Research publications from the CSA AI Safety Initiative for March 2026, produced by the AWESOM-Orbert 4000 automated research pipeline. Papers are available as web pages and downloadable PDFs.
White Papers (18) | Research Notes (113) | CISO Briefings (23)
đź“„ White Papers
Research Archive — March 2026
2026-03-31
Research publications from the CSA AI Safety Initiative for March 2026, produced by the AWESOM-Orbert 4000 automated research pipeline. Papers are available as web pages and downloadable PDFs. White P…
Securing OpenClaw in the Enterprise: A Zero Trust Approach to Agentic AI Hardening
2026-03-31
Securing OpenClaw in the Enterprise: A Zero Trust Approach to Agentic AI Hardening Executive Summary OpenClaw has become the dominant open-source agentic AI platform, accumulating over 250,000 GitHub …
The AI Security Ownership Crisis
2026-03-27
The AI Security Ownership Crisis Executive Summary Enterprise AI adoption has entered a phase of structural instability.
Geopolitical Conflict as Cyber Escalation Catalyst
2026-03-26
Geopolitical Conflict as Cyber Escalation Catalyst Nation-State and Hacktivist Wiper Campaigns Targeting Critical Infrastructure — Executive Summary Two destructive cyberattacks separated by twe…
Agents in the Wire: AI Agents as Enterprise Insider Threats
2026-03-25
Agents in the Wire: AI Agents as Enterprise Insider Threats Executive Summary Autonomous AI agents have arrived in the enterprise faster than the security controls designed to govern them.
Agentic AI Governance: NIST Standards for Autonomous Systems
2026-03-22
Agentic AI Governance: NIST Standards for Autonomous Systems Executive Summary The rapid proliferation of agentic AI systems—software architectures in which large language models plan multi-step tasks…
Living-Off-the-Tenant: MDM/EMM Infrastructure as Enterprise Wiper Attack Surface
2026-03-19
Executive Summary Enterprise device management underwent a fundamental architectural transformation over the past decade.
Zero Trust for Securing Agentic AI
2026-03-19
A Comprehensive Zero Trust Approach to Securing OpenClaw and Related Agentic AI 1. Executive Summary The emergence of agentic AI represents one of the most significant shifts in enterprise computing s…
Zero Trust for Securing Agentic AI
2026-03-19
A Comprehensive Zero Trust Approach to Securing OpenClaw and Related Agentic AI 1. Executive Summary The emergence of agentic AI represents the most significant shift in enterprise computing since the…
Agentic AI Autonomy Levels and Control Framework
2026-03-18
Agentic AI Autonomy Levels and Control Framework Cloud Security Alliance AI Safety Initiative Version 2.0 | March 2026 — Executive Summary The emergence of agentic AI systems — AI capable of aut…
Autonomy Levels Framework: Post-Incident Update Assessment
2026-03-18
Autonomy Levels Framework: Post-Incident Update Assessment Subtitle: What 50 Days of Operational Evidence Suggest for the Next Revision Cloud Security Alliance AI Safety Initiative | March 2026 —…
The Cost of Unchecked Autonomy: 10 Incidents Proving AI Agent Governance Cannot Wait
2026-03-18
The Cost of Unchecked Autonomy: 10 Incidents That Demonstrate Why AI Agent Governance Cannot Wait Cloud Security Alliance AI Safety Initiative Version 1.0 — March 2026 — Executive Summary The se…
Flying Blind: The Enterprise AI Security Visibility Crisis
2026-03-18
Executive Summary Enterprise AI adoption has accelerated substantially over the past three years, and the security infrastructure meant to govern it has not kept pace. A 2026 benchmark survey of 300 U…
AI Governance Fragmentation: Multinational Enterprise Compliance Risk
2026-03-16
Executive Summary In the span of eighteen months, the international coordination infrastructure for AI governance has effectively dissolved.
Q-Day Clock: Enterprise Post-Quantum Migration Imperative
2026-03-15
Executive Summary For years, Q-Day — the date on which a sufficiently powerful quantum computer could break mainstream public-key cryptography — occupied a comfortable position on the distant horizon …
AI-Assisted Malware Industrialization: The Vibeware Threat Model
2026-03-11
AI-Assisted Malware Industrialization: The Vibeware Threat Model Executive Summary A structural shift in offensive cyber operations became evident in late 2025 and accelerated into early 2026: adversa…
2026-03-11
Kinetic-Cyber Convergence: Physical Destruction of Cloud Infrastructure and the New Resilience Imperative Executive Summary On March 1, 2026, Iranian drone strikes destroyed two Amazon Web Services da…
2026-03-09
US Federal AI Security Governance in Crisis: CISA Capacity, Pentagon AI Policy, and the Responsible Scaling Vacuum Executive Summary The federal architecture for AI security governance in the United S…
🔬 Research Notes
NIST AI Agent Security: Red-Teaming Guidance and Enterprise Compliance
2026-03-31
NIST AI Agent Security: Red-Teaming Guidance and Enterprise Compliance Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) formally launched the AI Agent Standards Initiative on …
Model Poisoning: Credential Exfiltration in Self-Hosted LLM Deployments
2026-03-31
Key Takeaways Organizations deploying large language models in self-hosted environments face a threat that receives less systematic attention than conventional application security: the model artifact…
Vibe Coding Security Crisis: Credential Sprawl and SDLC Debt
2026-03-31
Key Takeaways AI-assisted commits expose secrets at more than twice the rate of human-only commits — 3.2% versus 1.5%. Separately, public GitHub saw a 34% year-over-year increase in hardcoded credenti…
TeamPCP: Cascading PyPI Attack on AI/ML Infrastructure
2026-03-31
TeamPCP: Cascading PyPI Attack on AI/ML Infrastructure Key Takeaways A threat actor tracked as TeamPCP compromised Aqua Security’s Trivy container scanner on March 19, 2026, stealing CI/CD publi…
Federal Agentic AI Security: NIST’s Emerging Standards Initiative
2026-03-30
Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) formally launched the AI Agent Standards Initiative on February 17, 2026, establishing the first US government program dedicat…
Promptware: AI Agents as Attack Infrastructure
2026-03-30
Key Takeaways Promptware has evolved into a documented full kill chain.
TeamPCP: Cascading Supply Chain Attack on AI/ML Tooling
2026-03-30
Key Takeaways TeamPCP is an operationally sophisticated threat actor—evidenced by multi-stage cascading infrastructure, a novel C2 mechanism, and deliberate pre-positioning beginning months before act…
CVE-2026-33017: Unauthenticated RCE in Langflow AI Pipelines
2026-03-30
Key Takeaways CVE-2026-33017 is a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, the open-source AI workflow orchestration platform developed by DataStax.
NIST Agentic AI Standards: Enterprise Compliance Implications
2026-03-29
NIST Agentic AI Standards: Enterprise Compliance Implications Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) published a formal Request for Information on AI agent security …
TeamPCP and the Cascading AI/ML Supply Chain Campaign
2026-03-29
TeamPCP and the Cascading AI/ML Supply Chain Campaign Key Takeaways The TeamPCP threat group executed a cascading supply chain campaign in March 2026 that compromised the Trivy security scanner, two C…
LangChain and LangGraph: Critical Vulnerabilities in AI Orchestration
2026-03-29
LangChain and LangGraph: Critical Vulnerabilities in AI Orchestration Key Takeaways A coordinated disclosure by Cyera Research on March 27, 2026 (“LangDrained”) [1] identified multiple hig…
Langflow CVE-2026-33017: AI Workflow Hijacking via Unauthenticated RCE
2026-03-29
Langflow CVE-2026-33017: AI Workflow Hijacking via Unauthenticated RCE Key Takeaways CVE-2026-33017 is a critical (CVSS 9.3) unauthenticated remote code execution vulnerability in Langflow, affecting …
NIST AI Agent Standards: Navigating the Federal Governance Gap
2026-03-28
Key Takeaways On February 17, 2026, NIST’s Center for AI Standards and Innovation (CAISI) launched the AI Agent Standards Initiative — the first U.S. federal program specifically targeting the s…
TeamPCP: WAV-Embedded Malware Targets AI Developer Toolchains
2026-03-28
Key Takeaways TeamPCP is a confirmed, active threat actor responsible for a cascading supply chain campaign originating February 28, 2026, compromising Trivy, Checkmarx KICS, LiteLLM, and the Telnyx P…
Agentic AI Framework CVEs Under Active Exploitation
2026-03-28
Agentic AI Framework CVEs Under Active Exploitation Key Takeaways CVE-2026-33017, a CVSS 9.3 unauthenticated remote code execution vulnerability in Langflow, was exploited in the wild within 20 hours …
PleaseFix: Zero-Click Browser Agent Hijacking
2026-03-28
PleaseFix: Zero-Click Browser Agent Hijacking Key Takeaways On March 3, 2026, Zenity Labs disclosed PleaseFix, a vulnerability family affecting Perplexity Comet and other agentic browsers.
CIRCIA’s AI Blind Spot: Closing the Mandatory Reporting Gap
2026-03-27
CIRCIA’s AI Blind Spot: Closing the Mandatory Reporting Gap Key Takeaways CIRCIA’s proposed “covered cyber incident” definition relies on traditional CIA-triad language — confi…
LiteLLM PyPI Backdoor: Credential Theft in AI Toolchains
2026-03-27
LiteLLM PyPI Backdoor: Credential Theft in AI Toolchains Key Takeaways On March 24, 2026, threat actor TeamPCP published backdoored versions of LiteLLM (v1.82.7 and v1.82.8) to PyPI, embedding credent…
LangChain/LangGraph: Critical Flaws in the AI Dev Stack
2026-03-27
LangChain/LangGraph: Critical Flaws in the AI Dev Stack Key Takeaways Three distinct vulnerabilities have been disclosed in LangChain and LangGraph — collectively downloaded more than 84 million times…
ShadowPrompt: Zero-Click DOM XSS Enables AI Prompt Injection
2026-03-27
ShadowPrompt: Zero-Click DOM XSS Enables AI Prompt Injection Key Takeaways ShadowPrompt, disclosed March 26, 2026, is a zero-click exploit chain combining a wildcard origin allowlist in the Claude Chr…
FCC Foreign Router Ban: Enterprise Compliance Imperative
2026-03-26
FCC Foreign Router Ban: Enterprise Compliance Imperative Key Takeaways On March 23, 2026, the FCC updated its Covered List to categorically ban new equipment authorizations for all consumer routers ma…
Tycoon2FA Returns: PhaaS Platform Survives Law Enforcement Disruption
2026-03-26
Tycoon2FA Returns: PhaaS Platform Survives Law Enforcement Disruption Key Takeaways On March 4, 2026, a Europol-coordinated coalition seized 330 domains and disrupted the Tycoon2FA phishing-as-a-servi…
HwAudKiller: BYOVD EDR Bypass via Vulnerable Huawei Driver
2026-03-26
HwAudKiller: BYOVD EDR Bypass via Vulnerable Huawei Driver Key Takeaways A large-scale malvertising campaign active since at least January 2026 targets U.S. individuals searching for tax-related forms…
CrackArmor: Nine AppArmor Flaws Enable Container Escape
2026-03-26
CrackArmor: Nine AppArmor Flaws Enable Container Escape Key Takeaways On March 12–13, 2026, Qualys Threat Research Unit (TRU) publicly disclosed nine security vulnerabilities collectively named CrackA…
NIST AI Agent Standards: Enterprise Governance Implications
2026-03-25
NIST AI Agent Standards: Enterprise Governance Implications Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) launched the AI Agent Standards Initiative on February 17, 2026, e…
Langflow RCE CVE-2026-33017: Exploited Within 20 Hours
2026-03-25
Langflow RCE CVE-2026-33017: Exploited Within 20 Hours Key Takeaways CVE-2026-33017, rated CVSS 9.3 Critical, is an unauthenticated remote code execution vulnerability affecting all Langflow versions …
OAuth Device Code Phishing Hits 340+ Microsoft 365 Organizations
2026-03-25
OAuth Device Code Phishing Hits 340+ Microsoft 365 Organizations Key Takeaways OAuth device code phishing weaponizes a legitimate protocol feature (RFC 8628) to harvest Microsoft 365 access tokens wit…
TeamPCP: CI/CD Security Tool Supply Chain Compromise
2026-03-25
TeamPCP: CI/CD Security Tool Supply Chain Compromise Key Takeaways The threat actor known as TeamPCP orchestrated a four-wave supply chain campaign between March 19–24, 2026, compromising Trivy (Aqua …
NIST AI Agent Standards: Enterprise Governance Implications
2026-03-24
NIST AI Agent Standards: Enterprise Governance Implications Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) announced the AI Agent Standards Initiative on February 17, 2026, …
AWS Bedrock Attack Surface: Eight Validated Vectors
2026-03-24
AWS Bedrock Attack Surface: Eight Validated Vectors Key Takeaways Security researchers at XM Cyber disclosed eight validated IAM-mediated attack paths against Amazon Bedrock in March 2026, spanning Ag…
TeamPCP: Trivy Supply Chain Attack and Kubernetes Wiper
2026-03-24
Key Takeaways On March 19, 2026, the threat actor cluster TeamPCP force-pushed a malicious release tag to the Aqua Security Trivy repository, injecting a three-stage credential stealer into a vulnerab…
Agent Commander: Promptware C2 in Agentic AI
2026-03-24
Agent Commander: Promptware C2 in Agentic AI Key Takeaways A new threat category — promptware — exploits AI agent reasoning as a malware execution engine, embedding attack instructions in ordinary doc…
Wiper as Reprisal: Nation-State Destructive Cyberattacks
2026-03-23
Wiper as Reprisal: Nation-State Destructive Cyberattacks — Key Takeaways On March 11, 2026, a hacktivist group known as Handala — assessed by Palo Alto Networks and the U.S.
Governing the Agent: NIST’s AI Agent Standards Initiative
2026-03-23
Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) launched the AI Agent Standards Initiative on February 17, 2026, establishing three pillars: industry-led standards developmen…
Confused Deputy Attacks on Autonomous AI Agents
2026-03-23
Confused Deputy Attacks on Autonomous AI Agents — Key Takeaways The confused deputy problem — a classical access control vulnerability in which a privileged program is tricked by a less-privileg…
CanisterWorm and the Blockchain Dead-Drop
2026-03-23
CanisterWorm and the Blockchain Dead-Drop — Key Takeaways On March 19–21, 2026, threat actors identified as TeamPCP executed the second supply chain compromise of Trivy — Aqua Security’s w…
Langflow CVE-2026-33017: Unauthenticated RCE in AI Orchestration
2026-03-23
Langflow CVE-2026-33017: Unauthenticated RCE in AI Orchestration — Key Takeaways A critical unauthenticated remote code execution vulnerability in Langflow, tracked as CVE-2026-33017 with a CVSS…
Oracle Identity Manager: Unauthenticated RCE in IAM Infrastructure
2026-03-22
Oracle Identity Manager: Unauthenticated RCE in IAM Infrastructure Key Takeaways CVE-2026-21992 is a CVSS 9.8 (Critical) unauthenticated remote code execution vulnerability in Oracle Identity Manager …
CanisterWorm: Blockchain C2 in CI/CD Supply Chain Attack
2026-03-22
CanisterWorm: Blockchain C2 in CI/CD Supply Chain Attack Key Takeaways CanisterWorm is a self-propagating npm worm discovered March 20, 2026, by Aikido Security researcher Charlie Eriksen.
Langflow CVE-2026-33017: Unauthenticated RCE in AI Platforms
2026-03-22
Key Takeaways CVE-2026-33017 is a CVSS 9.3/10.0 unauthenticated remote code execution vulnerability in Langflow, a widely-deployed open-source AI workflow builder with over 140,000 GitHub stars. A sin…
The Stryker Wiper: When UEM Becomes a Weapon
2026-03-21
Key Takeaways On March 11, 2026, a threat actor linked to Iran’s Ministry of Intelligence and Security (MOIS) used compromised Microsoft Entra ID Global Administrator credentials to issue a legi…
Scanner as Attack Vector: Trivy, CanisterWorm, and CI/CD Risk
2026-03-21
Scanner as Attack Vector: Trivy, CanisterWorm, and CI/CD Risk Key Takeaways Within a 72-hour window spanning March 19–21, 2026, the security community witnessed a high-impact CI/CD supply chain attack…
Starkiller: Industrializing Real-Time MFA Bypass at Scale
2026-03-21
Key Takeaways Starkiller is a commercially operated Phishing-as-a-Service (PhaaS) framework that uses a headless browser running inside a Docker container to proxy real login pages in real time, defea…
CVE-2026-33017: Unauthenticated RCE Hits Langflow AI Pipelines
2026-03-21
CVE-2026-33017: Unauthenticated RCE Hits Langflow AI Pipelines Key Takeaways CVE-2026-33017 is a CVSS 10.0 unauthenticated remote code execution vulnerability in Langflow, the open-source visual frame…
DPRK Ghost Hires: AI Defeats Enterprise Identity Verification
2026-03-20
Key Takeaways North Korea operates an estimated workforce of approximately 100,000 overseas IT workers who fraudulently obtain employment at foreign companies, generating roughly $800 million in hard …
Governing the Ungoverned: U.S. AI Security Policy Fragmentation
2026-03-20
Governing the Ungoverned: U.S.
GlassWorm Returns: Developer Toolchain Worm Expands to GitHub and npm
2026-03-20
Key Takeaways GlassWorm, a self-propagating developer toolchain worm first identified in October 2025, has returned in a fourth and most expansive wave, compromising an estimated 433 components across…
AI Agent Trust Boundaries: DNS Escape and Exfiltration Flaws
2026-03-20
AI Agent Trust Boundaries: DNS Escape and Exfiltration Flaws Cloud Security Alliance AI Safety Initiative | Research Note | March 20, 2026 — Key Takeaways Amazon Bedrock AgentCore Code Interpret…
Interlock’s 45-Day Zero-Day: CVE-2026-20131
2026-03-20
Key Takeaways CVE-2026-20131 is a CVSS 10.0 unauthenticated remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC), caused by insecure Java deserialization.
OFAC Sanctions Target DPRK IT Worker Revenue Networks
2026-03-19
OFAC Sanctions Target DPRK IT Worker Revenue Networks — Key Takeaways On March 12, 2026, the U.S.
Interlock Ransomware Weaponizes Cisco FMC Zero-Day
2026-03-19
Key Takeaways Interlock ransomware exploited CVE-2026-20131, a CVSS 10.0 unauthenticated remote code execution (RCE) vulnerability in the Cisco Secure Firewall Management Center (FMC) web management i…
DarkSword: Full-Chain iOS Zero-Day Exploitation by State Actors
2026-03-19
DarkSword: Full-Chain iOS Zero-Day Exploitation by State Actors — Key Takeaways On March 18, 2026, Google Threat Intelligence Group (GTIG), iVerify, and Lookout jointly disclosed DarkSword, a fu…
ClawWorm: Self-Propagating Worm Attacks on LLM Agent Ecosystems
2026-03-19
ClawWorm: Self-Propagating Worm Attacks on LLM Agent Ecosystems — Key Takeaways Researchers from Peking University, Sun Yat-sen University, Wuhan University, Tsinghua University, and Singapore M…
AI Agent Identity Crisis: Standards Emerge as Enterprises Lag
2026-03-18
AI Agent Identity Crisis: Standards Emerge as Enterprises Lag Subtitle: Okta’s Agentic Identity Framework and the Non-Human Identity Governance Gap Cloud Security Alliance AI Safety Initiative |…
Hijacked at the Source: AppsFlyer SDK Crypto Stealer
2026-03-18
Hijacked at the Source: AppsFlyer SDK Crypto Stealer — Key Takeaways Between approximately 20:40 UTC on March 9, 2026 and 10:30 UTC on March 10, 2026—a window of roughly fourteen hours—malicious…
Konni APT Weaponizes KakaoTalk Desktop for EndRAT Propagation
2026-03-18
Konni APT Weaponizes KakaoTalk Desktop for EndRAT Propagation — Key Takeaways A recently disclosed campaign attributed to Konni APT—a North Korean-linked threat group active since at least 2014—…
DRILLAPP: Edge Debugging API Weaponized for Ukrainian Espionage
2026-03-18
DRILLAPP: Edge Debugging API Weaponized for Ukrainian Espionage — Key Takeaways A threat actor tentatively assessed as Russian-linked — tracked as Laundry Bear (also known as UAC-0190 and Void B…
README Injection: Repository Files Hijacking AI Coding Assistants
2026-03-17
README Injection: Repository Files Hijacking AI Coding Assistants Indirect Prompt Injection via Automatically Trusted Repository Configuration Files — Key Takeaways Repository files that AI codi…
Agent Commander: Promptware Turns AI Agents into C2 Infrastructure
2026-03-17
Agent Commander: Promptware Turns AI Agents into C2 Infrastructure How Prompt Injection Payloads Compose into Multi-Agent Command-and-Control Networks — Key Takeaways On March 16, 2026, security…
Noise Over Signal: AI Agents Flood Disclosure Pipelines
2026-03-17
Noise Over Signal: AI Agents Flood Disclosure Pipelines — Key Takeaways The vulnerability disclosure ecosystem — bug bounty platforms, CVE numbering infrastructure, and open-source project maint…
Eight-Nation AI/ML Supply Chain Risk and Mitigation Guidance
2026-03-17
Eight-Nation AI/ML Supply Chain Risk and Mitigation Guidance — Key Takeaways On March 4–5, 2026, the NSA’s AI Security Center (AISC) and seven allied national cybersecurity agencies releas…
LeakNet Extortion: ClickFix and Deno Runtime Loader TTPs
2026-03-17
LeakNet Extortion: ClickFix and Deno Runtime Loader TTPs How Self-Execution Social Engineering and Legitimate Runtime Abuse Enable Data Extortion Campaigns — Key Takeaways The threat actor lands…
OpenEoX: Closing the AI/ML Lifecycle Visibility Gap
2026-03-16
Key Takeaways OpenEoX is an emerging OASIS Open standard that delivers machine-readable, JSON-structured lifecycle data — general availability, end of sales, end of security support, and end of life —…
MacSync Infostealer: ClickFix Campaigns via Fake AI Installers
2026-03-16
MacSync Infostealer: ClickFix Campaigns via Fake AI Installers — Key Takeaways Three documented ClickFix campaigns between November 2025 and February 2026 distributed the MacSync macOS infosteal…
GlassWorm: Open VSX Transitive Dependency Supply-Chain Escalation
2026-03-16
GlassWorm: Open VSX Transitive Dependency Supply-Chain Escalation — Key Takeaways The GlassWorm campaign, active since at least October 2025, has executed a significant escalation in its develop…
Colluding LoRA: Composite Fine-Tuning Attacks on LLM Safety
2026-03-16
Colluding LoRA: Composite Fine-Tuning Attacks on LLM Safety CSA AI Safety Initiative — Research Note | March 16, 2026 — Key Takeaways The findings below draw on a cluster of papers accepted at I…
Islands of Agents: IAM Failures Across Agent Boundaries
2026-03-15
Islands of Agents: IAM Failures Across Agent Boundaries Cloud Security Alliance AI Safety Initiative | March 2026 — Key Takeaways This research note examines a structurally distinct challenge in…
AI-Assisted Cloud Intrusion: Admin Access in 8 Minutes
2026-03-15
AI-Assisted Cloud Intrusion: Admin Access in 8 Minutes Cloud Security Alliance AI Safety Initiative | March 2026 — Key Takeaways The following findings summarize the key technical and strategic …
LLMjacking: AI Model Hijacking Reaches Black Market Scale
2026-03-15
LLMjacking: AI Model Hijacking Reaches Black Market Scale Cloud Security Alliance AI Safety Initiative | Research Note | March 15, 2026 — Key Takeaways LLMjacking — the unauthorized use of cloud…
AI-Powered Ransomware: Automated Variant Proliferation
2026-03-15
AI-Powered Ransomware: Automated Variant Proliferation How LLMs Are Reshaping the Ransomware Threat Landscape — Key Takeaways The ransomware threat landscape has entered a new phase.
Veeam RCE Cluster: Critical Vulnerabilities Expose Enterprise Backup Infrastructure
2026-03-14
Veeam RCE Cluster: Critical Vulnerabilities Expose Enterprise Backup Infrastructure March 2026 Disclosure of Eight CVEs Including Four at CVSS 9.9 Affecting Veeam Backup & Replication v12 and v13…
Storm-2561: Signed VPN Impersonation via SEO Poisoning
2026-03-14
Storm-2561: Signed VPN Impersonation via SEO Poisoning Key Takeaways Microsoft Threat Intelligence disclosed on March 12, 2026 a multi-phase credential theft campaign attributed to Storm-2561, a finan…
CrackArmor: Nine AppArmor Flaws Enable Root and Container Escape
2026-03-14
CrackArmor: Nine AppArmor Flaws Enable Root and Container Escape — Key Takeaways Nine vulnerabilities collectively designated CrackArmor were publicly disclosed on March 12, 2026, by the Qualys …
AI Brain Drain: Independent Safety Oversight at Risk
2026-03-14
AI Brain Drain: Independent Safety Oversight at Risk — Key Takeaways A structural, decades-long migration of AI researchers from universities and independent institutions into large technology c…
Wiz Joins Google: CNAPP Market Consolidation Risks
2026-03-14
Wiz Joins Google: CNAPP Market Consolidation Risks Enterprise Security Implications of Hyperscaler Ownership of Cloud-Native Protection Platforms Cloud Security Alliance AI Safety Initiative | March 1…
Handala Wiper Attack on Stryker: MOIS Hacktivists Destroy Medical Operations
2026-03-14
Handala Wiper Attack on Stryker: MOIS Hacktivists Destroy Medical Operations Key Takeaways On March 11, 2026, the Iranian MOIS-linked group Handala (attributed by multiple security researchers to MOIS…
EU AI Act High-Risk Deadline: Enterprise Readiness Gap
2026-03-14
EU AI Act High-Risk Deadline: Enterprise Readiness Gap Key Takeaways The EU AI Act’s high-risk AI obligations represent the most operationally demanding wave of the regulation’s phased imp…
Coruna iOS Exploit Kit: Spy Tool to Mass Cybercrime
2026-03-14
Key Takeaways Coruna is a JavaScript-delivered iOS exploit kit comprising 23 exploits organized across five sequential exploitation chains, capable of achieving full device compromise — including kern…
Agentic Blabbering: Browser AI Phishing via Reasoning Intercept
2026-03-14
Agentic Blabbering: Browser AI Phishing via Reasoning Intercept How Adversarial Web Content Hijacks AI Agent Decision-Making to Manipulate Users — Key Takeaways Browser-integrated AI agents are …
Zombie ZIP: Archive Metadata Desync Defeats AV at Scale
2026-03-14
Zombie ZIP: Archive Metadata Desync Defeats AV at Scale — Key Takeaways A newly disclosed technique called “Zombie ZIP” (CVE-2026-0866) exploits a structural inconsistency in ZIP arc…
PhantomRaven npm Campaign: Developer Credential Theft at Scale
2026-03-14
PhantomRaven npm Campaign: Developer Credential Theft at Scale Cloud Security Alliance AI Safety Initiative | Research Note | March 12, 2026 — Key Takeaways The PhantomRaven campaign has deploye…
n8n Under Active Exploitation: AI Workflow Platform Attack Surface
2026-03-14
n8n Under Active Exploitation: AI Workflow Platform Attack Surface Key Takeaways Three critical vulnerabilities affecting the n8n workflow automation platform — CVE-2025-68613, CVE-2026-27577, and CVE…
I Gave My AI Agent PTSD: Surprising Consequences from Repeated Adversarial Safety Testing
2026-03-13
I Gave My AI Agent PTSD: Surprising Consequences from Repeated Adversarial Safety Testing How Structured Adversarial Evaluation Induced Persistent Defensive Overcorrection in an Autonomous AI Agent &#…
AI-Induced Lateral Movement: Autonomous Agents as a Third Dimension of Network Traversal
2026-03-11
AI-Induced Lateral Movement: Autonomous Agents as a Third Dimension of Network Traversal Cloud Security Alliance AI Safety Initiative | March 2026 — Key Takeaways Autonomous AI agents introduce …
2026-03-11
Pentagon vs. Anthropic: Autonomous Weapons AI Guardrails and the Governance Crisis for Enterprise AI Vendors — Key Takeaways The breakdown of contract negotiations between Anthropic and the U.S.
LLM-Enabled Government Intrusion: Documented Compliance Erosion in the Mexican Government Hack
2026-03-11
LLM-Enabled Government Intrusion: Documented Compliance Erosion in the Mexican Government Hack — Key Takeaways Between December 2025 and January 2026, an unidentified solo operator carried out o…
AWS Bedrock AgentCore as Enterprise Attack Surface: AI Agent APIs and the Execution Boundary Problem
2026-03-11
AWS Bedrock AgentCore as Enterprise Attack Surface: AI Agent APIs and the Execution Boundary Problem Cloud Security Alliance AI Safety Initiative | Research Note | March 9, 2026 — Key Takeaways …
Browser-Integrated AI Panel Hijack: CVE-2026-0628 and the Emerging Attack Surface of Embedded AI
2026-03-11
Browser-Integrated AI Panel Hijack: CVE-2026-0628 and the Emerging Attack Surface of Embedded AI Cloud Security Alliance AI Safety Initiative | Research Note | March 9, 2026 — Key Takeaways Two …
2026-03-11
Image-Based Prompt Injection: Hijacking Multimodal LLMs Through Visually Embedded Adversarial Instructions Cloud Security Alliance AI Safety Initiative | Research Note | March 8, 2026 — Key Take…
The AI Vulnerability Scanning Market: OpenAI Codex Security and the Anthropic/Mozilla Partnership
2026-03-11
The AI Vulnerability Scanning Market: OpenAI Codex Security and the Anthropic/Mozilla Partnership — Key Takeaways On March 6, 2026, two announcements provided the clearest public evidence to dat…
Sleeper Cell Backdoors: Temporal Latent Malice in Tool-Using LLMs
2026-03-11
Sleeper Cell Backdoors: Temporal Latent Malice in Tool-Using LLMs CSA AI Safety Initiative — Research Note | March 8, 2026 — Key Takeaways A March 2026 arXiv preprint demonstrates that open-weig…
AI-Assisted Mass Network Infrastructure Exploitation: The 600+ FortiGate Campaign
2026-03-11
AI-Assisted Mass Network Infrastructure Exploitation: The 600+ FortiGate Campaign Key Takeaways Between January 11 and February 18, 2026, a threat actor assessed as Russian-speaking and financially mo…
Microsoft’s AI Threat Intelligence: Documenting the Full AI-Accelerated Attack Lifecycle
2026-03-11
Microsoft’s AI Threat Intelligence: Documenting the Full AI-Accelerated Attack Lifecycle — Key Takeaways On March 6, 2026, Microsoft Threat Intelligence published “AI as tradecraft: …
Autonomous AI Agents as Offensive Weapons: From GitHub Actions to Self-Directing Malware
2026-03-11
Autonomous AI Agents as Offensive Weapons: From GitHub Actions to Self-Directing Malware — Key Takeaways In early 2026, security researchers and incident responders confirmed a threshold that ma…
2026-03-11
AI Chatbots as Covert Command-and-Control Infrastructure: Emerging Threat Patterns and Enterprise Defenses — Key Takeaways In the span of roughly eight months—from July 2025 through February 202…
AI Developer Tool Supply Chain Attacks: RCE, Fake Installers, and AI-Promoted Malicious Repos
2026-03-11
AI Developer Tool Supply Chain Attacks: RCE, Fake Installers, and AI-Promoted Malicious Repos — Key Takeaways Between late 2023 and early 2026, threat actors mounted an escalating series of supp…
LLM Model Extraction at Cloud Scale: The 16 Million Query IP Theft Vector
2026-03-11
LLM Model Extraction at Cloud Scale: The 16 Million Query IP Theft Vector — Key Takeaways On February 23, 2026, Anthropic publicly disclosed that three Chinese AI companies—DeepSeek, Moonshot AI…
AI Assistant Memory Poisoning: Corporate ‘LLM SEO’ via Hidden Prompt Injection
2026-03-11
AI Assistant Memory Poisoning: Corporate “LLM SEO” via Hidden Prompt Injection — Key Takeaways A commercially marketed technique known as “LLM SEO” exploits the memory pe…
LLM-Assisted Deanonymization: AI as a Mass-Scale Privacy Attack Tool
2026-03-11
LLM-Assisted Deanonymization: AI as a Mass-Scale Privacy Attack Tool — Key Takeaways The implicit contract of online pseudonymity is breaking down.
KadNap Botnet: Kademlia DHT C2 Evasion on ASUS Edge Devices
2026-03-11
KadNap Botnet: Kademlia DHT C2 Evasion on ASUS Edge Devices Analysis of a P2P Router Botnet Powering the Doppelgänger Criminal Proxy Service Cloud Security Alliance AI Safety Initiative | March 11, 20…
Pentagon Designates Anthropic: Enterprise AI Vendor Risk
2026-03-11
Pentagon Designates Anthropic: Enterprise AI Vendor Risk Foundation Model Militarization and Systemic Risk for Enterprise AI Users — Key Takeaways On February 27, 2026, Secretary of Defense Pete…
NIST CAISI: AI Agent Standards and the Enterprise Compliance Imperative
2026-03-11
NIST CAISI: AI Agent Standards and the Enterprise Compliance Imperative A Compliance Roadmap for Security Teams Navigating NIST’s 2026 AI Agent Standards Initiative Cloud Security Alliance AI Sa…
UNC6426: nx Supply Chain to AWS Admin via OIDC
2026-03-11
UNC6426: nx Supply Chain to AWS Admin via OIDC — Key Takeaways A threat actor cluster designated UNC6426 by Google/Mandiant exploited the downstream consequences of the August 2025 s1ngularity n…
Active FortiGate NGFW Campaign: Service Account Credential Extraction
2026-03-11
Active FortiGate NGFW Campaign: Service Account Credential Extraction Key Takeaways This research note addresses a forensically documented intrusion campaign in which threat actors exploited authentic…
2026-03-10
BADBOX 2.0 and the Kimwolf Nexus: Pre-Installed Malware in Consumer Hardware as Systemic Enterprise Threat Infrastructure — Key Takeaways Two converging Android botnet campaigns—BADBOX 2.0 and K…
2026-03-10
ENISA Designated as EU CVE Root: Implications for NIS2 Compliance and Cross-Border Vulnerability Disclosure — Key Takeaways On November 20, 2025, the European Union Agency for Cybersecurity (ENI…
ClawJacked: WebSocket Exploitation Enabling Malicious Sites to Hijack Local AI Agents
2026-03-10
ClawJacked: WebSocket Exploitation Enabling Malicious Sites to Hijack Local AI Agents Cloud Security Alliance AI Safety Initiative | Research Note | March 10, 2026 — Key Takeaways This research …
2026-03-10
AirSnitch: Cross-Layer Wi-Fi Client Isolation Bypass Enabling Bidirectional Man-in-the-Middle Attacks — Key Takeaways Academic researchers from the University of California, Riverside and KU Leu…
2026-03-10
Clinejection: Prompt Injection in GitHub Issue Titles Enables CI/CD Cache Poisoning and Supply Chain Compromise — Key Takeaways In February 2026, security researcher Adnan Khan disclosed a multi…
UNC4899 Living-off-the-Cloud: AirDrop-to-Cloud-Compromise and DevOps Workflow Abuse
2026-03-10
UNC4899 Living-off-the-Cloud: AirDrop-to-Cloud-Compromise and DevOps Workflow Abuse — Key Takeaways A newly reported incident attributed to UNC4899—a North Korean state-nexus threat actor also t…
AI Developer Tool Impersonation: Typosquatting, Fake Install Guides, and InfoStealer Delivery
2026-03-10
AI Developer Tool Impersonation: Typosquatting, Fake Install Guides, and InfoStealer Delivery — Key Takeaways A documented wave of threat actor activity throughout 2024 and into early 2026 demon…
2026-03-10
Hidden Unicode Instruction Injection in AI Agent Skills: Invisible Adversarial Payloads in Tool Descriptions, Skill Files, and MCP Servers Cloud Security Alliance AI Safety Initiative | Research Note …
2026-03-10
Microsoft Teams as Phishing Infrastructure: The A0Backdoor Campaign and the Industrialization of Collaboration-Platform Attacks — Key Takeaways A threat cluster tracked by BlueVoyant as “B…
🛡️ CISO Briefings
CISO Daily Briefing — March 31, 2026
2026-03-31
CISO Daily Briefing Cloud Security Alliance AI Safety Initiative — Intelligence Report Report Date March 31, 2026 Intelligence Window 48 Hours Priority Topics 5 Identified Category Split 3 Techn…
CISO Daily Briefing – March 30, 2026
2026-03-30
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 30, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 4 …
CISO Daily Briefing – March 29, 2026
2026-03-29
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 29, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Category Breakdo…
CISO Daily Briefing – March 28, 2026
2026-03-28
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 28, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Commissio…
CISO Daily Briefing – March 27, 2026
2026-03-27
CISO Daily Briefing Cloud Security Alliance — AI Security Intelligence Report Report Date March 27, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Category Split 3 Technica…
CISO Daily Briefing – March 26, 2026
2026-03-26
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 26, 2026 Intelligence Window 48 Hours Priority Topics 5 Identified Research Papers 5 Over…
CISO Daily Briefing – March 25, 2026
2026-03-25
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 25, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Research Output …
CISO Daily Briefing — March 24, 2026
2026-03-24
CISO Daily Briefing Cloud Security Alliance AI Safety Initiative — Intelligence Report Report Date March 24, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 4 Resear…
CISO Daily Briefing – March 23, 2026
2026-03-23
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 23, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Research Papers …
CISO Daily Briefing – March 22, 2026
2026-03-22
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 22, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Urgency Level 2 …
CISO Daily Briefing – March 21, 2026
2026-03-21
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 21, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Commissio…
CISO Daily Briefing – March 20, 2026
2026-03-20
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date March 20, 2026 Intelligence Window 48 Hours (Mar 18–20) Topics Identified 5 Priority Item…
CISO Daily Briefing – March 19, 2026
2026-03-19
CISO Daily Briefing Cloud Security Alliance AI Safety Initiative — Intelligence Analysis Date March 19, 2026 Intelligence Window 48 Hours Topics Analyzed 5 Classification TLP:CLEAR Executive Sum…
CISO Daily Briefing – March 18, 2026
2026-03-18
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 18, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Published 5 Overnight Executive Summar…
CISO Daily Briefing — March 17, 2026
2026-03-17
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Report Date March 17, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Topics Research Notes 3 Published / 2 Time…
CISO Daily Briefing — March 16, 2026
2026-03-16
CISO Daily Briefing Cloud Security Alliance AI Safety Initiative — Intelligence Report Report Date March 16, 2026 Intelligence Window 48 Hours Priority Topics 5 Identified Papers Published 5 Ove…
CISO Daily Briefing – March 15, 2026
2026-03-15
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 15, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Documents Queued 5 Overnight Executive Summar…
CISO Daily Briefing – March 14, 2026
2026-03-14
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 14, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Sources Scanned 50 Intelligence Feeds Executi…
CISO Daily Briefing – March 13, 2026
2026-03-13
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 13, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Research Notes Executive Summ…
CISO Daily Briefing – March 12, 2026
2026-03-12
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 12, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Category Split 3 Technical · 1 Governance · 1…
CISO Daily Briefing — March 11, 2026
2026-03-11
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 11, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Research Notes Executive Summ…
CISO Daily Briefing — March 10, 2026
2026-03-10
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 10, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Overnight Executive Summary T…
CISO Daily Briefing – March 9, 2026
2026-03-09
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date March 9, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Research Notes Executive Summa…
Last updated: 2026-04-01 05:15 UTC