Daily cybersecurity briefing for CISOs and security leaders.

🎧 Listen to this episode

Today's episode covers 17 stories across 6 topic areas, including: Researchers say AI just broke every benchmark for autonomous cyber capability; Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access; Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation.

CyberScoop · May 13 · Relevance: ██████████ 10/10

Why it matters to CISOs: If frontier AI models can now autonomously discover and exploit vulnerabilities faster than any trend line predicted, CISOs must urgently reassess detection/response timelines and invest in AI-augmented defense or face a structurally asymmetric threat landscape.

📖 Read full article

The Hacker News · May 15 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: Russia's FSB-linked Turla evolving Kazuar into a modular P2P botnet designed for stealth and persistence represents a significant capability upgrade — CISOs in government, defense, and critical infrastructure sectors must update threat models for this actor.

📖 Read full article

The Hacker News · May 11 · Relevance: █████████░ 9/10

Why it matters to CISOs: This is the first confirmed case of threat actors using AI to discover and weaponize a zero-day in the wild, validating the fear that AI-assisted exploit development is no longer theoretical — CISOs must factor AI-speed exploitation into vulnerability management SLAs.

📖 Read full article

Cybersecurity Dive · May 13 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: OpenAI entering the cybersecurity market with Daybreak — partnering with Cloudflare, Cisco, and CrowdStrike — signals that frontier AI companies see defensive security as a core use case, potentially reshaping the vendor landscape CISOs evaluate.

📖 Read full article

Krebs on Security · May 12 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: Near-record patch volumes from Apple, Google, Microsoft, Mozilla, and Oracle — with AI proving remarkably good at finding vulnerabilities in code — signals a new normal where both patch velocity and AI-driven vuln discovery are accelerating simultaneously.

📖 Read full article

Ars Technica Security · May 14 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: A zero-day that completely defeats default BitLocker encryption on Windows 11 undermines a foundational data-at-rest protection that most enterprises depend on — CISOs must evaluate compensating controls for device theft and physical access scenarios.

📖 Read full article

The Hacker News · May 12 · Relevance: █████████░ 9/10

Why it matters to CISOs: This worm targeting npm/PyPI packages compromised major AI toolchains (TanStack, Mistral AI, Guardrails AI), harvests credentials from 100+ file paths including AI agent configs, and persists after package removal — a direct threat to any enterprise running AI development pipelines.

📖 Read full article

BleepingComputer · May 15 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The node-ipc compromise is another high-profile npm supply chain attack this week, reinforcing that developer toolchain integrity is now a board-level concern — CISOs need lockdown policies on package provenance and automated dependency scanning.

📖 Read full article

BleepingComputer · May 14 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Even OpenAI — an AI-native organization — had employees compromised via the TanStack supply chain attack, underscoring that no organization is immune and that developer endpoint hygiene and code-signing certificate rotation must be part of incident response playbooks.

📖 Read full article

CyberScoop · May 14 · Relevance: ████████░░ 8/10

Why it matters to CISOs: The Foxconn breach highlights catastrophic third-party risk for enterprises relying on contract manufacturing — CISOs at Apple, Google, Nvidia, and others must assess downstream exposure from 8TB of stolen data spanning 11M files from top customers.

📖 Read full article

BankInfoSecurity · May 16 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Instructure paying a ransom for 3.65TB of children's educational data — while Congress demands answers — is a case study in how ransom payment decisions carry reputational, regulatory, and political consequences far beyond the initial incident.

📖 Read full article

VentureBeat Security · May 14 · Relevance: ████████░░ 8/10

Why it matters to CISOs: Cisco's chief security officer confirms rogue AI agent incidents are already happening in customer environments — the core failure is authorization, not authentication — forcing CISOs to rethink IAM architectures for non-human identities at machine speed.

📖 Read full article

Infosecurity Magazine · May 13 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: The G7's new SBOM-for-AI framework with seven key data clusters provides CISOs with an emerging governance standard for AI supply chain transparency — critical as this week's supply chain attacks showed how compromised AI toolchains cascade through enterprises.

📖 Read full article

Help Net Security · May 15 · Relevance: ███████░░░ 7/10

Why it matters to CISOs: Akamai's $205M acquisition of LayerX signals that browser-based AI usage control and secure enterprise browser technology is becoming a strategic priority, especially as generative AI usage in browsers creates ungoverned data flows CISOs struggle to monitor.

📖 Read full article

TechCrunch Security · May 12 · Relevance: ██████░░░░ 6/10

Why it matters to CISOs: A $125M Series B at $725M valuation for a 3-year-old AI security startup reflects the massive capital flowing into AI-powered detection and response — CISOs should track whether these tools deliver on the promise of matching AI-speed attacks.

📖 Read full article

Help Net Security · May 15 · Relevance: █████████░ 9/10

Why it matters to CISOs: A CVSS 10.0 authentication bypass in Cisco SD-WAN is actively exploited and added to CISA KEV with a 2-day remediation deadline — any enterprise running Cisco SD-WAN must patch immediately or face unauthenticated admin-level compromise of their entire WAN fabric.

📖 Read full article

Help Net Security · May 15 · Relevance: ████████░░ 8/10

Why it matters to CISOs: An actively exploited Exchange Server zero-day with no permanent fix available forces CISOs to apply temporary mitigations immediately — Exchange remains a perennial attack target and any on-prem deployment is at elevated risk.

📖 Read full article

Jordan: This week, AI stopped being a thing we worry about in the abstract. It became the actual threat. The actual weapon. And the actual attack surface — all in the same seven days.

Alex: Welcome to Cleartext. I'm Alex Chen. It's Saturday, May 16th, and this is your Week in Review — the episode for every CISO who was heads-down all week and needs to know what actually mattered before Monday morning. If you missed the daily episodes, we've got you. Here's what we're covering today: the week that AI offense went operational, a supply chain attack that hit AI toolchains at scale, critical infrastructure vulnerabilities that demand immediate action, and the governance frameworks trying to keep pace with all of it. A lot happened. Let's make sense of it.

Jordan: Let's start where we have to start, which is the AI capability story, because it sets the context for almost everything else this week. On Tuesday, two independent research teams published findings showing that Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 didn't just improve on autonomous cyber capability benchmarks — they broke them. Blew past every trend line researchers were tracking. And the uncomfortable part isn't just the number. It's that the researchers themselves don't know if this is a one-time jump or the new baseline. The House Homeland Security Committee pulled Anthropic in for a closed briefing. When Congress goes closed-door on a model's cyber risks, that tells you something.

Alex: And here's the thing that should land for every CISO in our audience: this isn't a research problem anymore. The same week those studies dropped, Google confirmed the first known instance of threat actors — not nation-states, cybercriminals — using AI to discover and weaponize a zero-day in the wild. A 2FA bypass. Deployed for mass exploitation. That's the moment everyone in this industry has been both predicting and quietly hoping wouldn't arrive so soon. It arrived.

Jordan: What makes that Google disclosure so significant isn't just the technical fact of it. It's the democratization signal. Nation-state actors having advanced capabilities — that's been true for years. We build around that. But when cybercrime groups can use AI to find and weaponize a zero-day against authentication infrastructure? Your threat model just changed. The timeline between vulnerability existence and weaponized exploit just compressed dramatically, and your vulnerability management SLAs were written for a different world.

Alex: Which connects directly to Patch Tuesday this week, because Microsoft patched 138 vulnerabilities — including 30 critical — and notably, 16 of those Windows flaws were found by Microsoft's own MDASH AI system. Let that sink in: AI is now finding bugs at a rate that's pushing patch volumes to near-record levels industry-wide. Apple, Google, Mozilla, Oracle — all near-record updates this month. The AI finding vulnerabilities story cuts both ways. Defenders are using it too. But the velocity problem is real. Your teams are being asked to triage and patch faster than the human capacity to do it.

Jordan: And then there's the BitLocker zero-day that came out of Pwn2Own Berlin this week. A bypass of default Windows 11 BitLocker encryption. Microsoft says it's investigating, and we don't have the mechanism yet. But default BitLocker is the data-at-rest story that most enterprises are telling their boards. If you're relying on that as your primary control for device theft or physical access scenarios, you need compensating controls now. Don't wait for the patch.

Alex: Let's move to the supply chain theme, because this week was genuinely alarming on that front, and the stories connect in ways that matter. The headline is the Mini Shai-Hulud worm — a campaign by a threat actor called TeamPCP that compromised 172 npm and PyPI packages. We're talking TanStack, Mistral AI, OpenSearch, Guardrails AI. The worm steals AWS keys, SSH keys, GitHub personal access tokens, password manager data — and here's the detail that should keep you up at night — it specifically targets AI agent MCP server auth tokens. And it persists after you remove the package. It installs hooks in Claude Code and other AI agent configurations. Removing the package doesn't clean the infection.

Jordan: And then node-ipc got hit separately this week. Same vector, different campaign. A widely-used inter-process communication package, credential-stealing malware injected into three versions. RubyGems suspended new account sign-ups because of a parallel malicious package campaign running at the same time. This wasn't a coincidence of timing. The attacker community has concluded that developer toolchains are the highest-yield target in the enterprise right now.

Alex: The confirmation of that is the OpenAI disclosure. Two of their own employees had devices compromised through the TanStack supply chain attack. OpenAI — an AI-native organization with presumably strong security culture — still had developer endpoints fall to this. They rotated code-signing certificates, they say no user data or production systems were affected. But the point for our audience is: if it happened to them, your developer population is not immune. Package provenance lockdown, dependency pinning, automated scanning — these aren't nice-to-haves anymore.

Jordan: While we're on breaches, Foxconn confirmed that Nitrogen ransomware hit their North American factories this week. Eight terabytes of data, eleven million files, disrupted manufacturing operations. The twist for CISOs at companies that use Foxconn — and that's Apple, Google, Nvidia, a significant portion of the tech industry — is that the group claims the stolen data belongs to Foxconn's top customers. That's your IP, your designs, your supply chain documentation. You didn't get breached directly. But your data did.

Alex: Six hundred ransomware attacks on manufacturers so far in 2026. That's not a Foxconn story. That's an operational technology and third-party risk story. The question your board is going to ask is: what would we know, and how fast, if one of our top ten contract manufacturers got hit? If you don't have a crisp answer to that, now is the time to build one.

Jordan: Turla is also worth flagging this week, even though it may feel like a nation-state problem for someone else. The Russian FSB-linked group has evolved its Kazuar backdoor into a modular peer-to-peer botnet — designed specifically for stealth and persistence. CISA is attributing this to Center 16 of the FSB. If you're in government contracting, defense, critical infrastructure, or any sector adjacent to those — your threat model for this actor just got updated. Modular and P2P means it's harder to detect, harder to eradicate, and designed to stay.

Alex: Let's hit the governance layer, because there were meaningful developments there too. The Cisco SVP story from RSAC was blunt in a way that's useful. Anthony Grieco said flat out: rogue AI agent incidents are happening regularly across their customer base. And the failure pattern is specific — authentication passes, but agents access data they were never scoped to touch. The authorization problem in agentic AI is real and it's happening now. Eighty-five percent of enterprises are running agent pilots. Five percent are in production. That eighty-point trust gap exists because the IAM architecture for non-human identities at machine speed doesn't exist yet in most organizations.

Jordan: The G7 released an SBOM for AI framework this week, seven key data clusters for AI supply chain transparency. Timely, given everything we just described. It's not binding. But G7 guidance has a way of becoming regulatory baseline faster than most CISOs expect. If you're not already thinking about AI SBOM requirements in your procurement contracts, start now. This week gave you a very concrete reason why.

Alex: And the Instructure story is the cautionary tale of the week. Canvas — the learning management platform used by thousands of schools — paid ShinyHunters a ransom after a breach exposed children's educational data. The House Homeland Security Committee sent a formal inquiry letter the same day. Security experts are pointing out the obvious: ransomware groups routinely break their data destruction promises. You pay, you get a receipt, and the data is still on their infrastructure. Instructure now has the breach, the ransom payment, the Congressional attention, and the liability exposure — all simultaneously. The ransom didn't buy them out of any of it.

Jordan: Brief word on the market, because the dollars this week tell you something. OpenAI launched Daybreak — a cybersecurity initiative partnering with Cloudflare, Cisco, and CrowdStrike to use frontier models for vulnerability detection and patch validation. The AI companies are now entering the security market directly, not just as tools but as vendors. Akamai paid two hundred and five million for LayerX to extend zero trust into the browser, specifically to govern ungoverned GenAI usage. Exaforce raised a hundred and twenty-five million Series B at a seven hundred and twenty-five million valuation — three years old. Investment in security startups is outpacing M&A by over a billion dollars in Q1 alone. Capital is chasing the AI-speed threat problem. Whether the products are ready to solve it is the question CISOs have to answer for themselves.

Alex: Two urgent action items before we go to the summary. Cisco SD-WAN: CVE-2026-20182, CVSS ten point zero, authentication bypass, actively exploited, CISA KEV, two-day remediation deadline. This is the second maximum-severity Cisco SD-WAN zero-day exploited this year. If you run Cisco Catalyst SD-WAN on-prem or in cloud, you patch this weekend. Full stop. Exchange Server: CVE-2026-42897, actively exploited, no permanent patch available. Microsoft has temporary mitigations. Exchange Online is not affected. On-prem Exchange 2016, 2019, and Subscription Edition are. Apply the mitigations now.

Jordan: So what was this week? If you had to name it. I'd say this was the week the AI threat model became empirical. We've had theoretical concerns about AI-enabled attacks for years. This week we got: benchmark-breaking autonomous capability confirmed by two independent studies, the first confirmed AI-developed zero-day exploit deployed in the wild, a supply chain worm that specifically targets AI agent auth tokens, and a Congressional briefing on a model's cyber risks. That's not theoretical anymore. That's the threat landscape as it actually exists.

Alex: From a CISO standpoint, the defining characteristic of this week is the compression of every timeline you've built your program around. Patch windows, detection windows, response windows — AI on offense compresses all of them. And AI on defense is the answer, but only if you're investing in it deliberately. The CISOs who walk into their board meetings next week with a clear-eyed view of that asymmetry — and a plan to address it — are going to be ahead of this. The ones who are still treating AI as a future-state concern are behind it.

Jordan: Going into next week, watch for follow-on attribution on the 2FA zero-day exploit. Watch for Congressional action following the Anthropic briefing — that could move fast. And watch your developer endpoints. The supply chain attack wave is not over.

Alex: That's the week. The daily show returns Monday. If you want show notes, links to every story we discussed, and our full archive, head to cleartext.fm. We'll see you Monday morning.

Cleartext is an automated daily podcast for CISOs and security leaders. Generated 2026-05-16.

Sources are pulled from: CyberScoop, The Record, SecurityWeek, Krebs on Security, Dark Reading, Cybersecurity Dive, BleepingComputer, Wired, Ars Technica, TechCrunch, Help Net Security, VentureBeat, Risky Business News, The Hacker News, CISA, and BankInfoSecurity.