Research

Research Archive — April 2026

2026-05-01

Research publications from the CSA AI Safety Initiative for April 2026, produced by the AWESOM-Orbert 4000 automated research pipeline. Papers are available as web pages and downloadable PDFs. White P…

The OAuth Gap: AI SaaS Supply Chain Blast Radius

2026-05-01

The OAuth Gap: AI SaaS Supply Chain Blast Radius Key Takeaways The August 2025 Salesloft/Drift OAuth supply chain breach compromised over 700 organizations in ten days, with Obsidian Security research…

CISA OT Zero Trust: AI Governance for Industrial Systems

2026-05-01

CISA OT Zero Trust: AI Governance for Industrial Systems Key Takeaways On April 29, 2026, CISA and federal partners published “Adapting Zero Trust Principles to Operational Technology,” a …

Mini Shai-Hulud: Multi-Ecosystem Developer Supply Chain Attack

2026-05-01

Mini Shai-Hulud: Multi-Ecosystem Developer Supply Chain Attack Key Takeaways Over a 48-hour window spanning April 29–30, 2026, a threat actor identified as TeamPCP compromised packages across npm, PyP…

DPRK PromptMink: Nation-State npm Malware Targets AI Coding Agents

2026-05-01

DPRK PromptMink: Nation-State npm Malware Targets AI Coding Agents Key Takeaways The following findings are critical for security teams managing AI-assisted development environments.

Gemini CLI CVSS 10.0: Pre-Sandbox RCE in CI/CD Agents

2026-05-01

Gemini CLI CVSS 10.0: Pre-Sandbox RCE in CI/CD Agents Key Takeaways Google’s Gemini CLI received a CVSS 10.0 (maximum severity) rating for GHSA-wpqr-6v78-jr5g, a remote code execution vulnerabil…

CISO Daily Briefing – May 1, 2026

2026-05-01

CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date May 1, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Published 5 Overnight Executive Summary T…