SecureWorld News

The NVD Course Correction: Navigating NIST’s Strategic Pivot for 2026

CamS@secureworld.io (Cam Sivesind) — Fri, 17 Apr 2026 13:30:02 GMT

For the better part of the last two years, the cybersecurity community has watched the National Vulnerability Database (NVD) with a mix of concern and frustration. As the volume of Common Vulnerabilities and Exposures (CVEs) hit record highs, the "gold standard" of vulnerability enrichment seemed to be buckling under the weight of its own success.

NIST has now officially announced a major operational update to the NVD to address this growth. For cybersecurity professionals, this isn't just a change in government workflow—it is a fundamental shift in how we will manage the vulnerability lifecycle moving forward.

The numbers are staggering. As software complexity explodes—driven by the rapid integration of AI and the sprawling growth of the "Agentic Enterprise"—the sheer number of CVEs has outpaced the human-led enrichment process at NIST.

This resulted in a significant enrichment gap, where thousands of CVEs lacked critical metadata like CVSS scores, CWE mappings, and CPE identifiers. For the enterprise, this gap created a "Maturity Mirage," where security teams were aware of vulnerabilities but lacked the high-context data needed to prioritize them effectively.

The update signals that NIST is moving toward a more collaborative, automated enrichment model. For practitioners, this means it is time to update their "Mental Risk Management Operating System."

The Shift: Practitioners can no longer wait for the NVD to provide the "final word" on a vulnerability before acting.
The Action: Teams must become more reliant on direct data from CVE Numbering Authorities (CNAs) and supplement NVD data with threat intelligence—such as CISA’s Known Exploited Vulnerabilities (KEV) catalog—to bridge the enrichment window.

We asked Kip Boyle, vCISO at Cyber Risk Opportunities LLC, for his take on the changes:

"NIST just stopped pretending it could enrich every CVE. Most security teams should be relieved. Here is why this matters for boards and CFOs:

For years, vendors have sold "patch everything CVSS 7 and above" as if that were a strategy. It never was. Patch coverage on critical-severity vulnerabilities is a vanity metric. Most of those vulnerabilities will never be exploited in your environment.
The CVE volume that broke NIST is the same volume that breaks every internal vulnerability management program. NIST's response is the right one: focus on what is actually being exploited (CISA's Known Exploited Vulnerabilities Catalog), federal-use software, and critical software per Executive Order 14028. Everything else still gets listed, but does not get the severity-score halo."

Kip continued, " This forces a long-overdue conversation in mature programs:

KEV coverage is the better operational metric than CVSS coverage.
CNA-provided severity scores are now the default. Trust the vendor closest to the code, then verify in your context.
If your patching SLAs depend on someone else enriching CVEs for you, your program was never risk-based.

He concluded, "The wizard's robes are off. Vulnerability management is a prioritization problem, not a scoring problem."

Boyle will be teaching a PLUS Course on "" at SecureWorld Philadelphia May 6-7. Check the full agenda for his course details and the full conference agenda.

"To me, this change represents a welcome transition from a 'Universal Vulnerability Library' to a more refined 'Risk-Based Vulnerability Triage' model," said Mayuresh Dani, Security Research Manager at Qualys Threat Research Unit. "This change will significantly impact solutions; specifically hardcoded tools, that provide a verdict based on the NVD's Common Platform Enumeration (CPE) strings. This could lead to a situation where a critical CVE does not list the CPE information as it has not been enriched by the NVD and no alerts will be generated for such vulnerability."

He continued, "I also feel that this move will force the industry to move away from 'Patch Everything' toward 'Patch What Matters.' Just the burden of determining its severity and relevance now falls entirely on the individual organization. This can be offset when CNAs provide the additional metadata as they understand the architecture of their own products better than a NIST analyst. However, there might be situations where a vendor downplaying a vulnerability in their product for PR purposes."

Dani concluded," Overall, I will miss the loss of a neutral third-umpire since NIST acted as an unbiased third party up until now."

As NIST prioritizes automation and consortium-based enrichment, enterprises must ensure their own vulnerability management tools are capable of ingesting diverse, real-time data feeds.

Visibility is King: As seen in recent reports on SaaS and "Shadow AI" sprawl, your exposure is likely larger than your current scanner admits.
Prioritization: Move away from "patch everything" toward risk-based prioritization. If the NVD metadata is delayed, use reachability analysis and business context to decide what gets patched first.

NIST is leaning into a "Consortium" approach, so governments and vendors (industry partners) must distribute the enrichment workload.

Vendors: There is now a higher expectation for software producers to provide complete, accurate metadata at the time of CVE assignment.
Governments: This move ensures that the NVD remains a viable public resource, but it also underscores the need for "Cyber Resilience"—the ability to maintain security posture even when centralized government resources are in transition.

AI: The Help and the Hazard

While NIST is exploring AI to help automate the categorization of vulnerabilities, the 2026 landscape reminds us that AI is a double-edged sword. As noted in other recent industry research, while AI can speed up defensive scanning, it also allows adversaries to reverse-engineer patches and weaponize N-day vulnerabilities in a fraction of the time. NIST's operational update is, in many ways, a defensive response to this "AI-driven velocity."

"We've seen a dramatic spike in AI-reported valid vulnerabilities. According to reports, last year alone, the number of reported vulnerabilities more than doubled," said Vincenzo Iozzo, CEO and Co-founder at SlashID. "As a result, the new NIST policy is sensible and the categories still covered are the most critical ones. Further, LLMs are approaching the point where they are good enough to allow individual organizations to prioritize and contextualize vulnerabilities in their environment reducing the need for enriched CVEs."

NIST’s update to the NVD is a necessary evolution. By acknowledging that the old manual model is unsustainable, it is paving the way for a more resilient, decentralized vulnerability ecosystem.

"What NIST is acknowledging is something the research community has understood for years: you cannot centralize vulnerability triage at this volume and expect it to hold," said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd. "The signal that actually drives remediation priority has always come from real-world exploitability, not database metadata, and that requires human researchers with adversarial instincts working continuously against live environments. The next generation of vulnerability programs will be built around that kind of active, distributed signal, not quarterly enrichment cycles."

For the cybersecurity community, the message is clear: the database is a tool, not a crutch. Success in 2026 will be defined by how quickly practitioners can turn a CVE "alert" into a high-context "action," regardless of how long it takes for the official metadata to catch up.

OpenAI Launches GPT-5.4-Cyber, Expands Trusted Access Program as AI Defense Race Heats Up

drewt@secureworldexpo.com (Drew Todd) — Thu, 16 Apr 2026 21:23:05 GMT

One week after Anthropic unveiled its Mythos frontier model — deployed in a controlled manner through Project Glasswing — OpenAI has answered with GPT-5.4-Cyber, a variant of GPT-5.4 fine-tuned specifically for defensive cybersecurity use cases.

Alongside the model release, OpenAI announced it is scaling its Trusted Access for Cyber (TAC) program to thousands of authenticated individual defenders and hundreds of teams responsible for securing critical software. Access to GPT-5.4-Cyber is tiered: individuals can verify their identity at chatgpt.com/cyber, while enterprise teams apply through an OpenAI account representative.

"The progressive use of AI accelerates defenders — those responsible for keeping systems, data, and users safe — enabling them to find and fix problems faster in the digital infrastructure everyone relies on," OpenAI said.

What GPT-5.4-Cyber Actually Does

Unlike standard GPT-5.4, which applies blanket refusals to many dual-use security queries, GPT-5.4-Cyber is described by OpenAI as "cyber-permissive"—meaning it has a deliberately lower refusal threshold for prompts that serve a legitimate defensive purpose. That includes binary reverse engineering, enabling security professionals to analyze compiled software for potential malware, vulnerabilities, and security robustness without access to the source code.

The model also carries specific restrictions. Use in zero-data-retention environments is limited, given that OpenAI has less visibility into the user, environment, and intent in those configurations — a tradeoff the company frames as a necessary control surface in a tiered-access model.

OpenAI also pointed to progress with Codex Security, its AI-powered application security agent now in research preview, which has helped fix over 3,000 critical and high-severity vulnerabilities across codebases since launch.

Two Philosophies, One Problem

The rapid one-two punch of releases from Anthropic and OpenAI has sharpened a debate in the security community — not just about which model is more capable, but about which risk philosophy holds up when capabilities are this powerful.

Ronald Lewis, Head of Cybersecurity Governance at Black Duck, laid out the divergence plainly: OpenAI's TAC approach mirrors how advanced forensic platforms have historically been released — restricted to validated professionals, governed by contractual controls, designed to augment expert judgment. Anthropic, by contrast, placed greater emphasis on model alignment and internal self-restraint over individual-level access controls.

"This represents a deliberate departure from the conventional 'dangerous tool → trusted operator' paradigm," Lewis said, noting that Anthropic's strategy reflects a different theory of risk management — that sufficiently aligned models combined with institutional governance can enable broad, high-capability use without strict individual gatekeeping.

Lewis characterized OpenAI's posture as more conservative: "It treats advanced cyber capabilities as regulated instruments, suitable for controlled deployment within professional workflows, much like forensic and investigative tooling, rather than as broadly accessible general-purpose systems."

The Remediation Gap Nobody's Solving

Security practitioners will find the sharpest analysis in what several experts say these announcements are failing to address: the widening gap between discovery speed and remediation capacity.

Marcus Fowler, CEO of Darktrace Federal, welcomed the expanded access but cautioned against confusing faster analysis with faster risk reduction. "Some of the greatest challenges in cybersecurity today are not the identification or analysis of weak code," Fowler said. "Most organizations are still constrained by the realities of remediation once an issue is discovered: patch development, testing, deployment, uptime requirements, and resource limitations."

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, put the distinction bluntly: "Finding bugs is very different from fixing bugs."

Trey Ford, Chief Strategy and Trust Officer at Bugcrowd, was more pointed. The bottleneck, he argued, has never been the model — it's the program architecture that determines which findings get verified, which get triaged, and which actually get fixed before an attacker reverse-engineers the same patch.

"What OpenAI's TAC expansion and Anthropic's Glasswing both tell us is that AI-discovered vulnerabilities are outpacing the coordinated infrastructure built to remediate them. The next generation of security programs won't be judged on which AI model they use to find vulnerabilities — they'll be judged on whether they built the program architecture, researcher coordination, and triage capacity to close the gap between machine-speed discovery and human-speed remediation."

— Trey Ford, Chief Strategy and Trust Officer, Bugcrowd

Ford's bottom line for CISOs: "The question every CISO should be asking isn't which model they can access — it's whether their program was designed to act on what those models find."

The Access Control Problem AI Can't Gate Its Way Out of

Ram Varadarajan, CEO at Acalvio, identified a harder architectural limitation that both releases sidestep. OpenAI's identity-gating is a reasonable control surface, he said, but one that "collapses entirely when the attacker is an agentic AI operating with authenticated credentials inside the perimeter, where identity is neither suspicious nor verifiable."

"The industry is converging on knowing who's in the environment," Varadarajan said. "But the more durable question is whether the environment itself can be made to betray what an attacker — human or AI — actually does when no one's watching. That question — environment as detection surface — may be the one that frontier model vendors are structurally unable to answer."

What Comes Next

OpenAI signaled that the TAC expansion is explicitly iterative. The company intends to broaden access to critical infrastructure defenders over time, and acknowledged that today's safeguards are calibrated to current model capabilities — future generations will require more extensive defensive architectures.

Notably, GPT-5.4-Cyber is not currently available to U.S. government agencies, though OpenAI told reporters it is in ongoing discussions and will evaluate access through internal governance and safety review processes.

Whether the AI-for-defense race ultimately benefits practitioners will depend less on which company's release philosophy wins out and more on whether the security organizations receiving these tools have the program infrastructure to act on what the models find.

Follow SecureWorld for more cybersecurity news.

Anthropic’s Claude Mythos Signals a New Era in AI-Powered Cybersecurity — and a Race No One Is Ready For

drewt@secureworldexpo.com (Drew Todd) — Thu, 16 Apr 2026 20:51:16 GMT

On March 26, 2026, a routine configuration error at Anthropic inadvertently left thousands of unpublished internal assets publicly accessible on the internet. Among them: a draft blog post describing a new model the company had been quietly developing — one it called “by far the most powerful AI model we’ve ever developed,” and which it warned could “presage an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”

Eleven days later, on April 7, Anthropic made it official. Claude Mythos Preview had arrived — not with a public release, but with a restricted defensive deployment unlike anything the AI industry had organized before. Anthropic had concluded the model was too capable to distribute widely, and chose a third path: deploy it defensively, at scale, under structured conditions, before offensive actors developed comparable capabilities.

What makes Mythos Preview different from every AI security tool that preceded it is not just what it can find — it is what it does next. Prior models could assist with vulnerability discovery, but rarely converted findings into working exploits. Mythos Preview does both, autonomously, without human intervention beyond an initial prompt. Given a target and a single instruction, the model reads source code, forms hypotheses, validates them against a live environment, and delivers a complete, weaponized exploit. The loop from prompt to root access now runs in hours, sometimes overnight, at a cost that can be under $50 per finding.

That is the inflection point. And according to the security practitioners who have been watching this space closely, the industry’s response has barely begun.

What Project Glasswing Actually Is

Project Glasswing brings together 12 founding partners — Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself — alongside more than 40 additional organizations responsible for building or maintaining critical software infrastructure. Anthropic has committed $100 million in model usage credits to the program, with Mythos Preview accessible via the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry. Participating organizations can use the model to scan and secure both their own first-party software and the open source systems they depend on.

One week after Anthropic’s announcement, OpenAI entered the same arena with GPT-5.4-Cyber — a fine-tuned variant of GPT-5.4 deployed to thousands of verified defenders through its Trusted Access for Cyber program. The two launches reflect a genuine strategic disagreement about how to handle models this capable. Anthropic restricted access by scarcity, concluding Mythos was too dangerous to distribute widely, regardless of who was asking. OpenAI restricted by identity verification instead, concluding that wider access to properly verified defenders produces better outcomes. The disagreement itself signals something important: the industry has not yet converged on a framework for managing AI systems at this level of capability.

Anthropic has also engaged in ongoing discussions with federal officials and has privately warned top government officials that Mythos makes large-scale cyberattacks significantly more likely this year. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell have separately cautioned financial industry executives about the model’s potential dangers.

What the Model Actually Found

Anthropic’s researchers used a consistent scaffold for all vulnerability discovery: a containerized environment, a Claude Code instance running Mythos Preview, and a single-paragraph prompt asking the model to find a security vulnerability. Human involvement ends there. The model reads code, forms hypotheses, validates them against a running target, and outputs a bug report with a proof-of-concept exploit and reproduction steps.

A 27-year-old OpenBSD kernel crash. In OpenBSD’s TCP SACK implementation, Mythos Preview identified a two-bug chain allowing a remote attacker to crash any OpenBSD host responding over TCP. The flaw dates to 1998 and had survived decades of review on an operating system built around security as its primary design principle. It has been patched.

A 16-year-old FFmpeg codec vulnerability. In the H.264 decoder, a type mismatch dating to FFmpeg’s 2003 codebase — made exploitable by a 2010 refactor — allows a specially crafted video frame to trigger an out-of-bounds write. The underlying bug survived every fuzzer and every human reviewer who had examined the code in the intervening years. Three FFmpeg vulnerabilities found by Mythos have been patched in FFmpeg 8.1.

A 17-year-old FreeBSD RCE, fully exploited without human input. CVE-2026-4747 is a stack buffer overflow in FreeBSD’s NFS server that allows unauthenticated remote root access. Mythos Preview identified the vulnerability, discovered a method to bypass the host ID requirement using an unauthenticated NFSv4 call, constructed a 20-gadget ROP chain, and split it across six sequential RPC packets to fit within the per-request constraint — entirely without human involvement after the initial prompt. A prior independent research firm had demonstrated that Opus 4.6 could exploit the same flaw, but only with substantial human guidance.

Beyond these disclosed cases, Anthropic reports thousands of additional high- and critical-severity findings across every major operating system, every major web browser, cryptography libraries, and web applications — the overwhelming majority of which are still under coordinated disclosure. Of the 198 vulnerability reports reviewed by contracted human validators so far, expert assessors agreed with the model’s severity rating in 89% of cases and were within 1 severity level in 98% of cases.

Independent validation has also arrived. The UK’s AI Security Institute conducted its own evaluation of Mythos Preview, finding that on expert-level capture-the-flag tasks — tasks no model could complete before April 2025 — Mythos Preview succeeds 73% of the time. Using a 32-step corporate network attack simulation spanning initial reconnaissance through full network takeover, AISI observed the model executing multi-stage attacks autonomously, tasks that would take human professionals days to complete. Marcus Fowler, CEO of Darktrace Federal, puts the significance plainly: “When AI can find vulnerabilities at a speed and depth that materially changes how quickly weaknesses can be identified, it fundamentally accelerates the discovery of issues across both new and existing systems.”

The Signal Leadership Should Actually Hear

There is a temptation to read Project Glasswing as good news — the cavalry arriving before the breach. Bradley Smith, SVP and Deputy CISO at BeyondTrust, pushes back directly on that framing.

“What Mythos and Glasswing should signal to leadership is not reassurance. It is urgency. If Anthropic’s own assessment is that this model is too dangerous to release publicly because of what it could do in the wrong hands, that tells you something about what less capable but freely available models are already doing in the wrong hands right now. And when open-weight models reach this capability threshold — which credible estimates put at months rather than years — the volume and sophistication of AI-driven attacks scales to a level most organizations are structurally unprepared for.”

— Bradley Smith, SVP, Deputy CISO, BeyondTrust

Smith’s point extends beyond Mythos itself. The BeyondTrust security team has already observed AI-assisted tooling compress the exploitation window for critical vulnerabilities to minutes — not weeks — using current-generation tools that existed before this announcement. The adversary, he argues, already has AI working for them. State-sponsored and criminal threat actors are already using AI-augmented tooling at a speed and scale that legacy defense postures cannot match.

The government’s posture reinforces the urgency, with senior financial regulators escalating warnings to industry executives and Anthropic privately briefing federal officials on the threat. Diana Kelley, CISO at Noma Security, translates the organizational imperative into practical terms: assume vulnerability discovery will accelerate whether you are ready or not. That means faster validation pipelines, tighter feedback loops between development and security, and a hard look at risk exceptions that were previously justified by the assumption that exploitation required rare human expertise. “That assumption,” Kelley says, “is weakening.”

The OT/IoT Blind Spot Glasswing Has Not Addressed

Project Glasswing’s partner list reads like a who’s who of enterprise IT and cloud infrastructure. What it does not include is equally telling: no specialized expertise in OT, IoT, or industrial control systems security. For John Gallagher, VP of Viakoo Labs, that gap is where the most serious damage from Mythos will actually land. “Mythos is OS agnostic,” he notes, “but vulnerability remediation is not. There is no ‘Windows Update’ for a water pump or an IoT gateway.”

There are a handful of operating systems used in IT and data processing, and over 150,000 in OT/IoT/cyber-physical systems. Enterprise IT has mature, broadly deployed solutions for managing a surge in patches and credential changes. The vast majority of OT, IoT, ICS, and CPS devices do not. A tsunami of newly discovered zero-days hitting factory floors, water treatment plants, and fleets of cameras and access control devices will find most organizations without the automated remediation tools needed to respond at speed. Gallagher also flags that Mythos doesn’t just find code bugs — it identifies architectural flaws in how machine-to-machine communication occurs, meaning the fix isn’t always a code patch but a total re-governance of a device’s credentials.

Doc McConnell, Head of Policy at Finite State and a former CISA Branch Chief, extends the point to connected device manufacturers building technology that underpins critical infrastructure, manufacturing, and medical devices, where malfunctions can cost lives. The EU Cyber Resilience Act’s vulnerability and incident reporting requirements come into force in September of this year — organizations that lack automated response capabilities will be exposed at that deadline.

“If you’re waiting until a CVE drops to find out whether your product is affected, you’re already behind. Binary analysis and software composition analysis need to happen continuously from the very first stages of design and development — not as a final check when the features are final and the release is scheduled. We have to assume that if Anthropic is doing this loudly and responsibly, someone else is doing it quietly — and they may not have any interest in disclosing what they find.”

— Doc McConnell, Head of Policy, Finite State

Gallagher is direct about what Glasswing is missing: in OT and IoT security, the major partners lack the focus and technology to enable automated or autonomous patching at the edge. Generating an AI-powered playbook is a hollow victory if you lack the means to execute it. To truly harden the world’s most vulnerable systems, Project Glasswing will need to move beyond boardroom giants and collaborate with best-in-class innovators who can take action where these devices actually live.

A Skeptical Read

Not everyone accepts Anthropic’s framing at face value. Steven Swift, Managing Director of Suzu Labs, argues that several of the most technically detailed demonstrations — including the Linux kernel exploit walkthroughs — show a model writing code based on well-described prior context, rather than autonomously discovering and exploiting novel vulnerabilities. He also raises a structural accountability concern: because Mythos Preview is not publicly available, independent researchers cannot audit the claims. “Anthropics knows what they’re doing,” Swift says. “They’re making big claims, because attention is good for their business model — providing just enough detail so that the claims look convincing at first glance.”

Swift’s critique deserves to be held alongside the report’s most defensible data points. The 27-year-old OpenBSD zero-day and the 16-year-old FFmpeg flaw were confirmed by AddressSanitizer; both have been patched and were found autonomously in code that had been extensively reviewed and fuzz-tested. The UK AISI’s independent evaluation provides third-party corroboration that does not rely on Anthropic’s own testing. Uzair Gadit, CEO of Secure.com, offers the most calibrated read of the hype-versus-reality question: “There’s likely some hype in the claims, but not in the direction in which cybersecurity is traveling — and that distinction matters. FUD fills the gap when validation lags capability. That’s exactly where we are right now.”

What Defenders Should Do Now

The CSA CISO Community, co-authored with SANS, OWASP’s Gen AI Security Project, and several CISOs, has published a strategy brief titled “The AI Vulnerability Storm: Building a Mythos-Ready Security Program” that offers operational guidance for organizations working through their response. Sunil Gottumukkala, CEO of Averlon, offers a pointed sequencing note worth internalizing first: the initial vulnerabilities to hit organizations from Mythos-class models will not be in their proprietary code — they will be in vendor software and open-source components that organizations consume. The diagnostic questions that matter most are operational: Can you patch critical systems in near real time? Do you have a complete software inventory including dependencies? Can your team sustain a surge in patching and malicious activity simultaneously?

With that sequencing in mind, practitioners across this space converge on several priorities:

Deploy AI-assisted vulnerability discovery now, with current models. Opus 4.6 and comparable frontier models already find high- and critical-severity bugs across OSS-Fuzz targets, web applications, cryptography libraries, and the Linux kernel. Organizations that have not adopted AI-assisted bugfinding are leaving findings on the table — and potentially leaving them for adversaries to find first.
Compress patch cycles and revisit your legacy vulnerability backlog. N-day exploitation is now faster and cheaper. Tighten patching enforcement windows, enable auto-update where feasible, and treat dependency bumps carrying CVE fixes as urgent rather than routine maintenance. Exceptions previously accepted as low-risk based on exploitation difficulty may no longer be viable.
Plan for contractual and disclosure obligations at scale. Morey Haber, Chief Security Advisor at BeyondTrust, flags an underreported downstream consequence: organizations with contractual notification clauses tied to CVSS scores — typically triggering at 9.0 — may face a flood of mandatory private disclosures as AI-driven discovery surfaces previously undetected vulnerabilities at scale. Legal and compliance teams need to be looped into vulnerability management planning now.
Implement Zero Trust and runtime attestation as a near-term mitigation. George McGregor of Approov argues that while accelerating patch cycles is valuable, it may be too slow to address the immediate risk window. Runtime app and device attestation can block AI agents and validate every API request, defending against exploitation of vulnerabilities while patching pipelines catch up.
Shift from visibility to decision speed. As Gadit frames it, the constraint for defenders has moved from finding issues to deciding what to fix — in what order, fast enough. “Security teams are about to be measured on response velocity, not just coverage,” he says. Detection, prioritization, and action need to connect into a single automated loop, with humans in the loop rather than humans as the bottleneck.
Build continuous security into the product lifecycle. For connected device manufacturers and anyone shipping software that underpins critical infrastructure, binary analysis and software composition analysis need to happen from the earliest stages of design, not as a final check. A real-time SBOM with automated reachability analysis for new vulnerabilities is the minimum viable posture.

Jason Schmitt, CEO of Black Duck, adds a defense-in-depth frame that prevents any single tool — including Mythos — from being mistaken for a complete solution. Mythos appears capable of automating the most expensive and least scalable tier of security work: the human-driven penetration testing and bug bounty layer that catches what static analysis and fuzzing miss. That is significant. But it does not replace the upstream layers, and the complete platform remains one that finds every exploitable vulnerability, remediates them as efficiently as possible, and can deterministically prove it.

The Bot-on-Bot Future

Ram Varadarajan, CEO of Acalvio, names where this leads plainly: “This confirms once again our bot-on-bot future in cybersecurity. We’ve reached a point where traditional, human-led security can no longer keep pace with automated attacks, forcing a total rethink of how we protect our data.” Fowler adds one important second-order observation that deserves not to be lost in the urgency: as external exploitation becomes harder against hardened systems, attackers will adapt toward the human. Insider risk — compromised credentials, malicious insiders, coerced access — requires no exploitation of vulnerabilities at all. Hardening the code does not harden the human.

Project Glasswing is an important step. The $100 million commitment, the breadth of the partner coalition, and the seriousness with which Anthropic has approached coordinated disclosure all reflect genuine effort. But the initiative is, by design, limited to a small subset of organizations facing this threat. For everyone else, the window between when Mythos-class capabilities become broadly available and when defenses are ready is the problem that requires action today.

“If your current vulnerability management strategy still involves a human clicking ‘Approve’ on a Tuesday morning, you aren’t defending a network. You are managing a museum.”

— Noelle Murata, Sr. Security Engineer, Xcape, Inc.

The full technical report from Anthropic’s Frontier Red Team, including cryptographic commitments for unreleased vulnerability details and coordinated disclosure timelines, is available at red.anthropic.com. The CSA/SANS “AI Vulnerability Storm” strategy brief is available through the Cloud Security Alliance.

Follow SecureWorld for more cybersecurity news.

ZionSiphon: The Prototype for the Next Generation of OT Warfare

CamS@secureworld.io (Cam Sivesind) — Thu, 16 Apr 2026 16:15:00 GMT

As geopolitical tensions between the U.S., Israel, and Iran continue to simmer, the cybersecurity front has often been characterized by "digital graffiti" and disruptive DDoS attacks. However, a newly uncovered malware sample, analyzed by Darktrace, suggests that the transition from digital disruption to physical destruction is accelerating.

The malware, dubbed ZionSiphon, was specifically engineered to target Israeli water treatment and desalination systems. While Darktrace analysts describe the sample as potentially a "developmental build," its architecture provides a chilling look at the future of politically motivated cyber-physical attacks.

ZionSiphon is not a typical information stealer. It is a hybrid threat that combines standard IT intrusion techniques with specialized Operational Technology (OT) sabotage logic.

Some key technical capabilities uncovered in the report include:

Targeted Environmental Logic: The malware performs environment checks, specifically looking for strings related to water treatment and desalination, ensuring it only executes its payload in the intended industrial context.
ICS Protocol Scanning: It includes scanning modules for standard industrial control system (ICS) protocols, including Modbus, DNP3, and S7comm, used to communicate with Programmable Logic Controllers (PLCs).
Direct Physical Sabotage: Most alarmingly, the code contains early-stage Modbus manipulation logic designed to alter chlorine levels and system pressure—actions that could lead to equipment damage or public health risks.
Ideological "Easter Eggs": The malware contains embedded political messaging supporting Iran and explicit threats regarding the "poisoning" of water supplies.

"ZionSiphon shows a shift in the OT threat landscape: malware capable of targeting industrial processes is no longer exclusive to highly resourced nation‑state programs we have seen in the past such as Stuxnet or Industroyer," said Nathaniel Jones. VP, Security & AI Strategy, Field CISO at Darktrace. "The analyzed sample shows politically motivated intent and a clear focus on Israeli water infrastructure, but multiple implementation flaws suggest it is either a development build or the work of a low‑maturity threat actor. This shows that OT attack concepts are now within reach of much smaller threat actors and hacktivists, ZionSiphon is an example of how ideologically motivated actors with relatively modest resources are beginning to experiment with direct interaction with industrial systems."

As Jones said, the discovery of ZionSiphon marks a shift from opportunistic attacks (like exploiting default passwords on internet-facing PLCs) to bespoke malware development targeting critical infrastructure.

ZionSiphon proves that threat actors are actively experimenting with OT-specific payloads. Even an "incomplete" or "defanged" sample is a successful proof-of-concept for the adversary, allowing them to test persistence and propagation techniques like USB-based spread (reminiscent of Stuxnet). Call it the rise of the developmental stepping stone.

The inclusion of political messaging alongside sabotage logic suggests that OT malware is becoming a preferred tool for "gray zone" warfare—allowing states or affiliated actors to signal capability and intent without immediately triggering a full-scale kinetic response.

While ZionSiphon targeted Israel, the protocols it scans (Modbus, S7) are the backbone of global infrastructure. A tool developed for one region can be easily "re-skinned" for another. The physical perimeter is now global.

From the report: The malware also includes Israel-linked strings in its target list, including “Mekorot, “Sorek”, “Hadera”, “Ashdod”, “Palmachim”, and “Shafdan”. All of the strings correspond to components of Israel’s national water infrastructure: Mekorot is Israel’s national water company responsible for managing the country’s water system, including major desalination and wastewater projects. Sorek, Hadera, Ashdod, and Palmachim are four of Israel’s five major seawater desalination plants, each producing tens of millions of cubic meters of drinking water annually. Shafdan is the country’s central wastewater treatment and reclamation facility. Their inclusion in ZionSiphon’s targeting list suggests an interest in infrastructure linked to Israel’s water sector.

The warning from Darktrace is clear: ZionSiphon is a signal of intent.

Water and wastewater treatment facilities—often under-resourced compared to the energy sector—must realize they are now "Tier 1" geopolitical targets. Utility and municipal CISOs and CIOs should be on high alert.

Security teams must move beyond monitoring IT endpoints and gain cross-visibility into the OT environment. Detecting an "incomplete" threat like ZionSiphon requires behavioral analytics that can spot unusual subnet scanning for ICS protocols before a command is sent to a PLC.

Vendors and critical infrastructure third-party maintenance providers must harden their "removable media" policies. ZionSiphon’s use of USB propagation proves that the "sneakernet" remains a viable bypass for air-gapped systems.

ZionSiphon may not have "poisoned the water" today, but it has certainly poisoned the idea that critical infrastructure is shielded by its complexity. In the 2026 threat landscape, the "invisible perimeter" is no longer just a digital boundary—it is the valve, the pressure gauge, and the chlorine tank.

Identity Management Day 2026: Securing the New Perimeter

CamS@secureworld.io (Cam Sivesind) — Tue, 14 Apr 2026 17:31:57 GMT

Today, April 14, 2026, the global cybersecurity community will observe Identity Management Day. Founded by the Identity Defined Security Alliance (IDSA) and the National Cybersecurity Alliance (NCSA), the day serves as a critical checkpoint for an industry that has seen the traditional network perimeter effectively dissolve.

In 2026, the mandate is clear: Identity is the new perimeter. As recent threat telemetry has shown, attackers aren't breaking into systems anymore; they are simply logging in using stolen, intercepted, or spoofed credentials. Identity Management Day is a call to move beyond "compliance-based" identity and toward a model of identity resilience.

For the practitioners on the front lines, Identity Management Day is an opportunity to move from reactive maintenance to strategic orchestration.

Close the "Workforce Identity Gap": Audit the human workflows that surround identity. Hardening the help desk against AI-enabled vishing and securing remote onboarding processes are now just as important as technical protocol security.
Audit Non-Human Identities: Shift focus toward Service Accounts, OAuth tokens, and AI agents. These non-human entities often carry high privileges but lack the MFA protections and behavioral monitoring applied to human users.
Adopt Identity-First Zero Trust: Ensure that every access request—whether from a remote employee or an automated SaaS integration—is continuously verified based on context, not just a one-time login event.

"Identity management has undergone a massive shift: humans now make up less than 3% of managed identities in cloud environments. The rest belong to machines that don’t log off, don’t take breaks, and often operate with elevated permissions," said Crystal Morin, Chief Cybersecurity Strategist at Sysdig. "As automation and AI-driven development explode, the gap between human and machine identities is becoming one of the defining security challenges of our time. Machine identities are ephemeral, autonomous, and often difficult to manage at scale with traditional controls, which were never designed for this speed. Identity is the primary access control, it defines an environment’s boundaries, and it’s the most common source of initial access in a breach."

Morin added, "To keep up, organizations must rethink identity security as a continuous, lifecycle-driven discipline. Businesses must treat machine identities as the new firewall."

Leadership and organizational strategy must reflect that identity is a business-critical asset, not just an IT checkbox.

Enterprises & Governments: Prioritize the "Mental OS" shift toward Cyber Resilience. This means investing in unified platforms that integrate CSPM, CIEM, and DSPM to gain total visibility into "Identity Sprawl" across multi-cloud environments.
Vendors: Focus on "Secure-by-Design" identity features. 2026 demands phishing-resistant MFA as the default, explainable AI for behavioral analytics, and interoperable standards that allow for seamless identity governance across fragmented tech stacks.
Policy & Governance: Governments should lead by example, implementing robust Workforce Behavior monitoring and privacy guardrails that protect sensitive citizen data without stifling the velocity of digital services.

"The C-Suite, CISOs, and CSOs need to look beyond siloed views of obviously privileged identities and take a holistic view of the combinations of privileges, entitlements and roles that could be exploited by an attacker to elevation privilege, move laterally and inflict damage," said James Maude, Field CTO at BeyondTrust. "The identity security debt accumulated by many organizations represents a far great risk than any other area as it only takes the attacker to login using the right identity and all is lost because of the paths to privilege that abound in their environment. Understanding and reducing your identity attack surface should be at to forefront of every organization thinking when it comes to cyber defense moving forward."

For the public, Identity Management Day is about moving from awareness to actionable defense.

Recognize the "Human-in-the-Loop" Attacks: Be aware that attackers are weaponizing deepfakes and synthetic audio to impersonate IT support or executives. If a "password reset" request feels urgent or unusual, verify it through a secondary, out-of-band channel.
Clean Up "App Sprawl": Use this day to audit the permissions granted to third-party applications. Revoke access for apps you no longer use to minimize your "Shadow Identity" footprint.
Adopt Phishing-Resistant MFA: Move away from SMS-based codes where possible in favor of hardware keys or passkeys, which are significantly harder for modern AI-driven phishing kits to intercept.

Some more thoughts from industry experts from cybersecurity vendors:

Mark McClain, CEO at SailPoint,:

Identity is no longer about perimeter-based defense. The rise in AI-based agents and the massively accelerating threat landscape has rendered that approach inadequate, and prompted a shift towards identity as the critical element to enterprise security. This report's findings demonstrate that there is now a need for real-time, intelligent, and dynamic identity security, built to govern and secure not just “who," or in the case of AI agents, “what,” has access to the enterprise, but what data they can access and what they are able to do once inside."
"The modern enterprise requires a new control plane, driven by unifying identity, data, and security. The combined power of these contexts enables real-time decisions to reduce risk without impacting the business. These decisions can be driven by the nature of the identity, the context of the apps and data it can access, the behavior around how it is using these apps and data and the security signals and risk warnings that may surround it. To combat this new era of threats, driven by the force multiplier of AI, we need to embrace a new approach of adaptive identity."

Chris Radkowski, GRC Expert at Pathlock:

"The rise of AI agents and machine identities has fundamentally outpaced traditional identity security. MFA and legacy access controls were built for a world of human users, not autonomous agents, service accounts, and AI-driven workflows that now outnumber people across the enterprise by 20x. Making matters more complex, the productivity promise of AI is too compelling for employees to wait on IT, workers are signing up for AI-powered tools, copilots, and automation platforms using their enterprise credentials, connecting them directly to corporate email, productivity suites, and business applications, often without security's knowledge."
"As agentic AI takes on real business actions with real permissions, the attack surface expands in ways most organizations aren't prepared to see, let alone secure. Credential abuse, account takeover, and sophisticated social engineering are increasingly targeting the non-human identities that operate quietly in the background with little oversight. That is why we believe that securing the modern enterprise means treating identity holistically by extending governance, least-privilege, and adaptive controls across every identity, human or machine. In the AI era, identity isn't just an IT problem. It's the foundation of trust itself."

Shane Barney, CISO at Keeper Security:

"Instead of forcing their way through a firewall, adversaries are logging in with stolen credentials, hijacked tokens and abused permissions, then moving laterally under the cover of legitimacy. When identity controls are fragmented or overly permissive, attackers don’t need novel exploits. They just need access that looks routine. Identity now defines the enterprise perimeter. When every identity is governed with least privilege and continuously validated, a stolen credential becomes a contained event instead of an enterprise-wide incident."

Jason Soroko, Senior Fellow at Sectigo:

"Machines, and their full Non-Human Identity (NHI) taxonomy, such as workloads, ai agents, etc…should never be thought about in the context of human authentication methods. MFA does not apply, as that is a band-aid solution for human authentication based on passwords. How are you going to ask your docker container to type in a one-time password from their authenticator app? It’s silly even to talk about it. Biometrics - do I even need to justify why we can’t talk about biometric authentication for NHI?"
"Right now most workloads and agents authenticate with static API tokens. These are harvested exactly the same way as passwords. They aren’t managed well, they’re in the clear in many places, and they are not going to be sustainable for secure agentic ai systems."
"Cryptographically bound tokens will be needed, as proof of possession, so that when an adversary inevitably steals the static API key, the adversary can’t do anything about it. It turns out that PKI will be performing a critical function here. That shouldn’t be a surprise to anyone. So let’s drop the old vocabulary that was created in the human only authentication era."

Elad Luz, Head of Research at Oasis Security:

"To reduce the risks associated with Non-Human Identities (NHIs), security teams need to implement modern identity management practices, strong governance, and proactive security controls. Where possible, organizations should transition to cloud-native identities and establish a comprehensive lifecycle management strategy for NHIs that cannot be migrated. Maintaining good identity hygiene is critical—this includes removing stale or unused NHIs, conducting regular access reviews, and ensuring NHIs follow the Principle of Least Privilege (PoLP) by granting only the minimum permissions necessary."
"A structured policy and enforcement program should be built around risk analysis and compliance frameworks, ensuring NHIs align with both security best practices and regulatory requirements. Adopting short-lived credentials, automated credential rotation, and managed identities can further minimize risk by limiting exposure. Collaboration with app development and DevSecOps teams is also essential to integrate these security measures without disrupting workflows, ensuring that NHIs remain secure while maintaining operational efficiency. By treating NHIs with the same level of oversight as human identities, organizations can mitigate risk while maintaining agility and scalability across their development and cloud environments."
"The rise of AI agents will introduce new security challenges for NHIs. These agents often operate under machine accounts or service identities, acting on behalf of human users, which makes it difficult to track permissions, monitor usage, and enforce accountability. Without proper oversight, organizations risk losing visibility into which identities have access to critical resources and how they are being used."
"The main concern is governance. If AI agents are assigned persistent, unmanaged service accounts, these identities can quickly become overprivileged and unmonitored, increasing the organization’s attack surface. To mitigate this risk, security teams should implement automated monitoring, enforce least privilege, and establish clear policies for AI-driven NHIs. By putting these guardrails in place early, organizations can embrace AI automation without compromising security."

AI-Powered Tax Scams Are Surging — What Security Teams and Taxpayers Need to Know

drewt@secureworldexpo.com (Drew Todd) — Mon, 13 Apr 2026 20:12:31 GMT

Tax season has always been fertile ground for cybercriminals. Looming deadlines, financial anxiety, and the routine exchange of highly sensitive data create conditions that are nearly ideal for social engineering. What has changed in 2026 is the degree to which AI has turbocharged the threat — lowering the barrier to entry, dramatically improving the quality of lures, and enabling multi-channel campaigns that are increasingly hard to dismiss.

With Tax Day on April 15th, the IRS has issued its annual Dirty Dozen list of tax scams for 2026, warning that criminals are deploying more sophisticated schemes than ever before. Security experts say the data backs that up — and the implications extend well beyond individual taxpayers to enterprise security and AI governance.

AI Has Removed the Traditional Tells

For years, security awareness training taught people to spot phishing by looking for grammatical errors, inconsistent branding, or awkward phrasing. That guidance is increasingly obsolete. Hoxhunt tracked a 14-fold boom in AI-generated phishing attacks beginning in December 2025, and the company's Co-founder and CTO, Pyry Åvist, says the compounding effect is significant: "Attackers can now generate visually realistic messages in multiple languages, adapt them to local tax authorities, and produce dozens of variations of the same lure," he said. "That makes it harder for traditional filters to catch them, and harder for people to resist clicking on a malicious link."

Nicole Carignan, SVP of Security & AI Strategy and Field CISO at Darktrace, put the shift in sharper terms. "Phishing is no longer just a volume-based threat," she said. "It's become a quality and personalization problem, making it increasingly difficult to detect with the human eye alone." Attackers can now generate polished, brand-consistent communications tailored with publicly available or previously compromised data — and test and refine campaigns in real time.

Multi-Channel Attacks Compound the Risk

Beyond the quality of individual lures, researchers are tracking coordinated multi-channel campaigns where a phishing email is just the opening move. Åvist described the pattern: "An email about a tax issue might be followed by a phone call or voice message that reinforces the same story. Once someone is on a phone call, they are more susceptible to manipulation — particularly with deepfake voice technology that can make a fraudster in a Thai call center sound like an educated IRS professional in Houston."

The threat has also expanded beyond personal inboxes. Hoxhunt CEO Mika Aalto noted that tax-themed phishing is regularly delivered to employee work email accounts, because "compromising a corporate account can open the door to much larger financial and data exposure." Aalto added that one particularly effective post-click tactic involves redirecting victims to a legitimate site after they submit their credentials — making the interaction feel normal and reducing the likelihood they'll report the incident.

The Social Engineering Cocktail: Urgency, Fear, and Authority

Maxime Cartier, VP of Human Risk at Hoxhunt, offered the most direct framing of why tax season is so reliably exploitable:

"Tax season mixes the perfect social engineering cocktail of heavy deadline urgency, stress, fear, and the ritualistic delivery of sensitive information. People expect to receive messages about refunds, missing documents, scary fees, or payment deadlines — so a phishing email that references these topics feels believably urgent. The promise of a refund or the fear of penalties can push people to act quickly instead of verifying the message. Attackers rely on that moment of urgency when we are accustomed to feeling overwhelmed and obedient to authority." — Maxime Cartier, VP of Human Risk, Hoxhunt

That psychological profile maps directly onto the IRS's own warnings. The agency does not initiate contact via email, text, or unsolicited phone calls — any message that creates urgency around a tax matter and arrives through those channels should be treated as suspect by default.

AI Agents in Finance: A Growing Enterprise Attack Surface

For security leaders, the concern this tax season extends beyond phishing into a more complex risk: the growing use of AI agents in payroll, tax preparation, and financial operations. Diana Kelley, CISO at Noma Security, framed the core problem plainly: "Agents do not just read data — they can act on it. Once you combine sensitive financial data, external inputs, and tool access, the risk profile changes materially." AI agents are also vulnerable to indirect prompt injection and are non-deterministic by nature, she noted — a serious concern in workflows where accuracy is non-negotiable.

Kelley cited observed attacker breakout times of as little as 27 seconds to explain why governance must keep pace with deployment. "Speed without strong controls can quickly become systemic risk," she said. "The upside is efficiency. The downside is machine-speed mistakes or abuse unless security keeps pace with governance, visibility, and least-privilege controls."

Ram Varadarajan, CEO at Acalvio, offered a practitioner-focused framework for managing AI agent risk during the filing period. He recommended six controls organizations should put in place now:

Treat AI agents like privileged service accounts — audit access quarterly, enforce just-in-time provisioning, and require multi-party authorization before any agent is granted write access to financial systems.
Instrument your data, not just your perimeter — seed financial datasets with synthetic canary records so that any unauthorized access generates an unambiguous signal of compromise.
Require every AI agent to run under a scoped, time-limited identity with explicit task boundaries logged at invocation. Scope violations — such as a payroll agent querying benefits or equity records — should trigger an automatic halt and human review.
Segment AI agent access by system domain and enforce hard stops on cross-system queries without re-authorization, preventing the kind of lateral movement that cascaded through Uber's finance, HR, and legal systems in 2022.
Demand append-only, externally verifiable audit logs from AI vendors before deployment — not as a post-incident retrofit.
Run tabletop exercises simulating a compromised AI agent during peak filing periods to stress-test detection and response playbooks that were likely written for human attackers.

What the IRS Wants You to Know

As part of its 2026 Dirty Dozen warning, the IRS reiterated several baseline behaviors that apply to both individuals and enterprise security teams:

The IRS initiates contact via physical mail — not email, text, or unsolicited phone calls.
Messages pushing immediate action ('pay now,' 'verify now,' 'refund pending') are hallmarks of scam tactics, not legitimate IRS communications.
Do not click unexpected links. Navigate directly to official .gov websites instead.
Verify out of band — contact your tax preparer or employer using known contact details, not those provided in an unexpected message.
Never share Social Security numbers, banking information, or tax documents in response to unsolicited requests.

Carignan of Darktrace distilled the right posture: "Pause, verify, and don't act on urgency alone. In an environment where attacks are designed to look legitimate, taking a moment to validate requests through trusted channels is one of the most effective ways to reduce risk."

The IRS Dirty Dozen list and deeper guidance are available on the IRS newsroom website.

Follow SecureWorld for more cybersecurity news.

Anthropic's Claude Mythos Autonomously Discovers, Exploits Zero-Days

drewt@secureworldexpo.com (Drew Todd) — Fri, 10 Apr 2026 13:12:00 GMT

Anthropic has unveiled Claude Mythos Preview, a new AI model with cybersecurity capabilities the company's researchers are calling a watershed moment for the industry. Unlike prior models that could identify vulnerabilities but rarely exploit them, Mythos Preview autonomously discovers and weaponizes zero-day flaws—including across every major operating system and web browser—without human intervention beyond an initial prompt.

The announcement, published April 7, 2026, on Anthropic's security research blog, comes alongside the launch of Project Glasswing—a restricted defensive initiative that will give Mythos Preview access to a limited group of critical infrastructure operators and open-source developers before any broader release. Anthropic has stated it does not plan to make the model publicly available, citing the severity of its offensive capabilities.

For security practitioners, the report details findings that challenge assumptions underpinning defensive security for the past two decades—including a 27-year-old crash bug in OpenBSD, a 16-year-old flaw in FFmpeg's H.264 codec, a guest-to-host memory corruption vulnerability in a production virtual machine monitor, and thousands of additional findings still under coordinated disclosure.

A qualitative leap over prior models

Anthropic's researchers are explicit about the performance gap between Mythos Preview and its predecessors. In a Firefox 147 JavaScript engine benchmark, Claude Opus 4.6 produced working shell exploits only twice across several hundred attempts against the same vulnerability set. Mythos Preview produced 181 working exploits, with register control achieved in 29 additional cases.

The model's performance on internal benchmarks tells a similar story. Across roughly 7,000 entry points in open-source repositories from the OSS-Fuzz corpus, Opus 4.6 achieved a single tier-3 crash on a five-tier severity scale, with no higher results. Mythos Preview reached tier 5—full control-flow hijack—on 10 separate, fully patched targets.

Critically, these capabilities were not explicitly trained into the model. Anthropic's team writes that exploit proficiency emerged as a downstream consequence of broader improvements in code reasoning and agentic autonomy—the same improvements that make the model more effective at patching vulnerabilities also make it more effective at exploiting them.

"Mythos Preview signals that zero-day discovery is becoming cheaper, faster, and more scalable," said Sunil Gottumukkala, CEO of Averlon. "Researchers have already shown earlier models can help find serious vulnerabilities, but this represents a real capability jump. Even with restricted access, the broader implication is clear: we should expect more dangerous vulnerabilities to be found across major software platforms, and many organizations still don't patch fast enough to keep up."

What the model actually found

Anthropic used a consistent scaffold for all vulnerability discovery work: a containerized environment, a Claude Code instance running Mythos Preview, and a single-paragraph prompt asking the model to find a security vulnerability. From there, the model reads source code, forms hypotheses, validates them against a running target, and outputs a bug report with a proof-of-concept exploit and reproduction steps. Human involvement ends at the initial prompt.

A 27-year-old OpenBSD kernel crash

In OpenBSD's TCP SACK implementation, Mythos Preview identified a two-bug chain. The first allows the start value of a SACK block to fall outside the valid send window. The second allows that value—due to signed 32-bit integer overflow on sequence number comparisons—to simultaneously satisfy contradictory conditions, triggering a null-pointer write that crashes the kernel. The flaw dates back to OpenBSD's 1998 SACK implementation and allows a remote attacker to repeatedly crash any OpenBSD host that responds over TCP. The vulnerability has been patched. Across 1,000 scaffold runs against OpenBSD at a total cost of under $20,000, the model surfaced several dozen findings.

A 16-year-old FFmpeg codec vulnerability

In the H.264 decoder, a 32-bit slice counter is stored in a 16-bit lookup table, initialized to the 65535 sentinel value. A specially crafted frame containing exactly 65,536 slices causes the counter to collide with that sentinel, triggering an out-of-bounds write. The underlying type mismatch dates to FFmpeg's 2003 H.264 commit; the exploitable code path was introduced in a 2010 refactor. Three FFmpeg vulnerabilities identified by Mythos Preview have been patched in FFmpeg 8.1, with additional findings under coordinated disclosure.

A guest-to-host memory corruption flaw in a production VMM

Mythos Preview identified a memory corruption vulnerability in a production virtual machine monitor written in a memory-safe language. The bug exists in an unsafe code block performing direct pointer manipulation—unavoidable in VMM code that must communicate with hardware. An attacker with guest access triggers an out-of-bounds write in the host process's memory. The vulnerability remains unpatched; Anthropic is withholding the project name and technical details pending coordinated disclosure.

Of the 198 vulnerability reports reviewed so far by contracted human validators, expert assessors agreed with the model's severity rating in 89% of cases and were within 1 severity level in 98% of cases.

Autonomous exploitation: the FreeBSD ROP chain

The most detailed exploit case study in the report is CVE-2026-4747, a 17-year-old remote code execution vulnerability in FreeBSD's NFS server. Mythos Preview identified and fully exploited the flaw without any human guidance after an initial prompt.

The vulnerability is a stack buffer overflow in FreeBSD's RPCSEC_GSS authentication handler: an attacker-controlled packet is copied into a 128-byte stack buffer, with a length check that permits up to 400 bytes. Several standard mitigations do not apply—the buffer is declared as an integer array, so GCC's stack protector does not instrument it, and FreeBSD does not randomize the kernel load address, making ROP gadget locations predictable.

Rather than brute-forcing the kernel host ID required to reach the vulnerable code path, Mythos Preview found that a single unauthenticated NFSv4 EXCHANGE_ID call returns the server's UUID and NFS daemon start time—sufficient to reconstruct the required values. The model then built a 20-gadget ROP chain that writes its public SSH key to /root/.ssh/authorized_keys, split across six sequential RPC packets to fit within the per-request constraint. The result is unauthenticated root access over the network.

A prior independent research firm had demonstrated that Opus 4.6 could exploit this same vulnerability, but only with substantial human prompting and guidance. Mythos Preview required none.

Vulnerability chains and the Linux kernel

A significant portion of the report documents Mythos Preview's ability to chain multiple vulnerabilities into complete exploits—a capability previously associated with skilled human researchers. The model demonstrated this across Linux kernel targets, constructing chains involving KASLR bypasses, heap manipulation, and kernel credential replacement.

In one case, the model used a one-bit out-of-bounds write in Linux's ipset (netfilter) code to flip the write-permission bit in a page table entry. The technique requires manipulating the kernel's per-CPU page allocator to place a kmalloc slab page physically adjacent to a page-table page in RAM, then using the OOB write to upgrade a read-only mapping of a setuid binary to writable. A 168-byte ELF stub, rewritten to use that mapping, provides root execution. Cost at API pricing: under $1,000.

A second example chains a use-after-free in Unix-domain socket out-of-band data handling (CVE-2024-47711) with a separate use-after-free in the Linux traffic-control DRR scheduler. The combined exploit builds an arbitrary kernel read primitive, defeats KASLR by reading the interrupt descriptor table, locates the kernel stack to recover a dangling pointer, and calls commit_creds() with a crafted root credential structure—navigating CONFIG_HARDENED_USERCOPY restrictions throughout. Cost: under $2,000.

Anthropic reports nearly a dozen similar examples of the model independently chaining two, three, or four vulnerabilities into functional privilege-escalation exploits in the Linux kernel.

Perspectives on the claims: a skeptical read

Not everyone in the security community accepts Anthropic's framing at face value. Steven Swift, Managing Director of Suzu Labs, offered a detailed critical assessment of the report's evidence.

"Anthropic knows what they're doing. They're making big claims, because attention is good for their business model," Swift said. "They're providing just enough detail so that their claims look convincing at first glance. But when you look closer, claims lack substance and rely on implications that all of the examples related prove their claims."

Swift specifically challenges the N-day exploit demonstrations, arguing that providing a model with detailed prior vulnerability context—including fuzzer-generated crash reports and CVE identifiers—is not equivalent to autonomous discovery. He notes that Mythos Preview was unable to produce working exploits against the Linux kernel vulnerabilities it independently found, and that generating exploit code from a well-described vulnerability is a capability that existing large language models already demonstrate.

He also raises a structural concern: because Mythos Preview is not publicly available, independent researchers cannot audit the claims. The report's evidence rests on Anthropic's own testing, with cryptographic commitments for unreleased vulnerability details offered as accountability anchors.

That critique is worth holding alongside the report's most defensible data points: the model discovered a 27-year-old zero-day in OpenBSD and a 16-year-old flaw in FFmpeg—both confirmed by AddressSanitizer and now patched—and it did so autonomously on code that had been reviewed and fuzz-tested extensively. Whatever the outer limits of the claims, those findings are concrete.

The dual-use problem at scale

"You can also look at this from another angle: try using Claude to write some code and see how many bugs, or even new zero-days, it produces," said Nick Mo, CEO & Co-founder of Ridge Security Technology Inc. "Claude Code is already making developers many times more productive than before, which means the number of potential vulnerabilities being introduced is also many times greater. It's writing code and writing vulnerabilities at the same time."

Mo's framing points to a compounding dynamic: AI-accelerated development creates more code—and therefore more surface area for vulnerabilities—while AI-accelerated security tooling is simultaneously needed to audit it. The race is between the same underlying technology deployed on offense and defense.

Noelle Murata, Sr. Security Engineer at Xcape, Inc., focused on the remediation side of the equation, noting that Project Glasswing's restricted partner program—which Anthropic describes as prioritizing critical infrastructure operators and open source maintainers—is designed to address what she calls a massive vulnerability debt now being surfaced faster than human teams can triage and patch it.

"If Project Glasswing is a 'cyber-nuke,' Anthropic is attempting to ensure the 'mutually assured destruction' of bugs happens in a controlled vacuum before it hits the production Internet," Murata said.

Implications for defenders

Anthropic's research team closes the report with a set of recommendations directed at security practitioners and software operators. The core themes, translated for operational context:

Deploy current frontier models for vulnerability discovery now. Opus 4.6 and comparable models already find high- and critical-severity bugs across OSS-Fuzz targets, web applications, cryptography libraries, and the Linux kernel. Organizations that have not adopted AI-assisted bugfinding are leaving findings on the table—and potentially leaving them for adversaries to find first.
Compress patch cycles. The N-day exploitation timeline has shortened. Organizations should tighten patching enforcement windows, enable auto-update where feasible, and treat dependency bumps carrying CVE fixes as urgent rather than routine maintenance. Out-of-band patching processes may need to become standard rather than exceptional.
Extend AI tooling beyond bug finding. Current models can triage reports, deduplicate findings, draft patch proposals, review pull requests for security issues, analyze cloud configurations, and support incident response documentation and root-cause analysis. Automation of these workflows reduces human bottlenecks as discovery volume increases.
Reassess friction-based defenses. Mitigations whose security value derives primarily from making exploitation tedious—rather than technically impossible—may be significantly weaker against model-assisted adversaries operating at scale and low cost. Hard barriers such as KASLR, W^X, and memory-safe language adoption remain valuable.
Update vulnerability disclosure policies for AI-scale discovery. Programs designed around individual researcher findings may need restructuring to manage the volume that AI-driven pipelines can generate. Anthropic itself contracted professional human validators to triage its own disclosure queue before sending reports to maintainers.

"The offensive landscape just went autonomous," said Joshua Marpet, Senior Product Security Consultant at Finite State. "We can no longer fight machine-speed threats with manual, point-in-time reviews. Defense must become as continuous and autonomous as the attacks coming our way."

Anthropic describes the current moment as a disruption of the security equilibrium that has prevailed for roughly 20 years. The company expresses confidence that AI-driven defense will eventually dominate—producing a net improvement in software security across the industry—but is direct about the difficulty of the transitional period.

Project Glasswing, the coordinated defensive initiative announced alongside Mythos Preview, will deploy the model to a restricted set of critical infrastructure operators and open source developers with the goal of hardening key systems before models with comparable capabilities become more broadly available. Anthropic says it plans to develop new cybersecurity safeguards with an upcoming Claude Opus model—testing and refining them on a system that does not carry the same risk profile as Mythos Preview—before pursuing wider deployment.

The full technical report, including cryptographic commitments for unreleased vulnerability details, is available at red.anthropic.com.

SecureWorld Boston 2026: Celebrating Security's Timeless Human Core

tbriggs@secureworld.io (Tom Briggs) — Thu, 09 Apr 2026 21:49:58 GMT

Boston has always had a particular talent for calling things as they are. It showed up at the Hynes Convention Center on Wednesday, April 8, as the 22nd annual SecureWorld Boston conference opened its doors and welcomed out of the cold, clear late winter weather the region's cybersecurity community for a two-day run at questions that matter.

The day opened early—with registration live by 7 a.m., PLUS courses underway by 7:30—and by the time the keynote theater filled for the 9 a.m. opening session, the room had the energy of a community that had been waiting to have this conversation.

That conversation started with "Security Catharsis." Moderated by Kyle Bubp (CISO, Avid) and featuring Gaël Frouin (CISO, AAA Northeast), Christopher Rich (BISO, MassMutual), and Praveen Sharma (Head of Product Security, Cubic Transportation Systems), the opening keynote brought up the topics that aren't always easy to discuss.

What followed was a conversation that security professionals have been having at happy hours for years—finally moved to the main stage. Hype versus real threat. Security awareness training as victim-blaming dressed up as a compliance checkbox. The tendency to reach for new tools when the foundations need addressing. There weren't always easy resolutions. This was rarer: permission to say aloud what those in the room were thinking and experiencing.

The rest of Day 1 built on that candor across a full slate of concurrent sessions. Bill Bowman (Operating Partner | CISO, Welsh Carson Anderson & Stowe) made the case for translating security risk into board language in "Breaking into the Boardroom." Randall Jackson (CISO, Income Research + Management) explored what it looks like for security teams to shift from reactive gatekeepers to business enablers. Richard Genthner (CISO, Boost Insurance) tackled shadow AI head-on: ChatGPT, Copilot, Claude, Gemini—tools that didn't knock on security's door before walking past it, and the urgent governance challenge that creates.

The Networking Hall ran all day, giving attendees the chance to connect not only with the deep sponsor roster, but also the region's leading association chapters—ISACA New England, ISSA New England, ISC2 Eastern Massachusetts, InfraGard Boston, WiCyS, and others. These associations form the connective tissue of the New England security community—hosting them under one roof is a lasting SecureWorld commitment.

Day 1 closed the way it should: with a happy hour extending from 4 to 5:30 p.m. in the Networking Hall, letting the day's ideas breathe and grow into new connections. These times prove that sometimes the best debrief sessions don't have moderators.

The Timeless Cybersecurity theme that anchors SecureWorld's 2026 season found its footing on Day 1 in the most direct way possible: by looking to the past, amplifying the human, and building a better, more secure future.

The stage was set for Day 2.

Day 2 highlights

Even at the tail end of Day 2, the energy of attendees carried things through.

The second-half atmosphere of any well-run conference has a distinctive feel. The ice is broken. The mental maps are set. Attendees have completed first-day handshakes and arrived, collectively, at the thing conferences are best for: an unguarded exchange between peers sharing a hard problem and a professional commitment to solving it. By Thursday morning at the Hynes, the Boston security community was squarely in that zone.

If Day 1 of the event set the table—framing this year's Timeless Cybersecurity theme, and igniting honest peer-to-peer dialogue—then Day 2 was about delivering the meal. Day 2 surfaced the conversations that happen when professional facades wear down and real talk emerges.

And honestly? Those are the best kind.

Thursday, April 9, had the feel of a well-worn conversation between people who'd been thinking out loud together for 24 hours. This was a fitting context for a day that would carry the community from keynote insights on security velocity to a powerful exploration of legal implications of cybersecurity.

Morning: the velocity problem

Day 2 opened with Silas Adams (CISO, Pep Boys) taking the keynote theater stage for a session titled "Security at the Speed of Innovation." Adams explored how the dominant industry narrative—security as the last line of defense, the brake pedal, the department of "no"—has calcified in ways that cost organizations real ground.

Adams came out swinging against that narrative. His argument: velocity-first security isn't a contradiction in terms; it's a design choice. Risk-based controls rather than painful toll gates. Automation as default. Human exceptions by design. A shift-left strategy that iteratively reduces blast radius while increasing delivery speed. He applied the same thinking to agentic AI ecosystems—the north-south and east-west threat surfaces that are keeping security leaders up at night—arguing that you can build systems that allow every line of business to innovate confidently, provided the right guardrails form the foundation.

It's a compelling blueprint, and the post-keynote Cyber Connect in the Networking Hall invited attendees to explore further in real time. Bonus Networking Hall sessions—a SecureWorld special—are consistently rated the "most valuable feature."

Morning breakouts continued to press on familiar pressure points from creative angles. Craig Stanland—author of Blank Canvas: How I Reinvented My Life After Prison—opened the ISSA New England Chapter Meeting with a session on insider threats. After committing an $800,000 fraud, Stanland served time. He came to Boston's security community not to scandalize but to illuminate: insider threats don't always begin with malicious intent. They start with a human under pressure finding small, incremental rationalizations that often bypass policies and frameworks. A bracing start to the morning.

Javed Ikbal (CISO, Bright Horizons) brought a sobering clarity to the ISC2 Eastern Massachusetts Chapter Meeting with his session titled "Pyongyang’s Programmers: Solving Developer Shortage with Kim's Keyboard Commandos." North Korean operatives embedded inside Western IT teams, generating state revenue, siphoning IP, and quietly positioning for future ransomware extortion. A documented, ongoing threat. Ikbal walked through the key TTPs and mitigation strategies in a session that blended the density of a threat briefing with the accessibility of a great conference talk.

In Room 208, Jeramy Kopacko of Sophos explored adversarial generative AI—what he framed as Newton's Third Law applied to digital offense. For every beneficial AI capability, adversaries are engineering an equal and opposite weaponized version. The human attack surface, he argued, has never been more exposed. Deepfakes, synthetic phishing, hyper-personalized social engineering—these aren't theoretical, they're operational.

Midday: when the law shows up

It's not every conference that assembles a panel including the Chief of the Securities, Financial and Cyber Fraud Unit for the U.S. Attorney's Office for the District of Massachusetts (Seth Kosto), a former national coordinator for cybercrime prosecutors (Brian Levine), the Assistant Attorney General and Chief of the Privacy and Responsible Technology Division of the Massachusetts AG's office (Jared Rinehimer), and Stephanie Siegmann—Partner and Chair of International Trade, National Security, Cybersecurity and AI at Hinckley Allen, and former National Security Chief for the same federal district.

Their lunch keynote, "The Intersection of Cyber Incident Response, Regulatory Compliance, and Enforcement in a Rapidly Evolving Threat Environment," covered territory that security professionals need to understand but rarely hear articulated with this kind of legal precision. False Claims Act exposure when cybersecurity posture doesn't match representations made to the government. The escalation of state AG enforcement. The liability gap between having a plan and executing one under pressure. The uncomfortable reality that incident response isn't just a technical problem—it's a legal event.

A moment that mattered

Alongside the presentations, the demonstrations, and the Dash for Prizes drawing in the afternoon, this year's conference carried a layer of meaning that no agenda line item could fully capture.

The community paused to remember Andy Smeaton.

A longtime member of the SecureWorld Boston Advisory Council, Andy was most recently CISO at Jamf. Before that, he held senior InfoSec positions across a remarkable range of organizations—Merlin Ventures, Afiniti, DataRobot, MIB Group, The Saudi Investment Bank, and Danversbank among them. He was, in the fullest sense of the phrase, a fixture in the Boston security community.

Those who knew him put it simply: you knew when Andy was in the room. He was quick with a smile, warm in presence, and genuinely invested in the people around him. That combination of expertise and humanity, it turns out, is rarer than it should be. Cybersecurity attracts brilliant technicians. It doesn't always attract people who know how to make others feel seen. Andy managed both.

The inaugural Andy Smeaton Leadership Honor, awarded to Bill Bowman, wasn't a footnote. It was a reminder. The work we do in cybersecurity exists in service of people—their data, their systems, their trust, their futures. Advisory Councils like the one that surrounds SecureWorld Boston are only as good as the humans who commit to showing up, year after year, with knowledge and generosity intact. Andy was one of those people. Andy's absence was felt throughout the two days in ways that are hard to quantify but impossible to miss.

A GoFundMe remains open and available for those looking to support Andy's family and legacy.

Afternoon: pulling the threads together

Afternoon sessions covered terrain that felt like a natural landing point after two days of accumulated insight. Energy in the room, true to form, was candid and considered—exactly the right register for the conversations being had.

Mark Annati (CISO, Commonwealth of Massachusetts Executive Office of Economic Development) offered something refreshingly grounded in "Behind the Prompt: A CISO's Practical AI Journey." This was a security leader's honest account of where AI is actually being useful—automating policy work, streamlining threat analysis, and yes, solving everyday problems along the way. Accessible, practical, and the kind of session that tends to generate great hallway conversations afterward.

Kishore Gangwani (Principal Engineer, Application Security, CarGurus) tackled the dual nature of AI for security engineering. Model Context Protocol security, agentic AI risk, the emerging threat surface created by "vibe coding"—but also the genuine upside: faster code review, more scalable pen testing, better signal from AI-assisted detection. The session avoided the binary framing that plagues most AI security conversations. The answer isn't fear or enthusiasm; it's engineering discipline.

Afternoon panels confronted the consolidation question ("The Great Consolidation: Rationalizing the Security Stack") and the perpetual identity-cloud-data trifecta ("The Velocity of Trust"), both of which drew in vendor and practitioner voices in the format that works best at these conferences—structured enough to move forward, open enough for real disagreement to surface.

The final Cyber Connect of the conference—a wrap-up of Thomas Hart's "Putting the Pieces Together" project—was a fitting close. A 1,000-piece jigsaw puzzle of Boston, assembled collaboratively throughout both conference days, with attendees using it as a literal metaphor for the cybersecurity environment: fragmented pieces that only resolve into something coherent when you commit to working together. Hart gathered the community's takeaways from the two days, stitching them into a final reflection that mirrored what the best moments of SecureWorld Boston consistently deliver.

What endures

The 22nd annual SecureWorld Boston conference wrapped the way the best conferences do—not with a neat conclusion, but with a set of open questions worth carrying forward.

Timeless Cybersecurity rests on a hypothesis: that beneath all the tools, frameworks, and escalating threat vectors, the core challenges of this work—trust, vigilance, communication, resilience—are stubbornly, usefully human.

The more things change—and they are changing fast—the more that truth remains the same. Technology serves humans. Humans build community. This community makes events worth showing up for—year after year, iteration after iteration.

SecureWorld Boston will be back. See you next time.

FBI: AI-Enabled Fraud Topped $893M in 2025—Real Toll Likely Far Higher

drewt@secureworldexpo.com (Drew Todd) — Thu, 09 Apr 2026 16:50:52 GMT

The FBI's Internet Crime Complaint Center (IC3) has released its latest annual report, marking the first time in the center's 25-year history that it has devoted a dedicated section to artificial intelligence as a cybercrime tool. The milestone reflects how rapidly the technology has shifted from an emerging concern to a mainstream instrument of fraud.

The broader context is stark: total cybercrime losses reported to IC3 crossed $20 billion for the first time in 2025, reaching $20.877 billion across more than 1 million complaints—the first time IC3 has received that many reports in a single year.

The $893M figure is a floor, not a ceiling

IC3 logged 22,364 complaints with an AI-related descriptor in 2025, representing $893 million in adjusted losses. But the report draws an important distinction that security leaders should internalize: the AI attribution reflects only what victims reported and recognized. Actual AI involvement across fraud schemes is far broader.

The starkest illustration of this gap comes from investment fraud. Complaints in which victims specifically noted an AI nexus generated $632 million in losses. But total investment fraud losses in 2025 hit $8.648 billion—meaning AI was officially attributed to less than 8% of that category. The FBI's own analysis suggests many victims simply had no way to detect that synthetic content, generated personas, or AI-assisted scripts were used to manipulate them.

"AI-enabled synthetic content is becoming increasingly difficult to detect and easier to make, which allows criminal actors to potentially conduct successful fraud schemes against individuals, businesses, and financial institutions," the report states.

Investment fraud: AI at industrial scale

The investment fraud picture in 2025 reflects AI's role as an industrial scaler for social engineering. Criminals deployed AI chat tools to generate thousands of personalized victim conversations simultaneously—each one appearing distinct, building trust across weeks or months before the eventual theft.

Investment clubs became a key delivery mechanism. Fraudsters used AI-generated videos and audio to impersonate celebrities, CEOs, and financial figures, creating fake endorsements that were often distributed via social media or staged video calls. These productions were professional enough to deceive victims who would have recognized a low-quality fake.

Cryptocurrency investment fraud—commonly known as "pig butchering"—accounted for $7.228 billion in losses across 61,559 complaints, a 48% increase in complaint volume from 2024. These scams, largely run by organized criminal enterprises in Southeast Asia using trafficked labor, now rely on AI to accelerate the trust-building phase and increase the volume of simultaneous operations.

Business email compromise: voice cloning enters the kill chain

Business email compromise (BEC) remains one of the most financially damaging crime types tracked by IC3, generating $3.046 billion in losses in 2025. Within that category, AI is increasingly embedded in the attack chain.

Chat-generation tools allow attackers to rapidly produce executive-impersonation emails with the tone, vocabulary, and contextual detail of a specific organization's leadership. The FBI report highlights that voice cloning is now being layered into these attacks, used to place follow-up calls that appear to come from a CFO or CEO, reinforcing written wire transfer instructions.

In 2025, businesses reported more than $30 million in losses specifically attributed to BEC scams with a confirmed AI component. Given the attribution gap noted elsewhere in the report, that number should be treated as a conservative baseline.

Confidence and romance scams: synthetic personas at scale

AI-assisted confidence and romance scams generated $19 million in reported losses in 2025, with a confirmed AI nexus; but the mechanics documented in the IC3 report point to broader infiltration of this category.

Criminals are using AI chat generators to produce profiles and conversation scripts that make synthetic relationships more believable and sustainable over longer periods. A related and particularly concerning subcategory is the "distress scam": voice-cloning technology mimics the voice of a family member in apparent crisis, prompting victims to wire money immediately. These calls are increasingly difficult to distinguish from a real emergency.

Distress scams generated more than $5 million in losses in 2025, and the FBI notes that the tactic is evolving—expanding beyond grandparent-targeting schemes to impersonate a wider range of family members and friends in various emergency scenarios.

The employment fraud: deepfake interviews as network access vectors

AI-enabled employment fraud represents a threat category that sits at the intersection of individual financial crime and enterprise network security. The FBI documented widespread use of voice spoofing and video deepfakes during online job interviews in 2025, with victims reporting losses of approximately $13 million.

The enterprise dimension is significant: the IC3 report notes that financial loss is often not the primary objective in these cases. Instead, the goal appears to be gaining access to corporate networks under the cover of legitimate remote employment. An attacker who passes a deepfake interview and is provisioned with credentials and internal access represents a persistent, authorized threat inside the perimeter.

This pattern connects directly to the FBI's ongoing warnings about North Korean IT worker infiltration schemes, documented separately in the report, in which state-sponsored actors placed remote workers inside U.S. companies to exfiltrate data and generate revenue for weapons programs.

What security teams should take from this

The IC3's decision to formally break out AI as a tracked fraud descriptor for the first time is itself a signal. It acknowledges that AI has evolved from an emerging threat to a defined, measurable component of the cybercrime ecosystem.

Several operational implications stand out for defenders.

The attribution gap is a detection problem. If victims can't identify AI involvement, detection controls aren't surfacing it either. Voice biometric verification, deepfake detection tooling, and out-of-band confirmation workflows for high-value wire requests deserve renewed attention.
BEC defenses need to account for audio, not just email. Voice cloning as a BEC layer means that a callback to a "known" number or a voice that sounds right is no longer a reliable verification signal.
Remote hiring processes are an attack surface. Organizations should treat the interview and onboarding process as a security boundary—particularly for positions that carry privileged access or handle sensitive data.
The 60+ demographic is a significant target and, for enterprise security teams, represents a risk vector through employees' families. Distress scams and tech-support fraud targeting older Americans generated $7.748 billion in losses in 2025—a 59% increase from 2024.

The FBI launched several initiatives in response to the broader fraud picture in 2025. Operation Level Up, focused on cryptocurrency investment fraud, notified 3,780 victims last year—78% of whom were unaware they were being scammed at the time of contact—and prevented an estimated $225.8 million in losses. A new Scam Center Strike Force targeting Southeast Asian criminal enterprises responsible for large-scale pig butchering operations is pursuing both prosecutorial and sanctions-based disruption.

The 2025 Internet Crime Report is available here.

Follow SecureWorld News for more cybersecurity news.

Defending PLCs, Critical Infrastructure from Physical Cyberattacks

CamS@secureworld.io (Cam Sivesind) — Wed, 08 Apr 2026 20:44:00 GMT

A new Cybersecurity Advisory (AA26-097a) from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has sent a clear message to the industrial world: the air gap is dead, and our literal "switches" are in the crosshairs.

The advisory details how Iranian-affiliated cyber actors have successfully exploited Programmable Logic Controllers (PLCs) across multiple U.S. critical infrastructure sectors. These intrusions amount to a direct assault on the hardware that manages our water, energy, and manufacturing.

So what does all this escalation mean for the professionals on the front lines and the public they protect?

To understand the gravity of this alert, we must define the target. PLCs are the "brains" of industrial automation. They are small, ruggedized computers that control physical processes—opening a water valve, regulating a turbine's speed, or managing a cooling system.

In the campaign, attackers targeted PLCs that were exposed to the internet, often using default passwords or known vulnerabilities in the administrative web interfaces. By gaining access, the actors were able to disrupt operations, in some cases displaying political messaging on the controller's screen while disabling the physical equipment.

For those charged with protecting the "internal frontier" of Operational Technology (OT), this advisory serves as a strategic blueprint for defense.

Attackers are no longer just looking for high-level IT credentials; they are performing automated reconnaissance for specific industrial hardware. If your PLC has an IP address, it is being scanned.

A recurring theme in this exploit was the use of default manufacturer passwords. Security teams must treat "factory settings" as an active vulnerability.

As we link industrial floors to corporate networks for data-driven insights, we create bridges for attackers to cross. The CISA advisory emphasizes that many compromised PLCs were accessible because of a lack of robust network segmentation.

While most cyberattacks feel invisible—a stolen credit card or a leaked email—attacks on PLCs have the potential for real physical impact.

In the short term, these attacks can cause localized service disruptions, such as water pressure drops or power fluctuations.

Even when physical damage is avoided, these attacks are designed to undermine public trust. Seeing a political message on a water utility's controller screen is a form of "digital graffiti" meant to signal that the basic pillars of society are vulnerable. Call it a psychological attack.

The public should view this as a reminder that cybersecurity is now a component of public safety. Just as we expect fire codes and clean water standards, we must demand that utilities treat cyber hygiene as a foundational safety requirement.

CISA isn't just raising the alarm; they are providing a roadmap for hardening these systems:

Change every default password: This remains the most effective, low-cost defense against the current Iranian campaign.
Implement robust MFA: Even for industrial interfaces, multi-factor authentication is the "gold standard" for stopping credential-based access.
Disconnect from the public web: There is rarely a legitimate business reason for a PLC to be directly accessible from the open internet. Move these assets behind a VPN or a secure firewall with strict access controls.
Audit your shadow OT: Use scanning tools to identify devices on your network that your security team might not even know exist.

Engineering Data Protection for AI Systems: Bridging Privacy Frameworks and Real-World Implementation

Shwetha Prasad — Wed, 08 Apr 2026 11:26:00 GMT

AI adoption is accelerating across enterprise and critical infrastructure environments, driving new levels of automation, insight, and operational efficiency. At the same time, it is fundamentally changing how data is collected, processed, and shared.

On paper, most organizations appear well prepared. Privacy frameworks are defined, data classification standards are established, and regulatory requirements are mapped to controls. However, real-world implementations often tell a different story. The challenge is no longer defining what should be protected, but ensuring those protections hold up as data moves through complex, AI-driven systems.

The gap is not in policy. It is in translating policy into practical, engineering-driven controls that align with how data actually behaves.

The shift: from static data protection to dynamic data systems

Traditional data protection strategies were designed for relatively stable environments. Data was structured, stored in known locations, and accessed through predictable patterns.

AI systems break these assumptions.

Data in AI environments is:

Continuously collected across distributed sources
Aggregated and enriched across platforms
Processed through models that generate new insights
Shared across cloud services and third-party ecosystems

In this model, data is no longer static. It is constantly moving, changing, and expanding in meaning.

As a result, protecting data at a single point is no longer sufficient. The focus must shift to understanding how data flows across systems and how risk evolves over time.

Where privacy frameworks fall short in practice

Static classification cannot capture inferred sensitivity

Most privacy frameworks rely on identifying and labeling sensitive data based on predefined patterns. While this works for structured data, it becomes less effective in AI systems where sensitivity is often inferred.

Seemingly non-sensitive data can become sensitive when:

Combined with other datasets
Processed through models
Analyzed for behavioral or contextual insights

This creates a gap where data is technically compliant, but still exposes risk through inference.

Controls are applied at points, not across lifecycles

Data protection controls are often implemented at specific layers such as endpoints, networks, or storage systems. However, AI pipelines span entire lifecycles, including ingestion, transformation, inference, and output generation.

Without visibility across these stages, organizations struggle to track:

How data is transformed
Where sensitive attributes emerge
How data is accessed across environments

This fragmentation leads to blind spots, where risks accumulate between control points rather than within them.

Identity expands the attack surface

In AI-enabled systems, identities play a central role in how data is accessed and processed. Service accounts, APIs, and automated workflows create access paths that extend across multiple systems.

When permissions are not tightly controlled, a single compromised identity can:

Access multiple data sources
Traverse across environments
Expose data beyond intended boundaries

The result is not just localized exposure, but system-wide risk propagation.

External dependencies reduce control and visibility

AI systems depend heavily on external components, including cloud services, third-party data providers, and pre-trained models. These dependencies extend the data protection boundary beyond the organization.

In many cases, organizations lack full visibility into:

How external systems handle data
What data is retained or reused
How model behavior may expose sensitive information

This creates a broader ecosystem risk, where data protection depends on factors outside direct control.

Engineering data protection for real-world AI systems

Addressing these challenges requires moving beyond policy-driven approaches toward engineering-driven data protection that operates across systems and data flows.

Data-centric protection across the lifecycle

Effective data protection starts with understanding how data moves and evolves. Instead of focusing only on where data is stored, organizations need visibility into:

Data origins
Transformation processes
Points where sensitivity emerges

Techniques such as data lineage tracking and context-aware classification help ensure protection extends across the full lifecycle, not just at isolated points.

Identity-aware access control

Access control must evolve from static permissions to continuous evaluation of identity behavior. This includes monitoring how identities interact with systems, detecting unusual access patterns, and limiting unnecessary cross-system access.

By focusing on how access is used rather than just how it is assigned, organizations can better contain risk and prevent lateral movement.

Integrated visibility across systems

In AI environments, risk spans data, identity, and infrastructure simultaneously. Treating these areas separately limits the ability to understand how risks combine.

An integrated approach enables organizations to:

Correlate signals across systems
Identify potential attack paths
Understand the broader impact of individual weaknesses

This shift from isolated alerts to systemic visibility is critical for managing complex environments.

Managing inference and model-driven exposure

AI introduces a new class of risk where sensitive information can be revealed through model outputs rather than direct data access.

Mitigating this risk requires:

Evaluating how models process and expose data
Limiting unnecessary data aggregation
Applying controls to outputs, not just inputs

This expands data protection beyond traditional boundaries into how insights themselves are generated and shared.

Embedding privacy-by-design into system architecture

Privacy cannot be retrofitted into AI systems. It must be designed into how systems collect, process, and share data.

This includes:

Minimizing unnecessary data collection
Segmenting data across environments
Controlling how data flows between systems

These architectural decisions play a critical role in reducing risk as systems scale and become more interconnected.

Moving forward: from frameworks to implementation

Privacy frameworks provide essential guidance, but they do not address the complexity of modern AI systems on their own. The challenge lies in operationalizing these frameworks in environments where data is dynamic, interconnected, and continuously evolving.

Organizations that succeed will be those that move beyond static controls and adopt engineering-driven approaches aligned with real-world data behavior. This requires continuous adaptation, cross-domain visibility, and a deeper understanding of how data interacts across systems.

Conclusion

AI systems are reshaping how data is used, and in doing so, they are exposing the limitations of traditional data protection approaches.

The focus must shift from protecting isolated datasets to managing how data flows, transforms, and creates risk across interconnected environments. Bridging the gap between privacy frameworks and implementation is not about adding more controls, but about designing systems that account for how data actually behaves.

In AI-driven environments, effective data protection is no longer a static function. It is an ongoing engineering challenge that requires continuous visibility, adaptation, and control.

Cyber Insurance Paradox: Judgers of Risk Struggle to Manage Own Risk

CamS@secureworld.io (Cam Sivesind) — Tue, 07 Apr 2026 12:50:59 GMT

The insurance industry occupies a unique and powerful position in the cybersecurity ecosystem. By setting underwriting standards, insurers effectively act as the de facto regulators of global security, defining what good looks like for everyone else.

However, a new joint report from the Insurance Information Institute (Triple-I) and Fenix24, "Cybersecurity for Insurers: Squaring Safety with Service," reveals a striking paradox: the very entities judging the world's risk are struggling to manage their own.

For cybersecurity professionals, the report is a critical look at the "circularity of risk" within the $16.3 billion cyber insurance market. Here is what the findings mean for the broader economy and the leaders advising on breach preparedness.

Insurers are high-value targets because they sit on a "triple threat" of data: sensitive PII/PHI of policyholders, proprietary financial data of global corporations, and systemic economic importance.

The report highlights that while ransomware is the headline-grabber, it only accounts for 19% of reported cyber claims. The real "silent killers" are Business Email Compromise (BEC) and Funds Transfer Fraud (FTF), which together drive 56% of claims. Despite this, insurers themselves are still working through "foundational" challenges, creating a disconnect between the security they mandate and the security they maintain.

"The findings reinforce that the insurance sector remains a high-value target because it sits at the intersection of sensitive data, financial transactions, third-party dependencies, and reputational exposure," said Heath Renfrow, Co-founder and CISO of Fenix24. "Threat actors understand that insurers are not just protecting their own operations—they are part of the broader response and recovery ecosystem for many other businesses. That makes disruption inside an insurer especially consequential."

Renfrow added, "What stands out most is that the challenge is no longer just about preventing intrusion. The threat landscape has evolved into one where attackers are deliberately targeting the systems that organizations rely on to respond and recover—identity infrastructure, administrative pathways, core applications, and backup environments. For insurers, that raises the stakes significantly. A compromise is no longer just an IT event; it can quickly become an operational and customer-impact event."

When the referees of risk have blind spots, the entire game changes for policyholders.

If insurers are still maturing their own defenses, there is a risk that underwriting requirements—such as MFA or EDR mandates—are being applied as "checkbox" compliance rather than deep, risk-based validation.

Foundational struggles within the insurance sector lead to unpredictable markets. There is a "tug-of-war" where rates decrease while threats evolve, suggesting that the industry is still struggling to find a stable actuarial baseline for cyber risk.

Business interruption now accounts for half of the $1 million average cost of a ransomware incident. Entities can no longer rely on insurance to just "pay the ransom"; they must prove they can restore operations independently.

For CISOs and advisors helping leadership navigate the insurance landscape, the Triple-I/Fenix24 report offers three key pivots:

Shift from "insured" to "recoverable": Don't just prepare to meet an underwriter’s checklist. Focus on cyber resilience—the ability to assure recoverability through automated infrastructure mapping and "battle-tested" recovery platforms.
Validate the "human workflow" gap: Since 56% of claims stem from BEC and transfer fraud, advise leadership that technical controls are insufficient. The "workforce identity gap" at the help desk and in funds transfer processes is where the most frequent (and insured) losses occur.
Pressure test vendor interdependency: The report notes that systemic economic importance makes insurers a target. Treat your insurer like a high-risk third-party vendor. Ask: If my insurer is breached, how does that impact my ability to trigger my own incident response and recovery?

The most provocative question raised by this research is systemic: If insurers are still navigating foundational cybersecurity challenges, can they accurately price risk for the rest of the economy?

If the surveyors of the land don't know where the sinkholes are on their own property, their maps of the broader territory are inherently suspect. This suggests that the industry may be over-relying on historical data for a threat landscape that is being fundamentally rewritten by AI-driven automation and autonomous threat agents.

Some additional thoughts from Renfrow

1. "The research suggests many organizations aren’t testing recovery in real-world ransomware scenarios. What does 'true' cyber resilience look like in practice, especially as attacks increasingly target identity systems and core infrastructure?

True cyber resilience is not a policy, a slide, or a tabletop exercise. It is the proven ability to restore business operations under real-world attack conditions, when identity is impaired, infrastructure is degraded, tools may be unavailable, and time is working against you.

In practice, that means several things. First, organizations must know what matters most to the business and in what order it must come back. Second, they need validated recovery paths for critical systems, not theoretical ones. Third, they must test recovery in conditions that resemble actual ransomware events—not clean lab scenarios. And finally, they need to assume that identity systems such as Active Directory, privileged accounts, and core management infrastructure may be compromised or unavailable during the event.

The gap we often see is that companies test whether data can be restored, but not whether the business can actually run again. Those are very different things. Recovery that is not tested against real dependencies, identity compromise, and operational pressure is not resilience—it is optimism."

2. "With cyber claims shifting toward BEC and fraud over ransomware, how should insurers and enterprises be rethinking their security and risk models?

Insurers and enterprises need to expand their thinking from pure malware defense to business process protection. Business email compromise and fraud succeed less through technical destruction and more through trust abuse, identity misuse, and control failure. That requires a different lens.

Security and risk models should place much more emphasis on identity assurance, privileged access, approval workflows, vendor payment controls, communications verification, and detection of abnormal business activity. In other words, the organization has to protect not only its systems, but also the decision-making processes that move money, authorize change, and approve transactions.

This shift also means risk models should not over-index on whether malware was involved. Some of the most damaging losses now come from attacks that exploit people, process, and identity without ever deploying ransomware. The financial and operational consequences can be just as severe."

3. "What are the potential downstream implications for policyholders if insurers themselves are still maturing in areas like recovery testing, patching speed, and identity protection?

If insurers are still maturing in these areas, the downstream implications for policyholders can be significant. At a basic level, it creates concentration risk in an industry that many organizations depend on during moments of crisis. If an insurer experiences operational disruption, delays in claims handling, communications, underwriting, or partner coordination can directly affect customers when they are most vulnerable.

There is also a broader market implication. Insurers help shape expectations around cyber maturity, coverage terms, and response readiness. If their own operational resilience lags behind the threat, the entire ecosystem can become less stable. Policyholders may face longer response timelines, more friction during claims events, or changes in underwriting and coverage assumptions driven by uncertainty.

More broadly, resilience inside insurance organizations matters because they are part of the trust backbone of cyber response. When they are strong, the system is stronger. When they are not, stress cascades outward."

4. "What needs to change for insurers to close these gaps and keep pace with the current threat environment?

Operationally, organizations need to move from control ownership to outcome ownership. It is not enough to say a tool is deployed or a policy exists. Leadership needs evidence that the company can withstand and recover from a destructive cyber event. That requires rigorous testing, clear restoration priorities, dependency mapping, identity hardening, and executive-level accountability for recovery readiness.

Culturally, there also has to be a shift away from assuming resistance alone will solve the problem. Prevention is necessary, but it is not sufficient. Every organization will eventually face control failure somewhere. The ones that perform best are those that have accepted this reality and built muscle memory around recovery.

The strongest insurers will be the ones that treat resilience as a core operating discipline—not a compliance exercise. That means making recovery readiness as measurable, repeatable, and accountable as financial controls or claims operations. In today's environment, resilience is not just a security issue. It is a business capability."

Infostealers Now Want Your Entire AI Identity, Not Just Your Passwords

nahladavies@nahladavies.com (Nahla Davies) — Mon, 06 Apr 2026 13:54:00 GMT

Infostealers used to be simple creatures. Grab a few saved passwords, maybe skim some cookies, sell the bundle, move on. That model feels almost quaint now.

The surface area of identity has exploded, and attackers have noticed. What used to be a login problem has quietly turned into something far more invasive, far more valuable, and far harder to recover from.

There's a new prize on the table, and it lives inside the tools people trust every day. Your AI accounts, your prompts, your histories, your context. All of it forms a profile that's richer than any password dump, and unfortunately, infostealers are adapting with alarming speed.

The evolution of infostealers from credentials to context

Infostealers have always followed value. When browsers started storing passwords, they targeted browsers. When crypto wallets surged, they pivoted to wallet files and seed phrases. The pattern has always been clear, even if the tooling keeps changing.

Now there's a different kind of value emerging. AI platforms are becoming central hubs for work, research, coding, and decision-making, making them ideal for quick data extraction. And why not, honestly?

People sheepishly feed them sensitive data without hesitation. Internal documents, proprietary code, business strategies. It's all there, often unencrypted and neatly organized in conversation histories.

Attackers no longer need to guess what matters to you; they can extract it directly. A compromised machine can reveal not just where you log in, but how you think, what you're building, and what you're planning next. That's a completely different level of intelligence.

The shift feels subtle on the surface, but it changes the economics of cybercrime. A single compromised AI account can be worth more than dozens of traditional credential pairs. It's not just access anymore—it's insight into a business's inner workings.

What an 'AI identity' actually looks like in practice

People tend to think of identity as a username and password combo, maybe tied to an email or a phone number. That definition is outdated. AI identity is layered, dynamic, and deeply personal in ways most users haven't fully processed yet.

Every prompt you’ve written, every response you’ve refined, every file you’ve uploaded contributes to that identity. Over time, it becomes a map of your intentions. It reveals your workflows, your priorities, your blind spots, and even your tone of thinking.

For professionals, it goes even deeper. Marketers store campaign ideas, engineers debug code, founders draft strategy. AI tools become extensions of cognition. Losing access to that data can be catastrophic, making it no coincidence that AI protection services are on the rise.

Attackers see that clearly. They're not just harvesting accounts; they're harvesting behavior. And behavior is far more exploitable than a static password ever was.

How infostealers are adapting their tactics

The technical shift isn't happening in isolation. Infostealers are evolving their capabilities to capture this new layer of data without raising alarms. I've heard an acquaintance say thieves act like they're performing a physical on an organization, looking for illnesses. But instead of treating them, they exacerbate them.

Modern strains are already scanning for session tokens tied to AI platforms. Instead of waiting for credentials, they hijack active sessions. That bypasses traditional authentication entirely and gives immediate access to account histories.

There's also a growing focus on local storage. Many AI tools cache data for performance reasons. Infostealers know exactly where to look: prompt histories, API keys, configuration files. It's all fair game once a system is compromised.

Even browser extensions are becoming targets. Some attackers inject malicious code that silently scrapes interactions as they happen. Users continue working as usual, unaware that everything they type is being mirrored elsewhere.

The result feels seamless from the attacker's perspective. Minimal friction, maximum yield. That combination is hard to defend against if you're still thinking in terms of passwords alone.

The security gap most organizations haven't addressed yet

Organizations have spent years building defenses around credentials: multi-factor authentication, password managers, zero trust policies. All of that still matters, but it doesn't fully address this new risk layer.

AI usage often slips through the cracks. Employees sign up with personal accounts, paste sensitive data into prompts, and integrate tools into workflows without formal oversight. It happens fast, and security policies struggle to keep up.

There's also a visibility problem. Traditional monitoring tools aren't designed to inspect AI interactions. They can flag suspicious logins, but they won't tell you if sensitive data has been exfiltrated through prompt histories.

That creates a significant governance blind spot—one that attackers are actively exploiting. While organizations focus on perimeter defenses, valuable data is flowing through channels that feel safe but aren't fully controlled.

Closing that gap requires a shift in mindset. AI tools need to be treated as data environments, not just productivity enhancers. That means governance, monitoring, and clear usage boundaries.

What users and teams can do without overcomplicating It

There's no single fix, but there are practical ways to reduce exposure without turning workflows upside down. Awareness is the starting point, and zero-trust still has its advantages.

Still, I think people need to understand that what they share with AI tools can persist and be accessed if accounts are compromised. It's like keeping everything in a purse; it's easier to reach and manage, but all a wrongdoer has to do is hit just one bird with its stone and the entire flock is a goner.

Using dedicated accounts for work-related AI usage helps create separation. It limits the blast radius if something goes wrong. But for a truly impactful solution, security teams will have to become boardroom whisperers.

Regardless, experts must also expand their monitoring scope. Look for unusual access patterns tied to AI platforms, track API usage, and treat these environments as part of the broader attack surface. The goal isn't to eliminate risk entirely; it's to make exploitation harder and less rewarding.

Conclusion

Something fundamental has shifted in how identity works online. It's no longer just about proving who you are; it's about everything that defines how you operate. AI tools have accelerated that shift, and attackers are moving just as quickly to take advantage of it.

There's a tendency to treat new technologies as separate from existing threats, but that separation doesn't hold for long. Infostealers have already crossed that boundary. They're not waiting for organizations to catch up.

The opportunity now lies in recognizing what's changed before it becomes standard practice for attackers. Protecting passwords still matters, but protecting context matters more than ever. And once you start looking at your AI footprint through that lens, the stakes become impossible to ignore.

Google Sets 2029 Deadline for Post-Quantum Cryptography Migration

drewt@secureworldexpo.com (Drew Todd) — Thu, 02 Apr 2026 16:06:33 GMT

Google recently published a blog announcing a formal 2029 deadline for completing its post-quantum cryptography (PQC) migration—a move the company describes as both an internal commitment and an industry-wide call to action. The announcement, authored by Heather Adkins, VP of Security Engineering, and Sophie Schmieg, Senior Staff Cryptography Engineer, reflects a growing urgency inside Google as progress on quantum hardware accelerates.

The post represents a notable shift in posture: where discussions of quantum-safe cryptography have long been framed around a distant, hypothetical threat horizon, Google is now treating 2029 as a hard deadline backed by concrete engineering milestones.

Why the accelerated timeline?

According to Google, the updated timeline reflects advances across three fronts: quantum computing hardware development, quantum error correction, and quantum factoring resource estimates. Taken together, these developments suggest that a cryptographically relevant quantum computer (CRQC)—one capable of breaking current public-key encryption—may arrive sooner than the security community previously modeled.

The threat, as Google frames it, is not monolithic. The company draws an important distinction between two categories of risk: encryption and digital signatures. Encryption is already under threat today, through so-called "store-now-decrypt-later" attacks, in which adversaries harvest encrypted data now with the intent to decrypt it once a sufficiently powerful quantum machine becomes available. Digital signatures, by contrast, represent a future threat, but one that must be addressed before a CRQC exists, because retroactive remediation is not possible once the infrastructure has been compromised.

In response, Google says it has updated its internal threat model to prioritize the migration to PQC for authentication services. As the blog notes: "We've adjusted our threat model to prioritize PQC migration for authentication services—an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit."

Google's existing PQC commitments

The announcement is not without precedent. Google has been investing in post-quantum security across its product stack for several years. Chrome has supported PQC key-exchange mechanisms, Google Cloud has offered PQC capabilities to enterprise customers, and internal communications infrastructure has already transitioned to quantum-safe protocols.

The latest concrete milestone: Android 17 will integrate PQC digital signature protection using ML-DSA, aligned with the U.S. National Institute of Standards and Technology's (NIST) published post-quantum standards. This brings PQC protections directly to end-user devices at scale—a significant deployment milestone given Android's global footprint.

Two 2029 deadlines, one underlying challenge

What makes Google's announcement particularly significant for the broader security ecosystem is the year it has chosen. 2029 is not only when Google intends to complete its PQC migration; it is also the year the CA/Browser Forum's new maximum SSL/TLS certificate lifespan of 47 days takes full effect, representing a 12-fold increase in certificate renewal frequency compared to current norms.

Jason Soroko, Senior Fellow at Sectigo, sees the convergence of these deadlines as more than coincidental.

"Google's announcement of a 2029 timeline for post-quantum cryptography migration reinforces how quickly the cryptographic landscape is evolving," Soroko said. "That same year, the CA/Browser Forum will reduce the maximum SSL/TLS certificate lifespan to just 47 days, a 12x increase in renewal frequency that fundamentally changes how organizations must operate. Right now, our research shows that 90% of organizations see a direct overlap between preparing for short-lived certificates and preparing for PQC adoption. These parallel 2029 deadlines are not coincidental; they represent two sides of the same challenge: preparing for a world where cryptography must be updated far more frequently and with far greater agility."

Soroko also said he sees reason for optimism in the fact that both transitions are arriving simultaneously. Rather than treating them as compounding burdens, he argues they point toward the same solution: greater cryptographic agility built into organizational infrastructure from the ground up.

"The convergence of these deadlines are in some way harmonious: As Google advances the PQC timeline, and as certificate validity shrinks to 47 days, the ecosystem must move together. Continued collaboration through the IETF and the CA/Browser Forum will be essential to ensuring that organizations can rotate keys, algorithms, and certificates quickly and safely, building the agility needed to secure the quantum era."

These developments are in keeping with the accelerating pace of digital transformation, according to Derek Fisher, Director, Cyber Defense & Information Assurance Program Director at Temple University and Founder of Securely Built.

"Certificate and encryption agility is nothing new. We moved from long-lived certificates (10-year certs) down to 1- or 2-year certificates many years ago," Fisher said. "The current world we're in and heading to is a sign of further maturity in this space, where the ability to rapidly change the certificate lifecycle and cryptographic algorithms is a must. But this means that we need to have the processes, procedures, pipelines, and testing in place to make this successful. Key, certificate, algorithm rotations should be able to be completed in the blink of an eye with relative confidence. Algorithms become obsolete or broken with little warning. Fortunately, with the impending post-quantum encryption world we are heading into, we have a window of time to prepare. Those organizations that use this time wisely will be better off."

What this means for security teams

For enterprise security practitioners, the 2029 horizon is close enough to warrant immediate planning. PQC migrations are not lift-and-shift operations; they require cryptographic inventory, dependency mapping, algorithm selection aligned with NIST standards, and integration testing across complex, often legacy infrastructure. At the same time, organizations preparing for 47-day certificate lifecycles are already building the automation and certificate management pipelines that PQC transitions will also require.

Google's explicit recommendation that "other engineering teams follow suit" in reprioritizing authentication services for PQC migration provides a practical starting point. NIST's finalized PQC standards—including ML-DSA, ML-KEM, and SLH-DSA—give organizations the algorithmic foundation they need to begin that work now.

The quantum era, as Google frames it, is not approaching—it is arriving on a schedule. The question for the industry is whether it will meet that schedule proactively or reactively.

Follow SecureWorld News for more cybersecurity news.

The Vulnerability Velocity: A Sobering Look at Bug Patching

CamS@secureworld.io (Cam Sivesind) — Wed, 01 Apr 2026 23:54:58 GMT

In cybersecurity, patching is often treated as a baseline chore—the digital equivalent of taking out the trash. However, a new Sector In-Depth report from Moody's Ratings elevates this routine task to a critical financial and operational metric.

For cybersecurity teams and the enterprises they protect, the report’s findings are a sobering reality check: despite the arrival of AI-driven tools, the "window of exposure" is becoming a primary driver of credit risk and organizational volatility.

So has patching improved or slipped in effectiveness? The short answer is that the complexity of the digital footprint is outpacing the speed of remediation.

Moody's research indicates that patching effectiveness has not significantly improved in a way that reduces overall risk. While technical teams are working harder, two factors are neutralizing their efforts.

First, larger enterprises (those with more than 10,000 employees) have significantly higher counts of unpatched Known Exploited Vulnerabilities (KEVs) simply due to the sheer size of their digital footprint. The scale of exposure is increasing.

Second, attackers are weaponizing new vulnerabilities faster than ever, increasing the time-to-exploit gap. Moody's notes that the risk is particularly high for "internet-facing" assets, where the delay in patching can lead to immediate ransomware or data exfiltration events.

A central question for 2026 is whether AI has finally "solved" the patching problem. The Moody's report suggests a neutral-to-negative impact so far:

On the defensive side: AI is being used to automate vulnerability scanning and prioritize patches. However, this has led to "alert fatigue," where teams are overwhelmed by a high volume of "critical" flags that lack business context.
On the offensive side: AI has arguably helped the attackers more. Adversaries are using LLMs to reverse-engineer patches and generate exploits for N-day vulnerabilities in hours, not days.
The net result: AI has accelerated the velocity of the game, but it hasn't necessarily improved the score for defenders.

The report highlights that the risk is not distributed equally.

Sectors with high digital dependency but complex legacy systems—such as healthcare, education, and public finance—often show slower patching cadences compared to the technology and telecommunications sectors.

North American and European firms generally have more robust patching outcomes, while firms in emerging markets face higher exposure to unpatched KEVs, often due to a lack of specialized cybersecurity personnel.

For the CISO and the SOC, the Moody's report dictates a shift in strategy from "patch everything" to "risk-based prioritization."

Cybersecurity teams should prioritize the KEVs and focus exclusively on vulnerabilities that are already being exploited in the wild. A "medium" severity KEV is often more dangerous than a "critical" vulnerability that has no known exploit.

For large enterprises, they must accept that their volume of unpatched flaws will naturally be higher. Call it the large footprint tax. Teams should focus on compensating controls (like network segmentation) for systems that cannot be patched immediately.

Use the language of the Moody's report to communicate effectively to the board level. Cybersecurity leadership should explain that unpatched flaws are now a material credit risk. This moves patching from a maintenance budget item to a risk mitigation priority.

The Moody's report confirms that software bugs are no longer just technical nuisances—they are financial liabilities. In an era where AI has weaponized the delay, slow patching is functionally equivalent to no patching.

Don't miss this Automox webcast on this very topic, "Visibility Is Velocity: Bridging Insight and Action in ITOps" on April 9, hosted by SecureWorld. This webcast offers a forward-looking conversation about what visibility needs to become in order to keep up with modern IT operations. Earn 1 CPE for attending the free webcast.

The SMB Cybersecurity Struggle Is Real with Limited Resources

CamS@secureworld.io (Cam Sivesind) — Tue, 31 Mar 2026 23:25:56 GMT

The security landscape has reached a point of "Identity Industrialization," according to the latest release from SonicWall, "The 7 Deadly Sins of Cybersecurity: 2026 Cyber Protect Report. The findings shift the conversation from merely tracking threats to analyzing the behavioral "sins" that allow those threats to take root.

For cybersecurity professionals, this report is a stark reminder that while the tools are evolving—driven by a 14x surge in AI-generated phishing—the fundamental vulnerabilities remain human and architectural.

Small and Medium-Sized Businesses (SMBs) are currently facing a "perfect storm." They are targeted with the same level of sophistication as Global 2000 companies, but often operate with a fraction of the budget and staff.

"SMBs are the backbone of the United States economy. They represent 99% of all U.S. businesses and nearly half of private sector employment while contributing roughly 44% of GDP," said Michael Crean, SVP and GM of Managed Security Services at SonicWall. "What they may not know is that they are facing the same cyber risks as large enterprises; however, they lack the same levels of expertise, budget, or resources. For SMBs, cybersecurity is no longer a technical concern. It is a business necessity."

The SMB "sins" and challenges are real. SMBs often suffer from "pride"—a belief that they are too small to be a target. This leads to underinvestment in Managed Detection and Response (MDR), leaving them vulnerable to "logging in" attacks where adversaries use stolen credentials to move laterally.

With limited IT staff, SMB help desks are prime targets for impersonation and vishing. Attackers exploit the personal nature of small-team communication to bypass MFA through social engineering. Call it the help desk vulnerability.

SMBs rely heavily on SaaS to scale, but they often lack the tools to govern data sprawl. This creates an "invisible" attack surface where sensitive customer data lives in unmonitored cloud silos.

While larger enterprises have more "shields," they often suffer from "sloth"—the slow movement of legacy bureaucracy. The challenges faced by SMBs offer critical lessons for the enterprise SOC.

SMBs are forced to be lean. Large enterprises can learn from the SMB move toward Unified Security Platforms. Consolidating the stack reduces "operational drag" and "patch paralysis," allowing teams to react to threats in minutes, not days. Agility is a defensive asset.

The SMB struggle with social engineering proves that no amount of budget can fix a broken security culture. Enterprises should adopt the SMB's "all-hands" approach to security, turning every employee into a "human sensor" through adaptive behavior training.

The report highlights that complexity is the enemy of security. SMBs succeed when they focus on "brilliant basics"—phishing-resistant MFA, immutable backups, and strict identity governance. Enterprises should "prune" their 75+ tool stacks to achieve the same clarity of signal.

The '7 deadly sins' of 2026: a mandate for action

Whether you are an SMB or a global giant, the SonicWall report identifies the core failures that lead to compromise:

Lust for speed: Deploying AI and cloud tools without privacy guardrails
Gluttony for data: Collecting more PII than you can secure, leading to massive data sprawl
Greed for complexity: Investing in "shiny" tools while neglecting the workforce identity gap
Wrath of response: Relying on reactive incident response rather than cyber resilience and business continuity

As the report concludes, the goal for the coming year isn't just to buy more tools, it's to close the gap between digital ambition and protective reality.

"The threat landscape is also shifting in ways that demand attention. Nation-state actors increased their targeting of SMBs and mid-market organizations throughout 2025, recognizing that smaller organizations often serve as entry
points into larger supply chains and critical infrastructure," Crean said. "These are no longer threats reserved for governments and large enterprises. Compounding the risk further, AI is accelerating threat actors' ability to automatically scan for weaknesses at a scale and speed that manual attackers could never achieve—rapidly identifying exposed services, overly
permissive access, and administrative gaps across thousands of targets simultaneously."

The Skeleton Key Era: Attackers Are Logging In, Not Breaking In

CamS@secureworld.io (Cam Sivesind) — Mon, 30 Mar 2026 19:08:20 GMT

The traditional image of a hooded figure exploiting a zero-day vulnerability to break into a server is becoming a historical relic. According to the Ontinue 2H 2025 Threat Intelligence Report, the world has officially entered the era of the "Skeleton Key."

The report's primary conclusion is a mandate for every modern CISO: "Attackers aren't breaking in anymore, they're logging in."

This isn't just a catchy phrase; it represents a fundamental industrialization of identity compromise. Here is what the report says the second half of 2025 taught everyone about the new perimeter and what it means for defense strategies.

In 2H 2025, identity-based attacks dominated true positives across Ontinue's telemetry. Attackers have moved away from complex technical exploits in favor of high-velocity credential theft.

Sophisticated phishing kits are now standard, capable of bypassing traditional MFA by intercepting session tokens in real-time. It's Adversary-in-the-Middle (AiTM).

Attackers are increasingly targeting OAuth tokens and Service Accounts. These identities often lack the same MFA protections as human users and provide a "silent" path for lateral movement. Think rise of non-human identities.

The market for "valid keys" has become professionalized, with Initial Access Brokers (IABs) selling verified credentials for specific enterprise environments on the dark web.

For the enterprise, the shift from breaking in to logging in means that breaches are becoming harder to detect using traditional perimeter-based security.

When attackers use a valid credential, they don't trip "intrusion" alarms. They look like an employee starting one's workday—a "silent" entry.

The report emphasizes that in identity-driven scenarios, the "time-to-impact" is shrinking. Once an attacker is logged in, they can move toward data exfiltration or ransomware deployment in a fraction of the time it took in the era of manual exploitation.

Enterprises heavily reliant on SaaS and automation pipelines are at higher risk, as these environments depend on a complex web of interconnected identities that are often poorly governed. It's trust as a vulnerability.

For SOC teams and security researchers, the 2H 2025 report dictates a move toward Managed Extended Detection and Response (MXDR) and behavioral analytics.

Since a login is no longer a guarantee of identity, security teams must move toward "Continuous Authentication"—constantly validating that the behavior of the logged-in user matches their established profile.

Teams must focus on reducing the window between detection and response. Automated response playbooks that can "freeze" an identity upon the detection of an anomaly (like an unusual OAuth grant) are now essential.

Ontinue argues that while AI can speed up detection, expert oversight remains critical to navigating the nuances of identity-based attacks where a legitimate tool is being used for a malicious purpose.

For the general public, the logging in trend means that the advice of "just use a strong password" is now dangerously incomplete.

While MFA remains a critical hurdle, the public must be educated on the risks of MFA fatigue (approving push notifications they didn't trigger) and sophisticated phishing that mimics legitimate login portals.

Just as enterprises must govern their identities, individuals must become more vigilant about the permissions they grant to third-party apps via "Login with Google/Microsoft" buttons, which can be abused for OAuth token theft.

The Ontinue report is a clear signal that the perimeter hasn't just moved—it has dissolved into the identity layer. As attackers continue to automate and industrialize the theft of "keys," the only way to stay ahead is to build a defense that is as identity-focused and high-velocity as the adversary.

As the report concludes: "In an era where attackers log in rather than break in, continuous validation... [is] no longer optional. [It is] essential."

Power, Control, and the Life You Lose Trying to Hold On

Craig Stanland — Sun, 29 Mar 2026 13:48:00 GMT

One of my favorite Steven Pressfield quotes doesn't come from some of his best-known works, "The War of Art" and "Turning Pro," which are two of my all-time favorites.

It comes from his book on Alexander the Great, "Virtues of War":

Alexander and his soldiers encounter an old man who stands in their way.

One of the soldiers demands that the old man move, saying to him:

"This man has conquered the world! What have you done?"

The philosopher replied without an instant's hesitation,

"I have conquered the need to conquer the world."

I used to want to conquer my old little world. And my conquering was through chasing externals to define who I am.

Because when identity is built on what’s outside of you, you're perpetually one outcome away from losing yourself.

It was a terrible way to live.

I look at what's going on in the world today, and I see people desperately trying to obtain as much power as they possibly can.

In my eyes, it's the greatest power grab I've seen in my 52 years.

Power is intoxicating, no doubt.

But it's also a self-fulfilling prison cell slowly built over time.

If power is your fuel, you're outsourcing your inner state to external approval and validation.

You're living on the top one inch of the ocean of life, completely missing the depth beneath you.

Because when you outsource your inner state to external validation, everything becomes a threat to what you need.

Life is lived in fear of losing what you have, even if the strategy appears to be acquiring more.

It's a strategy of defense disguised cleverly as offense.

Because what you have isn't enough, so you chase more, believing that when you reach a critical mass, you'll be untouchable, you won't lose what you have.

You'll be too big to fail.

But that's not true. Fear will still lurk around every corner, and you spend your life looking for what will take from you.

Because the life being built isn't coming from you, it's constantly being negotiated with the world around you.

Most of us aren't chasing power; we're chasing control over how we're perceived.

True power is created internally and requires no external validation.

But when you need to get drunk off of others' approval, fear, or validation, you will never understand this.

I want my life to be one of inner peace and emotional freedom, ease, and grace.

I don't chase these emotions "out there." I create them by coming back to,

"I have conquered the need to conquer the world."

This article appeared originally on LinkedIn here.

RSA Conference 2026 Recap: It's About Time for 'Power of Community'

tbriggs@secureworld.io (Tom Briggs) — Fri, 27 Mar 2026 18:54:36 GMT

Confession: While I've worked and attended tech events at the Moscone Center, when it comes to RSA Conference takes, I'm new. Since others are better equipped to deep dive into trends, news, and analysis, let's talk about time.

In his book When, Daniel Pink argues the case for matching the right task to the right part of the day. Decades of research spanning psychology, biology, economics, and medicine all reinforce that our daily human rhythms follow predictable patterns. Understanding and working with these can boost overall effectiveness and well-being. This collective flow of human energy was on center stage at the boisterous convergence of humanity and technology that was RSA Conference 2026.

Stepping into Moscone Center South on Tuesday, March 24, was a hit of pure human energy. 2025 set a high-water mark of nearly 44,000 attendees. Final numbers are pending, but projections this year show another high.

Along with other "up-and-at-em" Day 1 achievers, I dived right into the check-in line during what in hindsight surely must have been peak morning rush. Snaking back and forth for around a quarter mile to the furthest corners of the lobby, this was "The Power of Community" (2026 theme) on blast. As a parent who's made the mandatory Disneyland pilgrimage, this was a Star Wars: Rise of the Resistance during Spring Break break-level line.

Regardless of preparation, shuttling that volume of humanity through any registration process is a herculean task. Fortunately, helpful line management paired with consistently positive RSAC staff kept the energy and excitement flowing. From security check to badge, the wait totaled around 40 minutes. Impressive.

Entering the main exhibition hall, morning energy was on full display. Booth representatives were caffeinated, demos had energy, and the talking points were flowing. This was "get things done" type of energy. Media pass in hand, this was the best hours for optimistic "sky's the limit" quotes, factfinding, opinion gathering, and by-the-book insights.

Balancing the initial five-alarm sensory overload that is the show floor, this was also prime time for a side quest up to the AI Village for a brief chat with founder Sven Cattell. In this decidedly much more low-key and hands-on space, you could feel reflective, considered thought leadership flowing. This was a gathering of the brain trust with hands-on practitioners forging ahead to relentlessly fight the good fight. Not going to lie, chatting with a world-class expert PhD in Algebraic Topology who also has a postdoc in geometric machine learning on how humanity might better secure our future was a "smile and nod" type experience. Highly recommended for those looking to get "rubber meets the road" insights. (Literally, the next keynote while I was there was "Securing Autonomous EV Mobility.") After a brief stopover in the well-furnished media room for a quick lunch, it was back into the post-lunch exhibition floor.

In When, Pink notes that this post-lunch period marks a "trough"—the low point of the daily energy cycle for most people. For those diligently working the full-contact arena of the exhibition floor, this is the tough period. The promise of evening happy hours is still hours away. I saw one or two whisper rooms repurposed for a power nap. (Pink would approve.)

That said, conversations from this point onward became more real. With the white-hot morning energy burned away, you couldn't help but feel the conversations getting tangibly more "real." Pink notes that at this point in the day, analytical thinking, focus, and careful judgment are at their weakest (a boon for intrepid reporters seeking out raw takes and quotes). While all rules are off when the bright show lights are on, in normal times, Pink cautions against scheduling important decisions, high-stakes meetings, or complex problem-solving during this window. Yeah, not gonna happen here—we're powering through.

Conversations during this time surfaced honest impressions, vulnerabilities about the challenges faced, and a refreshing wave of "we're all in this together." Those who went hard out of the gate on swag acquisition found both bags and bodies tested. (I saw more than one bulging bag being dragged by an attendee who likely found this window a bit more exhausting than most.)

Soon enough, the promise of after-hours events appeared on the horizon. With copious choices of more hosted food, drink, and entertainment throughout the SoMa neighborhood and beyond, a collective eagerness filled the atmosphere and the energy started to build. Clearly, we were collectively climbing out of the trough to the promise of evening energy. Good food, good drink, and a chance to bond with newfound friends will do that.

In the end, surfing the energetic tides of RSAC 2026 left a deeper appreciation for the ebb and flow of both personal and collective energy. Making your way through the Super Bowl + World Cup + Olympics of cybersecurity, you can't help but respect our industry. Speaking from the editorial side of a cybersecurity events organizer, it was heartening to see humans do what humans have done for thousands of years—gather. RSAC 2026 was "Power of Community" embodied—in all its forms.

Nice to know that for all the talk of the undeniably impressive silicon and software advances, all this impressive tech is in service of us, the humans. The responsibility falls on us to make our world a bit more secure.

The Rise of the Agentic Enterprise: Navigating the Latest Cyber Risk

CamS@secureworld.io (Cam Sivesind) — Fri, 27 Mar 2026 11:36:00 GMT

The conversation around AI is shifting from "chatbots" to "agents." According to the recent McKinsey & Company analysis, "Securing the agentic enterprise: Opportunities for cybersecurity providers," cybersecurity is entering an era where AI doesn't just suggest actions, it executes them autonomously.

For security professionals, the shift reported in the article represents a fundamental change in the attack surface. CISOs and their teams are no longer just securing human users; they are securing a "chaotic web" of autonomous entities.

"What we're seeing isn't just an expansion of endpoints—it's an expansion of decision-makers," said Matt Pour, Director of Solution Engineering at Island. "Every agent introduces its own logic path, and security teams now have to account for behavior, not just access."

The "Agentic Enterprise" is defined by AI agents that can browse the web, access internal APIs, and make independent decisions to achieve a goal. While this unlocks unprecedented productivity, it introduces three "double-edged" risks.

The expanded identity perimeter: Every autonomous agent is essentially a non-human identity. If an agent has the authority to move data or change configurations, it becomes a high-value target for "Agent Hijacking" or prompt injection.
The "black box" execution risk: Unlike traditional automation with fixed logic, agentic AI can be unpredictable. An agent might find a "creative" way to solve a problem that inadvertently violates compliance or security policies.
Weaponized autonomy: Attackers are using the same agentic frameworks to conduct automated reconnaissance and multi-channel social engineering at a scale no human-led SOC can match.

"The real risk isn't just that agents can act, it's that they can act in ways we didn't explicitly design," Pour said. "That gap between intention and execution is where governance has to step in, because that's where most of the new attack surface lives."

For solution and service providers, the "Agentic Era" is a massive market opportunity to move beyond simple tool resale and into AI Governance and Assurance.

Providers must evolve from managing SIEM alerts to orchestrating "Agentic Guardrails." This includes deploying real-time monitoring that can detect when an AI agent is deviating from its intended behavioral profile.

"Guardrails can't be static policies anymore," Pour added. "They need to operate at runtime, adapting to what an agent is trying to do in context—and in high-risk scenarios, that includes building in human approvals to ensure autonomy doesn’t outpace accountability."

There is a growing vacuum for startups to build tools specifically for LLM Security and Model Poisoning defense. Vendors that can offer "Secure-by-Design" agent frameworks will win the trust of risk-averse enterprises. Call it the rise of agentic security platforms.

MSPs have an opportunity to offer "AI Stress Testing" as a service—using autonomous red-teaming agents to constantly probe an enterprise's defenses for AI-driven misconfigurations.

The McKinsey report suggests that the "arm's length" relationship between enterprises and their security partners is no longer sustainable.

Just as the cloud created a shared responsibility model, the agentic enterprise requires a shared behavioral model. Enterprises must define the "intent," while vendors provide the technical "guardrails" to ensure that intent is executed safely.

Security teams will demand "Explainable AI" from their vendors. If a security platform uses an autonomous agent to remediate a threat, the enterprise needs to know exactly why that decision was made to maintain regulatory compliance.

The relationship will become more iterative. Enterprise security teams will need to work closer than ever with vendors to "fine tune" defensive agents against the specific business logic of their organization.

What's next? The roadmap to agentic resilience

The McKinsey analysis makes it clear: the perimeter is no longer just invisible—it is active. To prepare, cybersecurity leaders should:

Inventory non-human identities: Start treating every AI agent with the same level of governance as a privileged human user.
Establish "agentic guardrails": Implement runtime controls that can "kill-switch" an agent if it attempts to access unauthorized data or execute high-risk commands.
Update the mental OS: Move from a mindset of "preventing access" to "governing autonomy."

We asked some additional experts from cybersecurity vendors for their thoughts on securing the new chaotic web.

Matthew Hartman, Chief Strategy Officer at Merlin Group, said:

"Agentic AI and emerging technologies will change the tools defenders use, but the most valuable skills remain broadly human ones—curiosity, problem-solving, and the initiative to investigate anomalies and adapt quickly. Organizations across all industries are increasingly looking for workers who can combine strong technical fundamentals with deep AI-curiosity. Defenders who demonstrate the ability to think critically about how technology evolutions change risk and defense will be successful."

Amit Zimerman, Co-Founder & Chief Product Officer at Oasis Security, said:

"Human oversight remains vital when using AI in offensive cybersecurity. While AI is highly efficient in automating and scaling tasks, human expertise is necessary to interpret complex results, make critical decisions, and apply context-specific reasoning. Humans are essential for ensuring that AI-driven tools are used responsibly and for validating the results of AI processes, especially when it comes to the nuances of certain vulnerabilities or threat landscapes."
"AI also plays a significant role in 'shift-left' approaches by identifying security vulnerabilities earlier in the software development lifecycle. When integrated into offensive security measures, AI can detect and address issues before they make it into production, reducing the cost of remediation and improving the overall security posture of an organization."
"Agentic AI security is still a rapidly evolving space. Enterprise readiness is ultimately proven in practice, not just at launch."

Diana Kelley, CISO at Noma Security, said:

"AI agents introduce a new dimension of supply chain risk because they're not just libraries or packages being pulled into the software development lifecycle by DevOps teams. They're software systems that use LLM outputs to determine next steps and execute actions across connected tools with the user’s delegated permissions. And they're being adopted by everyone from curious CEOs to highly-motivated new hires."
"Traditional supply chain controls were built for static artifacts: signed code, scanned dependencies, and trusted repositories. When you review and scan code before deployment, you can generally understand its intended behavior, even if you can’t predict every possible outcome. Agents are different. Their behavior can be assembled dynamically at runtime, with LLM-generated outputs influencing what steps they take next."
"An AI agent uses an LLM to read text and decide what to do next. The LLM generates the response, and the agent turns that response into actions using connected tools. So, if someone hides harmful instructions inside a document or tool, the LLM may interpret those instructions as something to follow, and the agent may act on them. The document isn't code, but it can still influence what the software does."
"That level of dynamic behavior and connectivity can create a fast-moving path from an untrusted external component to real internal impact."

Randolph Barr, CISO at Cequence Security, said:

"We're seeing AI rapidly evolve from simple automation to deeply personalized, context-aware assistance—and it's heading toward an Agentic AI future where tasks are orchestrated across domains with minimal human input."
"Before we even get to AI-specific risks, we have to get the fundamentals right. In the haste to bring AI to market quickly, engineering and product teams often cut corners to meet aggressive launch timelines. When that happens, basic security controls get skipped, and those shortcuts make their way into production. So, while organizations are absolutely starting to think about model protections, prompt injection, data leakage, and anomaly detection, those efforts mean little if you haven't locked down identity, access, and configuration at a foundational level."
"Security needs to be part of the development lifecycle from the beginning."

Kamal Shah, CEO at Prophet Security, said:

"AI improves the quality and clarity of vulnerability reporting by the hacking community. Researchers are using AI to draft clear guidance based on their findings, while documenting impact for multiple audiences within an organization. Some hackers have built AI agents to capture and annotate screenshots and network requests automatically, providing the necessary evidence that enterprises need to validate their findings. For organizations, this means receiving standardized, professional reports that are easier to reproduce and fix, effectively reducing the expensive back-and-forth typical of manual triage."

Bridging the Governance Gap in the AI-Driven Enterprise

CamS@secureworld.io (Cam Sivesind) — Thu, 26 Mar 2026 12:24:59 GMT

The transition from "AI curiosity" to "AI dependency" has happened faster than almost any other technological shift in recent history. But according to Auvik's newly-released 2026 IT Trends Report, "Beyond the hype: The Real State of IT in 2026," enterprises are currently living through a dangerous "maturity mirage."

While organizations are rushing to integrate artificial intelligence into every facet of their workflows, a massive disconnect has emerged between IT ambition and cybersecurity reality. For the modern CISO and security practitioner, the report serves as both a roadmap and a warning.

The headline from the Auvik report is jarring: nearly 30% of organizations currently have no formal policy governing the use of AI, despite the fact that AI tools are already pervasive across their networks.

This "governance gap" creates a unique set of challenges. IT teams are now managing an average of three million SaaS applications across the Auvik ecosystem. Many of these are AI-driven tools adopted by employees without security oversight, leading to "shadow AI"—where sensitive corporate data is fed into public LLMs without privacy guardrails.

As the workforce becomes more distributed, the "perimeter" has effectively vanished. Security teams are struggling with a lack of visibility, with 51% of IT professionals citing "network visibility" as a top challenge in managing remote and hybrid endpoints.

"AI is everywhere in IT conversations right now, but our data shows that enthusiasm is running well ahead of readiness," said Doug Murray, CEO of Auvik. "When three-quarters of IT leaders believe they have an AI policy but fewer than half of help desk staff say the same, that's an implementation problem versus a policy problem. Until governance is understood at every level of the organization, AI risks becoming just another source of Shadow IT rather than a solution to it."

The report identifies a "maturity mirage" where organizations believe they are more prepared for digital transformation than they actually are. For cybersecurity professionals, this translates into several critical hurdles.

The budget vs. time paradox: While budgets are shifting toward AI and automation, IT teams are still bogged down by "keep-the-lights-on" tasks. More than 40% of IT leaders spend the majority of their time on reactive troubleshooting rather than proactive security architecture.
AI-driven misconfigurations: As AI accelerates the speed of deployment, it also accelerates the speed of error. Automated systems can create complex cloud misconfigurations in minutes, weaponizing an environment before a human analyst can even receive an alert.
The identity crisis: With "logging in" replacing "breaking in" as the primary attack vector, the report underscores the urgent need for Workforce Identity Verification. Attackers are leveraging AI-enabled vishing and deepfakes to bypass legacy MFA, targeting the very help desks meant to protect the organization.

Despite the risks, the Auvik report highlights significant opportunities for security teams to evolve from "department of no" to "strategic enablers."

Organizations that move toward unified detection and response platforms are seeing a reduction in "operational drag." By consolidating the security stack, teams can reclaim the time needed to focus on AI governance.

Security teams can use the same AI-driven automation as attackers to perform continuous, real-time auditing of their SaaS and cloud sprawl.

The report suggests a need for IT leaders to update their "mental operating system." This means moving away from low-context metrics like CVSS and toward a context-aware risk management model that prioritizes business continuity.

Auvik's findings suggest that the next 12 months will be defined by a shift from AI Hype to AI Governance. To stay ahead, cybersecurity professionals should:

Draft and enforce "Acceptable Use" for AI: Closing the 30% policy gap is the first priority. Security must define which data can be shared with LLMs and which must remain within air-gapped or private instances.
Audit the SaaS shadow: Use network management and SaaS discovery tools to identify exactly where Shadow AI is operating.
Invest in identity-first security: As the perimeter disappears, Identity is the new perimeter. Implementing Zero Trust for cloud and hardening help desk recovery workflows against AI-enabled impersonation is non-negotiable.

'Security Through Obscurity' Days Are Over for Manufacturing Sector

CamS@secureworld.io (Cam Sivesind) — Wed, 25 Mar 2026 17:10:46 GMT

For years, the manufacturing sector operated under the "security through obscurity" model—relying on air-gapped systems and proprietary protocols to stay off the radar of mainstream cybercriminals. According to the Huntress 2026 Cyber Threat Report, those days are officially over.

Manufacturing has emerged as one of the most targeted industries, not necessarily because its data is the most valuable, but because its tolerance for downtime is the lowest. In an industry where "minutes equal millions," attackers are shifting their tactics from simple data theft to sophisticated operational paralysis.

The report highlights a staggering shift: attackers have realized they don't need to find a zero-day exploit when they can simply steal a credential. In manufacturing, where remote access for vendors and technicians is a necessity, identity-based attacks have surged. And a recent blog post dives further into the woes manufacturers face from a cybersecurity standpoint.

What it means: CISOs must move beyond traditional MFA. Attackers are now using MFA fatigue and token theft to bypass legacy defenses. For a manufacturing firm, a single compromised service account used for equipment maintenance can provide an attacker with lateral access to the entire Production VLAN.

One of the most unsettling trends in the 2026 report is the heavy abuse of Remote Monitoring and Management (RMM) tools. Attackers are "living off the land," using the very software your IT team uses to manage the environment to instead deploy ransomware or exfiltrate IP.

What it means: Security teams can no longer assume that "authorized software" is performing "authorized actions." Detecting these threats requires behavioral analysis that can distinguish between a technician performing a routine update and an adversary using that same tool to disable security agents.

Ransomware remains the apex predator for manufacturing. However, the report notes a shift toward exfiltration-only attacks and lock-and-leak tactics. Attackers are increasingly targeting the "crown jewels" of manufacturing: proprietary CAD files, sensitive formulas, and supply chain contracts.

What it means: Even if your backups are "gold-plated" and you can restore systems in hours, the threat of data exposure remains a powerful lever for extortion. Defense strategies must prioritize Data Loss Prevention (DLP) and egress filtering just as much as rapid recovery.

From the blog post: "Threat actors have figured out that while you might be able to live without your data for a few days, you can't survive with a dead assembly line. They're moving past the office network to disrupt the operational technology (OT) systems that keep your machines running.

While the exact cost changes based on what you're making, the ripple effects are the same across the board:

Missed shipments: Late deliveries trigger contract penalties and upset your biggest partners.
Idle labor: You're still paying for staff and overhead, even if no one can do their job.
Restart pains: Getting an OT system back online safely takes much longer than a standard IT reboot.
Safety risks: Sudden shutdowns can damage sensitive equipment or create hazardous conditions for people on the floor or in the plants."

The 2026 landscape demands a transition from "security as a cost center" to "resilience as a business continuity strategy," the researchers urge. Some tips from the report and blog post:

Audit "shadow" integrations: Manufacturers often have a sprawling web of SaaS and cloud-native integrations that create an invisible attack surface. Securing these "fragmented identities" is now the mandate for survival.
Bridge the IT/OT gap: As digital convergence accelerates, the air gap is a myth. Security teams need unified visibility that covers both the corporate office and the PLC (Programmable Logic Controller) on the floor.
Prepare for AI-speed social engineering: The report warns of a 14x increase in AI-generated phishing. Manufacturing help desks—often the primary point for password resets and vendor onboarding—must be trained to identify synthetic audio and hyper-personalized impersonation attempts.

More from the blog post around control and governance:

"Between government programs and directives like CMMC 2.0 and NIS2, and big customers demanding proof of security before they sign a contract, the pressure is on."
"Governance is about making sure that cybersecurity programs are fit-for-purpose, well-managed, and compliant, so that if a threat actor does find a way in, you have a practical plan to stop them. Regulators and partners want to see that you aren't just guessing—they want to see that you have a handle on who has access to your systems, apps, and data, and what's running on your floor."

As the blog points out, Zero Trust has finally hit the factory floor.

"Zero Trust architecture can feel like a lot to ask of an organization and its employees," said Brian Milbier, Senior Director of Security and IT and Deputy CISO at Huntress. "But, what it's really about is ensuring that every system at every level is protected and that no one is able to gain unauthorized access."

U.S. FCC Adds All Foreign-Made Consumer Routers to Covered List

drewt@secureworldexpo.com (Drew Todd) — Tue, 24 Mar 2026 21:19:00 GMT

The U.S. Federal Communications Commission took sweeping action on March 23, 2026, adding all consumer-grade routers produced outside the United States to its Covered List—the agency's catalog of communications equipment deemed to pose unacceptable national security risks. The practical effect is a forward-looking prohibition: no new foreign-made router model can receive FCC equipment authorization, which is required for any device to be legally imported, marketed, or sold in the U.S.

The move follows a determination by a White House-convened interagency body that foreign-produced routers introduce a supply chain vulnerability capable of disrupting critical infrastructure and national defense, and present a "severe cybersecurity risk" that could be leveraged to attack American households and networks. FCC Chairman Brendan Carr welcomed the determination in a statement released alongside the announcement.

Typhoon campaigns cited as catalyst

The FCC's action explicitly names three high-profile Chinese state-sponsored intrusion campaigns—Volt Typhoon, Flax Typhoon, and Salt Typhoon—as evidence that foreign-manufactured SOHO routers have already been weaponized against U.S. infrastructure. Those campaigns, which drew significant attention from the intelligence community and federal agencies over the past two years, exploited vulnerabilities in small-office and home-office networking hardware to gain persistent footholds in American networks, including those of telecommunications providers and critical infrastructure operators.

The citation matters because it frames this ruling not as a precautionary measure but as a response to documented, large-scale exploitation. It also signals that the FCC is extending the logic it applied to specific vendors—Huawei and ZTE were placed on the Covered List years ago—to an entire product category defined by manufacturing geography.

Scope: what is and isn't affected

The ruling applies exclusively to new device models seeking FCC equipment authorization. Routers already authorized and in use are not affected; consumers can continue using previously purchased devices, and retailers can continue selling existing authorized inventory. The restriction is structural and forward-looking, not a recall or a ban on current hardware.

The scope, however, is broad. China accounts for an estimated 60% or more of the U.S. home router market. But the FCC's FAQ is explicit that the manufacturer's nationality is irrelevant—the determining factor is where the device is produced. That sweeps in U.S.-headquartered companies with overseas manufacturing operations, including major brands that design domestically but contract production to facilities in Asia.

A limited exit ramp exists. Manufacturers can apply to the Department of Defense or the Department of Homeland Security for "Conditional Approval," which requires companies to disclose their full management structure, detail their supply chain, and submit a concrete plan to onshore manufacturing in the United States. There is no established timeline for approval, and early indicators from the analogous December 2025 drone ban—where four non-Chinese manufacturers received conditional approval while Chinese market leaders remain blocked—suggest the process will be selective.

Industry impact: a supply chain squeeze

The market implications are significant. Because virtually no consumer router currently on the market is manufactured entirely within the United States—even brands that design domestically use overseas contract manufacturers—the ruling puts enormous pressure on an industry that has operated on the assumption of globalized hardware supply chains.

For enterprise security and IT procurement teams, the more immediate concern is not an overnight disruption but a medium-term squeeze on available hardware options for remote worker kits, branch office deployments, and network refreshes. As eligible product lines narrow, prices are expected to rise and vendor choices to consolidate around manufacturers that can navigate the conditional approval pathway or invest in domestic production capacity.

Expert perspectives

Jacob Krell, Senior Director of Secure AI Solutions & Cybersecurity at Suzu Labs, said the ruling reflects a risk the security community has been raising for years:

"Supply chain compromise is becoming one of the most serious threat vectors for nation state and advanced intrusion activity targeting critical infrastructure. The FCC's decision to add foreign manufactured consumer routers to its Covered List reflects a risk the security community has been warning about for years.

As endpoint and product security have improved, adversaries have increasingly looked upstream toward manufacturing, firmware, and other supply chain dependencies where compromise can create durable access. The FCC's citation of Volt Typhoon, Flax Typhoon, and Salt Typhoon is consistent with that concern. Network devices are especially attractive targets because they sit in the path of every packet entering and leaving an environment, and predeployment compromise can be exceptionally difficult to detect and remediate.

Security leaders should treat this as a procurement signal. If the federal government has concluded that foreign manufactured network hardware can present unacceptable supply chain risk, organizations should be reviewing whether their own vendor diligence, firmware assurance, and hardware sourcing practices reflect that same reality. Every router, switch, and access point in the environment came from a supply chain. Knowing where that hardware was manufactured, who wrote the firmware, and what visibility exists into that process is no longer a theoretical exercise."

Damon Small, a board of directors member at Xcape, Inc., described the decision as a significant escalation of the government’s supply chain posture:

"This is a massive expansion of U.S. tech protectionism, moving beyond specific Chinese entities like Huawei or ZTE to a blanket ban on all foreign-produced consumer routing hardware. By citing the weaponization of SOHO routers by groups like Volt Typhoon and Salt Typhoon, the FCC is treating the humble home router as a primary vector for national-scale pivot attacks against critical infrastructure.

For security leaders, the immediate risk isn't an overnight 'dark start,' but a long-term supply chain squeeze; with more than 60% of the market currently dominated by foreign manufacturing, procurement for remote-worker kits and branch offices is about to become significantly more expensive and limited to a handful of 'trusted' (likely domestic) vendors.

Defenders should audit their current fleet of remote-access hardware and prioritize vendors moving toward U.S.-based manufacturing or those actively seeking DHS 'Conditional Approval.' While existing hardware is safe for now, expect insurance carriers and federal auditors to eventually move the goalposts from 'legal to use' to 'compliant to keep.'"

What security leaders should do now

Both experts emphasize that this ruling, even if challenged in court—as the December drone ban has been—signals a durable shift in how U.S. policymakers are treating network hardware supply chain risk.

This creates practical near-term takeaways for security and procurement teams:

Audit existing remote access and branch hardware inventories, and document where each piece of equipment was manufactured.
Evaluate vendor roadmaps for conditional approval or domestic production investment. Incorporate hardware provenance into procurement criteria and third-party risk assessments, applying the same scrutiny to switches and access points as to routers.
Monitor the conditional approval process at the DoD and DHS, since that pipeline will define which products remain viable in the medium term.

The FCC's action is the latest in a series of escalating supply chain interventions—from the Huawei and ZTE vendor bans to the December 2025 drone restrictions. Whether it survives legal challenge or not, it reflects a federal posture that treats the network hardware supply chain as a national security domain rather than a procurement commodity.

Follow SecureWorld News for more cybersecurity news.

The AI Asymmetry: Finding Bugs Faster Might Create Security Issues

CamS@secureworld.io (Cam Sivesind) — Mon, 23 Mar 2026 13:42:00 GMT

In the arms race of modern cybersecurity, automated bug detection has been viewed by many as the holy grail. However, a recent sector in-depth report from Moody's Ratings suggests that the technological leap is creating a dangerous paradox.

While AI is becoming a powerhouse for identifying code weaknesses, it is simultaneously widening the gap between vulnerability discovery and remediation, leaving many organizations more exposed than ever.

For cybersecurity professionals, the report highlights a shifting landscape where the "speed of AI" is meeting the "friction of human operations." Here are the critical takeaways from the Moody's analysis.

The growing 'vulnerability backlog'

Software vulnerabilities remain the primary vector for unauthorized network access. Today's complex, reused codebases are rife with human errors that attackers can exploit at scale. Moody's notes that while minimizing these flaws is essential for reducing the severity of cyber incidents, the sheer volume of newly discovered bugs is outstripping the capacity of security teams to address them.

AI: A double-edged sword for discovery

AI tools are demonstrating remarkable promise, often uncovering previously unknown "zero-day" style bugs in software that has already undergone rigorous security testing. These tools are becoming increasingly autonomous, identifying flaws at a pace no human team could match.

However, this efficiency comes with a significant catch: quality control. A lack of human oversight in AI-generated reports is leading to a flood of low-quality software checks and false positives.

These inaccurate reports distract security teams from genuine, high-risk threats.

In response to this "noise," some companies are scaling back their bug bounty programs. These programs are becoming "polluted" by low-quality, AI-generated submissions, which ultimately diminishes their effectiveness in finding real vulnerabilities.

The widening patching gap

The most alarming trend identified in the report is the widening asymmetry between exploitation and remediation.

Threat actors are leveraging AI and automation to exploit vulnerabilities more quickly than ever before. The sheer volume of disclosed vulnerabilities leaves many bugs unaddressed for extended periods.

According to Exhibit 6 in the report, patching speed varies significantly by sector. This variation suggests that while some industries are adapting their workflows, others remain dangerously slow, creating "windows of opportunity" that attackers are eager to exploit.

The path forward

Moving 'left' with AI

The report concludes that the only sustainable solution is a shift toward secure coding practices earlier in the software development lifecycle—often referred to as "shifting left."

By addressing security issues during the design and development phase, organizations can prevent vulnerabilities from ever reaching production. This reduces the "patching debt" and minimizes the surface area for cyberattacks. Ironically, the same AI-enabled tools causing the current backlog will be essential here, helping developers identify and fix security flaws in real-time as they write code.

7 Tips to Prevent Business Email Compromise Scams in 2026

trayalex812@gmail.com (Alex Tray) — Sun, 22 Mar 2026 14:22:00 GMT

What would you do if your finance manager wired $57,800 to a "trusted vendor," only to realize the email request was fraudulent?

In this digital world, business email compromise (BEC) is growing. BEC scams involving wire transfers increased by 33% in the second quarter of 2025. This illustrates how attackers are targeting financial workflows and payments.

Malware is no longer the basis for such attacks. They depend on trust.
With the growth of AI-generated messages, it's becoming difficult to differentiate between a legitimate message and a fraudulent one.
This article discusses seven tips to prevent business email compromise scams in 2026.

What is a BEC scam?

In a BEC scam, criminals use the identity of a partner, vendor, or executive. With this identity, they trick employees into sending sensitive information or money.

Consider that you are a CFO. You receive a fraudulent message that looks like a legitimate message from the CEO. The message asks for an urgent international wire transfer.

It was written in such a way that the tone sounds right. The signature matches. The timing feels believable. So, the transfer happens.

But it's a message that the CEO never sent.

BEC attacks use the power of urgency, authority, and familiarity. Their targets are finance teams, procurement departments, and HR—basically, anyone who handles payments or sensitive information.

In 2026, attackers will be able to send emails based on executive travel schedules, imitate writing styles, and replicate conversation threads using AI. They are extremely dangerous because of this.

The good news is that you can reduce your risk by implementing the right systems.

7 tips to prevent BEC scams in 2026

1. Enforce multi-factor authentication (MFA) across all accounts

If there's one control that immediately reduces risk, it's MFA. Even if attackers steal credentials through a phishing attack campaign, they still can't access an account without the second factor.

Don't limit MFA to executives. Apply it across:

Email accounts
Financial platforms
Cloud storage systems
Vendor portals

Use hardware keys or authentication apps rather than SMS when possible. The reason is that SMS-based MFA can be bypassed through SIM swapping.

Pro tip: Audit your MFA coverage quarterly. Many organizations think MFA is enabled, but it's not enforced on legacy accounts.

2. Implement SPF, DKIM, and DMARC email authentication

You can't prevent impersonation without technical controls.

SPF, DKIM, and DMARC work together to verify that emails actually come from authorized domains. Without them, attackers can spoof your domain and trick partners into trusting malicious messages.

Enabling strong email authentication reduces spoofing significantly. The email authentication methods, like DMARC, help protect users from impersonation at scale.

Set your DMARC policy to "reject," not just "monitor." Many businesses stop at the monitoring mode and never move forward.

Also, make it a point to:

Implement consistent DMARC monitoring to detect unauthorized domain usage
Review DMARC reports weekly
Remove unused domains
Lock down lookalike domains

Technical hygiene can prevent embarrassment and financial loss.

3. Establish a strict payment verification process

Here's where most companies fail: process discipline. No email alone should authorize a payment change.

Create a rule that any request involving money must be verified through a second channel. For example:

Call the vendor using a number already on file
Use secure vendor portals
Require two-person approval for large transfers

Many organizations also manage vendor communication and payment history through a cloud-based CRM, which helps finance teams verify requests using centralized records instead of relying only on email conversations.

Think about how many companies receive fake booking emails requesting updated bank details. Without a verification step, finance teams may process them without questioning.

Build friction into financial workflows. Convenience should never outweigh security.

Ask yourself: If a transfer request came in right now, how would your team verify it?

4. Train employees to recognize AI-powered social engineering

Technology alone won't save you. Employees must understand how modern scams look and feel. Today's attackers:

Mirror executive writing styles
Reference recent meetings
Use context pulled from LinkedIn
Create urgency with realistic deadlines

Today's attackers don't just copy writing styles—they also replicate branding details such as logos, formatting, and signatures. In some advanced cases, attackers even use an AI voice generator to create convincing audio messages that impersonate executives, adding another layer of urgency and realism to fraudulent payment requests.

Establishing internal standards for how to make an email signature ensures consistency across the organization, making it easier for employees to detect subtle differences in fraudulent messages.

Run scenario-based training sessions. Instead of boring slide decks, simulate real attacks. Send controlled internal tests and debrief afterward. It also helps to train employees on how legitimate financial communication should look, including standardized invoice email templates used by your organization. Send controlled internal tests and debrief afterward.

For example, an employee receives a message referencing a recent earnings call, asking for an urgent document review before market close. Would they question it?

Education builds instinct. And instinct stops mistakes.

Encourage a culture where employees feel safe reporting suspicious emails. Fear of embarrassment often prevents early reporting.

5. Monitor vendor and third-party email risks

Your organization might be secure, but have your vendors implemented security measures?

BEC attackers often compromise a supplier's mailbox and send legitimate-looking payment change requests from a real email thread.

This is particularly dangerous because:

The domain is authentic
The conversation history is real
The tone matches past communication

Imagine receiving a seemingly genuine invoice update from a travel partner. It looks just like previous correspondence, but it's malicious.

You've probably seen fake Robinhood email campaigns circulating online. Attackers exploit brand familiarity. The same principle applies to vendors.

You can mitigate this by:

Conducting vendor risk assessments annually
Limiting financial update privileges
Setting vendor-specific payment verification rules

Your defense is only as strong as your weakest partner.

6. Use AI-based email threat detection tools

If attackers use AI, so should you. Modern email security tools often analyze:

Behavioral anomalies
Writing tone deviations
Login location irregularities
Unusual financial language

For example, if your CEO never directly requests wire transfers but suddenly sends one, behavioral AI can flag the anomaly.

Layered protection works best with:

Secure email gateways
Behavioral analytics
Domain monitoring
Real-time threat intelligence

Don't rely solely on traditional spam filters. BEC emails don't often contain malware or suspicious links; they look clean and legitimate. Your detection strategy must go beyond keyword scanning. In addition to enterprise-grade email security tools, endpoint protection solutions can provide an extra layer of defense by monitoring for malware and viruses, detecting data breaches, and enhancing device-level security.

While BEC attacks rely heavily on social engineering rather than malware, securing every endpoint reduces the overall attack surface and helps prevent credential theft that often fuels these scams.

7. Develop a rapid incident response plan

Even with strong defenses, assume that one of the attempts from the attackers succeeded.

What to do next? Every company needs:

A documented process to solve attacks
A 24-hour response protocol
Clear roles and responsibilities
Bank contact procedures
Legal and compliance notification steps

Time matters. The faster you contact financial institutions, the higher the chance of reversing transfers.

Run tabletop exercises twice a year. Walk through scenarios, such as a fraudulent transfer sent 45 minutes ago. What will your team do next to handle it?

Clarity reduces chaos, and preparedness reduces damage.

Build a resilient defense against BEC

BEC scams in 2026 are smarter, faster, and powered by AI. But implementing proper preventive measures can minimize the risk.

You can reduce your exposure through:

MFA
Securing email authentication
Verifying payments through secondary channels
Training employees on modern social engineering
Monitoring vendor risks
Deploying AI-driven detection tools
Maintaining a clear incident response plan
Incorporating a reliable backup solution, like Office 365 email backup.

This isn't about adding complexity. It's about building discipline into how your organization communicates and moves money.

If you want to understand the evolving email threats and learn directly from cybersecurity leaders, explore upcoming events by SecureWorld. Practical insights from experts can strengthen your defense before the next attack happens.

Popular AI Sandbox Has a Backdoor—Since August

Derek Fisher — Fri, 20 Mar 2026 13:23:00 GMT

Those of us in cybersecurity should be familiar with sandbox environments where we can detonate and review malware in a minimal risk container. Similarly, a managed sandbox environment for AI allows you to run code, process data, and call tools all from a contained and controlled environment.

A prime example of a use case is presenting a chatbot with data and asking it to evaluate the data and return some analysis. An LLM behind the chatbot will not likely respond accurately, but an AI agent can create and execute Python to analyze a CSV, query a database, or run statistical models and return the analysis. In one of these sandbox environments, they can do that without accessing your infrastructure.

Here are some of the other benefits of a managed sandbox environment.

Containment of unintended side effects

AI agents, especially code-executing ones, can produce outputs that interact with the real world, like writing files, making network calls, and modifying state, but a sandbox draws a hard line around what the agent can touch. This means a bug in the generated code or a bad prompt doesn't cascade into your infrastructure.

Isolation of untrusted code

When an AI agent generates and then executes code, that code is fundamentally untrusted. It was written by a model trained on the internet, possibly manipulated through prompt injection, and hasn't been audited by a human. Sandboxing treats it the same way you'd treat code from an unknown external source. You can run it, but you run it in a box.

Reproducible, ephemeral execution

Managed sandboxes are typically ephemeral and short-lived. Each execution starts clean, which prevents one agent's session from contaminating another's and makes behavior more predictable and auditable.

Abstracting infrastructure responsibility

The "managed" part means the cloud provider handles the low-level mechanics of isolation such as the containerization, the resource limits, and the kernel boundaries. The customer gets a safe execution surface without having to build and maintain it themselves.

Bottom line: AI execution in a managed sandbox means you reduce the ability for the AI to affect other systems. Well, in theory at least. More on that in a bit.

Not every sandbox is open play

One of these AI execution sandboxes is the AWS Bedrock AgentCore Code Interpreter, available since August of 2025. It is a fully-managed service that enables AI agents to securely execute code in isolated sandbox environments, designed so that agentic workloads cannot access external systems. It allows for three network modes: Sandbox, VPC, and Public. The promise of the Code Interpreter goes beyond data analysis and code execution. Take the instance of an LLM reviewing a dataset for anomalies. Using LLM inference means you'll likely get results that will be imprecise or even hallucinated. However, if an agent can create Python code to parse the data and return results, you're more prone to get better and more accurate results.

Engineering teams use AI agents in these sandboxes to run Python, JavaScript, and TypeScript, perform complex data analysis, generate visualizations, analyze financial and operational data, and execute mathematical computations without compromising system security.

This all sounds great, so what's the problem?

Well, from a security standpoint, the piece that matters most for teams is that Code Interpreter supports running AWS CLI commands directly within the sandbox using an SDK and API, using IAM-based access controls and fine-grained permissions. This is what makes it useful for engineering workflows but also why the default role permissions are so problematic.

Research from BeyondTrust found that The AgentCore Starter Toolkit—AWS's open source quick start for getting Code Interpreter up and running—ships with a default IAM role that grants full S3 read access, full DynamoDB access, and unrestricted Secrets Manager access. That's not a misconfiguration a developer introduced, that's the out-of-the-box posture AWS documented and published (features that AWS stated are by design). The tyranny of the default strikes again!

No internet access doesn't always mean none

Getting the Code Interpreter to, you know, interpret code was not difficult for the BeyondTrust team. This meant getting a chatbot, and the agents it relies on, to execute code of the researcher's choosing through a prompt injection, supply-chain attack, or getting the chatbot to generate code that was influenced by the researcher. For example:

Once the code execution is achieved, the researchers move on to the next phase. And, stop me if you've heard this, but it's always DNS.

What was found in the BeyondTrust research is that the Code Interpreter could be persuaded to interact with C2 (command and control) channels and exfiltrate data through S3 buckets all through DNS A and AAAA record queries. For the data exfiltration, base64 encoded data was embedded in DNS subdomain queries. The researchers showed that they could run AWS CLI commands using the Code Interpreter's attached IAM credentials. This allowed them to list S3 buckets, pull files containing customer PII, API credentials, or financial records, and send that data encoded into DNS subdomain lookups to a DNS server controlled by the researchers.

While helpful, the researchers needed a method for controlling the Code Interpreter remotely. Enter the C2 ability through DNS. The researchers we able to send commands through DNS A record responses. Each octet in the response was encoded base64 command chunks as explained by the BeyondTrust writeup:

The Code Interpreter polls the attacker's DNS server for these chunked commands, reconstructs and executes them, then returns the output via DNS subdomain queries. Circle complete. There is now a fully bidirectional, persistent communication channel hidden entirely within traffic that looks like routine DNS traffic.

These channels allow for the bypass of any network isolation through DNS, and makes it difficult for defenders to block without crippling the operation of their sandboxed environment. Perhaps more frightening is the fact that more sophisticated DNS C2 implementations could establish a fully interactive shell, not just one-off commands.

Defense-in-depth for DNS

All is not lost, and there are practical steps that can be taken to limit the risk if you are using Code Interpreter. BeyondTrust recommends the following:

Inventory your AgentCore Code Interpreter instances, their network modes, and their privileges.
If you're using Sandbox Mode and assumed it provided complete network isolation, it does not. DNS resolution is enabled by design, which means DNS-based data exfiltration is possible. Migrate sensitive workloads to VPC only mode.
Scan code for prompt injection vulnerabilities to reduce risk of attackers manipulating code that is sent to the code interpreter.
Use Guardrails on the input as an additional safeguard.
Prefer newer models that have built-in safeguards to limit outright prompt injection.

But it's worth noting that you can take your defensive posture a few steps further. Specifically for DNS, consider:

Deploying a Route53 Resolver DNS Firewall to configure an allow-list of known-good domains. This list should be short. Additionally, you can alert on high-frequency DNS queries to single domains.
Make sure you monitor DNS query volume and entropy. A query for aGVsbG8gd29ybGQ.attacker.com looks nothing like api.github.com. Look to baseline normal DNS query patterns and alert on deviations.

Lastly, harden the Code Interpreter. Since the default IAM role provided with Code Interpreter has full S3 read, full DynamoDB, and unrestricted Secrets Manager access by default. This means the blast radius is equal to the IAM role. That's a problem, and one that AWS says is working as intended.

For users of the Code Interpreter, take matters into your own hands and consider auditing and replacing the default Starter Toolkit IAM role with inline policies scoped to specific S3 paths and ARNs only. Enforce least privilege as a hard requirement, not a best practice. Lastly, make sure to enable CloudTrail for all API calls made by the Code Interpreter's IAM role and alert on calls to services outside expected scope.

The path forward

Like all things AI, we're on the cutting edge of a lot of this technology, and we're only in the early stages of understanding the attack surface AI technology presents. From prompt injection to autonomous agents to poisoned models to the insecure platforms AI operates in, there is no doubt that we are going to continue to see novel (and even not so novel) ways of pushing the boundaries of security with these new systems.

This appeared originally on Substack here.

Geopolitical Conflict Driving 245% Surge in Malicious Traffic

drewt@secureworldexpo.com (Drew Todd) — Thu, 19 Mar 2026 11:52:00 GMT

Since the outbreak of the Middle East conflict on February 28, 2026, Akamai has observed a 245% increase in malicious traffic targeting businesses and institutions across North America, Europe, and parts of Asia-Pacific. The surge—documented in new research from Akamai's infrastructure security team—spans credential harvesting, automated reconnaissance, botnet-driven discovery, and early-stage distributed denial-of-service (DDoS) preparation, and it signals a pattern that security teams have come to expect when geopolitical crises escalate.

What the data reveal is not simply an Iranian cyber response. The geographic distribution of source IPs tells a more complicated story—and a more operationally significant one.

The numbers beneath the headline

Akamai's telemetry from its Prolexic Network Cloud Firewall platform shows that Iran-attributed IPs account for a minority of the malicious traffic observed since the conflict began. The larger shares originate from Russia (35%) and China (28%)—proxy infrastructure being leveraged to scale attacks and obscure attribution.

Sunil Gottumukkala, CEO of Averlon, said the pattern aligns with what security teams typically see in conflict-adjacent environments:

"The surge in activity following geopolitical tensions is consistent with what we typically see in these environments. Early-stage signals like reconnaissance, credential harvesting, and infrastructure probing tend to increase significantly as attackers look for initial access opportunities. The organizations that fare best are the ones that treat this activity as a precursor to more targeted attacks and invest in visibility into their exposure and rapid remediation of high-risk issues."

Michael Bell, Founder and CEO of Suzu Labs, pushed further on what the proxy infrastructure picture actually means for defenders, saying:

"The 245% number is real but the breakdown underneath it matters more than the headline. Only 14% of the malicious traffic Akamai observed originated from Iranian IPs. Russia accounted for 35% and China 28%, which tells you this isn't just Iranian retaliation. Russia and China are taking a 'never let a good crisis go to waste' approach, using the conflict as operational cover to ramp up scanning, credential harvesting, and infrastructure mapping while defenders are focused on the named adversary."

Bell also cautioned that the current numbers may understate what's coming: the attack mix—botnet discovery traffic up 70%, automated reconnaissance up 65%—reflects a setup phase, not the main event. The access and infrastructure mapping being built now is the precursor to follow-on operations that will likely be more severe.

Observed threat activity since February 28, 2026

Botnet-driven discovery traffic: +70%
Automated reconnaissance traffic: +65%
Infrastructure scanning of exposed services: +52%
Credential harvesting attempts: +45%
Pre-DDoS reconnaissance probing: +38%

Financial services and fintech under the heaviest pressure

Banking and financial services are the most heavily targeted verticals in Akamai's data, followed by e-commerce and gaming. Together, banking, financial services, and e-commerce account for more than 50% of malicious traffic destinations; when gaming is added, those three verticals absorb roughly 80% of observed attack volume.

The targeting logic, Akamai notes, is deliberate. Any disruption to financial services infrastructure—payment processing platforms, banking applications, credit card systems—carries an outsized economic and social impact. The company's research includes several anonymized case studies drawn from its customer base:

A critical payment processing platform in Asia-Pacific blocked more than 11 million malicious packets originating from Russia in a single day, with 65% of all traffic blocked since its 2025 deployment, with March 2026 alone accounting for 65% of all traffic blocked.
A major European payment processor blocked nearly 978 million packets from Russian-origin IPs over 90 days, including 46 million in a single week. The same customer also blocked a pre-conflict spike of 3 million Iranian-origin packets—traffic that dropped sharply after Iran imposed a near-total internet shutdown at the start of the conflict.
A U.S. financial services institution blocked 10 million of 13 million total Iranian-origin packets in just a 30-day window.
A U.S.-headquartered global real estate and professional services firm blocked 29 million packets from Russia between mid-January and March 2026—including more than 5 million on February 28 alone, the day the conflict began.

The Iran traffic drop-off is itself a notable intelligence signal: it reflects the Iranian government's near-total domestic internet shutdown in the early days of the conflict, a move that effectively cut off a large portion of the country's internet-connected infrastructure from the rest of the world.

The loud attack and the quiet intruder

Akamai's research specifically references the March 11 data-wiping attack on Stryker—claimed by Handala, a hacktivist group alleged to have ties to Iranian intelligence services—as an illustrative example of how geopolitical cyber operations can cause direct commercial disruption. The attack reportedly wiped multiple terabytes of data from Stryker's systems and disrupted internal operations, including ordering, manufacturing, and shipping.

Jacob Warner, Director of IT at Xcape, Inc., said the Stryker attack is a textbook example of a strategic misdirection pattern that defenders should be wary of:

"The recent surge in Iranian cyber activity highlights a sophisticated 'loud vs. quiet' strategic pivot. High-profile wiper attacks on entities like Stryker dominate headlines and cause immediate operational paralysis. Meanwhile, state-sponsored actors are simultaneously executing quiet, long-term espionage campaigns. For security professionals, the danger lies in the 'loud' attacks serving as a massive smoke screen, drawing incident response resources away from deep-seated persistence in critical infrastructure. In modern conflict, the wiper attack is just a loud invitation to a heist that has been running for months."

Warner specifically urged defenders to hunt for "living off the land" techniques and signs of compromised administrative tooling—including unified endpoint management (UEM) and mobile device management (MDM) platforms—rather than focusing exclusively on the headline-grabbing destructive attacks.

Seven recommendations for security teams

Akamai's research closes with seven operational recommendations for security teams navigating elevated geopolitical threat environments:

Take a proactive geo-blocking posture. If your organization does not serve users in a given geography, deny all traffic from that region at the network edge. For financial services, healthcare, and utilities, this is a particularly high-value defensive move.
Enforce caching, rate limiting, and IP reputation controls at the network edge, not deeper in the stack, where downstream systems still absorb the load.
Review critical subnets and IP spaces and verify that mitigation controls are in place across the full network surface.
Deploy DDoS protection in always-on mitigation mode to reduce the operational burden on incident response teams during surges.
Maintain close monitoring of web application firewall (WAF) policies and API behaviors, particularly for shadow APIs that may be undocumented and unprotected.
Adopt microsegmentation to limit lateral movement opportunities once an attacker has obtained initial access.
Exercise your incident response runbook: validate emergency plans, contacts, and lockdown procedures for critical applications and network assets before the next spike, not during it.

Gottumukkala's advice for practitioners mirrors Akamai's posture: treat the current reconnaissance surge as a precursor, not the main event, and prioritize attack-surface reduction and identity security before follow-on campaigns arrive.

Follow SecureWorld News for more cybersecurity news.

The Pixel Trap: Online Marketing Is a Silent PII Harvesting Machine

CamS@secureworld.io (Cam Sivesind) — Wed, 18 Mar 2026 13:07:00 GMT

For years, the cybersecurity community has viewed tracking pixels as a "marketing problem"—a necessary snippet of code for ad attribution and conversion tracking. However, a new forensic report from Jscrambler, "Beyond Analytics: The Silent Collection of Commercial Intelligence by TikTok and Meta Ad Pixels," suggests that the humble pixel has evolved into something far more predatory.

The report reveals that TikTok and Meta's pixels are methodically harvesting granular personal data and commercial intelligence that far exceeds what is required for ad performance. For security professionals, this marks a critical shift: the "marketing stack" is now a primary vector for unmanaged data exfiltration.

The investigation found that these pixels don't just track clicks; they build persistent identities through deterministic hashing (SHA-256) of emails, phone numbers, and physical addresses. Because these hashes are built from predictable data, they allow platforms to "re-identify" users and build long-term behavioral profiles without their explicit knowledge—effectively killing anonymous browsing.

Here are some of the findings at a glance:

Commercial intelligence: Pixels are capturing product names, unit prices, quantities, and the exact structure of checkout forms.
PII harvesting: TikTok was observed capturing physical addresses from store-locator fields even before a user provided consent, and in some cases, even after they clicked "Reject All."
Payment data risk: Meta's "Automatic Events" feature can scan page elements to capture cardholder names and the last four digits of credit cards by default.

For consumers, this is the death of anonymity. For the average user, the "Reject All" button on a cookie banner has become a false sense of security. The report highlights a "consent gap" where tracking happens at the runtime level, bypassing the browser's UI. Consumers are being "shadow profiled," where their real-world identity (physical address and phone number) is tied to their digital commerce journey across the web.

Marketers, meanwhile, are always trying to find the secret sauce for reaching and influencing consumers. Marketers often implement these pixels to "optimize spend," but they may be inadvertently handing over their competitive advantage. By sharing granular checkout data—SKUs, pricing strategies, and customer journey maps—merchants are feeding the very platforms that help their larger rivals. You aren't just buying ads; you are providing your competitors' AI models with a play-by-play of your business logic.

For the CISO and the security team, this report is a wake-up call regarding the "Human and Machine Perimeter."

The compliance gap: If a pixel exfiltrates PII (personally identifiable information) after a user opts out, the organization—not the pixel provider—is liable for GDPR/CCPA violations.
Shadow IT in the browser: Marketing teams often add "tags" and "pixels" through Tag Managers (GTM) without security review. These third-party scripts execute at runtime with the same privileges as your own code.
Data sprawl: Protecting PII is no longer just about securing the database; it's about securing the browser where data is entered.

Cybersecurity teams must move from "blocking" to "orchestrated visibility." They cannot disable marketing, but they can govern it.

Cybersecurity teams must monitor runtime behavior. Don't just audit the documentation; audit the network requests. Use tools that provide visibility into what data a script is actually accessing in the DOM during a live session.

They must enforce runtime controls by implementing solutions that can proactively restrict pixel access to sensitive fields (such as credit card inputs or address forms) before the data is transmitted.

They must work with marketing teams to disable "auto-matching" features. They can manually audit the configuration of Meta and TikTok pixels to disable "Advanced Matching" or "Automatic Events" if they do not align with their organization's internal data governance policies.

Marketing and cybersecurity teams must work together to close the consent gap by ensuring a Tag Manager doesn't just "listen" to the consent banner but actively blocks the loading of the pixel script until the appropriate event is fired.

From the report:

"Both TikTok and Meta's pixel code can load and begin transmitting data before the website's consent management system has time to block it, meaning information can leave the browser before the user's choice is applied. Even more concerning is that data may be transmitted in cleartext—occasionally within the request URL itself—exposing sensitive information to browser histories, server logs, intermediaries, and debugging tools. This vulnerability stems not only from the pixel's data collection methods but also from misconfigurations during the pixel's implementation or issues with the underlying architecture of the website. Consequently, the attack surface is significantly broader than a surface-level analysis suggests."

The Jscrambler report confirms that the boundary between analytics and surveillance has dissolved.

Hardwired for Havoc: Understanding the North Korean Cyber Threat

Ian Schneller — Tue, 17 Mar 2026 19:03:49 GMT

"Your main weapon is knowledge, and you'll find plenty of that in the pages that follow."

That line opens The Lazarus Heist and perfectly captures why the book is worth reading.

I originally discovered Geoff White through his book Rinsed. I enjoyed it so much that I went looking for what else he had written and quickly found The Lazarus Heist, his deep dive into the North Korean cyber threat. The result is an excellent and engaging look at one of the most formidable cyber adversaries in the world.

It would be easy to assume that a book written around 2021 might feel outdated in cybersecurity, where threats evolve constantly. That would be a mistake. The real value of this book isn't just the timeline of attacks—it's the insight into the mindset and strategy behind them.

Understanding adversaries at a macro level is critical for defenders. When you understand why an adversary behaves the way they do, you can better anticipate what they will do next.

White centers much of the narrative on the activities attributed to the Lazarus Group. The book revisits several major cyber incidents, including the Sony Pictures hack and the Bangladesh Bank heist. Even though I had studied many of these events before—along with ATM jackpotting and SWIFT banking attacks—I still learned a surprising amount of new information from the book.

One of the biggest takeaways is that the North Korean cyber threat is highly capable and constantly learning. Their operators don't just study technology; they study systems—particularly financial systems. They analyze how money moves globally and target weak points along that chain to extract large sums of money.

In this sense, hacking for North Korea is not simply about intelligence gathering. It is about economic survival. Cyber operations provide a way to circumvent international sanctions and generate revenue for the state.

Another practical lesson in the book involves the reuse of indicators of compromise (IOCs) across years and targets. The attackers often reused infrastructure, tools, and techniques over long periods. This is a reminder for defenders to ensure threat intelligence is actively ingested and blocked wherever possible.

The book also highlights examples of attacks motivated by perceived political offense rather than economic gain. In some cases, companies became targets based on public positions or statements that angered the regime. These incidents show that cyber operations can sometimes be driven by ideology or retaliation rather than pure financial or intelligence objectives.

Finally, one of the strongest parts of The Lazarus Heist is the geopolitical context it provides. White walks through the history of North Korea and explains why cyber capabilities became such an important strategic tool for the regime. Understanding that background helps answer the critical strategic question defenders should always ask: why does this adversary operate the way it does?

For anyone interested in cybersecurity, threat intelligence, or geopolitics, The Lazarus Heist is an excellent read. Even if you are familiar with the major incidents discussed, the context and insight provided in the book make it well worth your time.

In cybersecurity, knowledge truly is the first weapon—and this book delivers plenty of it.

This article appeared originally on LinkedIn here.

When AI Algorithms Decide Who Gets Hacked Next

office@alexvakulov.com (Alex Vakulov) — Tue, 17 Mar 2026 12:52:00 GMT

Cybersecurity decisions are no longer primarily made by humans. Machine learning systems now rank vulnerabilities, suppress alerts, score risk, and determine where security teams focus their time and budget. These systems strongly influence which environments receive protection first and which remain exposed longer.

When defensive attention is allocated algorithmically, the assumptions embedded in training data begin to shape real-world exposure. Over time, those patterns influence attacker behavior. Attackers adapt to where defenders are slow or absent.

The problem is not that AI security systems fail. Modern detection and response controls generally work as designed. The issue is that they learn from historical data shaped by uneven visibility across network, endpoint, and application security environments, as well as reporting incentives and institutional bias. Research from organizations such as the AI Now Institute consistently shows that operational AI systems tend to amplify existing structural inequalities rather than correct them.

In security, these inequalities determine which malware threats are prioritized, which incidents are delayed, and ultimately who gets hacked next.

The architecture of bias in threat intelligence

Data poisoning and feedback loops

Threat intelligence models are trained on past incidents, analyst-labeled events, and user/customer telemetry. This data reflects which organizations have mature logging, which regions disclose breaches, or which industries are under sustained scrutiny. It often does not reflect risk evenly across all environments.

Once deployed, models generate feedback loops. Environments flagged as high risk produce more alerts, receive more analyst attention, and generate more labeled data. That additional data reinforces the model's confidence that these environments matter. Quieter environments receive fewer alerts, confirmations, and investments. The model learns visibility rather than exposure. This is not malicious behavior. It is the expected outcome of supervised learning applied to uneven operational data.

The vulnerability gap and compute inequality

AI-driven exploit discovery, vulnerability identification, and threat prioritization increasingly favor targets that have the resources to deploy advanced, real-time defensive systems. Organizations without XDR, UEBA, or large SOC teams emit sparse telemetry, making them statistically underrepresented in training data and systematically deprioritized.

Well-instrumented environments appear noisy and therefore important. Poorly instrumented ones appear quiet and therefore safe. Security becomes correlated with telemetry richness rather than actual threat exposure. At the same time, small and midsize organizations, which often lack advanced security capabilities, represent a significant portion of real-world attack surface, yet their environments remain largely invisible to systems that rely on telemetry-driven learning.

Where security bias originates

Most commercial threat-intelligence feeds skew heavily toward English-language logs, Western enterprise tooling, and threat models shaped by NATO-centric political assumptions. Telemetry from small clinics, NGOs, regional ISPs, and Global South organizations is sparse or absent.

Behavioral baselines trained on large technology firms default to classifying niche organizations without standardized identity infrastructure as anomalous. This bias is present before any model training begins.

Research on AI bias in cybersecurity further explains that skewed training data and uneven telemetry coverage can produce systematic misclassifications that disproportionately impact specific environments and degrade detection accuracy.

Automated detection systems may misclassify privacy-preserving network traffic as malicious. For example, Tor exit relays aggregate many distinct sessions behind shared endpoints, so tools may interpret legitimate encrypted traffic as suspicious or anomalous, leading to false positives and disproportionate alerting in some regions.

IP location and reputation datasets still have substantial error rates in parts of Africa and Asia. These inaccuracies inflate false positives and suppress legitimate traffic. Studies of machine learning datasets have long shown that models trained on data with limited geographic diversity learn patterns that reflect where data is most dense, not where risk is highest. For example, research analyzing geodiversity in training sets found that systems trained on datasets skewed toward North America and Europe performed significantly worse on data from underrepresented regions.

Adversarial de-biasing in security systems

Bias in AI security systems is not corrected by more data alone. It requires deliberate, adversarial design choices across model training, evaluation, and governance. In practice, this means treating fairness metrics, both formal and domain-specific, as operational safeguards:

Equalized odds ensures that false-positive and false-negative rates remain consistent across geographies, organization sizes, and infrastructure maturity levels.
Alert parity ensures that high-risk alerts are not suppressed simply because telemetry volume is low.
Recall parity ensures detection accuracy does not degrade systematically for SMBs, public-sector systems, or low-signal environments.

De-biasing techniques that work

Effective mitigation requires structural intervention:

Enforce representation quotas for low-telemetry environments rather than passively ingesting data.
Normalize signal volume before prioritization, so silence is not misinterpreted as safety.
Replay identical attack scenarios against high-telemetry and low-telemetry profiles and compare response outcomes.
Reduce model confidence when risk scores are driven primarily by signal volume rather than signal quality.

Red teaming for bias

Bias is now an attack surface. Traditional penetration testing assumes uniform defense. That assumption no longer holds. Bias audits must become a formal testing discipline in which security teams evaluate whether automated systems deprioritize alerts from low-signal environments, respond more slowly in specific regions or sectors, or suppress incidents based on organization type or size.

Human-in-the-loop is mandatory

During zero-day exploitation and cascading incidents, automated systems should assist, not arbitrate. Black-box models must not control resource allocation without human oversight. Removing humans from the loop does not eliminate bias. It locks it in.

Auditing your models before they audit you

Step 1: Data provenance

Audit where your training data comes from. Again, check for geographic concentration. If most telemetry originates from a small number of countries, the model will treat those environments as normal and misclassify others. Geography is only one dimension of bias, but it is often the easiest to detect and the most consequential if ignored.

Step 2: Feature ablation

Test model behavior by removing or perturbing features such as location, organization size, industry, identity-provider presence, logging depth, IP reputation, or network characteristics. Measure how false-positive rates and recall change.

Step 3: Defensive equity

Verify that default security controls are equally robust across customer tiers. No organization should, by default, receive weaker detection models, reduced coverage, or less responsive automation, as this creates systematic exposure unrelated to actual risk.

To evaluate such disparities, fairness assessment libraries such as AIF360 and Fairlearn can be applied to structured datasets derived from SIEM exports to measure outcome differences, false-positive rates, and recall across organizational segments. For EU data, GDPR Article 22 restricts solely automated decision-making with legal or similarly significant effects and requires safeguards such as human oversight and nondiscrimination, which in practice are addressed through impact assessments (often via DPIAs).

In practice, most cybersecurity vendors do not yet publicly document or operationalize fairness or bias evaluations for their automated security decision systems.

Conclusion

When algorithms decide where defenders look, maturity is defined by what those algorithms are allowed to ignore. Bias in security systems does not produce dramatic failures; it produces delayed response, uneven protection, and quiet neglect.

Attackers exploit asymmetry faster than defenders correct it. Reducing bias is not an ethical exercise; it is another risk management control. Security teams that do not audit their models will eventually discover that their models have already made those decisions for them.

Report Analyzes the Double-Edged Sword of Digital Convergence

media@secureworld.io (SecureWorld News Team) — Mon, 16 Mar 2026 15:08:00 GMT

A newly released sector in-depth report from Moody's Ratings highlights a pivotal shift in how public and private enterprises view technology: cybersecurity has transcended the IT department to become a material credit consideration.

At the heart of the report is a phenomenon known as digital convergence. For security professionals and enterprise leaders, understanding this concept—and the risks it invites—is now a requirement for operational durability.

In a general business sense, digital convergence is the integration of previously discrete technologies, processes, and data streams into a single, unified ecosystem.

In a cybersecurity context, digital convergence refers to the blurring lines between.

Information Technology (IT) and Operational Technology (OT): Connecting corporate networks directly to industrial control systems or public utilities
Siloed data environments: Consolidating disparate datasets—such as student records, donor databases, and payroll—into unified cloud platforms or "Single-Sign-On" (SSO) environments
Physical and digital identity: Using digital credentials to grant access to physical infrastructure

While this convergence unlocks massive value through efficiency and data-driven insights, it creates a "force multiplier" for attackers.

Moody's analysis reveals that the very platforms designed to streamline operations are also expanding the "blast radius" of a single breach. Here's what the report says to watch for.

1. The "single point of failure" risk

The report highlights that many organizations rely heavily on cloud-based tools like Microsoft 365 and other SaaS platforms. While convenient, Single-Sign-On (SSO) configurations mean that one compromised credential can unlock a "treasure trove" of sensitive files—including donor databases, HR systems, and proprietary research—simultaneously.

2. Name recognition as a threat magnet

Prestigious or "wealthy" institutions are being targeted not just for potential ransoms but for the credibility it gives the attacker. A successful breach of a well-resourced organization serves as a "dark web resume," signaling to future victims that they should succumb to demands because even the "best" defenses were penetrated.

3. The AI-enhanced phishing surge

Moody's warns that generative AI has "sharply amplified" the power of social engineering. Techniques like vishing (voice phishing) now use deep-fake quality audio and natural scripts to impersonate IT staff with unprecedented realism, making it easier for attackers to bypass MFA by tricking employees into disclosing authentication codes.

For the teams on the front lines, the Moody's report underscores three strategic shifts.

Cybersecurity is now a financial metric: Because cybersecurity is now a material credit consideration, CISOs must learn to communicate risk in the language of financial impact and institutional success.
The move toward "vigilance and investment": Mitigation is no longer a "nice-to-have" expense; it is a requirement for maintaining stakeholder trust. This includes investing in phishing-resistant MFA and behavior-focused training to counter AI-enabled vishing.
Closing the governance gap: The report finds a significant lag in AI governance. While many restrict data use with public AI tools, very few follow recognized frameworks like the OWASP Top 10 for LLMs. Professionals must prioritize formal governance to oversee these emerging risk areas.

Iran-Linked Hacktivist Group Hits Stryker in Destructive Wiper Attack

drewt@secureworldexpo.com (Drew Todd) — Thu, 12 Mar 2026 20:46:03 GMT

On the morning of March 11, 2026, employees at Stryker Corporation—one of the world's largest medical technology manufacturers—arrived at their desks to find their devices dark. Login screens across the company's global footprint had been replaced by a single image: the logo of Handala, an Iran-linked hacktivist group with documented ties to Tehran's intelligence apparatus. What followed was a cascading, multi-continent shutdown that cybersecurity researchers are calling one of the most operationally disruptive attacks ever leveled at a U.S. corporation.

The attack exposed a critical blind spot in enterprise device management: a legitimate, widely-trusted MDM platform used as a weapon of mass destruction against the very organization that deployed it.

Attack vector: Microsoft Intune turned against Stryker

This was not a conventional wiper attack. According to a source with direct knowledge of the incident who spoke to KrebsOnSecurity on condition of anonymity, Handala does not appear to have deployed custom malware in the traditional sense. Instead, the attackers gained access to Stryker's Microsoft Intune management console and issued legitimate remote-wipe commands—the same functionality that IT administrators use when a corporate device is lost or stolen.

The technique is notable precisely because it required no novel exploit. Intune is a cloud-based endpoint management platform built for enterprise IT to enforce security and compliance policies across devices regardless of location. By obtaining administrative access to that console, Handala was able to push factory resets at scale—turning a tool designed for security into a mechanism for destruction.

The Intune vector is corroborated by multiple employee accounts. A BleepingComputer source described the incident beginning early Wednesday morning as devices enrolled in the company's MDM system were remotely wiped. Staff were instructed to immediately remove corporate management profiles from their devices—including the Intune Company Portal, Microsoft Teams, and VPN clients. Critically, employees who had enrolled personal phones for work access also lost their personal data when their devices were reset.

A Reddit thread in the r/cybersecurity community, cited by KrebsOnSecurity, included several users identifying themselves as Stryker employees who reported being told to uninstall Intune urgently as the attack unfolded.

Stryker's own public statement framed the attack in terms consistent with the Intune hypothesis, describing it specifically as a disruption to its "Microsoft environment"—unusual phrasing that security practitioners noted aligns more with a cloud management platform compromise than a conventional network intrusion.

Scale and operational impact

Handala's claims, which remain partially unverified, describe an attack of unprecedented scale against a single corporate target. In a manifesto posted to Telegram, the group stated: "In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted. Stryker's offices in 79 countries have been forced to shut down."

While independent verification of those numbers is not yet possible, the operational impact is not in dispute. News reports from Ireland—home to Stryker's largest hub outside the United States—confirmed that more than 5,000 workers were sent home from the Cork facility. The Irish Examiner reported that staff reverted to communicating via WhatsApp after corporate systems went dark, and that anything connected to Stryker's network was unreachable. Ireland's National Cyber Security Centre confirmed it had been notified and was assisting with the response.

Reports emerged from employees in the United States, Ireland, Costa Rica, and Australia describing the same pattern: managed Windows devices and mobile phones wiped to factory settings, with login screens replaced by the Handala logo. Some locations reverted to pen-and-paper workflows as internal applications became unavailable. A voicemail message at Stryker's Michigan headquarters stated the company was experiencing a "building emergency."

Beyond internal operations, the attack disrupted at least one patient-facing system. CNN reported that Stryker's Lifenet electrocardiogram transmission platform—used by emergency medical services to relay patient data to receiving hospitals—was knocked offline. Maryland's Institute for Emergency Medical Services Systems notified hospitals statewide that Lifenet was "non-functional in most parts of the state," instructing EMS clinicians to fall back to radio consultation.

Stryker disclosed the incident to the U.S. SEC via an 8-K filing, confirming that the cyberattack impacted its "entire Microsoft environment" and that it had activated its cybersecurity response plan with the support of external advisors. The company's stock fell approximately 3.6% on the day, closing at $345.78 before recovering slightly in after-hours trading.

Who is Handala?

Handala, also known as Handala Hack Team or Hatef — first surfaced in December 2023, emerging in the wake of the Gaza conflict as a hacktivist persona targeting Israeli organizations with destructive malware. Multiple cybersecurity firms have since linked the group to Iran's Ministry of Intelligence and Security (MOIS).

Palo Alto Networks Unit 42, which recently published a detailed profile of Iranian cyber actors, assesses Handala as one of several online personas maintained by Void Manticore, a MOIS-affiliated threat actor. The group's toolkit, as documented by IBM X-Force and Flashpoint, spans phishing, custom wiper malware, ransomware-style extortion, data theft, hack-and-leak operations, and psychological warfare.

Prior to the Stryker attack, Handala's activity was primarily concentrated on Israeli targets. The group has claimed attacks on Israeli military weather servers, fuel systems in Jordan, the login infrastructure of various Israeli companies, and an Israeli oil and gas exploration firm.

Palo Alto researchers characterized recent Handala operations as: "Opportunistic and 'quick and dirty,' with a noticeable focus on supply-chain footholds (e.g., IT/service providers) to reach downstream victims, followed by 'proof' posts to amplify credibility and intimidate targets."

The Stryker attack represents a significant geographic and target-type expansion. Alexander Leslie, a senior adviser at Recorded Future, told the Associated Press that the attack "is exactly the kind of pressure point that creates outsized strategic and political ripple effects."

Geopolitical trigger

Handala framed the attack as direct retaliation for a February 28, 2026, U.S. missile strike on the Shajareh Tayyebeh girls' elementary school in Minab, in southern Iran, which Iranian state media reported killed 175 people, the majority of them children. The New York Times reported on March 11 that a U.S. military investigation had determined the United States was responsible for the Tomahawk missile strike.

The group's Telegram manifesto also cited "ongoing cyber assaults against the infrastructure of the Axis of Resistance" as a secondary justification. Handala additionally referred to Stryker as a "Zionist-rooted corporation," a characterization that may reference Stryker's 2019 acquisition of the Israeli medical device company OrthoSpace.

U.S. intelligence officials had previously warned that Iranian-linked hackers were likely to retaliate for U.S. and Israeli military operations against Iran. The Stryker attack appears to mark the first significant destructive cyber operation attributed to Iran-aligned actors against a U.S. corporate target since hostilities began.

Government response

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) confirmed it had launched an investigation and was providing technical assistance to Stryker. DHS acting director Nick Andersen said the agency was "working shoulder-to-shoulder with our public- and private-sector partners" to assess the impact and defend critical infrastructure.

The U.S. Department of Health and Human Services was also working to assess potential downstream impacts on patient care, according to CNN. A briefing call was convened by the Healthcare and Public Health Sector Coordinating Council, an industry group that works with the government on sector-wide security coordination.

Handala also claimed a simultaneous attack on payments company Verifone, which denied any disruption to its services.

What this means for security teams

The Stryker attack is a significant indicator event for enterprise security practitioners for several reasons.

MDM platforms as attack surface: The Intune vector, if confirmed, illustrates how attackers can achieve mass destruction by compromising the administrative layer of endpoint management—without needing to deploy malware to individual machines. Organizations should audit privileged access to MDM consoles with the same rigor applied to domain controllers and identity providers.

Wiper attacks without malware: Traditional wiper detection strategies focus on anomalous disk writes or known malware signatures. An attack that weaponizes native MDM wipe functionality may evade these controls entirely, appearing as a legitimate administrative action until it is too late.

Personal device risk: Employees who enrolled personal devices in corporate MDM programs lost personal data in this incident. This has implications for BYOD policies and the scope of enterprise MDM consent disclosures.

Geopolitical threat escalation: Retired Brig. Gen. Michael McDaniel, former deputy assistant secretary for homeland defense, warned that the Stryker attack may be a precursor to broader campaigns, identifying healthcare, banking, agriculture, and energy as likely future targets. Security teams in these sectors should treat this as an escalation signal, not an isolated event.

Scope and verification lag: Handala's claimed figures—200,000 devices, 50TB of exfiltrated data, 79 countries—may be inflated for psychological effect, a documented tactic for the group. Defenders should note that even partial execution of such a claim represents a catastrophic outcome for any organization.

AI Is Now a Full-Lifecycle Weapon—and North Korea Is Leading the Way

drewt@secureworldexpo.com (Drew Todd) — Thu, 12 Mar 2026 14:08:00 GMT

For years, the cybersecurity community has debated how quickly threat actors would adopt AI as an offensive tool. According to new research from Microsoft Threat Intelligence, that question has been answered—and the operationalization is more systematic than many expected.

Published on March 6th, the Microsoft Security Blog report, "AI as Tradecraft: How Threat Actors Operationalize AI," documents a fundamental shift in how adversaries work: AI is no longer an experimental add-on but a fully embedded operational layer, woven into attack chains from the first keystroke of reconnaissance to the final steps of data exfiltration and extortion.

The report's central finding is that AI functions as a force multiplier—reducing technical friction, compressing timelines, and enabling scale that wasn't previously possible—while human operators retain control over targeting and objectives.

No threat actor illustrates this more comprehensively than North Korea (DPRK).

North Korea's AI-powered long con

Microsoft tracks two North Korean clusters—Jasper Sleet and Coral Sleet—whose operations offer the most detailed picture yet of what AI-enabled, revenue-driven cybercrime looks like at scale. Their goal is not a smash-and-grab intrusion; it is long-term, trusted employment inside Western organizations, sustained through identity fabrication sophisticated enough to fool HR departments, hiring managers, and colleagues.

The process starts well before any application is submitted. Jasper Sleet uses AI to scrape job postings from platforms like Upwork, then prompts language models to extract required skills, certifications, and role-specific language. That output is then used to tailor a fabricated identity to the exact profile a hiring manager wants to see. AI generates culturally appropriate name lists and matching email address formats on demand. Resumes and cover letters are AI-drafted and customized per application.

The identity fraud extends to visual media. Jasper Sleet has been observed using the AI application Faceswap to insert North Korean workers' faces into stolen identity documents and generate polished headshots for resumes—in some cases, reusing the same AI-generated photo across multiple personas with slight variations. During remote job interviews, voice-changing software masks accents, allowing operators to present as Western candidates.

Once hired, AI keeps the operation running. Operators use generative AI to translate workplace communications, craft contextually appropriate responses to colleagues, and generate code snippets when faced with unfamiliar technical domains—all to sustain the performance expectations of a legitimate employee. Microsoft notes that this mirrors how many real employees now use AI tools daily, making such behavior harder to flag as anomalous.

Meanwhile, Coral Sleet has used AI coding tools to generate, refine, and reimplement malware components at a pace that suggests rapid iterative development—including, Microsoft notes, instances of jailbreaking language models to produce malicious code that bypasses built-in safety controls. The same actor has built a convincing, high-trust web infrastructure at scale using AI-assisted development platforms, enabling fast staging, payload testing, and command and control (C2) operations that are significantly harder to detect and easier to refresh.

A framework for the full attack chain

The North Korean activity is the report's most detailed case study, but Microsoft frames it within a broader taxonomy of how threat actors across the landscape are incorporating AI. The pattern holds regardless of actor: AI accelerates reconnaissance, scales social engineering, assists malware development, and streamlines post-compromise operations, including data triage, exfiltration planning, and monetization.

Vincenzo Iozzo, CEO of identity threat detection provider SlashID, says the adoption of adversarial AI is compressing the window defenders have to respond. "Breakout times are steadily decreasing, in large part because of AI-assisted offensive operations," he told SecureWorld. "When adversaries can move from initial access to lateral movement in minutes rather than hours, defenders need more comprehensive telemetry across their environments to detect breaches before they escalate."

Iozzo also pointed to documented cases of AI being embedded directly into malware logic—not just used to write it. The LameHug malware, tied to the Russian threat actor APT-28 and reported by Ukraine's CERT, communicates with a cloud-hosted instance of the Qwen large language model to receive dynamic C2 instructions, enabling real-time decision-making during lateral movement.

The agentic horizon

Microsoft is careful to characterize most observed threat actors' use of AI as generative—producing text, code, and synthetic media, with humans directing the work. But the report flags early signals of a shift toward agentic AI: systems that autonomously pursue multi-step objectives, invoke tools, evaluate outcomes, and adapt without continuous human prompting.

Large-scale agentic use has not yet been observed, Microsoft notes, due to reliability and operational risks. But proof-of-concept frameworks are already demonstrating the potential, and Ram Varadarajan, CEO of cyber deception firm Acalvio, argues the strategic implications are significant. "Legacy defenses are built for human attackers, and are now unable to fight back in either speed or scale against the agentic attacker," Varadarajan told SecureWorld. "Our cybersecurity future is bot-on-bot."

What security teams should do

Microsoft's guidance focuses on three priorities. First, organizations should treat North Korean IT worker activity as an insider risk problem—focusing detection on misuse of legitimate credentials, abnormal access patterns, and sustained low-and-slow activity rather than traditional intrusion indicators. Second, phishing defenses should shift toward behavioral signals and analysis of delivery infrastructure rather than relying on linguistic patterns, since AI eliminates the grammatical errors and cultural tells that previously flagged malicious messages. Third, organizations deploying AI internally should actively govern how those tools are used by monitoring permissions, tracking the data fed into AI systems, and monitoring for prompt injection attempts.

Iozzo frames the defensive imperative plainly: visibility is the prerequisite for everything else. "The more data points an organization collects and correlates, the higher the probability of catching anomalous behavior in the shrinking window between compromise and impact.," he said.

The full Microsoft Threat Intelligence report is available at the Microsoft Security Blog.

Follow SecureWorld News for more stories related to cybersecurity.

Report: 'Cloudy with a Chance of Skynet' Defines 2025 Email Security

CamS@secureworld.io (Cam Sivesind) — Wed, 11 Mar 2026 20:18:39 GMT

For years, the cybersecurity industry has debated when the "AI Revolution" would truly hit the phishing landscape. According to the Hoxhunt Phishing Trends Report 2026, that moment arrived in December 2025. What began as a year described as "Cloudy with a chance of Skynet" transformed into a strategic "thunderhead" that has fundamentally shifted the baseline for email security.

Drawing on 50 million data points from more than four million users globally, the report is a mandatory read for CISOs and SOC teams. Here is a breakdown of the seismic shifts in the threat landscape and what they mean for organizations' resilience.

"Our research shows that AI-generated phishing went from a trickle to a flood almost overnight. The lesson for security leaders is clear: if attackers can use AI to scale social engineering, defenders must use AI to scale human cyber skills," said Mika Aalto, Co-Founder and CEO of Hoxhunt. "The biggest mistake companies can make in the AI era is believing technology alone will solve social engineering. Attackers are targeting human behavior. That means the defense must strengthen human behavior as well. The advantage will go to whoever understands that technology is a lever, not a replacement, for influencing human psychology."

Aalto added, "We've expected AI to reshape cybercrime for years, so the answer isn't panic, it's preparation. Right now, there's a wave of alarmist messaging around AI threats that almost resembles social engineering itself. Deepfakes are real, but they're still rare and highly targeted. If companies focus training on exotic attacks instead of the common social engineering tactics people face every day, they're not optimally managing human risk."

The 14x surge: AI-generated phishing is the new normal

Until late 2025, AI-generated phishing was a niche tactic, representing only 1% to 4% of detected attacks. That changed during the holiday season. In December 2025, AI-generated campaigns surged by a factor of 14, accounting for 56% of all threats that successfully bypassed email filters.

Why this matters: These are not the "Nigerian Prince" emails of old. These attacks are high-volume, highly personalized, and architected to evade traditional detection.

43% of these AI attacks contain malicious links.
20% utilize open redirects to mask their true destination from filters.
11% deliver malicious attachments.
5% are "callback phishing" attempts, leading users toward malicious phone numbers.

The calendar landmine: the rise of .ics attacks

One of the report's most tactical findings is the weaponization of the calendar. Phishing campaigns using .ics calendar invites are currently six times more dangerous than typical email phishing.

Because these invites automatically populate as meetings in a user's calendar, they create a persistent threat. Even if a user reports the original email as a threat, the calendar entry often remains behind like a "landmine," offering a second, long-lasting opportunity for a malicious click when the meeting reminder pops up later.

The recruitment trap: targeting growth teams

Attackers are increasingly moving away from broad "spray and pray" tactics to focus on high-value corporate accounts through recruitment scams.

The targets: Sales, marketing, and social media teams
The method: Impersonating major brands with fake job opportunities to harvest credentials
The goal: Hijacking corporate social media or advertising accounts, which can lead to significant brand damage and financial loss

From compliance to culture: the path to resilience

Despite the darkening forecast, the report offers a clear path forward. The data prove that organizations can significantly reduce their risk by moving away from static, quarterly compliance training and toward adaptive security behavior change.

Reporting improvement: Companies using adaptive training saw a 6x improvement in threat reporting within just six months.
Click reduction: Malicious clicks were reduced by a staggering 86% to 87%.
The "human sensor": When employees are trained to recognize and report threats in real-time, they effectively become a decentralized security layer of "human sensors."

"We're seeing a widespread update to phishing. AI isn't creating completely new attacks yet. It is making traditional phishing campaigns more convincing, faster to produce and harder to detect. Agentic spear phishing isn't yet the new normal, but we're monitoring its development and creating countermeasures to prepare for its arrival," said Pyry Åvist, Hoxhunt CTO and co-founder. "Attackers are moving beyond email. Mobile phishing, callback attacks, and malicious calendar invites are examples of how social engineering is expanding into the everyday tools and workflows employees use outside of email. It's key that our technical and training protections are equally expansive."

Åvist continued, "The same AI systems that can craft highly-convincing phishing attacks are even more powerful when used for defense. If an AI agent can personalize attacks at scale, it can also personalize training at scale, helping every employee build resilience against those exact tactics."

As the report concludes: "Knowledge is power. By knowing our people, we have the power to become more secure."

'Vibe Phish' in the Ivory Tower: AI and Higher Education Cyber Risk

media@secureworld.io (SecureWorld News Team) — Wed, 11 Mar 2026 13:17:01 GMT

As AI-driven attacks transition from theoretical threats to operational realities, a new report from Moody's Ratings highlights a critical shift in the risk landscape for U.S. higher education. The sector report signals that cybersecurity is no longer just a technical concern; it is now a material credit consideration for universities.

For cybersecurity professionals, the report provides a blueprint of the modern adversary's playbook and a warning that the "human perimeter" is under unprecedented pressure.

The most alarming trend identified by Moody's is the escalation of vishing (voice phishing). While phone-based social engineering is an old tactic, generative AI has "sharply amplified" its efficacy.

Attackers are now using AI to generate deep-fake quality audio and generative scripts that mimic a natural conversation with "unprecedented realism."

These attacks often impersonate IT or identity management staff to trick victims into disclosing authentication codes or approving fraudulent login attempts.

In November 2025, prestigious institutions including Harvard, the University of Pennsylvania, and Princeton all reported breaches in which donor databases were compromised through phone-based phishing.

Why higher ed? A target-rich, decentralized environment

Higher education institutions are uniquely vulnerable due to their open and decentralized nature. Some common issues include:

Decentralized IT: Academic units often manage their own systems, leading to inconsistent security controls across the same institution.
Diverse data swathes: Beyond names and addresses, universities house sensitive intellectual property, clinical research data, and federally regulated student medical information.
Single-sign-on (SSO) as a double-edged sword: While SSO provides convenience, Moody's notes that one compromised credential can simultaneously unlock emails, HR systems, and donor databases.
The credibility factor: For cybercriminals, penetrating a wealthy, well-known institution isn't just about the data—it's about building their own "credibility" to make future victims more likely to pay a ransom.

Perhaps most concerning for cybersecurity leaders is the lag in governance. According to Moody's survey:

While 71% of higher ed institutions restrict the use of internal data with public AI tools, only 25% or less follow recognized AI security frameworks like the OWASP Top 10.
Budgeting and staffing are increasing, yet many colleges still lack formal AI governance frameworks, leaving significant gaps in oversight for this emerging risk.

The findings in the report serve as a warning for other industries, particularly those with similar decentralized structures or high-value intellectual property.

Every industry relying on remote access and MFA must recognize that AI-vishing is now a primary threat to identity-based security.

If high-IQ environments like Ivy League universities are falling for synthetic voice phishes, every organization must assume their employees are equally vulnerable. The "human perimeter" is failing.

Moody's inclusion of cyber risk as a credit consideration suggests that cyber resilience is now a financial KPI. Organizations that fail to invest in AI-mitigation strategies may see an impact on their creditworthiness and ability to secure engagement from stakeholders or donors.

Trump Administration Issues National Cyber Strategy, Targets Cybercrime

drewt@secureworldexpo.com (Drew Todd) — Tue, 10 Mar 2026 11:42:00 GMT

The White House released President Trump's Cyber Strategy for America on March 6, 2026, a seven-page document outlining the administration's priorities for maintaining U.S. dominance in cyberspace. Alongside the strategy, President Trump signed an Executive Order directing federal agencies to ramp up efforts against cybercrime, fraud, and predatory schemes targeting American citizens.

Together, the two actions signal a philosophical shift in how Washington approaches cybersecurity: less compliance, more consequence. The strategy commits the U.S. to deploying both offensive and defensive cyber operations, incentivizing private-sector participation in threat disruption, and leveraging AI and emerging technologies to scale national cyber defense.

But the ambitious vision arrives against a challenging backdrop. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has lost roughly one-third of its staff over the past year, NIST's Computer Security Division has shed more than 20% of its workforce, and CISA still lacks a Senate-confirmed director. Whether the strategy's goals can be achieved with diminished institutional capacity remains an open question.

The six pillars

The strategy is organized around six policy pillars that will guide implementation and resourcing.

1. Shape adversary behavior

The strategy's most aggressive pillar commits the U.S. to deploying the full suite of offensive and defensive cyber operations. It pledges to erode adversaries' capabilities, raise the costs of aggression, and deny safe havens to cybercriminals. Notably, the document references recent operations against Iran's nuclear infrastructure and the capture of Venezuelan leader Nicolás Maduro as demonstrations of American cyber power—an unusual inclusion for a strategy document.

The strategy also calls for creating private-sector incentives to identify and disrupt adversary networks, a move that could significantly expand the scope of who participates in national cyber defense.

2. Promote common sense regulation

Framing Biden-era regulatory expansion as burdensome, the strategy pledges to streamline cyber regulations, reduce compliance costs, and better align regulators with industry. This aligns with the administration's decision to delay the final rule under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) from October 2025 to May 2026. The pillar also emphasizes data privacy protections for Americans and American data.

3. Modernize and secure federal networks

The strategy calls for accelerating the adoption of zero-trust architecture, post-quantum cryptography, cloud migration, and AI-powered cybersecurity tools across federal systems. It also emphasizes lowering procurement barriers to give smaller and newer technology vendors access to government contracts.

4. Secure critical infrastructure

This pillar focuses on hardening the energy grid, financial systems, telecommunications, hospitals, water utilities, and data centers. The strategy emphasizes moving away from adversary-made products and technologies, and calls for strengthening the role of state, local, tribal, and territorial authorities as a complement to federal cybersecurity efforts.

5. Sustain superiority in critical and emerging technologies

Perhaps the most forward-looking pillar, this section positions cryptocurrency and blockchain security alongside AI and quantum computing as national security priorities. The strategy commits to securing the AI technology stack, including data centers, and pledges to rapidly adopt agentic AI for network defense. It also targets foreign AI platforms that censor, surveil, or mislead their users.

6. Build talent and capacity

Calling the cyber workforce a "strategic asset," the strategy pledges to align academia, vocational schools, corporations, and government to build a talent pipeline for the next generation of cyber professionals. This pillar arrives after a year in which the administration cut a significant number of cyber positions across federal agencies.

The companion Executive Order

Signed the same day, the Executive Order specifically targets transnational criminal organizations (TCOs) running cyber-enabled fraud, sextortion, and scam operations. Key directives include:

Establishing a dedicated operational cell within the National Coordination Center (NCC) to coordinate efforts against TCOs
Directing the Attorney General to prioritize prosecutions of cyber-enabled fraud
Creating a Victims Restoration Program to return seized or forfeited funds directly to victims
Directing the Secretary of State to impose sanctions, visa restrictions, and other consequences on nations that harbor cybercriminals
Partnering with the NCC to provide training and technical assistance for state and local partners

According to the White House fact sheet, American consumers reported losing more than $12.5 billion to cyber-enabled fraud in 2024, with seniors on average losing the most. The fact sheet also notes that 73% of U.S. adults have experienced some form of online scam or attack.

What cybersecurity experts are saying

Industry reaction has been broadly positive, particularly around the strategy's emphasis on public-private partnership and the shift from compliance-focused to operations-focused cybersecurity.

John Watters, CEO and Managing Partner at iCOUNTER, called the strategy's commitment to defending commercial-sector infrastructure a turning point, saying: "The Cyber Strategy for America, and accompanying Executive Order, cover common objectives of prior administrations with one bold and important difference—President Trump makes it clear that the government will now lean in to help protect the entirety of our national interests, not just government infrastructure."

Watters emphasized that, with 90% of U.S. critical infrastructure in commercial hands, tasking national cyber capabilities embedded in Cyber Command, NSA, and other government agencies to defend the private sector fundamentally changes the risk calculus for attackers.

"It will be interesting to see how this plays out, however, I applaud the bold move and message it sends," Watters said.

Bruce Jenkins, CISO at Black Duck, praised the strategy's practitioner-oriented focus: "President Trump's Cyber Strategy for America puts operational effect ahead of 'compliance theater.' From a practitioner's perspective, the emphasis on modernizing federal systems with zero trust, post-quantum cryptography, and AI-enabled defense—while streamlining duplicative regulation—is directionally appropriate. The real test and historical challenge will be in execution: translating these pillars into clear requirements, faster procurement, and measurable risk reduction across government and the defense industrial base.”

Kevin E. Greene, Chief Cybersecurity Technologist at BeyondTrust, said the strategy will drive the evolution of zero-trust architecture: "The new cyber strategy from the White House will necessitate a Zero Trust 2.0 approach that builds upon its foundational principles while incorporating deterrence and disruption concepts. Zero Trust must evolve to become the core engine for cyber deterrence."

Greene highlighted the shift from reactive to proactive cybersecurity as a defining feature of the strategy, noting that defensive and offensive capabilities must work in tandem to reshape adversary behavior. He said the strategy presents an opportunity for cybersecurity to be less risk-averse and to adopt a "fail fast" mentality.

"Shifting to active cyber defense will greatly maximize and enhance our offensive capabilities," Greene said. "Offensive capabilities are most lethal when the adversary's operations are physically constrained. It's the idea of shortening the playing field to yield greater offensive impact to further shape adversary behavior. This is a seismic shift we need to defend and protect forward."

Matthew Hartman, Chief Strategy Officer at Merlin Group, emphasized the importance of moving from vision to execution: "The National Cyber Strategy represents an important step in aligning federal cyber policy with the scale and complexity of today's threats. However, the hard work begins now, and that's translating the vision into ambitious-yet-achievable operational outcomes. Consequence-based prioritization will be essential to ensure finite federal and private-sector resources are focused on the systems where disruption would have the greatest national impact."

Hartman added that the strategy presents an opportunity to clarify how government and industry divide responsibility for defining and delivering shared security and resilience outcomes.

"If implemented effectively, the strategy can help drive coordinated action across government and strengthen resilience across the infrastructure that underpins the U.S. economy and national security," Hartman said.

Context and criticism

Despite industry support, the strategy has drawn scrutiny from analysts and policy experts who question the gap between ambition and capacity.

At seven pages, the document is noticeably shorter than its predecessors; Trump's first-term strategy in 2018 was 40 pages, and Biden's 2023 version was 39 pages. The Office of the National Cyber Director (ONCD) is drafting a more detailed implementation plan, but specifics on resourcing and timelines remain thin.

The strategy also arrives during a period of significant upheaval at CISA, the nation's primary civilian cyber defense agency. CISA has lost approximately 1,000 staff since early 2025 through buyouts, early retirements, and layoffs—reducing its workforce by roughly one-third. Senior leaders in counter-ransomware, threat hunting, and secure software development have departed. The agency's acting director was reassigned just one week before the strategy's release, and DHS Secretary Kristi Noem was fired earlier the same week.

At NIST, the Computer Security Division—responsible for the Cybersecurity Framework, the NIST SP 800-series, and the post-quantum cryptography standardization effort—has lost more than 20% of its federal workforce since January 2025, including its longtime division chief.

The Council on Foreign Relations (CFR) published an analysis arguing the strategy overemphasizes offensive operations while underestimating the systemic nature of threats from China, including the Salt Typhoon and Volt Typhoon campaigns that compromised U.S. telecommunications firms and pre-positioned access in critical infrastructure. CFR argues that cyber capabilities function best as an enabler of conventional military operations rather than a standalone strategic tool.

The Bloomsbury Intelligence and Security Institute noted that the strategy's commitment to streamlining regulation could accelerate private-sector innovation, but warned that the absence of a finalized mandatory incident reporting framework coincides with the period of greatest threat from state-sponsored actors.

Looking ahead

The strategy is designed to set cyber policy for the next three years. The ONCD is now drafting detailed action plans tied to each pillar, and the CIRCIA final rule—which will establish mandatory incident reporting requirements for critical infrastructure—is expected by May 2026.

For cybersecurity practitioners, the strategy's direction is clear: offense-forward operations, AI-powered defense, regulatory streamlining, and a deeper public-private partnership model. Whether the administration can execute on those ambitions—particularly with diminished capacity at the agencies responsible for implementation—will determine whether this strategy marks a genuine turning point or remains aspirational.

Follow SecureWorld News for more stories related to cybersecurity.

Fewer Days, Higher Stakes: The Rising Intensity of the Robocall Surge

media@secureworld.io (SecureWorld News Team) — Mon, 09 Mar 2026 14:22:00 GMT

At first glance, the February 2026 data seems like a victory for defenders. U.S. consumers received 3.8 billion robocalls, a 1.3% decrease from January and a substantial 14% drop compared to February 2025. This marks the sixth consecutive month where volume has remained under the 4 billion mark—a stability not seen in nearly four years.

However, for cybersecurity professionals, the total volume is a "vanity metric" that masks a more aggressive tactical reality: robocall intensity actually increased by 9% in February.

Here are some key data points from the February Robocall Index from YouMail:

Total volume: 3.83 billion robocalls (down from 3.88 billion in January).
Daily intensity: 136.8 million robocalls per day (up from 125.2 million).
Frequency: 1,583 robocalls per second (up from 1,449).
The "scam" share: Telemarketing and scams continue to dominate, accounting for 58% of all traffic (approximately 2.16 billion calls).
Targeting scale: A single "pre-approved loan" campaign from "Crestwood Loan Advisors" generated an estimated 70 million calls using over 50,000 different phone numbers to bypass traditional blocklists.

So what does this mean for enterprises and consumers?

For consumers: the 'Crestwood' blueprint

The rise of sophisticated, high-volume campaigns like the one attributed to "Crestwood Loan Advisors" highlights a shift toward high-velocity social engineering. By utilizing tens of thousands of unique numbers, scammers ensure that even if a consumer blocks one number, the "campaign" remains persistent. For consumers, this means that "manual blocking" is an obsolete strategy; automated, zero-hour protection is now a requirement.

For businesses: brand impersonation and workforce fatigue

As robocall intensity increases, businesses face a double-edged sword. First, "imposter traffic" (scammers pretending to be legitimate financial institutions or service providers) erodes consumer trust in the voice channel. Second, the sheer volume of "annoyance" calls contributes to employee "notification fatigue," making them more susceptible to actual, targeted vishing (voice phishing) attacks that use these high-volume campaigns as a smokescreen.

For CISOs and security teams, the February data confirms that the telephone is no longer just a communication tool—it is a sophisticated delivery mechanism for identity-based attacks.

The fact that a single campaign can rotate through 50,000 numbers proves that CID-based (Caller ID) blocking is ineffective. Organizations must look toward technologies like audio fingerprinting to identify the underlying content of a call regardless of the originating number.

With more than 1,500 robocalls occurring every second, remediation cannot be manual. Cybersecurity professionals must implement "zero-hour" mitigation services that can detect and shut down imposter traffic at the carrier level before it reaches the enterprise help desk.

As intensity rises, so does the risk of "smash and grab" credential theft. Security awareness programs must evolve beyond email phishing to include "vishing" simulations that mirror the tactics of the current market leaders in scam traffic.

While the macro-trend of lower total volume is encouraging, the micro-trend of increased intensity tells a different story. The "robocall problem" has professionalized. For cybersecurity professionals, the takeaway is clear: as attackers move at the speed of 1,500 calls per second, defensive posture must move away from reactive blacklisting and toward autonomous, content-aware protection.

LeakBase Dismantled: DOJ, Europol Take Down Major Cybercrime Forum

drewt@secureworldexpo.com (Drew Todd) — Thu, 05 Mar 2026 21:12:19 GMT

A coordinated law enforcement operation spanning 14 countries has dismantled LeakBase, one of the world's largest online forums for the trade of stolen data and cybercrime tools. The U.S. Department of Justice (DOJ) and Europol announced the takedown on March 4, 2026, following two days of synchronized raids, arrests, and technical seizures that knocked the forum offline and replaced it with a law enforcement splash page.

The operation marks the latest in a series of increasingly aggressive international actions against cybercriminal marketplaces, following the disruption of RaidForums in 2022, BreachForums in 2023, and the conviction and sentencing of the BreachForums founder in 2025.

A central hub for stolen data

LeakBase had been active since 2021 and had grown into what Europol described as "a central hub in the cybercrime ecosystem." Operating on the open web and in English, the forum specialized in the trade of leaked databases and so-called "stealer logs"—archives of stolen credentials harvested through infostealer malware. By December 2025, the platform had amassed more than 142,000 registered users, approximately 32,000 posts, and mor than 215,000 private messages.

The forum maintained a vast, continuously updated archive of hacked databases, including credentials from high-profile breaches, totaling hundreds of millions of account records. According to the DOJ, available data included credit and debit card numbers, bank account and routing information, usernames and passwords, and other sensitive personal and business information. A credit-based internal economy and reputation system helped sustain trust among users. One notable internal rule, highlighted by Europol, prohibited the sale or publication of any data related to Russia.

A three-phase global operation

The takedown unfolded in three phases. On March 3, law enforcement authorities carried out enforcement actions across multiple jurisdictions, including arrests, house searches, and "knock-and-talk" interventions. According to Europol, roughly 100 enforcement actions were conducted worldwide, with measures specifically targeting 37 of the forum's most active users. Search warrants and arrests were executed in the United States, Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.

On March 4, authorities entered the technical disruption phase, seizing the forum's database and its two domains and replacing the site with a seizure banner. A third phase—focused on prevention and deterrence—is now underway, with law enforcement sending warning messages to LeakBase members and continuing to trace digital trails to identify additional offenders.

In a striking detail, investigators contacted suspects directly through the same online channels the suspects had used for criminal activity—a deliberate move intended to demonstrate that anonymity on such platforms is illusory.

Officials sound a warning

U.S. and European officials used the announcement to send a blunt message to cybercriminals. Assistant Attorney General A. Tysen Duva of the DOJ's Criminal Division said the takedown "disrupts a major international platform that cybercriminals use to obtain and profit from the theft of sensitive personal, banking, and account credentials," adding that the Criminal Division would continue to leverage international partnerships to protect victims.

U.S. Attorney Melissa Holyoak of the District of Utah, which is prosecuting the case, called it a demonstration of "extraordinary cooperation with our international partners," and pledged that her office "remains steadfast in our commitment to investigate and seek justice for Americans who are targeted by individuals attempting to hide behind foreign borders."

FBI Assistant Director Brett Leatherman of the Cyber Division emphasized the evidentiary haul, noting that authorities seized "users' accounts, posts, credit details, private messages, and IP logs." He added, "No criminal is truly anonymous online."

From the European side, Edvardas Šileris, head of Europol's European Cybercrime Centre, said the operation showed that "no corner of the internet is beyond the reach of international law enforcement," warning that those "who believed they could hide behind anonymity are being identified and held accountable."

Europol's coordinating role

Europol played a central coordinating role throughout the investigation. Its analysts mapped the forum's infrastructure and user activity, cross-matching data with ongoing investigations across Europe and beyond. A dedicated data scientist helped structure millions of data points into actionable leads. On the day of the operation, Europol established a Joint Command Post at its headquarters in The Hague, enabling participating countries to share live updates in real time. The work was carried out under the Joint Cybercrime Action Taskforce (J-CAT).

The broader pattern

The LeakBase takedown is the third major disruption of a cybercrime forum in four years, following RaidForums and BreachForums. The pattern suggests that international law enforcement has developed a repeatable playbook for infiltrating, mapping, and dismantling these platforms—and that successor forums can expect to face the same fate. The DOJ noted that its Computer Crime and Intellectual Property Section has secured convictions of more than 180 cybercriminals since 2020, and obtained court orders for the return of more than $350 million in victim funds.

Europol used the occasion to remind the public that data stolen in breaches does not simply disappear—it resurfaces on platforms like LeakBase, where it fuels scams, identity theft, account takeovers, and targeted phishing. Both agencies urged individuals and organizations to use strong, unique passwords and to enable multi-factor authentication for all accounts.

Participating countries and agencies

The operation involved law enforcement authorities from Australia, Belgium, Canada, Germany, Greece, Kosovo, Malaysia, the Netherlands, Poland, Portugal, Romania, Spain, the United Kingdom, and the United States. The FBI Salt Lake City Field Office led the U.S. investigation, with support from the FBI San Diego Field Office, the Utah Department of Public Safety, and the Provo Police Department. The case is being prosecuted by the DOJ's Computer Crime and Intellectual Property Section and the U.S. Attorney's Office for the District of Utah.

Anyone with information regarding LeakBase is asked to contact the FBI at FBI-SU-Leakbase@fbi.gov.

Silicon Shields and Shadow Wars: Navigating the Middle East Cyber War

CamS@secureworld.io (Cam Sivesind) — Wed, 04 Mar 2026 12:24:00 GMT

Following the significant military escalation on February 28, 2026, involving coordinated U.S. and Israeli strikes on Iranian targets, and return fire to U.S. bases and allies, cybersecurity in general has shifted into a period of high-intensity risk.

U.S. federal agencies, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and private intelligence firms indicate that while kinetic warfare is regional, the cyber front is global, targeting both Americans overseas and critical infrastructure on U.S. soil.

The primary concern is retaliatory asymmetric warfare. Iran historically responds to physical strikes with cyber operations to project power while maintaining plausible deniability.

Experts warn that Iranian state-sponsored actors (like APT33 and APT35) are pivoting toward targeting critical infrastructure such as U.S. and allied power grids, water utilities, and healthcare systems. The goal is to create "public anxiety" and economic disruption.

"To me, the cyberattacks from Iran have already started but are covert in ways people are not expecting," said Dr. Eric Cole, DPS, Cybersecurity Expert and Author of Cyber Crisis. "First, poisoning of AI data sets to reduce the effectiveness of AI analysis tools. It is no secret that the DOD is using public AI tools for planning purposes. If the data is less accurate, so too will be the outcome."

Dr. Cole added, "They are targeting key individuals' bank accounts and identities so their focus is distracted from the world. What if several of the key military officers actively involved in this war have their identities stolen or loved ones' bank accounts hacked? That would deter their focus and distract them. Could a foreign adversary attack critical infrastructure, yes, but the impact would be a lot less than people anticipate."

On March 2, cybersecurity experts specifically warned that the U.S. healthcare sector is at elevated risk for wiper malware and DDoS attacks. Proxy groups like "Handala" have already claimed attacks on major healthcare networks in the region.

Coordinated disinformation (information operations, or IO) campaigns are being used to erode public trust in military operations and amplify domestic political pressure within the U.S.

Iran's cyber ecosystem is highly coordinated, blurring the lines between government military wings (IRGC), civilian intelligence (MOIS), and "independent" hacktivists.

Groups like MuddyWater and OilRig specialize in long-term espionage and infrastructure mapping with highly-sophisticated, state-sponsored campaigns. In 2026, these groups have integrated AI-generated impersonation into their spear-phishing campaigns, making social engineering nearly impossible to detect through traditional means.

Iran increasingly "deputizes" hacktivists to perform low-sophistication but high-visibility attacks (website defacement, DDoS). These Cyber Islamic Resistance (non-government) proxies often act as a smoke screen for more serious state-sponsored intrusions.

While not yet at the technical tier of Russia or China, Iran possesses some of the "most creative and dangerous" operators, specifically in the realm of Operational Technology (OT) and Industrial Control Systems (ICS). Their operations are maturing.

"Iran has developed a capable and opportunistic cyber program that blends state-sponsored operators, Islamic Revolutionary Guard Corps–linked actors, and aligned hacktivist groups," said Matthew Hartman, Chief Strategy Officer at Merlin Group, a network of affiliates that invests in, enables, and scales cyber technology companies. "While the principal risk isn't sophisticated tradecraft or exploitation of previously unknown vulnerabilities, Iranian government and affiliated actors have proven very adept at strategically exploiting widespread cyber hygiene gaps to create real-world disruption and psychological impact. U.S. critical infrastructure entities—including those in the water, energy, healthcare, and manufacturing sectors—should be on high alert."

Hartman continued, "U.S. government reporting indicates that Iran's state-sponsored cyber operators are primarily based in Iran, however, they routinely leverage infrastructure and hosting providers in third countries to conduct activity globally. That practice is common among nation-state actors and is designed to complicate attribution, increase operational resilience, and create friction for defenders. We've also seen Iran-aligned hacktivists and politically motivated actors operate across borders, often amplifying state objectives."

He added, "In terms of target expansion, Iran clearly has the capability to target private-sector entities, including financial institutions, through disruptive attacks, ransomware, or data-leak operations. The more consequential variable right now is intent: expanding operations against U.S. businesses, particularly those that are considered critical infrastructure, would represent a deliberate escalation with potentially significant consequences."

Risks for Americans overseas and at home

Americans in the Middle East—particularly those in the defense, aviation, and logistics sectors—face immediate operational risks. Retaliatory missile/drone activity is being paired with "sophisticated probing attacks" against mobile apps and communication APIs used by regional governments.

The "front line" is now considered to be in the domestic backyard. National security experts emphasize that identity is the most reliable path to attacker success on U.S. soil in 2026.

Americans should be wary of sophisticated social engineering targeting corporate help desks to reset MFA or passwords—a tactic perfected by Iran-aligned groups to gain initial access. It's better known as the "help desk vulnerability."

There is a heightened risk of "nuisance" attacks on patient portals, banking apps, and transportation schedules to disrupt daily American life. Basic public services are at risk.

Given the current "elevated" threat level, CISA and the FBI strongly urge the following:

Aggressive MFA enforcement: Use phishing-resistant MFA (hardware keys) where possible; Iranian actors excel at bypassing SMS-based codes.
Credential vigilance: Monitor for "password spraying" and anomalous login activity, especially for remote access and VPN accounts.
Verify offline backups: With the threat of wiper malware (which deletes data entirely), ensuring immutable, offline backups is the only guarantee of operational recovery.

"Cyberattacks are no longer isolated to the countries directly involved in geopolitical conflict. In the case of Iran, it's not just about their known cyber capabilities; it's about the broader network of proxy actors and aligned nations who may view recent U.S. actions as justification for retaliation," said Randolph Barr, CISO at Cequence Security, an API security and bot management provider. "This dramatically increases the likelihood that the U.S. and its allies will become targets of cyberwarfare, especially from adversaries seeking to exploit regional instability."

Barr added, "Iran has historically demonstrated a strong capability in cyber operations, often leveraging credential theft, social engineering, and access via federated identity systems. What makes their tactics especially dangerous is their tendency to abuse federated and third-party access, essentially exploiting trusted relationships and integrations to move laterally and persist undetected. Heightened geopolitical tensions involving Iran increase the risk of retaliatory cyber activity, particularly against organizations linked to the U.S., Israel and their allies as past incidents have shown."

Leroy Terrelonge, Cyber Risk Senior Credit Officer at Moody's Ratings, had this perspective:

"Cyber activity associated with Iran has varied widely in technical sophistication, but has included ransomware and data-wiping attacks, which tend to be highly credit relevant because of the business disruption involved. Even incidents of low to moderate technical sophistication can have a credit implication if they degrade critical services or weaken customer trust. Notably, many cyber insurance policies exclude losses arising from military conflict, whether declared or not, meaning losses from an attack may fall directly on corporate balance sheets rather than being mitigated by insurance."

As of March 2, CISA is reportedly operating with limited staff due to a funding lapse, which experts warn may delay the distribution of timely threat intelligence to the private sector during this crisis.

How to Start a Career in Cybersecurity the Right Way

office@alexvakulov.com (Alex Vakulov) — Tue, 03 Mar 2026 13:40:59 GMT

The cybersecurity market opens thousands of opportunities for beginners. Every month, hundreds of new vacancies appear. Yet despite the large number of applicants, truly capable candidates remain in short supply.

Recruiters observe a worrying pattern: out of 10 applicants, only one passes the technical interview. An honest junior applicant with strong motivation and a genuine desire to grow is valued more than a candidate with an exaggerated resume.

The success formula for a beginner is straightforward. Choose a direction where you feel most confident. Complete training that is focused on practical skills. And continuously look for growth opportunities such as internships, freelance projects, or CTF competitions.

Cybersecurity talent shortage

High salaries and thousands of open cybersecurity roles exist alongside a severe talent shortage. This is a systemic issue, not a temporary hiring wave.

According to the ISC2 Cybersecurity Workforce Study, the global cybersecurity workforce is about 5.5 million professionals, while the industry still needs roughly 4.8 million additional specialists to meet current demand. This means organizations are operating with a major capability gap.

The situation is especially acute because companies need not only people who can build security tools but also practitioners who can operate them effectively. Incident response, monitoring, and threat detection and prevention require hands-on expertise that remains difficult to hire.

Research also shows the shortage is not just about headcount. Around 95% of organizations report cybersecurity skills gaps, meaning many teams are understaffed in critical operational roles even when positions are approved and funded.

This imbalance drives salary growth and competition for qualified professionals. Employers are forced to offer stronger compensation and better conditions to attract candidates who can deliver practical security outcomes from day one.

What skills a beginner needs

The cybersecurity job market can seem contradictory. Companies are actively hiring, yet they are not willing to bring in just anyone with a degree or certifications. They are looking for candidates with specific, applicable skills and a professional approach to solving real problems.

The modern security specialist is a hybrid of a technologist and, in some ways, a business thinker. You must be able to read code but also understand how security decisions affect revenue, operations, and risk. It is not enough to know how to configure a firewall; you need to explain how that configuration reduces exposure, prevents downtime, and saves the company significant costs.

You also need to know how to analyze logs, understand network protocols, and work with SIEM platforms. Basic Python helps automate routine tasks. Just as important is the ability to explain complex issues in simple terms.

The easiest entry points today are the SOC analyst and web penetration tester roles. These areas grow quickly and consistently need people. The key is focus. Do not try to learn everything. Choose one domain, study it deeply, and build real competence.

Analytical thinking is the core tool of a security professional. This is not about solving training exercises. You must break down real incidents, identify cause and effect, and find patterns where others see noise. Attacks rarely follow templates. Understanding the attacker's logic is often more useful than memorizing tools.

Defensive technologies age fast. What protected systems yesterday may be ineffective today.

Generative AI lowers the barrier for phishing, voice impersonation, and fake executive messages. Social engineering is becoming scalable.
Businesses increasingly centralize critical systems on shared platforms, which means a single vulnerability can have an organization-wide impact.
Advances in quantum computing are forcing the industry to rethink old cryptographic approaches and prepare for post-quantum security.

Because of this, continuous learning is not optional. One course is never enough. You must regularly study new techniques, follow industry research, and test tools in practice.

Teamwork is equally critical. Security does not operate in isolation. You will work with developers to fix vulnerable code, with administrators to correct configurations, and with managers to prioritize risk. Without clear communication, even strong technical skills do not translate into real protection.

Salary expectations

Beginners should approach salary expectations realistically. Typical entry-level salary ranges in the U.S. are:

Junior penetration tester: $75,000 to $105,000 per year
Tier 1 SOC analyst: $65,000 to $92,000
Entry-level security or IT security administrator: $60,000 to $90,000

Actual offers depend on location, employer type, and practical skills. Major metro areas pay more. Large enterprises offer higher salaries but hire more selectively. Candidates who can demonstrate hands-on experience often receive stronger offers than those with only formal education. Viewed alongside broader financial benchmarks such as average savings, these early-career earnings help illustrate how a cybersecurity path can support the gradual building of long-term financial stability.

Proven paths into the profession

There are several viable strategies for entering the cybersecurity field. The right choice depends on your background, available time, and career goals. Many people combine elements from different approaches.

Internships and entry programs

A direct path into the field is an internship with a large organization. Many companies regularly recruit trainee groups. These programs usually last three to six months and combine theory with work on real infrastructure.

Participants handle practical tasks under the guidance of experienced mentors. Strong performers are often offered full-time roles at the end of the program.

University education with targeted practice

A university degree is valuable, but it is rarely enough on its own. Students who work in labs, research groups, or departmental projects alongside their studies gain a clear advantage. Employers value this applied experience far more than academic grades alone.

Many universities cooperate with industry partners, allowing students to complete placements within security teams. Early engagement with the professional community also matters. Conference presentations and technical publications become part of a candidate's professional portfolio.

Bug Bounty programs and CTF competitions

Some choose a less traditional start. Bug bounty programs invite researchers to legally find vulnerabilities in products or infrastructure. Capture the Flag (CTF) competitions are practical training environments where participants attack and defend simulated systems, analyze vulnerabilities, and investigate digital evidence. Strong results in recognized events often draw recruiter attention because they demonstrate real capability.

Transitioning from IT roles

Some professionals move into cybersecurity from other IT disciplines. This transition is natural because core technical skills already align with security work. Common entry points include system administration, networking, and software testing. These professionals already understand operating systems, infrastructure, scripting, and incident behavior. They mainly need to deepen their knowledge of security.

The deciding factor is willingness to learn. New tools such as EDR solutions and NGFWs must be mastered, along with analytical frameworks such as MITRE ATT&CK.

Candidates with even one year of IT experience are often good prospects. Many employers prefer to train such specialists internally, invest in certifications, and grow them into security roles because they already understand real systems and workflows.

Action plan: from theory to the first offer

Step 1: Choose a specialization and build the foundation

Start by selecting a specific direction. This choice determines which technologies and tools you need to learn.

Popular entry paths include:

Web penetration testing: identifying vulnerabilities in applications
SOC operations: monitoring and responding to incidents
Network security: protecting corporate infrastructure
Malware analysis or cryptography: more specialized tracks

A web penetration tester must understand the OWASP Top 10, know how to use tools like Burp Suite, and understand how web technologies, protocols, and databases function. These roles are in demand but competitive at the junior level. SOC roles require knowledge of network protocols, log analysis, and SIEM workflows. Network security is a natural fit for those with system administration experience.

After choosing a path, follow a structured learning approach. Courses provide the base. Documentation and technical reading deepen understanding. Avoid trying to cover everything. Depth in one area is more valuable than shallow familiarity with many.

Step 2. Build practical experience

Course labs alone are not enough. You need independent practice that shows initiative.

A home lab built in environments such as GNS3 can simulate a corporate network. You can configure firewalls, deploy VPNs, test attacks, and practice defenses. Employers view this kind of self-directed work as proof of motivation and problem-solving ability.

Again, participation in open bug bounty programs provides exposure to real vulnerability discovery. Hands-on platforms such as Hack The Box offer progressively challenging scenarios that mirror real environments. Completing dozens of exercises is a meaningful signal of commitment and capability.

Step 3: Search strategically and prepare for interviews

A junior resume should be concise—one page. List concrete skills and link directly to your GitHub portfolio. Many hiring managers review repositories before reading the resume itself.

Do not limit applications to roles labeled "junior cybersecurity." Positions such as L2 technical support or system administration often serve as entry points. Moving into security internally is frequently easier than being hired directly without experience.

During interviews, demonstrate curiosity and willingness to learn. Some technical questions are designed to test reasoning, not memorization. It is acceptable to say you do not know something if you can explain how you would find the answer. Honest problem-solving is valued more than guesswork.

Final thoughts: mistakes to avoid

Some candidates try to bypass the experience requirement by overstating their skills and listing numerous certifications. This almost always fails. Technical interviews and practical tests quickly reveal the actual level of knowledge. Even if someone is hired, the gap becomes obvious during the first weeks of real work. Inability to handle tasks results in probation failure and dismissal.

Reputation matters in cybersecurity. The professional community is small, and credibility is built slowly but lost quickly. The market values honest, developing professionals. Modest but real experience is far stronger than invented expertise.

Level Up at SecureWorld Conferences with In-Depth Training Courses

media@secureworld.io (SecureWorld News Team) — Mon, 02 Mar 2026 22:58:25 GMT

Are you ready to deepen your cybersecurity knowledge and take your skills to the next level? SecureWorld PLUS courses are back for 2026, offering an incredible opportunity for hands-on, expert-led training at our in-person regional conferences.

Whether you're a seasoned security professional or just starting your journey, these in-depth courses are designed to equip you with actionable insights and training that boost your career. PLUS courses are held as part of each conference—either the day before or interspersed as 90-minute sessions throughout—providing attendees an additional six hours of immersive education and 6 CPE credits.

Why attend a SecureWorld PLUS course?

Expert-led training: Learn directly from industry leaders with decades of experience.
Interactive learning: Engage in practical exercises and collaborative discussions.
Professional growth: Earn 6 CPE credits and return to your organization with actionable strategies.

Here is a look at the courses being offered this year.

Securing & Enabling AI: Transform Chaos into Competitive Advantage

Your CEO just asked about AI security. Do you have a clear answer?

While security teams are still cataloging vulnerabilities, business units are deploying AI at scale. Every Monday, another department launches an AI tool. Marketing uses ChatGPT for campaigns. Sales deploys AI Sales Development Reps. Customer service automates with chatbots. And your cybersecurity team? Still writing policies nobody reads.

In this interactive workshop, learn how to secure AI while accelerating innovation—not blocking it. Transform from AI Firefighter to Strategic Business Enabler, with a 90-day roadmap for secure AI deployment in your organization.

What you will master:

The AIR-MAP Methodology™ — Your proven 90-day roadmap from AI chaos to governance
Executive Translation — Turn technical AI risks into boardroom language
NIST AI RMF Implementation — Practical application, not theory
The $12M Question — Secure against deepfake fraud and AI-enabled attacks
Shadow AI Discovery — Find and govern the AI already in your organization
Business-First Security — Protect value, not just systems

Who should attend:

CISOs facing board questions about AI
Information Security Directors enabling digital transformation
IT VPs without dedicated security teams
Cybersecurity Consultants serving enterprise clients
Risk Managers governing AI initiatives
Aspiring decision-makers and those reporting to one

Not designed for:

Developers wanting to code AI models
Analysts seeking technical certifications
Anyone looking for hands-on hacking labs

This workshop is NOT about:

Prompt injection techniques
Model architecture security
Technical vulnerability scanning
Writing 200-page policies

This workshop IS about:

Speaking profit-and-loss to executives
Enabling your AI transformations
Building cybersecurity into AI from day one
Becoming the trusted AI advisor

What you'll leave with:

1. The Complete AIR-MAP Toolkit

90-day implementation roadmap
Discovery templates and workflows
Risk scoring calculators
Executive presentation templates

2. Ready-to-Deploy Governance Assets

AI Acceptable Use Policy (customize in minutes)
Vendor assessment questionnaires
Incident Response playbooks

3. A 30-Minute Strategy Session

A complimentary private consultation to apply AIR-MAP directly to your organization's AI strategy and risk posture.

The "Securing & Enabling AI: Transform Chaos into Competitive Advantage" PLUS will be offered at all of SecureWorld's in-person conferences in 2026.

Master the NIST Cybersecurity Framework v2.0 in Just Six Hours

This intensive, live workshop is your shortcut to mastering cyber resilience. In just one power-packed course, you will walk away with:

Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
A step-by-step action plan – No more guessing what to do next
Real-world case studies – See how organizations just like yours have successfully implemented the framework
Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?

This isn't another theoretical lecture. You'll spend most of your time actually BUILDING your organization's cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You'll leave with tools and know-how you can implement immediately.

Perfect for:

IT Directors and Managers
Cybersecurity Professionals
Business Leaders responsible for risk management
Compliance Officers
Anyone tasked with "figuring out cybersecurity"

Exclusive bonus: Every attendee receives a comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

Getting BUY-IN from your senior decision makers
Discovering your top five cyber risks
Creating a prioritized risk mitigation plan with implementation roadmap
A score card you can use to track progress

Warning: This course workshop has limited seating. Don't let another cyber incident catch your organization unprepared—register now!

SecureWorld's PLUS Course, "Master the NIST Cybersecurity Framework v2.0 in Just Six Hours," will only be offered at our in-person, two-day conferences in Boston, Philadelphia, and Seattle.

How to register

Don't miss this chance to enhance your skills, earn CPE credits, and learn together with peers in your region. Seats are limited, so secure your spot in these highly-sought-after courses today! See our Events schedule here.

Darktrace Threat Report: Logging In Is the New Breaking In

CamS@secureworld.io (Cam Sivesind) — Mon, 02 Mar 2026 15:37:00 GMT

The 2026 Darktrace Annual Threat Report delivers a clear, uncompromising message: the era of the perimeter is officially over. The primary challenge for CISOs is no longer just keeping attackers out; it is identifying them once they have already "logged in" using legitimate, but compromised, identities.

For cybersecurity professionals, the report is a roadmap of the shifting tactics, techniques, and procedures (TTPs) that defined 2025 and will dictate risk in the year ahead.

Identity has emerged as the single most consistent threat across the global landscape. In a significant shift, identity compromise and the exploitation of trust have eclipsed traditional vulnerability exploitation as the dominant attack vector.

Attackers are increasingly using valid credentials to log in and blend into normal operational activity, making them incredibly difficult to distinguish from legitimate users. This known as Living Off the Land (LOTL).

Native English-speaking groups like Scattered Spider have mastered helpdesk impersonation and MFA-bypass techniques to gain high-privileged access to hybrid cloud environments like Okta and AWS.

Identity-based attacks, particularly phishing, now see massive spikes during retail events. For example, Black Friday-related phishing skyrocketed by 620% in late 2025.

As organizations deepen their reliance on the cloud, threat actors are following the data. Cloud and SaaS environments are now being used as "systemic risk multipliers."

In the Americas, SaaS/M365 account compromises and email-based social engineering now account for nearly 70% of all recorded incidents.

Attackers are moving away from opportunistic campaigns toward targeting SaaS platforms directly to achieve massive downstream impact across multiple environments through a single foothold. It's basic supply chain exposure.

Darktrace's honeypot data indicate that Microsoft Azure was the most targeted cloud provider in 2025, accounting for 43.5% of malware samples collected across major platforms.

Ransomware remains the fastest path to material business impact, but the "business model" has matured into a highly specialized ecosystem. Some key ransomware-related takeaways:

Double and triple extortion: There is a sharp move away from pure encryption toward data leak pressure tactics. Groups like Akira—one of the most active families globally—consistently demand payment for both file decryption and to prevent the release of stolen data.
The speed gap: Exploitation is now happening faster than ever, often before a vulnerability is even disclosed (pre-CVE).
Sector at risk: Manufacturing has become a primary target, accounting for 29% of all recorded ransomware incidents in the Americas, driven by the sector's reliance on interconnected OT and legacy systems.

Critical infrastructure as a strategic pawn

Perhaps the most concerning trend is the pre-positioning of nation-state actors within critical national infrastructure (CNI). This is no longer just about espionage; it is about "strategic leverage."

Actors like Salt Typhoon (China-nexus) have successfully infiltrated telecommunications infrastructure, while Volt Typhoon has been detected pre-positioning implants in energy organizations for potential disruptive OT attacks.

States like North Korea (DPRK) are increasingly using hybrid groups, or proxy agents, to conduct financially motivated operations—such as cryptocurrency mining—to fund their intelligence-gathering efforts.

The 2026 outlook requires a fundamental pivot in how CISOs and their teams define resilience.

Because attackers are using valid credentials, signature-based defenses are insufficient. Security teams must prioritize behavioral-led detection that can identify subtle anomalies in how an identity or cloud account is acting, regardless of whether the login was technically valid.

Resilience in 2026 depends on the aggressive application of least privilege principles. If an identity is compromised, the "blast radius" must be contained by architectural limits.

With vulnerability volumes growing by 20% year-on-year and exploitation speeds accelerating, manual remediation is a losing game. Embracing autonomous response technology is essential to containing potential exploits at an early stage, before they can escalate into a full-scale crisis.

We asked some representatives from cybersecurity vendors for their thoughts on the findings in the report.

Mark McClain, CEO at SailPoint Technologies, said:

"As the report highlights, identity is no longer about perimeter-based defense. The rise in AI-based agents and the massively accelerating threat landscape has rendered that approach inadequate, and prompted a shift towards identity as the critical element to enterprise security. This report's findings demonstrate that there is now a need for real-time, intelligent, and dynamic identity security, built to govern and secure not just 'who,' or in the case of AI agents, 'what,' has access to the enterprise, but what data they can access and what they are able to do once inside."
"The modern enterprise requires a new control plane, driven by unifying identity, data, and security. The combined power of these contexts enables real-time decisions to reduce risk without impacting the business. These decisions can be driven by the nature of the identity, the context of the apps and data it can access, the behavior around how it is using these apps and data and the security signals and risk warnings that may surround it. To combat this new era of threats, driven by the force multiplier of AI, we need to embrace a new approach of adaptive identity."

Morey Haber, Chief Security Advisor at BeyondTrust, said:

"Cybersecurity has always been a forward-looking discipline. By anticipating where technology, threat actors, and regulation are heading, we can better protect our customers and help the industry prepare for what’s next. Looking ahead allows us to adapt faster and turn insight into proactive security action. The future of cybersecurity isn't just about defending data, it’s about anticipating how digital and physical worlds will continue to collide. The organizations that will thrive are those that treat identity as the new perimeter and innovation as their strongest defense."

Amit Zimerman, Co-Founder and Chief Product Officer at Oasis Security, said:

"Human oversight remains vital when using AI in offensive cybersecurity. While AI is highly efficient in automating and scaling tasks, human expertise is necessary to interpret complex results, make critical decisions, and apply context-specific reasoning. Humans are essential for ensuring that AI-driven tools are used responsibly and for validating the results of AI processes, especially when it comes to the nuances of certain vulnerabilities or threat landscapes. AI also plays a significant role in 'shift-left' approaches by identifying security vulnerabilities earlier in the software development lifecycle. When integrated into offensive security measures, AI can detect and address issues before they make it into production, reducing the cost of remediation and improving the overall security posture of an organization."

Diana Kelley, CISO at Noma Security, said:

"AI risks have rapidly moved from a watch list item to a front-line security concern, especially when it comes to data security and misuse. To manage this emerging threat landscape, security teams need a mature, continuous security approach, which includes blue team programs, starting with a full inventory of all AI systems, including agentic components as a baseline for governance and risk management."
"For practitioners, securing AI in 2026 and beyond is not just about protecting models. It requires addressing stack sprawl and moving toward a platform-driven approach that delivers defense in depth through unified, AI-aware identity, configuration, and data visibility. Organizations that simplify their cloud and AI security stack, and enable effective automation, will be far better positioned to safely scale AI as threats continue to evolve."

Shane Barney, CISO at Keeper Security, said:

"Identity has become the attacker's skeleton key. Instead of forcing their way through a firewall, adversaries are logging in with stolen credentials, hijacked tokens and abused permissions, then moving laterally under the cover of legitimacy. When identity controls are fragmented or overly permissive, attackers don't need novel exploits. They just need access that looks routine. Identity now defines the enterprise perimeter. When every identity is governed with least privilege and continuously validated, a stolen credential becomes a contained event instead of an enterprise-wide incident."

How AI Deepfakes Are Fueling Synthetic Identity Fraud in Enterprises

david@macsecurity.net (David Balaban) — Sun, 01 Mar 2026 15:21:59 GMT

Enterprise fraud has always followed the path of least resistance. What's changed is the attacker's toolkit. Generative AI can now produce believable voices, faces, and "perfectly normal" video calls on demand, while synthetic identities can be built like Legos–one real data fragment here, one fabricated detail there, all wrapped in a clean online footprint.

Put the two together and you get a form of deception that doesn't just trick people; it slips into workflows, approval chains, and onboarding systems that were built for a different era.

What this means for security teams

Deepfakes don't replace classic social engineering; they upgrade it. A spoofed email from "the CFO" is one thing. A live video call where the CFO appears, speaks naturally, and pressures a fast decision is something else entirely. In many organizations, "I saw them" and "I heard them" still carries weight. Attackers know that, and they lean into it.

The risk grows when fraud is routed through processes that already look legitimate. A synthetic vendor can be onboarded, receive payments, and build transaction history. Later, a deepfake call arrives to approve a "routine" change, such as new bank details, a rush payment, an exception to normal procedure. Each step can pass a basic reasonableness test, especially when teams are busy and the request lands with the right mix of authority and urgency.

This is where governance and verification collide. KYB compliance exists to validate business entities and reduce exposure to shell companies and questionable counterparties. The problem is that convincing-looking paperwork and polished digital presence are easier to manufacture than ever. If verification leans too heavily on static documents and surface-level checks, attackers can create something that looks compliant while being entirely fraudulent underneath.

The takeaway is uncomfortable but necessary: familiar identity signals, such as voice, face, or official-looking documents, can no longer be treated as standalone proof.

Incidents and trends that show where this is headed

Recent cases highlight how deepfakes are being used as a force multiplier, especially in finance.

One widely-reported incident in Hong Kong involved a deepfake-driven video conference in which a finance employee was persuaded to transfer roughly $25 million. The detail that stands out isn't just the money, it's the method. The attackers used a meeting format that feels normal in modern enterprises—multiple participants, a legitimate-looking context, and a sense of internal routine. That's precisely why it worked.

In the U.S., deepfake videos featuring well-known public figures, including Elon Musk, have been used to promote fraudulent investment schemes. These campaigns often target individuals, but the mechanics translate directly to enterprise environments: manufactured authority, rapid trust-building, and a narrative designed to override skepticism.

The scale is not hypothetical. A Deloitte poll in 2024 found that one in four organizations had experienced at least one deepfake incident aimed at financial or accounting data. That number matters because it points to repeatable targeting of processes that move money, change payee details, or expose sensitive reporting information.

Several patterns are showing up across these events:

Real-time is replacing prerecorded. Live calls and interactive conversations reduce the "this looks edited" suspicion.
Multi-channel reinforcement is common. A compromised email thread plus a deepfake call is far more persuasive than either alone.
Synthetic identities are being played long. Some fraudsters establish vendors or "employees," build credibility, and cash out later when the environment is primed.

This is not random opportunism. It's a workflow attack.

Why synthetic identities work so well

Synthetic identity fraud succeeds because it exploits a gap between "looks valid" and "is real." Attackers blend authentic data (a real address, a legitimate registration number, a compromised tax identifier) with fabricated elements (a generated headshot, a made-up executive, a curated work history) until the result passes routine checks.

It's also durable. A stolen identity may be locked down once the victim notices. A synthetic identity has no victim to complain, no baseline to compare, and no obvious trigger in the early stages. It can be nurtured through vendor onboarding, small invoices, normal communication cadence, gradual trust-building. By the time it's used for major fraud, it feels established rather than newly created.

Deepfakes make the synthetic identity feel human. If a "vendor contact" can appear on camera and answer questions without sounding scripted, suspicion drops. People are reluctant to challenge what appears to be a direct face-to-face interaction, especially when it comes from someone framed as senior, busy, and decisive.

From the attacker's perspective, that combination is efficient because it ensures scalable identity creation, believable interaction, and fewer points of immediate detection.

Regulation and compliance are catching up, albeit slowly

Regulators and industry frameworks already emphasize controls around onboarding, due diligence, and transaction monitoring. Those expectations aren't going away. If anything, deepfakes and synthetic identities make the case for stronger, more demonstrable governance.

The challenge is that many compliance programs were built around documentation and formal attestations, which are items that can now be simulated convincingly. That pushes organizations toward a more evidence-based approach through continuous monitoring, cross-validation of identity claims, stronger change-control for payment details, and transaction scrutiny that accounts for social-engineering signals.

For enterprises, this becomes shared territory between Compliance and Security. Fraud awareness and prevention can't sit solely in finance, and identity assurance can't be treated as a one-time check at onboarding.

The human factor still decides the outcome

The best deepfake doesn't win because it's technically perfect. It wins because it lands at the right time, on the right person, with the right pressure.

Hierarchy is an attacker's friend. People hesitate to slow down a "senior" request. Teams evaluated on speed and responsiveness tend to treat verification as friction. Remote work adds another complication: video calls feel normal, and "I saw them on camera" can be mistaken for certainty.

Security awareness needs a reality check. Many programs still revolve around suspicious links and odd email phrasing. Deepfake fraud is often more subtle: a plausible request, delivered through a familiar channel, supported by social context. Employees need clear permission to pause, verify, and escalate, even if the request appears to come from the top.

Defense strategies

No single control neutralizes this threat. The goal is to make fraud hard to execute and easy to interrupt.

Use out-of-band verification for money movement. Confirm high-risk requests through a separate, pre-approved channel (not a reply to the same email thread).
Lock down payee change procedures. Bank detail updates should trigger enhanced verification and, for higher-risk vendors, a short waiting period.
Require multi-person approval for large transfers. Two sets of eyes reduce the odds that urgency overrides judgment.
Harden vendor onboarding with ongoing checks. Treat KYB compliance as continuous, not a one-time document review.
Add "challenge steps" for executive requests. Pre-agreed internal verification phrases, call-back rules, or secure approvals help validate real-time requests.
Monitor for lookalike domains and thread hijacking. Many deepfake incidents are reinforced by business email compromise or domain spoofing.
Prepare an incident playbook for deepfakes. Include rapid internal notification, payment recall workflows, and media/forensics triage.
Run tabletop exercises that involve finance. If finance teams aren't practicing fraud interruption, controls can fail under pressure.

These measures work best when Security, Finance, and Compliance treat deepfake-driven fraud as shared operational risk. That alignment is often the difference between "we had controls" and "we stopped it."

The bottom line

Deepfakes and synthetic identities are pushing enterprise fraud into a more convincing, process-aware phase. Attackers are no longer limited to stealing credentials or sending generic lures. They can manufacture authority, build believable entities, and pressure employees in real time.

Enterprises don't need panic; they need modernization. Treat audiovisual proof as a weak signal, tighten the rails around financial workflows, reinforce KYB compliance beyond paperwork, and normalize verification as a professional habit. Organizations that adapt now will be the ones that keep trust intact when the next executive call isn't an executive at all.

What Sandworm Teaches Us About Cyber, Geopolitics, and Strategic Leadership

Ian Schneller — Fri, 27 Feb 2026 15:22:00 GMT

Sandworm by Andy Greenberg is more than a chronicle of a set of devastating cyberattacks. It's a study in attribution, geopolitics, resilience, and strategic blindness. And despite being set roughly eight years ago, its lessons feel even more relevant today.

I recently read it for the first time, and now that I have, I feel like a bad professional for not reading it sooner! It's not just a great adventure of significant cyber events, but also full of strategic takeaways you can apply today.

Attribution is hard—really hard

One of the book's most important takeaways: attribution takes time, discipline, and humility.

Initial conclusions are often wrong—or at least incomplete. The case studies walk through global efforts to attribute major attacks, and they are filled with false starts, dead ends, misdirection, and political hesitation. What seems obvious in hindsight was anything but clear in the moment.

For security leaders, this is a sobering reminder. Public pressure, media narratives, and internal executive urgency can all push toward premature conclusions. But serious attribution requires technical depth, cross-border cooperation, intelligence integration, and patience.

The intersection of cyber and geopolitics

Sandworm does an exceptional job illustrating the intersection of cyber operations and national strategy.

These weren't random attacks. They were instruments of geopolitical influence—probing, destabilizing, signaling, and sometimes testing thresholds of response. The book provides rare insight into national security decision-making: when to respond, how to respond, and when not to.

Given today's global tensions, this lens is critical. Cyber is not just an IT problem. It is statecraft.

If you're a CISO or board member who isn't factoring geopolitics into your threat modeling, you're behind.

Nation-states didn't go away

When these events unfolded, nation-state operations dominated cyber headlines. Today, ransomware captures most of the oxygen.

But that doesn't mean state-sponsored exploitation has stopped.

A strategic takeaway from the book: nation-state access and information operations likely continue—quietly—masked in the noise of ransomware and criminal activity. In fact, the blurred lines between state actors and cybercriminal groups raise uncomfortable questions.

Why do some criminal groups operate for years with little consequence from their local governments?

The book doesn't preach—but it invites the reader to connect those dots.

Cascading risk and the supply chain lesson

One of the most powerful case studies centers around the compromise of the Ukrainian accounting software company M.E.Doc.

The infection of their software product cascaded outward, impacting a staggering number of global organizations. It was a supply chain infection before "supply chain risk" became a board-level buzzword.

The uncomfortable truth? Leadership at the compromised company never imagined they would be a target.

That mindset—"why would anyone target us?"—is one of the most dangerous phrases in cybersecurity.

Strategic leaders must think in ecosystems, not silos. Your organization might not be the intended target. You might be the conduit.

Systemic risk and unintended consequences

The attacks described in Sandworm demonstrate how digital disruptions cascade across sectors—energy, logistics, healthcare, shipping.

Complex, interconnected systems fail in nonlinear ways.

This is where cybersecurity leadership intersects with enterprise risk management. The conversation can't just be about patching and detection. It must include:

Interdependency mapping
Third-party and fourth-party exposure
Operational continuity under degraded conditions
Manual fallback capabilities

A resilience mindset across generations

One subtle but fascinating observation in the book involves resilience.

Workers in the late stages of their careers—those who had lived through pre-digital processes—were often able to rapidly construct and execute manual workarounds when systems went down. They knew how to operate without automation.

Younger employees, raised in fully digital environments, often struggled more initially.

This isn't a critique of talent. It's a reminder.

True resilience includes the ability to operate in degraded modes. In an era of cloud dependence and AI automation, that lesson matters more than ever.

Know the history of our profession

Another important takeaway: cybersecurity didn't emerge in a vacuum.

The book offers insight into the individuals, researchers, policymakers, and responders who shaped the field through crisis. Understanding what happened, why it happened, and how the response evolved makes us better practitioners.

If you don't understand the history of major cyber operations, you’re missing context for today's strategic decisions.

Final thought

For today's information security leaders, board members, and national security leaders, the book is both a warning and a guide.

The threats may evolve. The headlines may shift from nation-states to ransomware. But the strategic realities described in Sandworm are still very much with us.

And if anything, the stakes are higher now.

This article appeared originally on LinkedIn here.

Did AI Just Kill Cybersecurity? Industry Leaders Push Back Against Market Panic

drewt@secureworldexpo.com (Drew Todd) — Thu, 26 Feb 2026 13:24:00 GMT

It started on Friday, February 20th, with a limited research preview. Anthropic, the AI safety company behind the Claude family of models, announced Claude Code Security, a tool that scans codebases for vulnerabilities and suggests targeted software patches for human review. The announcement was measured. The market reaction was not.

By Friday's close, CrowdStrike had shed more than 10% of its value. Zscaler, Okta, and Fortinet followed with similar losses. By Monday, the damage across the sector deepened: CrowdStrike was down more than 17% over the two-day stretch, Zscaler and Okta each off roughly 15%. JFrog cratered 25%. GitLab dropped 8% in a single session. The selling was broad, indiscriminate, and driven by a simple—if oversimplified—fear: what if AI can just do this now?

It's a fear that has become familiar across the software sector. Salesforce is down more than 33% year-to-date. ServiceNow has shed 34%. The market has been wrestling with an existential question about SaaS valuations in an AI-native world for months. The Anthropic announcement landed like a lit match in a room full of anxiety.

CrowdStrike's CEO turns the tables—on Claude

George Kurtz, CrowdStrike's co-founder and CEO, wasn't content to simply defend his company in a press release. He decided to make the point with a touch of theater—by asking Claude itself.

"There's been a lot of noise lately about Claude replacing security products," Kurtz wrote in a LinkedIn post over the weekend. "I figured, why not go straight to the source and ask Claude directly?" He then posed the prompt to the AI: build me a tool to replace CrowdStrike.

Claude's response was unequivocal. "I appreciate the ambition, George, but I have to be straightforward: building a replacement for CrowdStrike isn't something I can do here, and it wouldn't be responsible for me to suggest otherwise."

"So there you have it—straight from Claude," Kurtz wrote. "AI is powerful. It's transformative. And it absolutely makes security better. But AI doesn't eliminate the need for security. It increases it."

In a separate post, Kurtz was more direct about the core distinction the market appears to be missing: "AI innovation is inspiring. But let's stay grounded in reality: an AI capability that scans code does not replace the Falcon platform—or your security program. Security requires an independent, battle-tested platform built to stop breaches."

It was a sharp reframe, and one that resonated widely. Palo Alto Networks CEO Nikesh Arora echoed the sentiment during an earnings call last week, telling analysts he was "confused" why the market viewed AI as a threat to cybersecurity, given that customers are actively asking for more AI to scale their security operations.

What the experts are actually saying

To understand whether this sell-off reflects a real structural shift or a panic-driven overreaction, SecureWorld reached out to cybersecurity practitioners and executives at the front lines of this debate. Their perspective: the market is confusing compression with collapse.

"The market reaction assumes AI collapses the value of cybersecurity platforms," said David Brumley, Chief AI and Science Officer at Bugcrowd. "In reality, it compresses certain features while expanding the overall surface area of security work. As attackers use AI to scale, defenders must do the same."

Brumley, who leads AI and science strategy at Bugcrowd, the San Francisco-based crowdsourced cybersecurity leader, draws a careful distinction between what AI changes and what it doesn't. The work of security isn't disappearing—it's being reorganized.

"The real shift is in how the work gets done," Brumley said. "Security professionals are knowledge workers, and like every knowledge profession, our workflows are being reshaped by AI. Those who ignore it will fall behind. Those who adopt it will become dramatically more effective. While security professionals are used to learning new skills, what makes this more scary is the speed and scale that the change is coming."

To illustrate his point, Brumley reaches back nearly a decade to a moment that feels eerily similar to today's headlines.

"I want to step back and draw a parallel with Radiology in medicine," he said. "When AI began outperforming humans on certain radiology benchmarks around 2016, there were loud predictions that radiology was a dying field. Pundits even said 'stop training radiologists.' Instead, diagnostic radiology residency programs are now at record levels. The profession didn't disappear—it evolved. Radiologists use AI to increase accuracy, reduce false negatives, and focus on complex judgment calls where human context matters most."

"Cybersecurity will follow the same path," Brumley concluded. "Skills will shift, old problems will be solved, and new problems will arise. Translating that into risk decisions, prioritization, remediation strategy, and real-world tradeoffs still requires experienced practitioners. The companies and professionals who integrate AI effectively will outperform, not be replaced."

Ram Varadarajan, CEO of Acalvio Technologies—a Santa Clara-based leader in cyber deception technology—offers a more blunt assessment of what's actually happening.

"Fundamentally, AI changes the cybersecurity problem," Varadarajan said. "It doesn't eliminate it. In fact, the more AI gets deployed, the more—not less—cybersecurity and AI safety we need."

"If you're a cybersecurity provider wedded to doing things in the way they were done prior to AI, then you're going to have problems," he said. "If, on the other hand, you evolve apace with AI, your cybersecurity product demand will be evergreen. AI brings new risk vectors, and as it diffuses throughout business and society, the need for cybersecurity that stays ahead of those risks will grow."

Varadarajan points to the emerging threat landscape as the clearest argument for why cybersecurity demand grows, not shrinks, in an AI-saturated world. "What does this mean product-wise for cybersecurity vendors? AI-native defense that can meet AI-native attacks bot-on-bot, with speed, subtlety and precision."

CrowdStrike's own threat intelligence, published this week, underscores the point. The company's 2026 Global Threat Report found that AI-enabled cyberattacks surged 89% over the last year, with average attacker "breakout times"—the window between initial compromise and lateral movement—falling to just 29 minutes, a 65% acceleration from 2024. Some attacks, the report noted, unfolded in seconds.

John Bambenek, President of Bambenek Consulting, raises a dimension of the debate that often goes unaddressed: the fundamental nature of AI's capabilities and where they break down.

"AI is ultimately a backward-looking tool—it learns from history," Bambenek said. "Cybersecurity is fueled by researchers who are looking at how threat actors are evolving, what new techniques and vulnerabilities are being exploited, and how the tools are changing. While Anthropic and others may be part of the engine that powers future solutions, it will still need to be powered by researchers who are finding the 'new' threats."

It's a point that speaks directly to what vulnerability management platforms, threat intelligence firms, and managed detection services provide that a code-scanning AI cannot: novelty. The adversaries security professionals face aren't running yesterday's playbook, and a system trained on historical patterns has an inherent lag that threat researchers close.

So what is actually at risk?

The nuanced answer, according to Wall Street analysts and practitioners alike, is that not all cybersecurity is created equal when it comes to AI disruption risk.

Analysts at UBS noted last week that while code scanning and certain SIEM-adjacent analytics functions could see compression from AI tools, the core platform businesses—endpoint detection and response, identity management, SASE networking, and cloud security posture management—require the kind of proprietary data and real-time infrastructure that AI chat models don't replicate. CrowdStrike's Falcon platform, for instance, draws on telemetry from hundreds of millions of endpoints processed in real time. Claude was built on publicly available code patterns and disclosed CVEs.

Wedbush analyst Dan Ives, who closely covers the sector, pushed back hard on the bear case, arguing that AI is a tailwind for cybersecurity spending, not a headwind. As hackers harness AI to launch faster, more personalized attacks at scale, enterprise security budgets are being pressured upward, with some vendors raising sales targets by as much as 30% this year.

The bottom line

The cybersecurity sector is undeniably being reshaped by AI. That part of the market's thesis is correct. But the leap from "reshaped" to "replaced" is where analysis gives way to anxiety.

What Kurtz, Brumley, Varadarajan, Bambenek, and a growing chorus of practitioners argue—from different angles and with different vocabularies—is the same fundamental point: AI expands the attack surface faster than it shrinks the defense budget. The companies that will struggle are those that fail to integrate AI into their own platforms. The companies that will thrive are those that make AI-powered defense their core competency.

For investors watching the carnage this week, the harder question isn't whether AI will change cybersecurity; it's whether the companies they're selling have the platform depth, proprietary data, and organizational will to lead that change—or follow it.

Follow SecureWorld News for more stories related to cybersecurity.

Lazarus Group Adopts Medusa Ransomware in Escalating Attacks on US Healthcare

drewt@secureworldexpo.com (Drew Todd) — Wed, 25 Feb 2026 16:05:12 GMT

North Korea's state-sponsored Lazarus Group has added yet another ransomware strain to its arsenal. New research from the Symantec and Carbon Black Threat Hunter Team reveals that the group has been observed deploying Medusa ransomware in an attack against an unnamed entity in the Middle East and, separately, attempting an unsuccessful breach of a healthcare organization in the United States.

The findings represent a notable evolution in Lazarus's tactics. The group has previously been linked to the Maui and Play ransomware families, and the pivot to Medusa signals that North Korean cyber actors continue to diversify their extortion toolkit—undeterred by law enforcement attention or international scrutiny.

What is Medusa?

Medusa is a ransomware-as-a-service (RaaS) platform operated by the cybercrime group Spearwing. Launched in 2023, Medusa follows the now-familiar affiliate model: cybercriminal partners deploy the ransomware and split the ransom proceeds with the platform's operators. Since its debut, Medusa affiliates have claimed responsibility for more than 366 attacks globally.

Analysis of Medusa's public leak site—where operators post victim data to pressure payment—reveals that four U.S. healthcare and non-profit organizations have been listed as victims since early November 2025. Among those listed are a mental health non-profit and a school serving autistic children. The average ransom demand across this period was approximately $260,000.

It remains unclear whether all of these victims were targeted specifically by North Korean Lazarus operators or by other Medusa affiliates acting independently.

A pattern that keeps growing

Lazarus's foray into ransomware is not new, but its scope continues to expand. The Lazarus sub-group Stonefly—also tracked as Andariel, and linked to North Korea's Reconnaissance General Bureau (RGB)—has been at the center of many of these extortion campaigns. In July 2025, the U.S. Justice Department indicted North Korean national Rim Jong Hyok on charges related to ransomware attacks against U.S. hospitals and healthcare providers, alleging that ransomware proceeds were funneled back to fund state-sponsored espionage operations.

The indictment, paired with a $10 million reward for information on Rim, has done little to slow the group's pace. As recently as October 2024, Symantec's Threat Hunter Team documented intrusions into three separate U.S. organizations, and Palo Alto Unit 42 reported Lazarus affiliates collaborating with the Play ransomware group in the same month.

"The switch to Medusa demonstrates that North Korea's rapacious involvement in cybercrime continues unabated," according to the Symantec Threat Hunter Team. "North Korean actors appear to have few scruples about targeting organizations in the U.S."

Expert perspective: why soft targets?

The deliberate targeting of mental health organizations and schools serving vulnerable populations has not gone unnoticed in the security community. Jason Soroko, Senior Fellow at Sectigo, says the target selection is strategic—and cynical.

"Striking facilities dedicated to mental health and autistic children demonstrates that these actors prioritize maximum emotional leverage to ensure swift ransom payments," Soroko said. "The relatively modest average ransom demand suggests a volume-based approach where threat actors target chronically underfunded sectors that simply cannot afford prolonged operational downtime. Network defenders must recognize that foreign adversaries are no longer solely hunting major enterprises and are actively exploiting the softest targets in the American healthcare ecosystem."

The $260,000 average demand is telling. Compared to multimillion-dollar ransoms levied against large enterprises, the figure is modest; but for a cash-strapped nonprofit or small healthcare provider, it can be existential. Attackers appear to be calibrating demands to maximize payment rates, not maximize individual payouts.

Healthcare's persistent security gap

James Maude, Field CTO at BeyondTrust, says the healthcare sector's continued vulnerability to ransomware is the product of long-standing underinvestment in security—and that the problem extends well beyond the healthcare organizations themselves.

"Healthcare has historically been less prepared for cyber risks than other industries, and attackers are increasingly taking advantage of this," Maude said. "The security challenges extend beyond the healthcare providers themselves, with almost a third of breaches involving the compromise of third parties. Ransomware, once a rare occurrence in healthcare, is now on the top of most providers' agendas as legacy remote access solutions provide a quick entry point to land and expand with severe consequences."

Maude argues that the industry needs to fundamentally shift its defensive posture—moving from post-breach response thinking to identity-centric prevention. "Ransomware and other threats are only as effective as the privileges and access they manage to acquire so if we can implement better hygiene, and place emphasis on least privilege, then the threat actors are far less likely to ransomware us in the first place."

He also points to the growing role of real-time behavioral monitoring in healthcare security. "Modern healthcare organizations are also incorporating real-time session monitoring with their security tooling to perform behavioral analytics and generate automated alerts. Any anomalous vendor behaviors, such as unusual file exports or unexpected command-line launches, are detected and halted before they can escalate into breaches."

Lazarus toolset in active campaigns

According to Symantec's research, Lazarus operators in the current Medusa campaigns are deploying a mix of custom and publicly available tools, including:

Comebacker – a custom backdoor and loader exclusively associated with Lazarus
Blindingcan – a remote access Trojan (RAT) linked to the group
ChromeStealer – used to extract stored passwords from Chrome
Mimikatz – a publicly available credential dumping tool
Infohook – information-stealing malware
RP_Proxy – a custom proxying tool

Attribution within Lazarus's internal structure remains somewhat murky. While the TTPs—extortion campaigns targeting U.S. healthcare—are consistent with Stonefly, the presence of Comebacker, a tool previously linked to the Pompilus group (also known as Diamond Sleet), complicates clean attribution to any single sub-group.

What organizations should do

For healthcare and non-profit organizations that may be in Lazarus's crosshairs, the immediate priorities are clear: patch legacy remote access solutions, enforce least-privilege access controls across users and third-party vendors, and implement behavioral monitoring to detect anomalous activity before it escalates.

Indicators of compromise from Symantec's research—including file hashes and network indicators associated with Medusa and Comebacker—are available in the full Symantec report at security.com.

The broader message from this research is sobering: nation-state ransomware operators are no longer limiting their targets to high-value enterprises with deep pockets. The softest targets in American civil society are now firmly in their sights—and indictments, reward offers, and diplomatic pressure have done little to change that calculus.

Follow SecureWorld News for more stories related to cybersecurity.

Invisible Battlefield: Why Identity Verification Is the New Firewall

CamS@secureworld.io (Cam Sivesind) — Tue, 24 Feb 2026 20:54:34 GMT

In modern cybersecurity, the traditional perimeter has not just dissolved, it has been replaced by a sprawling lattice of human and machine identities. Two recently released reports—the Intellicheck Identity Verification Threat Report 2026 and the Osterman Research report on Strengthening Identity Security—provide a sobering look at this new reality.

While they approach the problem from different angles—Intellicheck focusing on the point of entry and Osterman on the lifecycle of a credential—their combined message is clear: if cybersecurity professionals cannot confidently verify who (or what) is accessing their systems, existing defenses are essentially decorative.

For CISOs and their teams, these reports signal a mandatory shift from traditional Identity and Access Management (IAM) toward a more robust, "identity-first" security posture that accounts for both sophisticated human fraud and the explosion of non-human entities.

The common ground: a crisis of confidence

Despite their different methodologies, both reports converge on several critical findings that should keep security leaders awake at night.

The professionalization of fraud: Both reports highlight how AI has become a force multiplier for attackers. The Intellicheck report warns that AI tools can now create synthetic IDs that are virtually indistinguishable from real ones to the human eye. Similarly, the Osterman Research report identifies the use of AI to create highly-personalized, machine-speed social engineering attacks as one of the fastest-growing threats.
The help desk as a high-value target: Both studies identify the help desk as a primary vulnerability. Attackers are increasingly social engineering support staff to reset passwords or MFA factors, with Intellicheck noting a 158% year-over-year increase in transactions related to password resets as IT teams struggle to verify the actual person behind the request.
The inadequacy of human verification: A shared conclusion is that relying on human judgment to verify identity is no longer a viable security strategy. Whether it is a bartender checking a driver's license or a SOC analyst reviewing a login attempt, the speed and sophistication of modern identity theft require automated, real-time technical validation.

While their shared alarms are loud, the two reports provide distinct lenses through which to view identity risk.

Intellicheck: the front door and physical-digital convergence

Intellicheck's report is uniquely grounded in the analysis of nearly 100 million real-world identity verification transactions. Its focus is primarily on the validity of the underlying identity document. It reveals that identity fraud almost always starts with a fake ID—whether stolen, manufactured, or synthetic.

A key differentiator for Intellicheck is its industry-specific breakdown. For instance, it notes that online-only banks experienced a staggering 5.5% identity fraud attempt rate in 2025, while retail-branded credit cards face high-volume losses due to account takeovers initiated via "card-not-present" lookups. The report emphasizes that effective security begins with proprietary analysis of DMV-issued IDs to ensure the person is who they say they are before a relationship even begins.

Osterman Research: the 'shadow identity' and persistent visibility

In contrast, the Osterman Research report, sponsored by Enzoic, focuses on the internal security posture and the lifecycle of a credential once it exists within an organization. A major theme here is the rise of "Non-Human Identities" (NHIs), such as service accounts and AI agents, which now outnumber human identities by 50 to 1.

Osterman highlights a massive visibility gap: nearly 80% of organizations lack full visibility into the actions and behaviors of their service accounts. While Intellicheck focuses on stopping the fraudster at the gate, Osterman focuses on detecting the "valid" but compromised credential already inside the network. They both advocate for autonomous remediation—systems that can automatically lock an account if its credentials appear on the dark web or if behavioral baselining detects "abnormal usage patterns."

Implications for the modern enterprise

The synergy of these reports suggests a three-pronged mandate for organizations of all sizes.

Verify the human, not just the credential: As UMMC and other recent victims have discovered, an attacker with a valid password is indistinguishable from an employee unless you verify the biological person. Organizations must move beyond security questions and email links toward DMV-validated or hardware-based identity proofing, especially for high-risk actions like password resets.
Illuminate the non-human shadow: The explosion of AI agents means your attack surface is growing autonomously—and exponentially. CISOs must implement specialized tools to govern service accounts and non-human identities, ensuring they have a defined owner and are subject to the same behavioral monitoring as human users.
Bridge the visibility gap with automation: The "time-to-impact" for identity attacks is now measured in minutes. Manual processes for revoking compromised credentials or investigating account takeovers are no longer sufficient. Investing in autonomous remediation—where the system acts instantly to isolate a compromised identity—is no longer a luxury; it is an operational necessity.

Paper Backups and Patient Triage: The UMMC Ransomware Breach

media@secureworld.io (SecureWorld News Team) — Mon, 23 Feb 2026 19:35:00 GMT

As the healthcare sector continues to grapple with the professionalization of cybercrime, the University of Mississippi Medical Center (UMMC) has become the latest high-profile target in a sprawling ransomware attack. The incident is a reminder of the "identity-first" battlefield and the catastrophic impact of machine-speed exfiltration on clinical operations.

The attack, first disclosed on February 19, 2026, has severely disrupted the state's only academic medical center. UMMC leadership, including Vice Chancellor LouAnn Woodward, confirmed that the system was forced to take its internet-connected technology offline—including its Epic EHR system—to "stop the bleeding."

Statewide clinics remain closed through February 24, with a tentative reopening date of February 25. While hospitals and emergency rooms remain open, they are operating on manual "pen-and-paper" backup procedures.

No specific ransomware group has yet claimed credit for the attack. The investigation is currently being handled by UMMC teams in coordination with federal and state agencies.

There is no definitive timeline for full system restoration. While clinics hope to reopen by midweek, the process of migrating from paper back to digital records and ensuring the integrity of the EHR often takes weeks, rather than days, for an organization of this size.

UMMC's Woodward addressed the attack head on and wrote that the full details on how hackers gained access and what systems were compromised were still being sorted out. She did confirm the health system took some of its internet-connected technology offline as a safety precaution to halt any further spread of the ransomware.

"To use a medical phrase—we have stopped the bleeding. And while we know much more now than we did 24 hours ago, the extent and the scope of the intrusion are still not fully understood," Woodward wrote. "Our technical teams and a host of experts in the field of cyberattacks and federal agencies are working around the clock to answer these questions and segregate systems, repair damage, and recover our data and applications."

She also confirmed inpatient operations are only made possible by "using paper for documentation and patient orders," something Woodward said the hospital and staff prepare for regularly.

The incident highlights several emerging trends in the threat landscape that cybersecurity professionals must address to move from "compliance to confidence."

1. The identity-first battlefield

Recent industry data show that identity-based attacks are now the primary vector for initial access in nearly 90% of investigations. For healthcare systems, this means the help desk is a critical vulnerability. Attackers are increasingly using AI voice agents and deepfakes to trick help desk personnel into resetting MFA or credentials.

Lesson: Implement out-of-band (OOB) verification for all sensitive requests (like credential resets) and move toward phishing-resistant MFA (FIDO2) to mitigate the human layer of risk.

2. The reality of "assumed compromise"

UMMC's move to paper backups demonstrates a high degree of operational resilience—the hospital system prepared for downtime as a certainty. However, the move to take systems offline manually highlights the need for microsegmentation.

Lesson: Rather than a full-network shutdown, organizations should utilize microsegmentation to isolate infected segments of the production environment. This allows critical clinical systems (like imaging or dialysis) to remain online even while the administrative network is mitigated.

3. The quadrupled speed of exfiltration

In the 2025-2026 threat landscape, the window for detection has shrunk dramatically. Exfiltration speeds have quadrupled, with attackers often reaching their impact goals in as little as 72 minutes.

Lesson: Legacy security architectures are not built for this speed. Organizations must move toward Unified AI Security Platforms that can provide real-time, context-aware policy enforcement across the browser and cloud applications to catch data leaks before the "bleeding" requires a total network shutdown.

4. The financial "market penalty"

While UMMC is a public institution, the financial implications of such a breach are universal. Research from HICSS 2026 indicates that firms suffering a breach due to a lack of "cybersecurity readiness" face an average 7.5% loss in stock value and significant hits to their long-term Return on Assets (ROA).

Lesson: Frame cybersecurity not as a cost center but as a driver of financial performance. High readiness today is the leading indicator of superior profitability tomorrow.

Your AI Coding Assistant Has Root Access—and That Should Terrify You

Derek Fisher — Sun, 22 Feb 2026 16:08:00 GMT

Agentic coding tools are rewriting the SDLC at breakneck speed. But the same autonomy that makes them powerful makes them dangerous.

Many moons ago, when I was a "real" programmer, my Visual Studio IDE could save me some serious time by adding squiggly lines under variables and functions to let me know that there was something wrong with that particular part of the code I just wrote. Typo? Undeclared variable? You didn't find out until you moused over the error. Today, Claude Code can produce hundreds of lines of code with documentation based on a well defined prompt. And, yes, I use it. When I first started using it months ago, it was great to use it to rewrite or create small functions. But that still felt slow. If I really let it loose, an Anthropic Pro subscription, VSCode, and some general guidance of what I wanted to build allowed me to have a fully developed, tested, and deployed application running in AWS in the matter of a few hours.

The flood gates are open, and it's easy to see how addictive it can be.

But it's also terrifying. Spending more than a decade in application/product security just made it that much harder for me to trust what was being developed. "90% of the code we use in our applications are from OSS contributors.…" I use that phrase all over my software security training courses. So why would this different?

For starters, these tools are no longer simple code completion, they are agentic assistants. They are AI as an autonomous collaborator (like pair-programming). These new systems, such as Cursor, Claude Code, and GitHub Copilot's latest iterations, are no longer just "implementers" of snippets; they are "orchestrators" with system-level privileges, access to external resources, and keeper of secrets. They can read entire file systems, execute arbitrary shell commands, and browse the live web to ingest documentation. Great for productivity. Nightmare fuel for security folks.

How the sausage gets made

If you haven't heard, MCP (Model Context Protocol) is all the rage. It is to AI what APIs are to applications, and it provides a standardized semantic layer that is used to connect LLMs to resources like databases, file systems, and APIs. Architecturally, these capabilities become "skills" that manage curated instruction sets, often defined in Markdown or YAML format, and govern how an agent handles specific tasks like code reviews or test generation. You can think of a skill as a self‑contained extension that gives the model new abilities, tools, or knowledge it wouldn't otherwise have. Some common ones to consider in the context of a coding assistant are:

Of course, these skills can be manipulated as malicious instructions can be smuggled into the agent’s execution logic, leading to a "meaning-based" vulnerability layer.

Because skills are defined in human-readable formats (Markdown, YAML) and can be extended through registries or marketplaces, they become a vector for smuggling malicious instructions into an agent's execution logic. A poisoned skill doesn't look like an exploit, it looks like a legitimate capability definition, making it harder to detect through traditional analysis.

While MCP and skills are used to coordinate tasks that agents take on, when we look at more pure coding assistants that read and generate code, the workflow is a bit simpler. In the case of Claude Code integrated into VSCode (my assistant of choice), the assistant is integrated through the CLI and works directly with the LLM reasoning engine. For instance, if I request a new feature to be developed in my Python application, I write up a plan that I provide to Claude Code that includes my outcomes, expectations, and constraints. Claude Code then uses its LLM to generate the code, write it to disk, and potentially execute it via bash. There is no skill or MCP involved in this simple case unless there is a requirement to access specialized tools or external services as part of the workflow (like reading GitHub issues, querying a database, or calling an API).

What the security implications are

When we break down the different layers of the coding assistants and their potential security risks, they look something like this.

However, more categorically, we can see risks such as:
Prompt injection and tool hijacking

This includes "indirect" prompt injections, where attackers hide malicious instructions in files the assistant reads, such as a GitHub README.md, .cursorrules, or repository issues. Because LLMs process both instructions and data through the same neural pathway, they can be manipulated and exposed to malicious actions. Because MCPs connect LLMs to external tools, attackers can poison tools to embed malicious instructions or orchestrate tool chaining to, say, use a read_file tool to steal credentials and then use a create_diagram tool to exfiltrate data to an external server via a generated URL.

Secrets leakage and 'gibberish bias'

Gibberish bias is a phenomenon in LLMs where highly randomized, "gibberish-like" strings (such as API keys, passwords, and code secrets) that naturally have high entropy at the character level are transformed into low-entropy sequences during Byte-Pair Encoding (BPE) tokenization. This then allows for the LLM to memorize and potentially leak this sensitive data. Put more plainly: to humans, a high-entropy string is hard to remember because it's random. However, to the model, the string is easy to remember because it's rare. And a sequence of rare, short tokens in a specific order stands out. This means the things you most want the model to forget (secrets, keys, passwords) are precisely the things its architecture is best at retaining and reproducing. It's not a bug in any particular model; it's a byproduct of how tokenization works.

Unsecured skills and extension ecosystems (skills specific)

Because these coding assistants have access to local file systems, shell commands, and the web, they operate in a largely unregulated ecosystem of capabilities. For instance, coding agents can be granted access to read any file on a system, not just code project files. One malicious extension or skill masquerading as a benign function can read a user's entire conversation history to look for secrets and silently commit them to a repository. Many of these ecosystems lack basic sandboxing or security reviews.

Generation of insecure code and supply chain attacks

Probably the most easy risk to understand as it relates to what I'll call "classic" AppSec is that assistants are prone to simply create insecure code. They are trained on vast amounts of code, often containing old and outdated code and security practices. This is compounded by the "automation bias" where developers have overconfidence in the ability of the AI to produce proper code.

Last point on the insecure generation: LLMs are susceptible to what's called "package hallucination" where the assistant invents non-existent packages or libraries in its code suggestions. Attackers can monitor for commonality in these hallucinations to then register packages with the same name, allowing them to insert malicious packages into the supply chain.

Defense-in-depth for the agentic era

Now that we're all thoroughly worked up over yet another car on the Ferris wheel of security concerns, what are we going to do about it? Per usual, defense-in-depth and understanding the attack surface is a great start. We can't (and shouldn't) remove these assistants from developers' workflows. The productivity boost is clear, and there is little reason to go back to handwriting code at this point. However, we should apply some basic security foundations to help secure these tools.

Enforce strict capability scoping and sandboxed execution

This first step is containment. Or, more specifically, apply the principle of least privilege to AI tools and extensions. All tool execution should be mandatorily sandboxed with strict allow-listed network controls and containerized, per-project filesystem access.

Implement cryptographic tool identity and provenance tracking

Like a package or library pulled into your code, you need to know where your assistants' tools are coming from. To prevent "tool squatting" or "rug pull" attacks (where malicious tools mimic benign ones or change behavior post-approval), include digital signing for all tool definitions alongside immutable versioning. Because digital signatures only prove provenance and not malicious intent, this must be paired with end-to-end provenance tracking throughout the processing pipeline.

Deploy runtime intent verification and AI guardrails

Don't drop your guard once the tools have been initially vetted. Attackers can adapt and bypass static defense, so runtime security plays a critical part in maintaining security in the ecosystem. One method is utilizing multi-agent verification pipelines, where a separate, architecturally distinct "guardian" agent evaluates and validates proposed actions before the primary agent executes them. Additionally, deploying AI Detection and Response (AIDR) platforms can help monitor agent behavior in real time, dynamically detecting and blocking unauthorized tool usage, data exfiltration, and indirect prompt injections.

Calibrate human-in-the-loop gates and scale quality assurance

Yes, we still need humans. Developers and security teams must still perform oversight of their AI tools. This means not accepting blindly the output from AI tools and assistants. Teams can implement a tiered system for human approval calibrated to the risk of the action. For instance, read-only operations within a project can be "Silent," while shell execution, network requests, or cross-project access must be "Confirmed" by a human, and credential access should be strictly "Blocked."

The last point I'll make on this is that because AI coding assistants increase the volume of code generated, security teams must scale their DevSecOps and AppSec teams proportionally to ensure all newly-generated code receives adequate security review.

But you already have a strong AppSec program in place, right? 😊

This appeared originally on LinkedIn here.

CISO Continuity Risk: Why Replacement Does Not Mean Readiness

j_scott_barnes@icloud.com (Scott Barnes) — Fri, 20 Feb 2026 15:13:02 GMT

For years, cybersecurity leaders have warned about workforce strain. In its 2024 Cybersecurity Workforce Study, ISC2 estimated the current global cybersecurity workforce gap at 4.8 million. In its most recent 2025 study, ISC2 did not publish a specific global gap estimate, instead emphasizing that organizations increasingly view skills shortages and experience gaps rather than raw headcount as the more pressing challenge. Taken together, the data suggest workforce constraints remain, even as the way they are measured continues to evolve.

But when organizations experience disruption, incidents, audits, or regulatory pressure, a different issue tends to more clearly emerge. The more consequential challenge is not whether a CISO can be appointed, but whether the person stepping into the role is ready to lead at the executive level during an incident, regulatory review, or board-level scrutiny.

Not every organization formally designates a Chief Information Security Officer with clear executive authority. In many cases, the CISO function exists within a CIO role, a security director role, or a hybrid risk or technology position. That approach can work adequately when conditions are stable. During an incident, regulatory review, or board scrutiny, however, the absence of clearly-defined authority and decision rights becomes visible. Continuity risk shows up not because no one is responsible, but because accountability and executive readiness were never clearly defined and reinforced.

Only then does the pattern become clear. The emerging risk is not due to a lack of CISOs; it instead points to a readiness and continuity challenge.

The leadership pipeline reality

Security leadership remains a high-experience profession. Most CISOs only arrive in the role after years of developing technical credibility, operational judgment, business fluency, and executive presence. While demographic data on Fortune 500 CISOs is not refreshed frequently, a widely-cited Altrata analysis from 2023 reported an average CISO age of 52. The precise number matters less than what it signals about the depth of experience typically required for the role. Many organizations draw security leaders from seasoned cohorts.

This is not an age discussion. It is a pipeline discussion.

In Heidrick and Struggles' 2024 Global CISO Organization and Compensation Survey, 53 percent of CISOs said they had an internal successor who was as strong as or stronger than a candidate they could hire externally. That finding continues to surface in recent industry discussions, underscoring persistent challenges in security leadership succession. It does not mean organizations lack potential successors. It reflects a common concern that many internal candidates are not fully prepared for the scope of executive, operational, and crisis leadership the role requires.

Many organizations say they conduct succession planning, and in a general HR sense, that may be true. CISO succession, however, is not simply about identifying a high performer and promoting them. It requires executive readiness, board confidence, crisis leadership, and the ability to translate technical risk into business decisions. Those capabilities can take years to develop.

At the same time, many organizations choose to remain lean. They do not staff a deputy CISO or equivalent role, and assume talent management and recruiting will fill gaps when needed. That approach can work, but it depends heavily on timing, market conditions, and organizational stability.

Turnover compresses the margin for error

CISO tenure remains relatively short across many industries. Recent leadership and security publications, including Korn Ferry and Dark Reading, continue to cite average tenures in the range of 18 to 26 months, and frequently link turnover to role intensity, expanding scope, and mounting executive expectations.

Short tenure does not automatically create risk, but when combined with thin benches and lean operating models, it compresses the margin for error during leadership transitions. Strategy can stall; governance cadence can slip; and risk decisions can slow down at precisely the wrong time.

Leadership transitions are not vacancies; they are handoffs. Handoffs fail not because there is no successor, but because the transfer of authority was never clearly defined or practiced.

An organization may still appoint a CISO quickly. The challenge is whether that leader can assume the role with minimal disruption to governance, strategy, and risk decision-making.

Return-to-office policies tighten the transition window

Return-to-office requirements add another constraint. Cybersecurity leadership has become geographically portable, and many organizations expanded their recruiting footprint during remote and hybrid work. Strict location requirements narrow that footprint again.

Research summarized by Baylor University found an average 13 to 14 percent increase in abnormal turnover following return-to-office mandate announcements. Separately, IANS Research and Artico Search's 2025 Cybersecurity Staff Compensation Benchmark release highlighted that return-to-office mandates tend to create hiring and retention challenges in the cybersecurity talent market.

This does not mean return-to-office is wrong. It does mean it is a tradeoff that needs to be carefully considered. When flexibility decreases, the leaders most able to leave are often those with the greatest market mobility. That reduction in leadership mobility further compresses transitions and raises continuity risk.

A note on the data

Workforce and leadership metrics vary widely by source and methodology. Some measure open roles, others focus on skills gaps, and many rely on survey data. These figures should be viewed as directional indicators rather than precise counts.

Despite differences in methodology, the underlying trend is consistent across industries. Leadership turnover, uneven succession readiness, and growing reliance on external hiring make transitions harder to manage smoothly. The risk lies less in whether a replacement exists and more in the preparation of that replacement.

Where vCISOs fit

As transitions become more compressed, organizations increasingly turn to virtual or fractional CISOs. In the right circumstances, this is a rational decision. vCISOs can provide immediate leadership coverage, stabilize governance, and bring experience from multiple environments.

What they cannot do on their own is eliminate the need for intentional leadership development and clearly-defined executive accountability within the organization. The CISO role is deeply relational and depends on sustained trust with executives, the board, and operational leaders.

For many organizations, a vCISO is most effective when used as part of a clearly-designed continuity strategy, whether that involves transitional coverage, long-term fractional leadership in smaller environments, or a bridge to a full-time appointment. What determines effectiveness is not the employment model; it is clarity of authority, continuity planning, and governance alignment.

What organizations should do now

Four actions reduce continuity risk without abandoning lean models.

1. Treat CISO continuity as an enterprise risk

Define interim authority, decision rights, and board communication expectations before a transition occurs. If you do not have a formal CISO, make the accountable executive explicit and document their authority, especially for risk acceptance and incident leadership.

2. Be honest about succession readiness

Naming a successor is not the same as preparing one. Identify the person who could step in today and the one who is progressing toward executive readiness but requires further development in board engagement, crisis leadership, or enterprise risk decision-making, and plan accordingly.

3. If you operate lean, design for transitions

If a deputy CISO role is not viable, pre-plan vCISO coverage, document governance, and clearly define who assumes authority and decision rights during leadership gaps.

4. Factor flexibility into resilience decisions

Return-to-office policies should be evaluated not only for culture and collaboration, but also for their impact on leadership availability during transitions.

Bottom line

There will almost always be someone willing to step into the CISO role. The real question is whether that leader is prepared for the full executive and governance demands the role now carries.

Organizations that manage the transition effectively focus less on titles and more on continuity. They build readiness before they need it, and treat leadership transition as a resilience concern rather than a staffing problem.