflows, tighten controls, and present clearer results to clients. We also cover new incidents and developments involving Grafana, Microsoft, Cyera, and CISA. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Verizon DBIR: vulns now fastest path to breach

Vulnerability exploitation has now become the fastest way attackers break into organizations, overtaking stolen credentials for the first time in nearly two decades. This episode unpacks what changed, why patching discipline is slipping, and how third‑party exposure is amplifying risk. For firm leaders, the message is direct. Slow remediation timelines and outdated workflows now create predictable openings for attackers. We explain what this shift means for professional services, why regulators are pausing some bank cyber exams, and how AI‑driven reconnaissance is pushing both firms and supervisors to update their assumptions. We also cover new joint threat‑sharing among major carriers, the AI tools gaining real traction inside law firms, and several notable moves across audit and software development workflows. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Databricks puts AI agent tools under strict controls

Databricks is pushing governance down to the tool layer, creating enforceable controls on what AI agents can actually do inside production systems. This shift matters because most real incidents come from over-permissioned tools, not model behavior. The episode explains how this new control plane works and why it changes the risk profile for firms deploying autonomous agents. For professional service leaders, the message is clear. AI is entering governed production use, and the firms that prepare their data, identity, and access layers will move faster with fewer surprises. Those who ignore the tool layer will struggle with preventable incidents. We also cover OneStream's finance-focused agentic layer, identity gaps in machine accounts, and a supply-chain warning from a CISA credential leak. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]