The 2026 DBIR landed today, and the headline numbers tell two stories at once: attackers are getting faster and more efficient, but the techniques they’re running are the same ones we’ve been talking about for years. AI is showing up everywhere in the data, but it’s behaving like a productivity tool, not a new adversary.
Two critical unauthenticated vulnerabilities in Fortinet’s FortiClient EMS were actively exploited within weeks of each other in March and April 2026. Attackers timed the latest zero-day for Easter weekend. FortiClient EMS manages security policies, VPN configurations, and compliance controls across entire endpoint fleets, making it one of the highest-value targets in an enterprise environment.
Anthropic launched Project Glasswing with 12 major tech companies, using its unreleased Claude Mythos Preview model to find and patch zero-day vulnerabilities at a scale and speed that didn’t exist six months ago. The implications for vulnerability management, patching cycles, and defensive security programs are enormous.
A practitioner breakdown of the IBM X-Force Threat Intelligence Index 2026. Vulnerability exploitation overtakes phishing as the top attack vector, supply chain compromises quadruple, and AI accelerates attacker operations while defenders struggle with the basics.
OpenClaw made remarkable security strides since my January article, hired dedicated security leadership, patched 40+ vulnerabilities, partnered with VirusTotal. Then ClawHavoc exposed 341 malicious skills. And now the founder just joined OpenAI. A breakdown of everything that changed, what still worries me, and how to think about deploying OpenClaw in this new reality.