Summary: The EvilTokens phishing-as-a-service platform has compromised 340+ Microsoft 365 organizations across five countries in five weeks by abusing OAuth device code flows and consent screens — without requiring credentials, triggering MFA prompts, or generating anomalous sign-in events. Stolen OAuth refresh tokens carry the lifetime of the tenant policy (hours to days), granting persistent access to mailboxes, SharePoint, and connected applications. The attack is especially dangerous in AI-augmented enterprise environments where OAuth/OIDC refresh tokens also grant access to AI APIs (Azure OpenAI, M365 Copilot, AWS Bedrock), creating a direct path from a phishing click to AI workload compromise.

Immediate Actions: Restrict OAuth consent grants to pre-approved applications via tenant-wide policy. Block device code flow where not operationally required using Conditional Access. Audit existing delegated permissions and revoke anomalous refresh token grants. Treat AI API refresh tokens with the same sensitivity as privileged access credentials.

View Full Research Note

Summary: On May 1, 2026, CISA and international government partners released the first cross-government framework specifically addressing secure adoption of agentic AI — covering autonomous AI agents that take actions, execute code, and access external systems without continuous human oversight. This is the first authoritative, government-endorsed baseline that enterprise CISOs can reference when scoping agentic AI security programs. It carries implicit compliance weight for organizations in regulated sectors or holding government contracts, and arrives exactly as real-world attacks demonstrate that agentic AI deployments face active, sophisticated threats that the guide’s controls are designed to address.

Strategic Actions: Review the CISA guide and map its controls to existing MAESTRO and AICM framework implementations. Identify gaps in current agentic AI deployments against the guide’s baseline. For regulated-sector organizations and government contractors, treat this as an emerging compliance requirement and develop an implementation roadmap now, ahead of enforcement.

View Full Research Note

Summary: Multiple converging signals indicate a structural inflection point: AI systems now discover vulnerabilities at rates that measurably exceed enterprise patch cycle capacity. UK NCSC’s Director of Technology publicly warned of a coming “bugpocalypse” driven by AI-assisted vulnerability research. Microsoft’s MDASH AI system found 16 novel Windows flaws in a single Patch Tuesday cycle. Threat actors have deployed AI-built zero-day 2FA bypass exploits for mass exploitation. AI-augmented security auditors are now finding approximately 200 bugs per week. The offense-defense gap in AI-assisted vulnerability discovery is structural, not temporary — it will persist and widen without deliberate organizational adaptation.

Strategic Actions: Shift from reactive patch management to risk-based triage frameworks that explicitly accept and document risk on lower-impact findings. Invest in continuous exposure management capabilities to replace snapshot-based scanning. Develop AI-assisted remediation tooling to match the accelerating pace of discovery. Boards and risk committees need updated frameworks for communicating patch backlog risk that accounts for AI-driven discovery rates.

View Full Research Note