Researchers warn AI cyber models have surpassed autonomous hacking benchmarks

Posted in Commentary with tags on May 15, 2026 by itnerd

Two independent studies found that advanced AI cybersecurity models, including Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5, have exceeded previous benchmarks for autonomous cyberattack capability. Researchers from the UK AI Security Institute (AISI) and Palo Alto Networks said the models are now capable of chaining together complex multi-stage attack paths and identifying vulnerabilities at rates that significantly outpace earlier systems.

The UK AI Security Institute said Claude Mythos Preview and GPT-5.5 became the first models to fully complete a simulated enterprise intrusion scenario without human intervention. According to the findings, the models successfully executed tasks including credential theft, privilege escalation, lateral movement, persistence, and protected system access during controlled testing. Researchers said the models consistently outperformed previous-generation systems on autonomous cyber capability benchmarks designed to measure real-world offensive potential.

Separately, Palo Alto Networks said its internal testing showed advanced AI cyber models increased vulnerability discovery rates by more than seven times compared to traditional manual research workflows. Researchers said the models were particularly effective at identifying exploitable weaknesses in enterprise software, cloud configurations, and authentication systems, raising concerns that AI-assisted vulnerability discovery could dramatically accelerate exploit development timelines for both defenders and threat actors.

Josh Marpet, Senior Product Security ConsultantFinite State:

   “Unfortunately, this is about as surprising as saying that the sun rises. Nobody was not expecting it. The question is not, can an AI find and run an exploit? We know they can. The question is, can an AI find vulnerable code in a device or application with very little instruction given, write or find the exploit for that vulnerability, and successfully prosecute the exploit through to completion? If the answer is yes, then we are having a bad day.

   “The one interesting item is that the quality of the exploits, the discovery, the entire process, is still fairly dependent on the caliber of the person sitting behind the keyboard and directing that AI. For now.

Damon Small, Board of Directors, Xcape, Inc.:

   “The emergence of GPT-5.5 and Claude Mythos marks a paradigm shift where autonomous attack-path chaining moves from a theoretical lab risk to a quantifiable operational reality. When an AI can compress a twelve-hour expert reverse-engineering task into ten minutes for less than two dollars, the traditional economics of cyber defense collapse. This capability will inevitably commoditize the high-margin, bespoke manual testing currently sold by security consultancies, forcing a market pivot toward high-level strategy and remediation.

   “While these models currently demonstrate low reliability, succeeding in only 20% to 30% of end-to-end attempts, that failure rate is irrelevant to a persistent attacker with near-zero marginal costs. Security leaders must move beyond patching individual vulnerabilities and focus on time-to-break-chain, assuming attackers will use these models to identify and exploit multi-stage paths at machine speed. The priority is no longer just preventing the initial foothold, but ensuring that every compromised node is a dead end through aggressive segmentation and just-in-time access.

  • “Death of the Boutique Pen-Test: The automation of complex, multi-stage attack chains will rapidly drive down the cost and delivery time for offensive engagements, turning premium security services into a baseline commodity.
  • “Asymmetry of Persistence: A 20% success rate is a failure for a human consultant but a triumph for an AI that never sleeps and costs pennies to restart, allowing attackers to “brute-force” complex architectural flaws.
  • “Architectural Resilience vs. Patching: As vulnerability discovery outpaces human remediation capacity, the focus must shift from the “patching treadmill” to building environments that are structurally resistant to lateral movement.

   “If your security posture relies on a $500-an-hour consultant to find the “bespoke” vulnerabilities that a $20-a-month chatbot just discovered in bulk, you aren’t paying for security; you are paying for an expensive PDF.”

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

   “Palo Alto’s advisory data puts real operational weight behind the AISI benchmarks. Going from fewer than five CVEs per month to 26 in a single advisory cycle, with the majority found by AI scanning, is a preview of what every software vendor will face once these models are widely deployed. The bottleneck has shifted from discovery to remediation, and most organizations are not built to patch at the rate AI finds vulnerabilities.

   “Palo Alto estimates a three to five month window before AI driven exploits become the norm. That window is the planning figure security leaders should be working against. This capability is the new baseline, and because different models surface different vulnerability classes, the total volume of findings will only grow as more models reach this tier. Organizations running vulnerability management programs built for five CVEs a month need to start planning for a world where that number is measured in dozens.”

Tom Yates, Product SME, Ridge Security Technology Inc.:

   “These findings highlight the urgent and critical need for security companies to be at the leading edge of Gen AI technology. Security tooling must match the capabilities hackers use or your infrastructure will look like swiss cheese to the bad guys.  But security buyers need to beware, an avalanche of AI-washing has already hit the market.  Buyers must spend more time digging into product claims to ensure that AI is a first-class citizen of the solution, not a “bolt-on” to satisfy marketing needs.”

This is another example of AI welcoming us to the new reality of cybersecurity. Were the time to get pwned has been reduced so much that humans are simply not even in the game. That should scare anyone on that side of the fence.

Equinix Puts Enterprises in Control of Data Sovereignty Across Hybrid Multicloud Environments 

Posted in Commentary with tags on May 14, 2026 by itnerd

Equinix, Inc. today announced the global expansion of Equinix Fabric Geo Zones, the first network-level, sovereignty enforcement layer that operates across interconnected clouds and providers. Enterprises face growing compliance risks from network rerouting events that can inadvertently move sovereign data across borders they are legally required to respect. Built natively into Equinix Fabric®, Geo Zones eliminates that risk by keeping data within defined geographic boundaries.

Most networks prioritize availability and performance over geographic or regulatory boundaries, often leaving customers with limited visibility or control over where their data travels. Fabric Geo Zones ensures that rerouted data remains within defined jurisdictions. This capability is especially critical for organizations operating in regulated industries.

Unlike solutions built within a single cloud or delivered as software overlays, Fabric Geo Zones enforces sovereignty at the network layer. Because it is enforced directly within the interconnection fabric itself, it delivers a level of control difficult for a single cloud or software overlay provider to match.

The expansion of Fabric Geo Zones is part of Equinix’s ongoing investment in reimagining networking for the AI era, following the launch of Fabric Intelligence and the Distributed AI Hub. Together, these capabilities provide customers with an adaptive, secure foundation for distributed AI and multicloud environments. Fabric Geo Zones is built on the Equinix Fabric industry-leading software-defined network spanning 77 metros worldwide, enabling customer-controlled data sovereignty at global scale. Reflecting the advanced compliance and control it delivers, Geo Zones is available at a premium tier—included in Unlimited Ports and Unlimited Ports Plus packages and priced at a premium to standard virtual circuits.

Fabric Geo Zones is built for workloads where compliance can’t be an afterthought. A European financial institution can run real‑time transactions across multiple clouds while ensuring customer data never leaves the EU, even when an outage triggers automatic rerouting across clouds. A healthcare organization can keep patient and AI inference data within defined jurisdictions across hybrid environments. A government agency can deploy sovereign AI with data confined to national or regional boundaries. A global company can automatically apply jurisdiction‑specific routing rules to meet GDPR, LGPD, APRA and other regional requirements across its operations. 

Fabric Geo Zones enables customers to: 

  • Keep sensitive data within approved jurisdictions
  • Reduce regulatory and jurisdictional risk from unintended cross-border routing
  • Accelerate deployments using Fabric Super Agent
  • Eliminate uncertainty during failover where outages reroute sensitive traffic

Fabric Geo Zones is available today in preview across Equinix’s global footprint, including Australia, Brazil, Canada, Japan, Switzerland, the U.K. and the U.S., with European Union availability to come in June. Equinix will be speaking about this at the International Telecoms Week conference panels on May 19: The quest for sovereign AI meets the edge-cloud infrastructure battle and Unleashing the 3 pillars of AI.”

Attackers are operationalizing an AI framework flaw almost immediately after disclosure

Posted in Commentary with tags on May 14, 2026 by itnerd

Attackers began targeting the PraisonAI vulnerability almost immediately after disclosure, showing how quickly threat actors are shifting toward AI frameworks and agentic tooling as viable attack surfaces. The speed of exploitation reflects a broader reality: many AI platforms are being deployed into enterprise environments before organizations fully understand their exposure, visibility gaps, or how these systems interact with sensitive internal infrastructure.

Gidi Cohen, CEO & Co-founder, Bonfy.AI

“Less than four hours after CVE-2026-44338 was disclosed, attackers were already probing PraisonAI’s unauthenticated agent endpoints. The patch is straightforward: upgrade to 4.6.34. But the harder question deserves attention.

PraisonAI is a multi-agent framework. When authentication is stripped away, what’s exposed isn’t just an endpoint; it’s every workflow those agents are configured to run, and every piece of sensitive data flowing through them. As Sysdig noted, “the impact ceiling is whatever that workflow is allowed to do.”

Most AI agent security conversations focus on configuration: what agents exist, what tools they can call, and whether auth controls are in place. Those questions matter. But they miss the data layer entirely, with sensitive content moving continuously between data sources, LLM providers, MCP servers, and output channels at runtime.

That’s where the real exposure lives. And right now, for most organizations, it’s almost entirely unexamined.

Patch immediately. Then ask: if an attacker had triggered your agent workflows before you patched, would you have known what data moved, and whether it should have?

All I have to say is welcome to our new reality where flaws are weaponized faster than they ever have before.

RegScale Emerges as Category Leader in AI-Driven Continuous Controls Monitoring

Posted in Commentary with tags on May 14, 2026 by itnerd

RegScale today announced record growth and market-defining momentum as enterprises and government agencies accelerate their shift away from manual, audit-driven GRC toward real-time, automated assurance.  

The company reported 300% revenue growth and 140% net revenue retention, powered by an oversubscribed $30+ million Series B led by Washington Harbour Partners with participation from M12 (Microsoft’s Venture Fund), Hitachi, Ankona, SYN Ventures, and others, bringing total funding to more than $50 million. RegScale customers consistently report achieving compliance certifications 90% faster and cutting audit preparation effort by 60%. 

Platform Leadership: AI Agents, Open Source, and Certification at Scale 

RegScale continued to accelerate its AI product, RegML, deploying purpose-built AI agents that continuously monitor and validate controls, automate evidence collection, analyze risk in real time, and trigger remediation without human intervention. RegScale’s AI leadership was independently validated when it was named 2025 Gartner® Cool Vendors™ with AI-Powered Technologies for Assurance Leaders, recognizing RegScale’s differentiated approach to AI-driven compliance at scale. The platform earned the CSA STAR “Valid-AI-ted” designation with a 97.7% score, and RegScale’s security credential portfolio now includes FedRAMP High Authorization and TX-RAMP.  

RegScale simultaneously launched and donated the OSCAL Hub to the open-source community, continuing to contribute to machine-readable compliance standards now being adopted across government and commercial sectors. 

Market Expansion: Enterprise, Federal, and Channel 

RegScale also moved into a new tier of Fortune 500 and large federal enterprise accounts. The GTM team expanded into new territories in North America and across Europe and deepened channel investment through a strategic partnership with Leidos. Channel momentum was further reinforced through the company’s partner ecosystem, anchored by relationships with GuidePoint, CALIBRE, Microsoft, and Carahsoft, among others. 

Leadership, Recognition, and the Road Ahead 

RegScale strengthened its leadership team this fiscal year, appointing Chad Woolf as Chief Product Officer to lead the company’s compliance and risk modernization agenda, alongside new product and go-to-market leaders across the organization. The company has grown by more than 30% in employee count and is proactively scaling its team to meet market demand. 

Industry recognition for RegScale’s category leadership reached new heights in FY26. Travis Howerton was named a Finalist in the prestigious 2026 EY Entrepreneur Of The Year Mid-Atlantic Awards and the company was named a CCM winner of numerous cybersecurity awards, solidifying its leadership in cyber GRC and CCM.  

Gartner projects that by 2028, 75% of all DevOps continuous compliance automation processes will leverage AI technology to drive efficiencies in auditing, reporting, validating, and remediating regulatory compliance. RegScale’s customers are not waiting for 2028. With AI agents already in production across Fortune 500 and federal environments, RegScale is the platform delivering on that future today.  

In FY27, the company will accelerate investment in DevSecOps, next-generation RegML agents, and real-time alignment with emerging frameworks like FedRAMP 20x and CMMC. With OSCAL adoption accelerating across government and financial services, RegScale is moving compliance from a business tax or revenue blocker to a continuous, intelligent layer of modern risk management for the CISO.  

New CalPhishing Campaign tied to EvilTokens uses ConsentFix

Posted in Commentary with tags on May 14, 2026 by itnerd

Fortra Intelligence and Research Experts (FIRE) have identified a new phishing campaign that is expanding beyond traditional email, using calendar invites (.ics files) to introduce malicious content into trusted workflows. FIRE link the activity to the EvilTokens phishing kit, combining ConsentFix (device code phishing) with calendar‑based delivery to capture Microsoft session tokens through legitimate authentication prompts.

Most notable about this campaign is the shift in delivery and persistence: the calendar entry remains visible and active even if the original email is removed, extending the window for user interaction. If the attack is executed successfully, the impact can be significant. Compromised tokens can enable account takeover, unauthorized access to cloud systems, lateral movement, and follow‑on phishing or infrastructure disruption, particularly if privileged accounts are involved.

The full report was just published here: https://www.fortra.com/blog/new-calendar-invite-phishing-campaign-ics-abuse-and-post-delivery-persistence

Ransomware playbook: “Special price” offers included in 45% of negotiations

Posted in Commentary with tags on May 14, 2026 by itnerd

The latest findings from NordStellar, a threat exposure management platform, reveal that the number of ransomware attacks in Q1 2026 remained high, with 2,283 recorded incidents. An analysis of leaked ransomware negotiation conversations uncovers tactics and tendencies used by ransomware actors. Key findings include:

  • In 76.8% of the conversations ransomware groups threatened to publish or leak the data.
  • They often use upselling practices, including special price offers (45.5%) and offers to purchase other services, like “security audits.
  • The median discount in ransomware payments is 57%, with the highest recorded discount reaching as high as 96.2%.

The full report for the analysis of leaked ransomware negotiation conversations can be found here: Ransomware negotiations report

Exclaimer adds UKG Ready integration

Posted in Commentary with tags on May 14, 2026 by itnerd

Exclaimer today announced the launch of its UKG Ready integration, expanding the company’s growing HRIS integration capabilities as organizations increasingly shift employee data ownership from IT-managed directories to HR systems of record.

According to SHRM’s 2025 State of the Workplace Report, fewer than half of HR professionals, just 43%, rate their organization’s HR technology as effective, with fragmented, poorly integrated systems cited as a leading barrier. Separate research from HR.com found that 81% of organizations experiencing poor HR system integration say it actively prevents them from achieving key HR goals. As a result, organizations are actively restructuring how employee data flows across their technology stacks, and HR systems are increasingly becoming the system of record.

As platforms like Workday and UKG Ready become the authoritative home for employee identity data, most communication tools, including email signature platforms, continue to rely on legacy Active Directory or Google Directory structures that HR teams do not own or control. This creates a persistent gap between where employee data lives and where it is applied.

Exclaimer is among the only email signature platforms building a dedicated, multi-system HRIS integration suite, and the only platform to offer UKG Ready connectivity alongside Workday. With the addition of UKG Ready, Exclaimer continues to expand one of the industry’s most comprehensive HR-focused integration strategies for email signature management, helping organizations automatically synchronize HR-managed employee data into email signatures and meeting themes.

Closing the gap between HR systems and employee communications

For many IT teams, keeping employee directories aligned with constantly changing HR data has become an ongoing operational burden. New hires, promotions, departmental changes, and employee departures often require manual updates across multiple systems to ensure communications remain accurate and compliant.

Exclaimer’s UKG Ready integration helps eliminate that gap by allowing organizations to automatically pull employee attributes from UKG Ready into Exclaimer through BindBee, its third-party data aggregation partner. When employee records are updated in UKG Ready, those changes automatically flow into email signatures and meeting themes (video call backgrounds and branding) without requiring manual intervention from IT teams or employees. Organizations retain control over which data fields are shared, with Exclaimer operating on a read-only basis to ensure data integrity and adherence to compliance requirements.

Reducing manual IT administration while improving governance

The integration also supports Exclaimer’s broader focus on centralized communications governance and automation.

Instead of relying on employees or IT administrators to manually manage signatures, organizations can automate signature updates directly from trusted HR systems, helping to reduce inconsistencies and improve operational control across the business.

For organizations using UKG Ready, the integration enables:

  • Automatic synchronization of HR-managed employee data into email signatures and meeting themes
  • Reduced manual administration for IT teams
  • Consistent employee information across outbound communications
  • Faster onboarding for new employees
  • Improved brand consistency and governance

The integration of UKG Ready follows Exclaimer’s recently announced Workday integration and forms part of the company’s continued investment in HR-driven employee data integrations.

Supporting the future of communications governance

As organizations manage increasingly fragmented communication environments, businesses are placing greater emphasis on automation, governance, and consistency across every digital touchpoint. Email remains one of the most business-critical communication channels, particularly for regulated industries where accuracy, auditability, and professionalism are essential.

By connecting trusted HR systems to employee communications, Exclaimer helps organizations maintain centralized control and ensure employee information remains accurate across all outbound interactions.

The UKG Ready integration is available now for Exclaimer Pro customers.

For more information, or to see Exclaimer’s Workday integration in action, visit exclaimer.com and start a free trial. For a full step-by-step walkthrough, visit the Exclaimer knowledge base.

About Exclaimer

Exclaimer is the global leader in email signature management for Microsoft 365 and Google Workspace. Its cloud platform enables organizations to centrally manage and automate email signatures and video meeting branding, ensuring consistent corporate identity, reducing brand and compliance risk, and meeting regulatory requirements across everyday business communications.

Built for IT and valued by Marketing and Compliance teams, Exclaimer eliminates manual updates, enforces brand governance, and gives organizations greater control over their most critical business communication channels.

Exclaimer is trusted by more than 9 million users across 75,000 organizations worldwide, including Sony, Mattel, Bank of America, NBC, the Government of Canada, the BBC, and the Academy Awards

AI Scraping puts World Cup, Olympics sports bettors & online sportsbooks at risk

Posted in Commentary with tags on May 14, 2026 by itnerd

Approov’s network monitoring and analysis has found that the World Cup will be the first major proving ground for AI-driven betting fraud, combining record-breaking volumes with high-speed AI tools.

Findings have just been published in “AI Scraping for Manipulation Makes Sports Betting Unfair – The World Cup is the Immediate Test, The LA28 Olympics are a Next Level.”

Indicators of upcoming activity were observed on the Approov Global Attestation Network.  For sportsbooks, this creates two problems that don’t get better with time:

  • Market distortion: Automated actors can move faster than human bettors, particularly in live‑in‑play and micro‑markets (such as first-scorer, goal/point totals, or player-specific props), which are expected to dominate World Cup betting.
  • Perception of unfairness: If regular users believe that bots and AI systems are always one step ahead, the sense of a “level playing field” collapses.

The analysis discusses a new generation of organized, AI-driven bad actors looking to fleece both bettors and betting platforms, with well‑resourced scrapers, arbitrageurs, and betting syndicates treating the World Cup as a high‑margin, high‑velocity data opportunity. It’s also a test lab for exploitation of other high-speed markets, real-time pricing-sensitive transactions, behavioral manipulation, API exploitation and consumer trust engineering.

Why does it all matter? Because when users believe that humans can’t compete, systems collapse.

More details here: https://approov.io/blog/threat-analysis-ai-scraping-for-manipulation-makes-sports-betting-unfair

Ericsson elevates Wireless WAN from failover to foundational 

Posted in Commentary with tags on May 14, 2026 by itnerd

As enterprises scale AI and data-driven operations, the financial and operational impact of network downtime has escalated, with costs ranging from thousands to over a million dollars per day. Recent research indicates a major network outage costs upwards of US$500,000, with more than one in three organizations indicating a $1 million price tag, making network resilience a critical, board-level priority. Traditional network strategies that treat cellular as a simple backup link are no longer sufficient for today’s always-on business demands. 

To address these evolving needs, Ericsson is enabling enterprises to shift their Wireless WAN strategy from a passive failover system to an active, operational layer of their network. Today, the company introduced the Ericsson Cradlepoint W2255, a next generation 5G adapter, and advanced Wireless WAN orchestration enabled by Ericsson NetCloud. This solution is designed to elevate cellular, giving organizations the visibility, management and troubleshooting tools to deploy multi-provider Wireless WAN networks at scale. The W2255 delivers 5G performance and flexibility based on 3GPP 5G SA Release 17 technology, with seamless Low Earth Orbit (LEO) satellite integration.  

Designed as a single indoor/outdoor model, its sleek industrial design is suitable for in-office deployments, while its ruggedized, IP67-rated shell can withstand harsh outdoor conditions, giving organizations deployment flexibility for each location. The W2255 offers a range of advanced features for uninterrupted connectivity, including: 

  • 10x Faster Carrier Failover: Using Dual SIM/Dual Standby (DSDS) on a single modem, the W2255 can switch to a standby carrier network up to 10 times faster when the primary link degrades, providing continuity for critical applications.  
  • Multi-WAN Visibility: The solution auto-detects and integrates LEO satellite traffic, providing telemetry for visibility and basic controls directly within NetCloud. This allows businesses to blend cellular and satellite links to provide both link and service provider diversity, while supporting a non-terrestrial connection to provide network resiliency in regions prone to severe weather.
  • 5G SA Multi-Slice Capability: The W2255 is multi-slice capable with support for User Equipment Routing Selection Policy (URSP), enabling predictable performance through prioritized network slices offered by carriers. This allows an enterprise to isolate critical Point-of-Sale (PoS) traffic on a carrier-backed, high-priority slice while routing best-effort guest Wi-Fi on another.  
  • Automated Carrier Selection: With support for eSIM and Carrier Selection Intelligence, the adapter can automatically run speed tests on first boot to identify and select the best-performing carrier at each specific location, eliminating the need for specialized onsite staff and complex manual configuration.  
  • Advanced Multi-WAN Capabilities: When combined with an Ericsson E-series router, organizations can scale up to five cellular connections and four LEO connections. NetCloud SASE’s SD-WAN and Intelligent WAN Bonding can orchestrate these connections to strengthen WAN resiliency, improve application quality of experience, and boost overall WAN performance—all while controlling costs. 

With a unified view of cellular health, LEO health, carrier SIM profiles, applications, security events, and connected cell towers, Ericsson’s solution enables IT teams to manage the full lifecycle of their Wireless WAN with greater efficiency. This centralized orchestration streamlines deployment, simplifies troubleshooting with AI-driven tools, to help branch offices, retail locations, and remote sites remain productive and secure as the organization scales. 

More information about the W2255 can be found here

npm Supply Chain Worm Uses Tor C2 to Steal Developer Credentials

Posted in Commentary with tags on May 14, 2026 by itnerd

CloudSEK’s TRIAD team has uncovered a sophisticated npm supply chain attack involving a typosquatted package named crypto-javascri, designed to mimic the widely used crypto-js library.

The package was published on npm on May 11 and carried a Rust-based binary that harvested npm and GitHub credentials from developer machines. Once executed, it used compromised maintainer accounts to silently republish trojanized versions of legitimate packages, turning a single infected developer environment into a wider supply chain risk.

What makes this campaign significant is its use of a weaponized Arti Tor client for command-and-control. This allows the malware to operate through Tor hidden services, making it harder for defenders to block infrastructure using conventional IP, domain, or certificate-based controls.

CloudSEK found that the malware targets Linux developer systems and CI/CD environments, establishes persistence through systemd user services, and includes credential theft, crypto-wallet targeting, cryptomining indicators, and privilege escalation capability.

The broader impact is serious: one compromised developer machine or CI/CD environment could allow attackers to push malicious updates under trusted maintainer identities, exposing downstream users who install what appears to be a routine package update.

The full report is here: https://www.cloudsek.com/blog/inside-a-tor-backed-supply-chain-worm