Crestvale Newsroom

Today's episode dives into a new supply chain weakness hiding inside AI coding tools. A single trust prompt in four major command line assistants can trigger code execution on developer machines and inside continuous integration pipelines. This creates a quiet but serious path for credential theft and file access. For professional service firms, this matters because AI coding tools are now standard in many workflows. Default trust settings can expose client code, cloud keys, and internal systems with one keystroke. Leaders may need to adjust policies, onboarding, and tool configurations to reduce this risk. We also cover the Securities and Exchange Commission's new thirty day breach rule, CISA's warning on agentic AI, and a rise in exposed AI built applications on the open web. The episode closes with key industry updates and a quick look at market sentiment. Learn more at https://crestvale.ioSupport the show

Today's episode focuses on the Palo Alto firewall zero day that grants attackers root access when portals are exposed to the open internet. With patches weeks away, configuration changes are the only reliable defense, and firms with exposed systems face immediate risk. This matters because a compromised firewall is one of the most damaging footholds an attacker can gain. Professional service firms need to review their perimeter settings now and tighten exposure before scanning activity accelerates. We also cover Intuit's move to turn QuickBooks into a full workforce system, new data from Keeper on identity sprawl, and TD SYNNEX opening reserved NVIDIA GPU clusters to MSPs. The shortlist includes updates from Accenture, the National Institute of Standards and Technology, Braintrust, and CISA. Learn more at https://crestvale.ioSupport the show

OpenAI and PwC are turning finance into a proving ground for autonomous agents, signaling that procurement, tax, and close processes may soon run with far fewer human touch points. This episode breaks down what that shift means for firms that support corporate finance teams and why expectations around workflow design are about to change. For leaders in accounting, law, and advisory work, this matters because clients will expect clear explanations of agent‑based processes and the controls that surround them. Firms that cannot speak this language will look dated, even if their work remains accurate. This episode explains the practical impact and the timing. We also cover the coming split between Clio and LawPay, IBM's new control plane for agent sprawl, Proofpoint's warning on AI security gaps, and key updates across security, assurance, and non‑human identity management. Learn more at https://crestvale.ioSupport the show

Today's episode looks at a major shift in how AI will reach mid‑market companies, as Anthropic moves toward a multibillion‑dollar joint venture with major private equity firms. This partnership creates a direct channel to roll out AI across entire portfolios, speeding adoption and raising expectations for every company that serves these clients. For founders and firm leaders, this matters because private equity will standardize AI playbooks, compress rollout timelines, and push client expectations higher. Service providers who still rely on manual processes will feel the gap quickly as these operators move ahead with model‑driven workflows. We also cover the surge in cPanel exploits, new MOVEit vulnerabilities, and the expanding AI arms race inside accounting firms. Learn more at https://crestvale.ioSupport the show

Today's episode focuses on the growing speed gap between AI driven cyberattacks and the slow operational habits inside many firms. Israel's top cyber official warned CEOs that attackers now operate at machine tempo, and leaders who still rely on manual processes are already behind. This matters because professional service firms depend on trust, rapid judgment, and stable infrastructure. Slow patching, delayed decisions, and outdated governance leave gaps that automated attacks can exploit. The episode also covers what Microsoft Defender's false flag on DigiCert roots revealed about single points of failure, and why only a small share of employees in most firms are getting meaningful value from AI. We also touch on major security patches, rising automated attack volumes, and new moves in governed content systems. Learn more at https://crestvale.ioSupport the show

This episode looks at how AI is erasing the junior layers of Big Law and forcing a rethinking of the traditional leverage model. The bottom of the pyramid is shrinking quickly, and firms that depend on junior staff to learn by doing now face a structural gap in training and future leadership development. For professional service firms, this shift previews what happens when AI absorbs entry-level work. Firms that delay redesigning their training models may soon struggle to build the talent they need, while those that adapt early will have a long-term advantage. We also cover Anthropic's push into AI-driven security reviews, the United Kingdom's warning about an incoming wave of critical patches, and the Trellix source code breach that highlights the growing risk inside the vendor supply chain. Learn more at https://crestvale.ioSupport the show

Governments have issued strict new rules on how AI agents can operate inside real workflows, signaling a major shift in what counts as safe deployment. Today's episode breaks down what changed and why these standards now matter for every professional services firm experimenting with automation. These rules redefine the baseline for agent permissions, identity controls, and how firms connect AI to sensitive systems. For leaders building AI‑assisted workflows, the message is simple: regulators expect stronger guardrails, tighter governance, and a security‑first mindset. Failing to match that expectation will invite scrutiny. We also cover CISA's push for a three‑day patch window, the rapid restructuring underway inside MSPs as AI reshapes operations, and how leading accounting firms are rebuilding their business models around integrated technology and new pricing. Plus, a quick rundown of today's key developments in cyber, cloud, and AI infrastructure. Learn more at https://crestvale.ioSupport the show

Amazon is pushing agentic AI directly into hiring, support, and back office workflows through new capabilities in Amazon Connect. This episode breaks down what changed and why professional service firms should pay attention to the speed and cost implications as these tools mature. For leaders at accounting, law, and advisory firms, the message is clear. These AI agents will compress turnaround times and shift expectations around operational efficiency. Early adopters gain an advantage while firms that stay manual face rising pressure. We also look at OpenAI's new high security controls for ChatGPT and what they mean for client data protection. We round out the episode with updates on PwC's AI‑driven managed security launch, KPMG's strategic retreat from federal audit, and key cybersecurity signals from regulators and vendors. Learn more at https://crestvale.ioSupport the show

Black Ore's launch of fully autonomous tax return preparation is the clearest sign yet that the work model for tax practices is changing. Instead of AI assistance, firms now have a path to full prep automation with human review layered on top. Early adopters stand to reset their cost structure and capacity planning for the coming season. This matters because leaders who move first will gain margin protection, reduce staffing pressure, and raise expectations for turnaround times. Those who wait may find themselves competing against firms with fundamentally different economics. The episode also covers weak AI ROI in finance teams, the new U.S. Department of Labor AI Literacy Framework, and Portal26's push to control runaway agent costs, along with key security and infrastructure updates. Learn more at https://crestvale.ioSupport the show

GitHub is shifting Copilot to usage-based billing on the first of June, and this is the moment when AI development tools stop being cheap experiments and start acting like real infrastructure. This episode breaks down what the change means for cost visibility, governance, reporting, and performance measurement inside professional service firms. Leaders will feel this shift in their budgets, in their workflows, and in the questions they get from finance. Understanding the operational impact now will help firms avoid surprise spending and defend the value of AI-assisted development later this year. We also cover new moves from Otter, Affinity, and Red Hat, along with new data from cyber insurers on the risks that actually drive financial losses. Learn more at https://crestvale.ioSupport the show

The Internal Revenue Service has created a narrow escape hatch for Employee Retention Credit denials, and firms now have a short window to keep refund claims alive. This episode explains what Form 907 actually does, who qualifies, and why the statute of limitations is the real threat for many clients. For leaders at accounting, law, and advisory firms, the bigger story is how these quiet rule shifts can create or erase client value. Understanding the timing risk matters as much as understanding the tax position itself. We also touch on ransomware crews moving to VPN hunting, Europe's new cloud autonomy standard, and how one major law firm is ending AI pilot fatigue. Supporting stories cover identity chain fragility, LLM security flaws, firewall persistence malware, real time credential protection, and rising public sector cyber risk. Learn more at https://crestvale.ioSupport the show

Microsoft fixed a dangerous role misconfiguration in Entra that briefly allowed broad takeover of service principals across entire tenants. This episode explains what happened and why firms should treat service principal ownership with the same seriousness as high‑privilege user accounts. For founders and firm leaders, the deeper issue is the pace at which cloud platforms introduce new roles and preview features. These changes can expand exposure quietly, and traditional access reviews often fail to keep up. We break down what to check now and how to tighten your monitoring. We also cover the Cohere and Aleph Alpha merger, a long‑standing Linux privilege escalation bug, and Infor's view on why data security is slowing enterprise AI programs. Learn more at https://crestvale.ioSupport the show

Today's episode looks at how agentic AI is shifting from experimentation to billable work. Google, Microsoft, and leading security vendors are signaling that firms should turn pilots into repeatable services, with early movers setting the price points clients will adopt. This matters because clients are no longer paying for AI concepts. They are paying for deployment, governance, assurance, and proof that systems are doing what they should. Firms that act now will shape expectations and keep the client relationship anchored to measurable results. We also cover why CFOs are treating AI and workflow automation as the strongest remaining cost lever, how leading firms are filtering vendor hype with disciplined pilots, and why recent Teams‑based attacks show that internal chat has become an active risk surface. Learn more at https://crestvale.ioSupport the show

Google is launching the Gemini Enterprise Agent Platform, a unified control system for building and managing AI agents across an organization. The new platform replaces scattered tools with a single place to handle development, data access, scaling, and governance. For firms planning to operationalize agents, this move sets new expectations for what enterprise AI needs to include. This matters because firms are shifting from pilot projects to real workflows that must stay reliable and compliant. Long-running agents, persistent memory, and stronger oversight will shape how professional service firms automate their work and how quickly they can deploy internal and client-facing tools. The episode also covers the Freshfields and Anthropic partnership, new warnings about China-linked router botnets, and Singapore's operational playbook for governing agentic AI. Learn more at https://crestvale.ioSupport the show

This episode looks at the growing demand for operational AI governance. Acronis introduced a new service that turns AI oversight into a recurring managed offering, giving firms real visibility into client use and the ability to enforce guardrails before problems develop. For professional service leaders, the shift matters because clients are adopting AI faster than internal controls can keep up. This creates risk, but it also opens a new service category for firms that want to lead on responsible AI use instead of reacting to exposure after the fact. We also cover the collapse of the accounting talent pipeline, new signs that BigLaw attrition is tied to weak AI enablement, and the latest move in Congress to narrow Corporate Transparency Act reporting. Learn more at https://crestvale.ioSupport the show

Today's episode breaks down the surge in AI driven security incidents across professional service firms. AI agents are now showing up inside environments without approval, oversight, or controls, and the operational impact is already visible. Firms are facing data exposures, disruptions, and unintended actions because bots with real credentials are making decisions no one is monitoring. This matters for firm leaders because AI agents now behave like users. They hold access, trigger workflows, and shape outcomes. Without clear onboarding, auditing, and offboarding, they create blind spots that attackers and regulators can exploit. Firms that build discipline around agent governance will reduce incidents and avoid regulatory trouble. We also cover new findings from Kroll, board level responses to fast moving frontier models, and the rising GDPR risks tied to AI in internal investigations. Learn more at https://crestvale.ioSupport the show

Today's episode breaks down the breach at Vercel that started with a single employee connecting a consumer AI app to a corporate account. It is a clear example of how everyday tools create hidden access paths that can bypass even strong security programs. For firm leaders, the message is direct. OAuth permissions are now a frontline risk. If teams are linking personal AI tools or browser extensions to Google Workspace or Microsoft accounts, the exposure is already in play. This episode explains what happened and how to assess your own environment. We also cover Adobe's new agent driven customer experience layer, collapsing AI adoption rates inside firms, and how BBVA turned shadow AI into a managed enterprise system. Supporting stories include Booking dot com's security reset, new DNS guidance from NIST, and growing malware threats targeting operational systems. Learn more at https://crestvale.ioSupport the show

AI driven cyberattacks are accelerating, and boards are being warned that security can no longer sit in an IT corner. This episode breaks down new guidance from the United Kingdom, fresh model releases from OpenAI, and the latest breach hitting a major hosting provider. The theme running through all of it is simple: attack speed is rising, and governance needs to keep up. Professional service firms are sitting in a risk zone. Clients are adopting AI assisted defense. Regulators are raising expectations. And attackers are exploiting weaknesses in supply chains and hosting platforms. Leaders who treat this as a strategic risk will stay aligned with client expectations and protect their operating base. We also cover supporting developments across AI vendor curation, hybrid cloud strategy, and network level fraud detection. Learn more at https://crestvale.ioSupport the show

This episode breaks down the surge in MFA bypass phishing kits after the Tycoon takedown. The removal of more than three hundred domains did not slow attackers. It pushed them into smaller platforms that copied Tycoon's methods and expanded them. For firm leaders, this shift signals that MFA alone no longer blocks modern credential theft. This matters because these new kits intercept one time codes and session tokens in real time. Firms that rely on older authentication assumptions are exposed, and many have not updated governance or controls to match the current threat landscape. This episode explains the practical changes leaders need to understand. We also cover the new FortiSandbox exploit, the growing need for AI governance in cyber programs, and how solo operators are replacing junior hires with AI agents. Learn more at https://crestvale.ioSupport the show

New York regulators have tightened cybersecurity attestations, creating immediate downstream pressure on every service firm that works with clients under state oversight. This episode explains what changed, why the new multi factor authentication and asset inventory requirements matter, and how they will influence vendor expectations across accounting, law, and advisory practices. For firm leaders, the impact is significant. Compliance risk now extends into your own internal systems and controls, whether you are ready or not. The episode breaks down the practical implications and the decisions firms will face as clients align with the new standard. We also cover Zoom's new human verification checks, Zenskar's funding for complex revenue automation, and the ongoing disconnect between CEOs and CISOs. Learn more at https://crestvale.ioSupport the show

American Express is buying Hyper to pull AI agents directly into corporate spend workflows. This move signals a shift in how expense management will work, pushing policy enforcement and review into the moment a purchase happens instead of the end of the month. For professional service firms, this matters because manual expense workflows will soon feel slow and error‑prone compared with automated systems. The firms that modernize early will gain tighter controls and cleaner data with less back‑office labor. Those that wait will fall behind as clients and staff expect faster cycles. This episode also covers new automation in immigration practices, rising cyber losses linked to AI and crypto, and how offshoring continues to reshape firm economics. Learn more at https://crestvale.ioSupport the show

Today's episode breaks down the move by Microsoft and Dayshape to bring automated staffing directly into the core systems that professional service firms already use. This shift marks a turn away from reactive scheduling and toward continuous, machine‑driven allocation. It has immediate implications for margins, workload balance, and client delivery. For firm leaders, this matters because staffing is one of the last major operational areas still dominated by manual work. When a system can match people to projects in real time, firms gain speed and control during their busiest cycles. Waiting too long risks widening the gap with early adopters. We also cover Freshfields' large‑scale deployment of Gemini, the Financial Industry Regulatory Authority's new cyber portal, and key updates across security and infrastructure. Learn more at https://crestvale.ioSupport the show

This episode breaks down why Anthropic's new system called Mythos is forcing firms to rethink their entire security posture. The Cloud Security Alliance warns that the old buffer between discovering a vulnerability and exploiting it is disappearing, and slow patching cycles will not survive the shift. For leaders in accounting, law, and consulting, this change hits the core of risk management. Firms that rely on manual prioritization, limited staffing, and predictable change windows will fall behind attackers who move at machine speed. The window to modernize security workflows is short. We also cover HubSpot's push into Answer Engine Optimization, the quiet AI tipping point inside this year's tax season, and new concerns about staff resistance slowing down AI programs. Learn more at https://crestvale.ioSupport the show

Today's episode focuses on how Commvault is repositioning itself from a backup provider to a control layer for AI agents. The company is aiming to solve a growing problem for firms: proving what an agent used, what it touched, and how to reverse its mistakes. As agent use accelerates, this control gap is becoming one of the biggest operational risks for professional service firms. This shift matters because firms will need clearer data lineage and faster recovery options as agent activity expands across their systems. The tools that can track, validate, and unwind agent behavior will shape how safely firms can adopt AI in daily operations. We also cover new advances in legal business intelligence from Centerbase, agentic audit automation from Fortreum and Kovr AI, and tighter cyber rules from UK regulators. A short roundup highlights key moves from Cloudflare, Aura, and Sygnia. Learn more at https://crestvale.ioSupport the show

A new Adobe Reader zero day is being used in live attacks, and it turns everyday PDF handling into a possible breach path. This episode breaks down what the flaw does, why it matters for firms that handle sensitive documents, and what leaders should do before the workday gets going. This matters because professional service firms rely heavily on PDF workflows. A remote code execution flaw hidden inside those files creates direct exposure across tax, legal, accounting, and client onboarding work. The update is out, but the window for exploitation has been open for months. We also cover Ivanti's structured approach to AI governance, N-able's warning about the limits of endpoint security, and the rise of agentic AI inside wealth management workflows. Learn more at https://crestvale.ioSupport the show

Today's episode breaks down the rapid shifts happening across AI security, software pipelines, and workflow tools. Anthropic's Mythos model is uncovering serious vulnerabilities across major systems, OpenAI is dealing with a supply chain breach that forces macOS users to update, and the market is sending a clear signal that autonomous agents are reshaping the value of legacy workflow platforms. These changes matter for every professional services leader. Security windows are shrinking, build pipelines now carry real risk, and clients will expect tools that produce work instead of routing it. Firms that move early will avoid disruption and gain new operating leverage as agents become part of daily workflows. We also cover new moves in cloud infrastructure, cybersecurity, and analytics. Learn more at https://crestvale.ioSupport the show

Anthropic revealed that its internal model, Mythos, can find serious software flaws across major operating systems faster than defenders can patch them. This raises new questions for professional service firms that rely on secure, stable platforms for client work and compliance. The briefing explains how this changes the defensive landscape and why old assumptions about attacker limits no longer hold. For firm leaders, this shift affects cyber risk models, patching discipline, platform governance, and client assurances. The firms that adjust early will have a stronger position in security reviews and vendor assessments. Those that wait may find their exposure growing without noticing it. The episode also covers Cisco's move into AI observability, changes to the MSP operating stack, and new findings from Forrester on why Copilot and Gemini deployments often drag productivity instead of improving it. Learn more at https://crestvale.ioSupport the show

Today's episode breaks down Anthropic's Project Glasswing, a controlled rollout of frontier AI that can discover and exploit software vulnerabilities at a pace that surpasses human security teams. This marks a shift in how firms must think about both software development and software procurement as AI driven offensive capability becomes real. For professional service firms, this change affects client trust, vendor risk management, regulatory exposure, and the expectations surrounding cybersecurity maturity. Firms that assume legacy processes will protect them are already falling behind. The episode also explains how shadow AI inside SaaS stacks, rising cybersecurity standards, and agentic AI in legal workflows are reshaping day to day operations. We also cover supporting developments from Bitsight, DXC Technology, Intruder, Hinshaw, and Amity. Learn more at https://crestvale.ioSupport the show

Today's episode looks at the shift toward outcome based automation pricing and how it affects professional service firms. Digits is challenging the old software model by charging only when automation actually replaces work. This forces a new conversation about value, risk, and how firms evaluate tools. These changes matter because leaders now face rising pressure to prove efficiency gains, control software spending, and justify technology decisions with real results. Models that tie cost to measurable automation will spread, and firms will need to understand how to evaluate these contracts. We also cover major developments in AI driven security, audit automation inside EY, and the rise of AI native assurance models, along with updates from Atlassian, Alteryx, CurrentWare, and C3 AI. Learn more at https://crestvale.ioSupport the show

This episode looks at Anthropic's new Mythos model, which has already uncovered thousands of previously unknown vulnerabilities across major operating systems and browsers. The model's speed and accuracy show how quickly offensive grade AI is evolving and what that means for firms that still rely on traditional security reviews. This matters for leaders in law, accounting, consulting, and other professional services because the attack surface is expanding faster than most firms' ability to monitor it. If AI can find flaws in code from the largest tech companies, then every firm needs to assume its own systems contain gaps that older tools will miss. We also cover Russian router hijacks targeting Microsoft three sixty five, new court rulings on AI use in legal work, and why many billing disputes point to structural revenue issues, not client behavior. Learn more at https://crestvale.ioSupport the show

Today's episode focuses on a major shift in audit oversight. Regulators in the United Kingdom and the United States are beginning to set expectations for how AI enabled audit work must be governed, documented, and defended. This marks a new phase where AI inside audit workflows becomes a regulated environment rather than a technical experiment. This matters because every firm using AI tools will soon need stronger documentation, clearer review points, and reliable evidence that humans controlled the final judgment. Firms that prepare now will move faster. Firms that wait will face tougher inspections and more client questions. We also cover the Internal Revenue Service expanding online access for more business entities, Wisconsin opening an alternative CPA pathway, and new data showing encryption rates slipping in the cloud. Learn more at https://crestvale.ioSupport the show

AI chatbots are becoming the default workspace for knowledge teams, and their rapid growth shows how quickly real work is shifting into chat-based tools. This episode breaks down what that means for professional service firms and why leaders need to standardize usage before habits drift too far. The rise of chat-driven workflows changes how work gets done, how quality is managed, and where risks emerge. Firms that get ahead of this transition will see faster output and fewer errors, while firms that ignore it will discover shadow usage already shaping their operations. We also cover Fortinet's emergency fix for an actively exploited EMS flaw, the growing business of ransomware negotiation, and a new AI tool review hub aimed at small and midsize firms. Here is what else is worth knowing today, including moves in cloud security, meeting AI, and responsible AI positioning. Learn more at https://crestvale.ioSupport the show

Anthropic has tightened control over how Claude subscriptions can be used, cutting off discounted access through third‑party tools. This shift signals a broader move across the industry as model providers push for revenue that matches compute usage. Leaders who rely on indirect access to large models will need to reevaluate their automation costs. This matters because many firms built workflows on top of wrappers and aggregators without realizing how exposed they were to pricing changes. As providers clamp down, firms should expect more metering, higher bills, and fewer flat‑rate plans. Accurate understanding of where workloads run is now critical for budgeting and risk management. The episode also covers the European Commission cloud breach, LinkedIn's browser scanning controversy, and why small firms are overspending on the wrong AI tools. Learn more at https://crestvale.ioSupport the show

Today's episode focuses on the rise of AI control towers and why governance is becoming the new center of gravity for enterprise technology. ServiceNow is betting that the future belongs to the platforms that decide which agents can act, what data they can access, and how decisions are audited. This shift matters because firms are moving past experiments. AI agents now touch real money and real clients. Leaders need clarity, policy enforcement, and oversight they can trust. The episode explains how this model is taking shape and what it means for providers who build or sell into the enterprise. We also cover shadow AI transcription risk, AI native insurance defense, and the pressure on MSPs to sell outcomes instead of tools. The shortlist includes key developments in cybersecurity, voice automation, and data protection. Learn more at https://crestvale.ioSupport the show

States are introducing new cyber safe harbor laws that reward firms with disciplined security programs. This episode explains how documented alignment to recognized cybersecurity frameworks can now reduce liability, strengthen legal positioning, and shift how professional service firms approach compliance. For firm leaders, these changes matter because they turn a once routine security requirement into a meaningful shield in disputes. The firms that treat cybersecurity like financial controls will gain both protection and leverage. The ones that do not will face higher risk when an incident occurs. We also cover rising AI budgets among large enterprises, Box's new AI agent for contracts and RFPs, and major gains from automating bookkeeping work. Additional updates include moves from ArmorPoint, F5, Depthfirst, and Linx. Learn more at https://crestvale.ioSupport the show

Gallagher's firmwide AI rollout cut claim review time by as much as ninety percent, and it signals a larger shift. The firms that treat AI as core infrastructure instead of isolated tools are pulling ahead in speed, consistency, and cost control. Today's episode breaks down what Gallagher built and why it matters for professional service firms that handle document heavy work.This matters because platform level decisions determine how fast firms can modernize high volume workflows in the years ahead. Leaders who build shared data standards, governance, and reusable components now will see the compounding benefits long before their competitors.We also cover the rise in class‑action risk tied to everyday digital practices, the six hundred billion dollar data center boom reshaping cloud pricing, and why MSPs are firing clients who refuse baseline security.Learn more at https://crestvale.ioSupport the show

Today's episode looks at two newly patched OpenAI flaws that turned routine AI use into a real security exposure. One allowed hidden data exfiltration through ChatGPT. The other could steal GitHub tokens through Codex. These issues show how quickly AI tools have become part of the attack surface for professional service firms.This matters because firms are wiring AI into client work, document flows, and code systems. These tools now sit close to sensitive assets, and a single overlooked weakness can create broad exposure. Leaders need to treat AI products the same way they treat core infrastructure and identity systems.We also cover the Axios npm hijack, Azure Copilot's new multi‑agent migration model, and sanctions risks tied to Iranian ransomware fronts.Learn more at https://crestvale.ioSupport the show

Today's episode focuses on the growing gap between how fast firms adopt AI and how little direction they give their teams. Employees are using AI on their own, often with public tools, while leaders fail to set rules or measure impact. That gap now influences client trust, internal risk, and the stability of day‑to‑day work.This matters because firms that avoid clear guidance end up with inconsistent client experience, scattered workflows, and rising uncertainty among staff. Strong AI governance is now a core part of firm management, not an optional policy.We also cover Carson's agentic AI platform, pressure on the Common Vulnerabilities and Exposures system, and how AI is reshaping the accounting firm org chart. Plus updates on cloud automation, security integration, and enterprise AI platforms.Learn more at https://crestvale.ioSupport the show

Today's episode looks at the growing gap between autonomous AI agents and the security tools meant to control them. Palo Alto is pushing Prisma S A S E as the answer, but the architecture was built for human users, not fast moving agent workloads. That gap is turning into a real risk for firms deploying AI without clear visibility.This matters because agents are becoming a new entry point for breaches. Most firms still cannot identify or govern their own agent activity, and GPU workloads leave large inspection gaps. Clients and regulators are raising expectations around data protection, and firms need a plan before these systems scale.We also cover new guidance from the Open Web Application Security Project, shrinking exploit timelines driven by AI, and an enterprise case study showing how operational friction drops when workflows are rebuilt for automation.Learn more at https://crestvale.ioSupport the show

Today's episode examines the rapid rise of employee-driven AI use and the growing gap between how staff actually work and the security controls firms believe are in place. As public models become everyday tools for drafting and research, sensitive information is moving into systems that were never designed to protect client data.This matters for leaders because the main risk is not a sophisticated breach. It is ordinary workflow behavior happening out of sight. Without clear guardrails, firms are exposed to accidental data leakage, compliance issues, and long-term loss of control over client information.We also cover scripted fixes for unpatchable vulnerabilities, a new high-severity flaw in Citrix NetScaler, and research showing where large language models still fail at complex reasoning.Learn more at https://crestvale.ioSupport the show

TaxGPT is now completing full ten forty returns inside the tax software firms already use. This marks the first practical step toward shifting tax prep from manual entry to supervised automation. It keeps existing workflows intact, which lowers the barrier to adoption for firms that cannot afford major system changes.This matters because firms that move early will gain a structural margin advantage. Review becomes the main human task. Turnaround times shrink. Capacity expands without adding headcount. And client expectations change quickly once they see what is possible.We also cover the leak of Anthropic's Claude Mythos materials, Xero's integration of real time accounting data with Claude, and Sax's acquisition of CoMetrics to deepen advisory capability.Learn more at https://crestvale.ioSupport the show

Today's episode looks at how Merrill is rebuilding the client meeting process around AI. Instead of using separate tools, the firm pushed an end-to-end workflow into Salesforce Financial Services Cloud and Zoom. The result is faster preparation, automated summaries, and less administrative friction for advisors.This matters because client expectations will shift quickly. Firms that rely on manual prep and follow-up will feel slow compared to those that adopt AI-driven meeting operations. The move signals a broader change in how professional services handle client interactions, documentation, and capacity planning.We also cover rising cybersecurity expectations, a new NetScaler flaw that echoes CitrixBleed, and new legal signals around feeding client data into public AI tools.Learn more at https://crestvale.ioSupport the show

Today's episode looks at new data from Intuit showing that AI now delivers the fastest return in the enterprise stack. Leaders are no longer treating AI as an add on. They are rebuilding workflows around it because complexity has become a direct drag on margin. The gap is widening between firms that simplify their systems and firms that continue adding tools on top of legacy workflows.This matters for professional service firms because scattered operations now carry real cost. AI only works at scale when data is consistent and systems are unified. Firms that clean up their stack will see faster cycles and stronger visibility. Those that delay will feel rising operational friction.We also cover new identity risks highlighted by PwC, hidden IP grabs in AI vendor contracts, and the rise of agentic AI in accounting teams.Learn more at https://crestvale.ioSupport the show

A new federal ruling confirms that entering sensitive information into a public AI tool can waive privilege and even undermine trade secret status. Courts now treat these systems as third parties, which creates immediate exposure for firms that allow staff to experiment with consumer AI tools. This episode breaks down what changed and why firms need tighter controls.For leaders in professional services, the impact is direct. Privilege waiver cannot be undone, and trade secret protection depends on reasonable steps to maintain confidentiality. Firms that do not update their AI usage rules now risk losing core protections in litigation and transactions.We also cover the real cost drivers behind AI agents, the security implications of the FCC's new router restrictions, and the latest findings from M Trends on attackers targeting backup and identity systems.Learn more at https://crestvale.ioSupport the show

This episode explains why AI is becoming the primary interface for professional service firms while the older tools underneath settle into quiet back-end roles. Leaders are using this shift to cut software costs, simplify workflows, and focus investment on the AI layer their teams actually use.This matters because firms that cling to tool-first thinking will overspend and underperform. The firms pulling ahead are treating AI as the front door of their stack and using it to reshape client work, talent productivity, and software buying power.We also cover the widening growth gap in accounting, new data on low employee AI skill levels, the global shortage of cybersecurity leadership, and four fast-moving security stories leaders need to monitor.Learn more at https://crestvale.ioSupport the show

Today's episode covers an emergency identity flaw in Oracle systems that allows remote code execution without authentication. The patch arrived outside Oracle's normal cycle, which signals how urgent the company believes the issue is. We also examine how this fits into a wider pattern of identity‑tier risk that firms can no longer treat as optional work.These developments matter because identity systems have become the modern perimeter. Once they fail, attackers can move quietly through accounts and integrations that most tools never flag. Firms that rely on older versions or slow patch cycles face the greatest exposure.We also break down shifts in startup hiring, the Stryker wipe attack, and ServiceNow's move to embed AI security agents directly into enterprise workflows.Learn more at https://crestvale.ioSupport the show

Today’s episode examines the growing shift toward enterprise AI and how major vendors are reorganizing to meet demand. OpenAI plans a significant hiring expansion aimed at strengthening its enterprise products, while Salesforce and Nvidia move to bring AI agents directly into daily workflows. At the same time, Anthropic’s dispute with the Pentagon shows how quickly national‑security designations can disrupt vendor access, and new research highlights the industrialization of cybercrime.For founders and operators, these stories point to a changing landscape where platform choices, deployment models, and security posture will matter more than ever. Enterprise AI is no longer an experiment. It is becoming part of core operations.We also cover updates from IBM, Lumentum, Oracle, Seattle’s public‑sector planning, and Uber’s business expansion.Learn more at crestvale.co.Support the show

A new federal plan aims to create one national standard for AI regulation, replacing a growing mix of state rules. Today’s episode breaks down what the proposal covers, how it could reshape compliance for AI teams, and why it signals a shift toward centralized oversight in Washington.This matters for operators and product leaders because a unified rulebook would simplify deployment across all fifty states. It also offers a clearer path for companies planning model integration, data infrastructure, or customer‑facing AI features at national scale.We also look at the growing power constraints hitting data center projects, the move toward AI stack design in healthcare, and new details on cyber pressure from Iran‑linked groups.Plus, updates from Arista Networks, Salesforce, Siemens, NVIDIA, and Spotify.Learn more at crestvale.co.Support the show

Microsoft introduced a new Zero Trust approach tailored for AI deployments, giving security and IT teams a clearer way to tighten controls as agentic systems spread through the enterprise. The framework includes new guidance, updated assessment tools, and a reference architecture designed to map how AI agents move through data and systems.This matters for operators because AI is now touching real decision paths. Organizations need practical ways to understand access, evaluate risk, and prevent silent failures. The episode also covers the broader security landscape, including a destructive attack tied to Intune, updates to federal research funding programs, and a new exploit chain involving AI frontends.We also highlight Obin AI, K2 Space, Python Tutor, and a newly disclosed telnet vulnerability.Learn more at crestvale.com.Support the show

Autonomous agents are moving from early demos into the daily flow of work. This episode looks at how Snowflake, Microsoft, and major AI providers are shifting from simple assistance to full task execution. It’s a quiet but important change that affects how teams organize, how data is governed, and where companies place their budgets.For operators and decision‑makers, the story is about control. As agents begin to handle more of the routine work, leaders have to think about trust, data access, and which parts of the workflow stay in human hands. The companies that make these choices early will adapt faster as the tools mature.We also cover the shift in enterprise spending toward Anthropic, Micron’s rapid rise on the back of AI memory demand, and new signals from Microsoft about how fast agent‑driven work may scale.Learn more at crestvale.ioSupport the show