The 2026 DBIR landed today, and the headline numbers tell two stories at once: attackers are getting faster and more efficient, but the techniques they’re running are the same ones we’ve been talking about for years. AI is showing up everywhere in the data, but it’s behaving like a productivity tool, not a new adversary.
Google’s threat researchers caught the first zero-day exploit they believe was built with AI assistance. The technique attackers used to get the AI to help is the part worth understanding.
On May 1, 2026, six allied cyber agencies published joint guidance on the secure adoption of agentic AI. The recommendations map closely to non-human identity and GRC work that many programs are still building out.
On April 30, 2026, two former incident response professionals were sentenced to four years in federal prison each for conducting BlackCat ransomware attacks against U.S. companies. One had been an IR manager at a well-known IR firm. The other had been a ransomware negotiator at a separate well-known firm. The case forces a question most organizations have never seriously asked: what is the actual control model for the people you call when everything is on fire?
On April 23, 2026, CISA and the UK NCSC published a malware analysis report on FIRESTARTER, a custom backdoor that survives patching, reboots, and firmware upgrades on Cisco Firepower and Secure Firewall devices. The federal directive itself states that Sigma rules are not effective against it. That admission has implications well beyond the federal civilian executive branch.
Cisco’s AI Threat Research team showed how a single npm install can persistently poison Claude Code’s memory, turning a trusted coding assistant into a quiet source of insecure guidance. The technical details matter, and so do the governance gaps they expose.
The threat group tracked as APT28 (Forest Blizzard/Fancy Bear) compromised 18,000 SOHO routers across 120+ countries by exploiting known vulnerabilities and default SNMP credentials. They modified DNS settings to redirect traffic through attacker-controlled servers, enabling adversary-in-the-middle attacks that harvested Microsoft OAuth tokens, passwords, and emails from 200+ organizations. The FBI’s Operation Masquerade sent court-authorized commands to reset compromised routers on U.S. soil.
Anthropic shipped Claude Opus 4.7 today as its most capable generally available model, but the cybersecurity story is bigger than the benchmarks. The model includes automated safeguards that block high-risk cyber requests, deliberately reduced offensive capabilities compared to Mythos Preview, and a new Cyber Verification Program that gates legitimate security use behind a formal application process. This is the first generally available model where Anthropic is actively testing the controls it needs before it can release Mythos-class capabilities to the public.
Attackers compromised CPUID’s official website and swapped download links for CPU-Z and HWMonitor with trojanized packages delivering STX RAT. The attack targeted the exact tools IT professionals carry on USB drives and run on production servers, turning implicit trust in a 20-year-old download source into a direct path to privileged credentials.
Two critical unauthenticated vulnerabilities in Fortinet’s FortiClient EMS were actively exploited within weeks of each other in March and April 2026. Attackers timed the latest zero-day for Easter weekend. FortiClient EMS manages security policies, VPN configurations, and compliance controls across entire endpoint fleets, making it one of the highest-value targets in an enterprise environment.