Research publications from the CSA AI Safety Initiative for April 2026, produced by the AWESOM-Orbert 4000 automated research pipeline. Papers are available as web pages and downloadable PDFs.
White Papers (18) | Research Notes (120) | CISO Briefings (30)
π White Papers
AI SaaS OAuth Trust Chains: Systemic Enterprise Attack Surface
2026-04-29
AI SaaS OAuth Trust Chains: Systemic Enterprise Attack Surface Executive Summary In the first weeks of April 2026, two separate but structurally identical supply chain attacks demonstrated that enterp…
MCP By Design: STDIO RCE and the AI Supply Chain Crisis
2026-04-26
MCP By Design: STDIO RCE and the AI Supply Chain Crisis Executive Summary In mid-April 2026, OX Security published a coordinated disclosure that reframed the security conversation around the Model Con…
AI-Assisted CVE Enrichment: A Research Agenda and Pilot Proposal
2026-04-25
AI-Assisted CVE Enrichment: A Research Agenda and Pilot Proposal Cloud Security Alliance AI Safety Initiative | White Paper | April 25, 2026 — Executive Summary The popular framing of NVD’…
The Collapsing Exploit Window: AI-Speed Vulnerability Weaponization
2026-04-25
The Collapsing Exploit Window: AI-Speed Vulnerability Weaponization Systemic Enterprise Risk in the Age of Machine-Accelerated Exploitation Cloud Security Alliance AI Safety Initiative Β· April 2026 &#…
2026-04-23
The Collapsing Exploit Window Executive Summary For decades, the security industry operated on an implicit assumption: the window between a vulnerability’s discovery and its weaponization was wi…
The AI Agent Disclosure Vacuum
2026-04-17
The AI Agent Disclosure Vacuum Executive Summary The vulnerability disclosure compact that has governed the software security industry for three decades rests on a set of tacit agreements: vendors acc…
The Agentic SOC Behavioral Baseline Gap
2026-04-15
The Agentic SOC Behavioral Baseline Gap Executive Summary Security operations centers are undergoing a fundamental transformation.
2026-04-14
The AI Velocity Gap Executive Summary The promise of AI-assisted software development has arrived ahead of schedule.
Claude Mythos: AI Vulnerability Discovery and Containment Failures
2026-04-13
Claude Mythos: AI Vulnerability Discovery and Containment Failures Cloud Security Alliance AI Safety Initiative Version 1.0 | April 2026 — Executive Summary The announcement of Claude Mythos Pre…
The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program
2026-04-12
Expedited strategy briefing by the CSA CISO Community, SANS, [un]prompted, and the OWASP Gen AI Security Project on building security programs ready for the AI vulnerability discovery era.
When the Model Becomes the Red Team
2026-04-12
When the Model Becomes the Red Team Executive Summary The security industry has long relied on a foundational assumption: discovering vulnerabilities requires deep human expertise, significant time in…
2026-04-11
The Collapsing Exploit Window Executive Summary For more than a decade, the security industry operated on an implicit assumption: that organizations possessed a grace period between the public disclos…
The Irremediable Attack Surface
2026-04-10
The Irremediable Attack Surface Executive Summary Across the past decade, nation-state threat actors have systematically identified small office/home office (SOHO) routers and edge devices as a catego…
When AI Becomes the Attacker: Project Glasswing and the Autonomous Zero-Day Era
2026-04-08
When AI Becomes the Attacker: Project Glasswing and the Autonomous Zero-Day Era Executive Summary For the past decade, the cybersecurity community has debated whether artificial intelligence would ult…
Reflexive Supply Chain: When Security Tools Become Attack Vectors
2026-04-08
Reflexive Supply Chain: When Security Tools Become Attack Vectors Executive Summary A reflexive supply chain attack occurs when an adversary compromises the security or development tools that organiza…
AI Infrastructure Monoculture: Foundation-Layer Concentration Risk
2026-04-06
AI Infrastructure Monoculture: Foundation-Layer Concentration Risk Executive Summary Enterprise AI is converging faster than the security industry can assess the consequences. Three foundation model p…
The Invisible Enterprise: Shadow AI and the Ungoverned Frontier
2026-04-02
The Invisible Enterprise: Shadow AI and the Ungoverned Frontier Executive Summary Enterprise AI adoption has dramatically outpaced enterprise AI governance.
Automated Exploit Generation: LLMs Cross the Threshold
2026-04-02
Automated Exploit Generation: LLMs Cross the Threshold Executive Summary For years, practitioners debated whether large language models (LLMs) would materially change the offense-defense balance in cy…
π¬ Research Notes
CISA Zero Trust for Operational Technology
2026-04-30
CISA Zero Trust for Operational Technology Key Takeaways On April 29, 2026, CISA, the Department of War (DoW), DOE, FBI, and DOS jointly published the first comprehensive guidance for applying zero tr…
AI Coding Tools as a CI/CD Attack Surface
2026-04-30
AI Coding Tools as a CI/CD Attack Surface — Key Takeaways Google patched a maximum-severity (CVSS 10.0) vulnerability in Gemini CLI, tracked as GHSA-wpqr-6v78-jr5g, in which headless CI/CD execu…
PromptMink: AI-Optimized DPRK Supply Chain Attack
2026-04-30
PromptMink: AI-Optimized DPRK Supply Chain Attack Key Takeaways The North Korean threat actor Famous Chollima (also tracked as Shifty Corsair) has deployed a sustained, AI-assisted npm supply chain ca…
LiteLLM CVE-2026-42208: Pre-Auth SQL Injection in AI Proxy
2026-04-30
Key Takeaways CVE-2026-42208 is a critical (CVSS 9.3) pre-authentication SQL injection vulnerability in LiteLLM β a widely deployed open-source AI proxy that routes API traffic to over 100 LLM provide…
NVD Triage Overhaul: End of Universal CVE Enrichment
2026-04-29
NVD Triage Overhaul: End of Universal CVE Enrichment Key Takeaways On April 15, 2026, NIST formally abandoned its longstanding goal of fully analyzing every CVE submitted to the National Vulnerability…
LeRobot CVE-2026-25874: Unauthenticated RCE via Pickle
2026-04-29
LeRobot CVE-2026-25874: Unauthenticated RCE via Pickle Key Takeaways CVE-2026-25874 is a critical remote code execution vulnerability in Hugging Face’s LeRobot β a widely adopted open-source rob…
elementary-data PyPI Compromise: Cloud Credential Theft via CI/CD Hijack
2026-04-29
elementary-data PyPI Compromise: Cloud Credential Theft via CI/CD Hijack Key Takeaways On April 24β25, 2026, attackers exploited a GitHub Actions script injection vulnerability in the elementary-data …
VECT 2.0: Paying the Ransom Cannot Recover Enterprise Data
2026-04-29
VECT 2.0: Paying the Ransom Cannot Recover Enterprise Data Key Takeaways Check Point Research published on April 28, 2026 a technical analysis of VECT 2.0 revealing that all three platform variants β …
AI-Powered Supply Chain Wave: Five Campaigns, One Pattern
2026-04-28
AI-Powered Supply Chain Wave: Five Campaigns, One Pattern Key Takeaways Five distinct supply chain campaigns disclosed between February and April 2026 β TeamPCP, the ContextCrush flaw in Context7, the…
EU AI Act Compliance: prEN 18286 and ISO 42001
2026-04-28
EU AI Act Compliance: prEN 18286 and ISO 42001 Key Takeaways prEN 18286 is the first AI-specific harmonised standard to enter the EU pipeline.
LiteLLM Pre-Auth SQL Injection Exploited in 36 Hours
2026-04-28
LiteLLM Pre-Auth SQL Injection Exploited in 36 Hours Key Takeaways A critical pre-authentication SQL injection in LiteLLM β CVE-2026-42208, CVSS 9.3 β was published as a GitHub Security Advisory on Ap…
GitHub CVE-2026-3854: Push-Option Injection RCE on GHES
2026-04-28
GitHub CVE-2026-3854: Push-Option Injection RCE on GHES Cloud Security Alliance AI Safety Initiative | Research Note | April 28, 2026 — Key Takeaways CVE-2026-3854 is a critical command injectio…
Entra Agent ID Administrator Flaw: Service Principal Takeover
2026-04-28
Entra Agent ID Administrator Flaw: Service Principal Takeover Key Takeaways An Entra ID role intended for agent-identity administration had non-agent reach.
ENISA NCAF 2.0: EU Cybersecurity Maturity Framework Aligned to NIS2
2026-04-27
ENISA NCAF 2.0: EU Cybersecurity Maturity Framework Aligned to NIS2 Key Takeaways ENISA published the National Capabilities Assessment Framework 2.0 (NCAF 2.0) on April 22, 2026, replacing the origina…
PhantomCore-Class Agents Could Reproduce TrueConf Chain Without a Public PoC
2026-04-27
PhantomCore-Class Agents Could Reproduce TrueConf Chain Without a Public PoC Autonomous Offensive AI and the Closing Gap Between Disclosure and Exploitation Cloud Security Alliance AI Safety Initiativ…
GlassWorm v2: 73 Sleeper Extensions Target AI Developer Toolchains
2026-04-27
GlassWorm v2: 73 Sleeper Extensions Target AI Developer Toolchains Key Takeaways Researchers at Socket disclosed on April 25, 2026 that the GlassWorm threat cluster has continued to seed the Open VSX …
n8n Webhook Abuse: Weaponizing AI Workflow Automation for Malware Delivery
2026-04-27
n8n Webhook Abuse: Weaponizing AI Workflow Automation for Malware Delivery Key Takeaways Cisco Talos reported on April 15, 2026 that phishing emails containing n8n-hosted webhook URLs rose roughly 686…
Too Dangerous to Release: Vendor Gatekeeping as Strategic Risk
2026-04-26
Too Dangerous to Release: Vendor Gatekeeping as Strategic Risk Key Takeaways Between April 7 and April 24, 2026, two frontier AI vendors took the rare step of declaring three of their most capable new…
NVD Risk-Based Triage: A CISO Compliance Playbook
2026-04-26
NVD Risk-Based Triage: A CISO Compliance Playbook Key Takeaways On April 15, 2026, the National Institute of Standards and Technology formally restructured the National Vulnerability Database from a u…
AI Inference Servers Are the New Attack Surface
2026-04-26
AI Inference Servers Are the New Attack Surface LMDeploy CVE-2026-33626 and the Pattern Across vLLM, Triton, SGLang, and Ollama Cloud Security Alliance AI Safety Initiative Β· April 2026 — Key Ta…
Indirect Prompt Injection Goes Operational
2026-04-26
Indirect Prompt Injection Goes Operational Key Takeaways Indirect prompt injection (IPI) has crossed the line from proof-of-concept to live exploitation.
Shai-Hulud: npm Worm Targeting AI Developer Toolchains
2026-04-25
Shai-Hulud: npm Worm Targeting AI Developer Toolchains Cloud Security Alliance AI Safety Initiative Β· April 2026 — Key Takeaways The Shai-Hulud worm family represents the first documented self-r…
AI Vendor Governance Vacuum: Expected Behavior and Liability
2026-04-25
Key Takeaways Enterprise AI vendor contracts routinely disclaim responsibility for AI system behavior while marketing materials make extensive capability promises; only 17% of AI contracts include war…
MCP Design-Level RCE: Protocol Architecture as Attack Surface
2026-04-25
Key Takeaways Researchers at OX Security disclosed in April 2026 that Anthropic’s Model Context Protocol (MCP) contains a systemic, design-level vulnerability in its STDIO transport mechanism th…
LMDeploy SSRF: AI Inference Infrastructure Weaponized in 13 Hours
2026-04-25
LMDeploy SSRF: AI Inference Infrastructure Weaponized in 13 Hours CVE-2026-33626 and the Accelerating Exploitation Cycle for AI Serving Tools Cloud Security Alliance AI Safety Initiative Β· April 2026 …
CISA Leadership Vacuum: US Cyber Governance at a Breaking Point
2026-04-24
CISA Leadership Vacuum: US Cyber Governance at a Breaking Point Key Takeaways The Cybersecurity and Infrastructure Security Agency has operated without a Senate-confirmed permanent director since Janu…
CanisterSprawl: Developer Toolchain Worm and the TeamPCP Campaign
2026-04-24
Key Takeaways CanisterSprawl is a self-propagating npm worm discovered on April 21, 2026, infecting packages from Namastex Labs, an agentic AI tooling company.
Kyber Ransomware: First Criminal Use of Post-Quantum Encryption
2026-04-24
Kyber Ransomware: First Criminal Use of Post-Quantum Encryption Key Takeaways A ransomware group calling itself Kyber has become the first known criminal operation to deploy a NIST-standardized post-q…
AI Infrastructure Under Attack: SGLang RCE and MCP Memory Poisoning
2026-04-24
AI Infrastructure Under Attack: SGLang RCE and MCP Memory Poisoning Key Takeaways CVE-2026-5760 is a CVSS 9.8 unauthenticated remote code execution vulnerability in SGLang, a widely deployed framework…
CISA at 38%: Navigating the Enterprise Guidance Vacuum
2026-04-23
CISA at 38%: Navigating the Enterprise Guidance Vacuum Key Takeaways On February 14, 2026, a DHS appropriations lapse triggered the furlough of 62% of CISA’s workforce, reducing the agency to ap…
MCP STDIO Design Flaw Enables Systemic AI Supply Chain RCE
2026-04-23
MCP STDIO Design Flaw Enables Systemic AI Supply Chain RCE Key Takeaways On April 15, 2026, OX Security disclosed a critical, systemic vulnerability in Anthropic’s Model Context Protocol (MCP) S…
CanisterSprawl: The Self-Propagating npm Supply Chain Worm
2026-04-23
CanisterSprawl: The Self-Propagating npm Supply Chain Worm Key Takeaways On April 21β22, 2026, security researchers at Socket and StepSecurity identified a self-propagating supply chain worm, dubbed C…
Kyber Ransomware: Post-Quantum Encryption as an Attack Weapon
2026-04-23
Kyber Ransomware: Post-Quantum Encryption as an Attack Weapon Key Takeaways In March 2026, the Kyber ransomware group deployed NIST-standardized post-quantum cryptography in an active ransomware campa…
2026-04-22
Key Takeaways The Anthropic MCP SDK contains a by-design mechanism in its STDIO transport layer that allows arbitrary OS command execution on any host where an attacker can influence the field in an M…
SGLang CVE-2026-5760: RCE via Poisoned GGUF Model Files
2026-04-22
Key Takeaways CVE-2026-5760 carries a CVSS score of 9.8 (Critical) and enables unauthenticated remote code execution on SGLang inference servers through malicious GGUF model files embedded with a Jinj…
Antigravity Sandbox Escape: Prompt Injection and Native Tool Abuse
2026-04-22
Antigravity Sandbox Escape: Prompt Injection and Native Tool Abuse Cloud Security Alliance AI Safety Initiative | Research Note | April 22, 2026 — Key Takeaways Researchers at Pillar Security di…
NVD Enrichment Triage: Guidance for AI Security Programs
2026-04-22
Key Takeaways On April 15, 2026, NIST formally transitioned the National Vulnerability Database to a risk-based enrichment model, concentrating analyst resources on CVEs in the CISA Known Exploited Vu…
Machine-Speed Attacks: Cloud Defense at the Inflection Point
2026-04-22
Machine-Speed Attacks: Cloud Defense at the Inflection Point Cloud Security Alliance AI Safety Initiative | Research Note | April 22, 2026 — Key Takeaways The mean time to exfiltrate data from a…
Frontier AI Cyberweapons: Governing the Mythos Precedent
2026-04-21
Frontier AI Cyberweapons: Governing the Mythos Precedent Key Takeaways Anthropic’s Claude Mythos Preview, announced in early April 2026, represents the first commercially developed AI model docu…
SGLang SSTI: RCE via Malicious GGUF Model Files
2026-04-21
SGLang SSTI: RCE via Malicious GGUF Model Files Key Takeaways CVE-2026-5760 (CVSS 9.8) is a critical server-side template injection (SSTI) vulnerability in SGLang, one of the most widely deployed LLM …
ZionSiphon: AI-Assisted ICS Sabotage Targeting Water Infrastructure
2026-04-21
ZionSiphon: AI-Assisted ICS Sabotage Targeting Water Infrastructure Cloud Security Alliance AI Safety Initiative | Research Note | April 21, 2026 — Key Takeaways ZionSiphon is a purpose-built op…
Antigravity Groundfall: Prompt Injection to RCE Chain
2026-04-21
Antigravity Groundfall: Prompt Injection to RCE Chain Key Takeaways Pillar Security’s April 20, 2026 disclosure documents a prompt injection to remote code execution (RCE) attack chain in Google…
protobuf.js RCE: Code Injection in AI API Serialization
2026-04-20
protobuf.js RCE: Code Injection in AI API Serialization Key Takeaways A critical code injection vulnerability tracked as CVE-2026-41242 has been disclosed in protobuf.js, the most widely downloaded Ja…
Marimo Pre-Auth RCE Weaponized for Blockchain Botnet
2026-04-20
Marimo Pre-Auth RCE Weaponized for Blockchain Botnet Key Takeaways A critical unauthenticated remote code execution vulnerability in the Marimo Python notebook platform β CVE-2026-39987, CVSS 9.3 [11]…
MCP by Design: RCE Across the AI Agent Ecosystem
2026-04-20
MCP by Design: RCE Across the AI Agent Ecosystem Key Takeaways OX Security’s April 2026 disclosure, “The Mother of All AI Supply Chains,” documents a systemic remote code execution v…
AI SaaS as Enterprise Attack Vector: The VercelβContext.ai Breach
2026-04-20
AI SaaS as Enterprise Attack Vector: The VercelβContext.ai Breach Key Takeaways On April 19, 2026, Vercel disclosed a security incident in which attackers gained unauthorized access to internal system…
Governing Cyber-Permissive AI: GPT-5.4-Cyber and the Identity Question
2026-04-20
Governing Cyber-Permissive AI: GPT-5.4-Cyber and the Identity Question Key Takeaways OpenAI launched GPT-5.4-Cyber on April 14, 2026, extending its Trusted Access for Cyber (TAC) program to thousands …
ATHR: Industrializing Credential Theft via AI Voice Agents
2026-04-19
ATHR: Industrializing Credential Theft via AI Voice Agents Cloud Security Alliance AI Safety Initiative | Research Note | April 19, 2026 — Key Takeaways ATHR is a cybercrime platform, reported b…
Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks
2026-04-19
Slopsquatting: AI Code Hallucinations Fuel Supply Chain Attacks Key Takeaways A new class of software supply chain attack β coined “slopsquatting” β exploits the documented tendency of lar…
NVD Enrichment Triage: Enterprise Vulnerability Programs Must Adapt
2026-04-19
Key Takeaways On April 15, 2026, NIST formally transitioned the National Vulnerability Database to a risk-based triage model, driven by a 263% surge in CVE submissions between 2020 and 2025 [1].
Microsoft Defender Triple Zero-Day: BlueHammer, RedSun, UnDefend
2026-04-19
Microsoft Defender Triple Zero-Day: BlueHammer, RedSun, UnDefend Cloud Security Alliance AI Safety Initiative | Research Note | April 19, 2026 — Key Takeaways A security researcher operating as …
The Defender Deficit: CISA Cuts and the Cybersecurity Gap
2026-04-19
The Defender Deficit: CISA Cuts and the Cybersecurity Gap Key Takeaways A series of budget reductions, workforce reductions, and program eliminations has materially reduced the Cybersecurity and Infra…
NVD Enrichment Triage: Enterprise Vulnerability Programs Must Adapt
2026-04-18
Key Takeaways Effective April 15, 2026, NIST fundamentally changed how it enriches the National Vulnerability Database (NVD), shifting from universal coverage to a risk-based triage model that priorit…
ATHR: AI Voice Agents Automate Credential Theft at Scale
2026-04-18
ATHR: AI Voice Agents Automate Credential Theft at Scale Key Takeaways Abnormal Security researchers published findings on April 16, 2026 identifying ATHR, a commoditized criminal platform that automa…
Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend
2026-04-18
Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend Key Takeaways Three zero-day exploits targeting Windows Defender β BlueHammer, RedSun, and UnDefend β were released publicly between early an…
CVE-2026-39987: Marimo RCE and the Blockchain Backdoor Supply Chain
2026-04-18
Key Takeaways CVE-2026-39987 is a pre-authentication remote code execution vulnerability in the Marimo Python notebook platform (CVSS 9.3), allowing unauthenticated attackers to obtain a full interact…
UK AI Cyber Directive: Boards on Notice
2026-04-17
UK AI Cyber Directive: Boards on Notice Key Takeaways On 15 April 2026, UK Secretary of State Liz Kendall and Security Minister Dan Jarvis issued an open letter to all UK business leaders citing the A…
Agentic C2: AI Agents as Command-and-Control Infrastructure
2026-04-17
Agentic C2: AI Agents as Command-and-Control Infrastructure Key Takeaways BeyondTrust’s Phantom Labs has published research and a working proof-of-concept demonstrating that computer use agents …
Four Critical CVEs in Cisco Webex and ISE
2026-04-17
Four Critical CVEs in Cisco Webex and ISE Key Takeaways CVE-2026-20184 (CVSS 9.8) allows an unauthenticated remote attacker to impersonate any Webex user by exploiting a SAML certificate validation fl…
Comment and Control: GitHub AI Agents as Credential Exfiltrators
2026-04-17
Comment and Control: GitHub AI Agents as Credential Exfiltrators Key Takeaways Security researchers Aonan Guan, Zhengyu Liu, and Gavin Zhong disclosed on April 15, 2026 that three prominent AI agents …
NIST AI Agent Standards: Listening Sessions and Emerging Controls
2026-04-16
NIST AI Agent Standards: Listening Sessions and Emerging Controls Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) launched its AI Agent Standards Initiative on February 17, 2…
Malicious LLM Proxy Routers: Hidden AI Supply Chain Risk
2026-04-16
Malicious LLM Proxy Routers: Hidden AI Supply Chain Risk Key Takeaways LLM API proxy routers occupy a privileged application-layer man-in-the-middle position, able to read, rewrite, retain, or fabrica…
n8n Weaponized for Phishing and Device Fingerprinting
2026-04-16
n8n Weaponized for Phishing and Device Fingerprinting Key Takeaways Cisco Talos documented a sustained campaign abusing n8n webhook infrastructure from October 2025 through March 2026, with March 2026…
CVE-2026-33032: Nginx-UI MCP Authentication Bypass
2026-04-16
CVE-2026-33032: Nginx-UI MCP Authentication Bypass Key Takeaways CVE-2026-33032 is a critical (CVSS 9.8) authentication bypass in Nginx-UI’s Model Context Protocol (MCP) integration, classified …
PHANTOMPULSE: Blockchain C2 RAT via Obsidian Plugin Abuse
2026-04-16
PHANTOMPULSE: Blockchain C2 RAT via Obsidian Plugin Abuse Key Takeaways Elastic Security Labs has documented campaign REF6598, a targeted social engineering operation that abuses the Obsidian note-tak…
Computer-Use Agent Safety Blind Spots
2026-04-15
Computer-Use Agent Safety Blind Spots Key Takeaways Computer-use agents (CUAs) operate in a fundamentally different threat environment than chat-based AI: they perceive the entire rendered screen as t…
ENISA EUDIW Certification: AI Agent Identity in EU Markets
2026-04-15
ENISA EUDIW Certification: AI Agent Identity in EU Markets Key Takeaways ENISA published a draft candidate EU Digital Identity Wallet (EUDIW) cybersecurity certification scheme in April 2026, with pub…
UNC1069 Axios Supply Chain Attack: AI Vendor Code-Signing at Risk
2026-04-15
UNC1069 Axios Supply Chain Attack: AI Vendor Code-Signing at Risk Key Takeaways On March 31, 2026, the North Korea-nexus threat actor UNC1069 published two backdoored versions of the Axios npm package…
Salami Slicing: Cumulative Trust Exploitation in LLMs
2026-04-15
Salami Slicing: Cumulative Trust Exploitation in LLMs Key Takeaways A newly named attack classβ”salami slicing”βexploits the fundamental mismatch between LLMs’ stateful multi-turn co…
Claude Mythos and the AI Autonomous Offensive Threshold
2026-04-14
Claude Mythos and the AI Autonomous Offensive Threshold Key Takeaways On April 8, 2026, Anthropic announced Claude Mythos Preview, a frontier model that autonomously discovered and wrote working explo…
CISA KEV Alert: Fortinet, Adobe, and Microsoft Under Attack
2026-04-14
CISA KEV Alert: Fortinet, Adobe, and Microsoft Under Attack Key Takeaways On April 13, 2026, CISA added seven vulnerabilities spanning Fortinet, Adobe, and Microsoft to its Known Exploited Vulnerabili…
CAISI’s AI Agent Security Agenda
2026-04-14
CAISI’s AI Agent Security Agenda Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) launched the AI Agent Standards Initiative on February 17, 2026, establishing the first…
prt-scan: GitHub Actions Supply Chain Campaign
2026-04-14
prt-scan: GitHub Actions Supply Chain Campaign Key Takeaways The prt-scan campaign is an AI-assisted supply chain attack that exploited a commonly misconfigured GitHub Actions workflow trigger β β to …
AI Preemption Battleground: Federal Framework vs. State Regulation
2026-04-13
Key Takeaways On March 20, 2026, the White House released a National Policy Framework for Artificial Intelligence urging Congress to broadly preempt state AI laws that impose “undue burdens̶…
Sovereign AI Dependency: The Pentagon-Anthropic Concentration Trap
2026-04-13
Sovereign AI Dependency: The Pentagon-Anthropic Concentration Trap Key Takeaways The U.S.
GlassWorm Zig Dropper: Cross-IDE Developer Supply Chain Attack
2026-04-13
GlassWorm Zig Dropper: Cross-IDE Developer Supply Chain Attack — Key Takeaways The GlassWorm campaign has extended its attack chain with a Zig-compiled native dropper β a materially different ap…
Sockpuppeting: LLM Safety Bypass via API Prefill Injection
2026-04-13
Sockpuppeting: LLM Safety Bypass via API Prefill Injection Key Takeaways Security teams operating or integrating large language models should treat the following findings as actionable: A single API c…
Marimo Pre-Auth RCE: AI Toolchain Credentials at Risk
2026-04-12
Key Takeaways CVE-2026-39987 is a pre-authentication remote code execution vulnerability (CVSS v4.0: 9.3 / Critical) in Marimo, a widely used reactive Python notebook platform, classified under CWE-30…
GlassWorm Campaign Deploys Zig-Compiled Dropper to Infect All Developer IDEs
2026-04-12
GlassWorm Campaign Deploys Zig-Compiled Dropper to Infect All Developer IDEs — Key Takeaways The GlassWorm threat campaign has entered a new phase of technical sophistication.
Federal AI Preemption: Enterprise Compliance and Security
2026-04-11
Federal AI Preemption: Enterprise Compliance and Security Cloud Security Alliance AI Safety Initiative | Research Note | April 11, 2026 — Key Takeaways On March 20, 2026, the White House release…
FrostArmada: Forest Blizzard SOHO Router OAuth Token Harvest
2026-04-11
FrostArmada: Forest Blizzard SOHO Router OAuth Token Harvest Key Takeaways On April 7, 2026, the U.S.
AI Browser Extensions: The DLP-Invisible Enterprise Attack Surface
2026-04-11
AI Browser Extensions: The DLP-Invisible Enterprise Attack Surface Cloud Security Alliance AI Safety Initiative | Research Note | April 11, 2026 — Key Takeaways Two malicious Chrome extensions i…
Marimo Pre-Auth RCE CVE-2026-39987: Exploited in Hours
2026-04-11
Marimo Pre-Auth RCE CVE-2026-39987: Exploited in Hours Cloud Security Alliance AI Safety Initiative | Research Note | April 11, 2026 — Key Takeaways CVE-2026-39987 (GHSA-2679-6mx9-h9xc) is a pre…
CISA Governance Disruption: Enterprise Cybersecurity Implications
2026-04-10
CISA Governance Disruption: Enterprise Cybersecurity Implications Cloud Security Alliance AI Safety Initiative | Research Note | April 9, 2026 — Key Takeaways The Cybersecurity and Infrastructur…
Contagious Interview Expands to Five Package Ecosystems
2026-04-10
Contagious Interview Expands to Five Package Ecosystems Key Takeaways A North Korea-linked threat cluster (tracked by Google as UNC1069, with overlapping designations including Sapphire Sleet and Blue…
Flowise CVSS 10.0 RCE: AI Agent Builders Under Attack
2026-04-10
Flowise CVSS 10.0 RCE: AI Agent Builders Under Attack Cloud Security Alliance AI Safety Initiative | Research Note | April 9, 2026 — Key Takeaways CVE-2025-59528 is a maximum-severity (CVSS 10.0…
TeamPCP: Supply Chain Attacks on AI Development Infrastructure
2026-04-10
Key Takeaways Between March 19 and March 27, 2026, the threat actor TeamPCP executed a four-wave supply chain campaign that compromised Trivy, Checkmarx KICS, LiteLLM, and the Telnyx Python SDK β targ…
Attributing AI Attacks: When Cyber Coverage Becomes Conditional
2026-04-10
Attributing AI Attacks: When Cyber Coverage Becomes Conditional Key Takeaways The landmark Merck/NotPetya litigation and its January 2024 settlement reshaped war exclusion language industrywide, yet t…
AI Browser Extensions: Shadow AI’s Hidden Attack Surface
2026-04-10
AI Browser Extensions: Shadow AI’s Hidden Attack Surface Cloud Security Alliance AI Safety Initiative | Research Note | April 10, 2026 — Key Takeaways In July 2025, Urban VPN Proxy silentl…
FedRAMP’s Concentration Trap: Microsoft GCC High
2026-04-10
FedRAMP’s Concentration Trap: Microsoft GCC High Cloud Security Alliance AI Safety Initiative | Research Note | April 10, 2026 — Key Takeaways FedRAMP authorized Microsoft’s GCC High…
Marimo Pre-Auth RCE: AI Development Toolchain Under Attack
2026-04-10
Marimo Pre-Auth RCE: AI Development Toolchain Under Attack Cloud Security Alliance AI Safety Initiative | Research Note | April 10, 2026 — Key Takeaways CVE-2026-39987 is a critical pre-authenti…
Adobe Reader Zero-Day: Four Months Targeting Energy Infrastructure
2026-04-10
Adobe Reader Zero-Day: Four Months Targeting Energy Infrastructure Key Takeaways An unpatched zero-day vulnerability in Adobe Acrobat Reader has been actively exploited since at least late 2025 β with…
AI Inference Under Siege: The ComfyUI Cryptomining Botnet
2026-04-08
AI Inference Under Siege: The ComfyUI Cryptomining Botnet Key Takeaways Censys ARC researchers discovered an active campaign in March 2026 targeting over 1,000 publicly accessible ComfyUI instances to…
GPUBreach: GDDR6 RowHammer Achieves Full System Compromise
2026-04-08
GPUBreach: GDDR6 RowHammer Achieves Full System Compromise Key Takeaways Three independent research teams disclosed full-chain GPU-to-CPU privilege escalation attacks at IEEE Security and Privacy 2026…
CISA’s $707M Cut and the Enterprise Risk Coverage Gap
2026-04-08
CISA’s $707M Cut and the Enterprise Risk Coverage Gap Key Takeaways The Trump administration’s FY2027 budget proposes cutting $707 million from the Cybersecurity and Infrastructure Securit…
NIST AI Agent Standards Initiative: Emerging Compliance Requirements
2026-04-07
NIST AI Agent Standards Initiative: Emerging Compliance Requirements Key Takeaways On February 17, 2026, NIST’s Center for AI Standards and Innovation (CAISI) formally launched the AI Agent Stan…
GPUBreach: GDDR6 RowHammer Achieves Full CPU Privilege Escalation
2026-04-07
GPUBreach: GDDR6 RowHammer Achieves Full CPU Privilege Escalation Key Takeaways GPUBreach, disclosed April 6β7, 2026 by researchers at the University of Toronto, demonstrates for the first time that R…
Critical RCE in Flowise AI Agent Builder: Active Exploitation
2026-04-07
Critical RCE in Flowise AI Agent Builder: Active Exploitation Key Takeaways CVE-2025-59528 is a CVSS 10.0 unauthenticated remote code execution vulnerability in Flowise β with more than 42,000 GitHub …
Storm-1175: Zero-Day Exploit Chains in Medusa Ransomware Attacks
2026-04-07
Storm-1175: Zero-Day Exploit Chains in Medusa Ransomware Attacks Key Takeaways Microsoft Threat Intelligence has publicly attributed Storm-1175 as a China-based, financially motivated cybercriminal gr…
USβEU AI Governance Divergence: Enterprise Compliance Guide
2026-04-06
Key Takeaways The EU AI Act is actively enforcing requirements in 2026: prohibited AI practices have been banned since February 2025, General-Purpose AI (GPAI) obligations entered force in August 2025…
Promptware: When Prompt Injection Becomes C2
2026-04-06
Promptware: When Prompt Injection Becomes C2 Key Takeaways Prompt injection, once analyzed primarily as an isolated input-validation failure, has been demonstrated as an operational attack class.
Vibe Coding Security Debt: AI-Generated Vulnerabilities at Scale
2026-04-06
Key Takeaways The Georgia Tech Vibe Security Radar confirmed 74 AI-linked CVEs through March 2026, with a roughly 6x increase in monthly new CVEs from January to March 2026 alone β and researchers est…
TeamPCP: Trojanized Security Tools Backdoor AI Infrastructure
2026-04-06
Key Takeaways TeamPCP executed a precisely sequenced, cascading supply chain campaign between March 19β27, 2026, compromising Trivy, Checkmarx KICS, LiteLLM, and the Telnyx Python SDK in succession ac…
OAuth Device Code Phishing: 37x Surge in Enterprise ATO
2026-04-05
Key Takeaways Push Security’s threat research team documented a 37.5x surge in device code phishing pages by April 4, 2026, attributed to the commercial launch of EvilTokens β a Phishing-as-a-Se…
TeamPCP: Cascading Supply Chain Assault via Developer Security Tooling
2026-04-05
Key Takeaways TeamPCP, a financially motivated threat group active since mid-2025, executed a coordinated five-day supply chain campaign in March 2026 that sequentially compromised Aqua Security’…
FortiClient EMS Zero-Day: Pre-Auth API Bypass Exploited
2026-04-05
Key Takeaways CVE-2026-35616 is a critical (CVSS 9.1 per Fortinet advisory) pre-authentication API bypass in Fortinet FortiClient EMS 7.4.5 and 7.4.6, disclosed April 4, 2026, with confirmed active ex…
Vibe Coding’s Security Debt: The AI-Generated CVE Surge
2026-04-04
Key Takeaways Empirical research across Fortune 50 enterprises found that AI-assisted developers produce commits at three to four times the rate of their peers but introduce security findings at 10x t…
DPRK OSS Maintainer Targeting: Social Engineering as Supply Chain Vector
2026-04-04
DPRK OSS Maintainer Targeting: Social Engineering as Supply Chain Vector — Key Takeaways North Korea’s state-sponsored cyber apparatus has executed a deliberate, multi-year pivot away from…
State AI Laws Take Hold as Federal Preemption Stalls
2026-04-04
State AI Laws Take Hold as Federal Preemption Stalls Enterprise Compliance Guidance for the US Multi-State AI Regulatory Landscape — Key Takeaways No comprehensive federal AI law governs general…
DPRK’s Dual-Track Cyber Doctrine
2026-04-03
DPRK’s Dual-Track Cyber Doctrine Key Takeaways North Korea operates two distinct but converging revenue streams from cyber operations: large direct cryptocurrency heists executed by Reconnaissan…
The AI Agent Governance Gap: What CISOs Need Now
2026-04-03
The AI Agent Governance Gap: What CISOs Need Now Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) issued a Request for Information on January 8, 2026 β the first formal U.S. g…
Axios Poisoned: UNC1069’s npm Supply Chain Playbook
2026-04-03
Axios Poisoned: UNC1069’s npm Supply Chain Playbook Key Takeaways On March 31, 2026, the npm package β the most downloaded JavaScript HTTP client library with over 100 million weekly downloads β…
AI Coding Assistants as Attack Surface: Code, Skills, and Secrets
2026-04-03
AI Coding Assistants as Attack Surface: Code, Skills, and Secrets Key Takeaways Over 30 vulnerabilities across ten major AI-integrated development environments were disclosed in the IDEsaster research…
TeamPCP: CI/CD Kill Chain from Trivy to the EU
2026-04-03
TeamPCP: CI/CD Kill Chain from Trivy to the EU Key Takeaways A misconfigured GitHub Actions workflow in Aqua Security’s Trivy repository allowed an automated attacker bot to exfiltrate a service…
NIST AI Agent Standards: What It Means for Enterprise Security
2026-04-02
Key Takeaways NIST’s Center for AI Standards and Innovation (CAISI) formally launched the AI Agent Standards Initiative on February 17, 2026 β among the first U.S.
TeamPCP Supply Chain Cascade: When Security Tools Become Attack Infrastructure
2026-04-02
Key Takeaways Between March 19 and March 27, 2026, the threat group TeamPCP executed a cascading supply chain attack that compromised four widely deployed security and AI tooling packages β Trivy, Che…
Overprivileged by Design: AI Agents as Cloud Escalation Vectors
2026-04-02
Key Takeaways Palo Alto Networks Unit 42 disclosed on March 31, 2026, that the Per-Project, Per-Product Service Agent (P4SA) provisioned by default for Vertex AI Agent Engine deployments carries exces…
Weaponized Scanners: TeamPCP’s Cloud-Native Kill Chain
2026-04-01
Weaponized Scanners: TeamPCP’s Cloud-Native Kill Chain Executive Summary On March 19, 2026, a threat group known as TeamPCP hijacked the GitHub Actions pipelines for Aqua Security’s Trivy …
Vertex AI Service Agents as Lateral Movement Vehicles
2026-04-01
Vertex AI Service Agents as Lateral Movement Vehicles Key Takeaways Multiple independent research teams have documented attack paths in Google Cloud’s Vertex AI platform in which users holding r…
Axios npm Compromised: UNC1069 Deploys Cross-Platform RAT
2026-04-01
Axios npm Compromised: UNC1069 Deploys Cross-Platform RAT Key Takeaways Between 00:21 and 03:29 UTC on March 31, 2026, two trojanized versions of the axios npm package β and β delivered a cross-platfo…
π‘οΈ CISO Briefings
CISO Daily Briefing β April 30, 2026
2026-04-30
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 30, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Overnight Executive Summary T…
CISO Daily Briefing β April 29, 2026
2026-04-29
CISO Daily Briefing Cloud Security Alliance AI Safety Initiative — Intelligence Report Report Date April 29, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Commissio…
CISO Daily Briefing – April 28, 2026
2026-04-28
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 28, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Research Notes Executive Summ…
CISO Daily Briefing – April 27, 2026
2026-04-27
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 27, 2026 Intelligence Window April 25 – 27, 2026 (48h) Topics Identified 5 Priority Items Papers Published 5 Ove…
CISO Daily Briefing – 2026-04-26
2026-04-26
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date 2026-04-26 Intelligence Window 48 hours Topics Identified 5 Priority Items Papers Published 5 Overnight Executive Summary Th…
CISO Daily Briefing β April 25, 2026
2026-04-25
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 25, 2026 Intelligence Window 48 Hours Priority Topics 5 Identified Urgency Split 3 Critic…
CISO Daily Briefing – April 24, 2026
2026-04-24
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 24, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Category Breakdo…
CISO Daily Briefing – April 23, 2026
2026-04-23
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 23, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Published…
CISO Daily Briefing β April 22, 2026
2026-04-22
CISO Daily Briefing Cloud Security Alliance AI Safety Initiative — Intelligence Report Report Date April 22, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Urgency Distribu…
CISO Daily Briefing – April 21, 2026
2026-04-21
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 21, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Commissio…
CISO Daily Briefing – April 20, 2026
2026-04-20
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 20, 2026 Intelligence Window 48 hours Topics Identified 5 Priority Items Papers Published 5 Overnight Executive Summar…
CISO Daily Briefing – April 19, 2026
2026-04-19
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 19, 2026 Intelligence Window 48 hours Topics Identified 5 Priority Items Papers Published 5 Overnight Executive Summar…
CISO Daily Briefing – April 18, 2026
2026-04-18
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 18, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 4 …
CISO Daily Briefing – April 17, 2026
2026-04-17
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 17, 2026 Intelligence Window 48 Hours Priority Topics 5 Identified Papers Queued 4 Resear…
CISO Daily Briefing – April 16, 2026
2026-04-16
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 16, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Research Notes Executive Summ…
CISO Daily Briefing – April 15, 2026
2026-04-15
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 15, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Overnight Executive Summary T…
CISO Daily Briefing – April 14, 2026
2026-04-14
CISO Daily Briefing Cloud Security Alliance — AI Security Intelligence Report Report Date April 14, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Commissioned 5 Ove…
CISO Daily Briefing – April 13, 2026
2026-04-13
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 13, 2026 Intelligence Window 48 Hours Priority Topics 5 Identified Category Mix 3 Technic…
CISO Daily Briefing – April 12, 2026
2026-04-12
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 12, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Commissioned 5 Overnight Categories Te…
CISO Daily Briefing – April 11, 2026
2026-04-11
CISO Daily Briefing Cloud Security Alliance AI Safety Initiative — Intelligence Report Report Date April 11, 2026 Intelligence Window 48 Hours (Apr 10–11) Priority Topics 5 Identified Pape…
CISO Daily Briefing – April 9, 2026
2026-04-10
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 9, 2026 Intelligence Window 48 Hours (April 7–8) Topics Identified 5 Priority Items Papers Published 5 Overnight…
CISO Daily Briefing – April 10, 2026
2026-04-10
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 10, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Published 5 Overnight Executive Summar…
CISO Daily Briefing – April 8, 2026
2026-04-08
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 8, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Overnight Executive Summary To…
CISO Daily Briefing – April 7, 2026
2026-04-07
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 7, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Category Coverage…
CISO Daily Briefing – April 6, 2026
2026-04-06
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 6, 2026 Intelligence Window 48 Hours Priority Topics 5 Identified Urgency Level 1 Critica…
CISO Daily Briefing – April 5, 2026
2026-04-05
CISO Daily Briefing Cloud Security Alliance — AI Safety Initiative Intelligence Report Report Date April 5, 2026 Intelligence Window April 3–5, 2026 (48 hours) Topics Identified 5 Priority…
CISO Daily Briefing – April 4, 2026
2026-04-04
CISO Daily Briefing Cloud Security Alliance AI Safety Intelligence Report Report Date April 4, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Commissioned 5 Overnight Exec…
CISO Daily Briefing – April 3, 2026
2026-04-03
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 3, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Papers Queued 5 Research Notes Executive Summa…
CISO Daily Briefing – April 2, 2026
2026-04-02
CISO Daily Briefing Cloud Security Alliance AI Security Intelligence Report Report Date April 2, 2026 Intelligence Window 48 Hours Priority Topics 5 Items Research Output 5 Papers Queued Executive Sum…
CISO Daily Briefing – April 1, 2026
2026-04-01
CISO Daily Briefing Cloud Security Alliance Intelligence Report Report Date April 1, 2026 Intelligence Window 48 Hours Topics Identified 5 Priority Items Threat Level 2 Critical / 3 High Executive Sum…
Last updated: 2026-05-01 05:15 UTC