Articles
Governing AI Agents: Least Privilege for Autonomous AI (2026)
Autonomous AI agents act, not just answer — which makes their permissions a security problem. How to apply least privilege, human-in-the-loop, and measurement to AI agents.
Generative AI Security for Enterprises: Prompt Injection, Data Leakage & Controls (2026)
The real security risks of deploying generative AI in the enterprise — prompt injection, sensitive data disclosure, system-prompt leakage — and the controls that contain them, in a Japanese context.
Global CBPR Certification: Process, Cost & Cross-Border Data Transfer (2026)
How Global CBPR certification works — the Forum, Accountability Agents, JIPDEC's process, costs, and how it compares to GDPR transfer mechanisms for companies operating in Japan.
Cloud & SaaS Controls under J-SOX: SOC 1, Shared Responsibility & Modern ITGC (2026)
How J-SOX applies to cloud and SaaS — relying on provider SOC 1 reports, the shared-responsibility split, and the control documentation gaps that cloud migrations create.
J-SOX Explained: Japan's Internal Control Over Financial Reporting for Foreign Companies (2026)
What J-SOX requires of foreign companies — Japan's internal-control-over-financial-reporting regime under the FIEA, its scope across overseas subsidiaries, the 2023 IT-control revision, and how it differs from US SOX.
IT General Controls (ITGC) under J-SOX: What Auditors Expect (2026)
J-SOX makes IT controls a first-class component of internal control. What IT general controls — access, change management, operations — auditors expect, and how to evidence them.
Japan's AI Governance: What Foreign Companies Must Know About the AI Promotion Act (2026)
Japan regulates AI through a soft-law framework — the 2025 AI Promotion Act, METI's AI Guidelines for Business, and the AI Safety Institute. A practitioner's guide for foreign companies.
Japan's APPI Explained: A Compliance Guide for Foreign Companies (2026)
What the Act on the Protection of Personal Information (APPI) requires of foreign companies — extraterritorial scope, breach deadlines, penalties, and how it differs from GDPR.
Japan's Cybersecurity Laws & Guidelines: What Foreign Companies Operating in Japan Must Know (2026)
A practitioner's guide to Japan's cybersecurity and data-protection regime — APPI, Global CBPR, J-SOX — for foreign companies, mapped to GDPR, NIST CSF and ISO 27001.
The NTT Insider Breach: 9.28 Million Records, One Privileged Account, Ten Years
How a single privileged account let a contractor exfiltrate 9.28M records from an NTT subsidiary undetected for a decade — an insider-threat case study for security teams operating in Japan.
When Your Partner's Staff Are Inside: Japan's Secondment (出向) Risk and the Toyota Insurer Leak
Seconded insurance-company staff allegedly took Toyota internal information for years. A look at Japan's 出向 secondment model as an insider-threat blind spot for foreign companies.