In March 2026, a 40-minute supply chain attack on the open-source library LiteLLM allowed hackers to steal four terabytes of highly sensitive data from Mercor, a $10 billion AI training startup. The breach exposed a fragile trust infrastructure across the tech industry, revealing that LiteLLM's security certifications were fabricated by Delve Technologies, a compliance vendor that systematically rubber-stamped fake audits. As major AI labs like Meta indefinitely pause their contracts, Mercor now faces a wave of class-action lawsuits alleging that its mandatory, invasive contractor surveillance practices funneled unauthorized third-party trade secrets and personal data straight to cybercriminals.

https://compliancehub.wiki/mercor-litellm-delve-class-action-supply-chain-compliance-fraud/

https://compliancehub.wiki/five-lawsuits-mercor-data-breach-litigation-breakdown/

Sponsors

www.breached.company

www.compliancehub.wiki

Anthropic's latest frontier model, Claude Mythos Preview, has demonstrated an unprecedented ability to autonomously discover and exploit zero-day vulnerabilities in critical software. Recognizing the extreme dual-use risks of these capabilities falling into the wrong hands, Anthropic has made the unprecedented decision to withhold the model from general public release. Instead, the model is being deployed through Project Glasswing, a collaborative initiative with major tech industry partners aimed at using this powerful AI exclusively to secure the world's digital infrastructure.

https://cisomarketplace.com/blog/project-glasswing-claude-mythos-cybersecurity

https://cisomarketplace.com/blog/claude-mythos-leak-cybersecurity-stocks-crash-2026

https://www.anthropic.com/glasswing

Sponsors:

www.cisomarketplace.com

Dive into the nuances of California's new CCPA cybersecurity audit requirements and discover how they redefine the standard for "reasonable security". We explore how businesses can strategically leverage existing NIST, ISO, or CIS assessments as a foundation, while identifying the critical scope mismatches they must "top off" to ensure compliance. Tune in for a practical, four-step roadmap to navigate CalPrivacy's 18 evaluation components and prepare your organization's data protection strategy for the next wave of regulatory scrutiny.

Sponsors:

www.compliancehub.wiki

www.cisomarketplace.com

Explore the evolving landscape of youth digital protection across the European Union, where groundbreaking laws like the GDPR and the Digital Services Act (DSA) are being deployed to shield minors from data exploitation and harmful content. As emerging innovations like immersive virtual environments, neuromarketing, and AI-generated deepfakes introduce unprecedented risks to children's mental privacy and cognitive development, the battle for digital safety is becoming increasingly complex. Join us as we examine how local and regional authorities are stepping up to bridge the gap between high-level regulations and frontline realities, transforming overarching policies into tangible, community-based safeguards for families and schools.

Sponsors:

www.myprivacy.blog

www.compliancehub.wiki

This podcast dives into the current wave of Child Online Safety Legislation (COSL), such as the Kids Online Safety Act (KOSA), to unpack the political and societal forces driving these bipartisan bills. We critically examine the prevailing narrative that social media is the primary cause of the youth mental health crisis, exploring how "moral panics" over technology often ignore complex social realities. Furthermore, we discuss the potential unintended consequences of these legislative efforts, including severe threats to data privacy, free expression, and the well-being of marginalized youth through mandated age verification and expanded parental surveillance.

Sponsors:

www.myprivacy.blog

www.cisomarketplace.com

This episode dives into the massive compliance fraud orchestrated by Delve, a Y Combinator-backed startup that generated hundreds of identical, fabricated SOC 2 reports using rubber-stamping certification mills. We explore how this "compliance theater" collided with a real-world supply chain attack when LiteLLM, a company boasting Delve-generated certifications, was breached through a compromised vulnerability scanner called Trivy. Ultimately, we unpack the devastating consequences of prioritizing automated compliance badges over actual security controls, and what this structural failure means for enterprise vendor risk management in 2026.

• https://compliancehub.wiki/litellm-delve-soc2-trust-chain-compliance-failure-2026
• https://breached.company/litellm-supply-chain-attack-teampcp-trivy-pypi-2026
• https://compliancehub.wiki/delve-compliance-startup-fake-soc2-audit-scandal
• https://cisomarketplace.com/blog/auditor-vs-assessor-compliance-trust-2026

Sponsors

www.compliancehub.wiki

www.cisomarketplace.com

www.breached.company

Il ruolo del Chief Information Security Officer si è radicalmente trasformato da una funzione puramente informatica a una posizione strategica a livello esecutivo, focalizzata sul rischio digitale dell'intera azienda. Spinti dalla rapida adozione dell'intelligenza artificiale agentica, dall'espansione delle identità non umane e dalle nuove e severe normative globali come la Direttiva NIS2 dell'UE, i CISO sono ora essenziali per garantire la resilienza operativa e proteggere la continuità aziendale. Questo podcast esplora come i moderni leader della sicurezza stiano colmando il divario tra la tecnologia e il consiglio di amministrazione per combattere le minacce alla velocità delle macchine e navigare in un panorama normativo sempre più complesso.

English: https://www.podbean.com/ew/pb-r9v3x-1a73307

Sponsors:

www.cisomarketplace.com

www.breached.company