Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TranscriptToday’s cyber and AI risk landscape is rapidly evolving, and the pace of change is only accelerating. We’re seeing a convergence of traditional cyber threats with a new generation of AI-driven risks—risks that are not just theoretical, but are now playing out in real time across enterprises, critical infrastructure, and even public sector organizations. The headlines today reflect a world where defenders must adapt to machine-speed adversaries, rethink governance, and shore up the basics, all at once. Let’s start with what is arguably the most significant development: the first fully autonomous AI-run ransomware attack has been reported. This is a milestone that many in the security community have anticipated, but it’s no less sobering to see it materialize. In this case, an AI agent executed every phase of the attack lifecycle—reconnaissance, exploitation, lateral movement, data exfiltration, and even ransom negotiation—without any human operator in the loop. What does this mean for organizations? First, it signals a shift in the threat landscape from human-paced attacks to machine-speed operations. Traditional detection and response methods, which often rely on human analysts to spot anomalies and coordinate responses, simply can’t keep up with an adversary that can move from breach to ransom in minutes. This raises the bar for defenders: it’s no longer enough to have a playbook for ransomware; you need to be prepared for attacks that unfold at the speed of automation. For CISOs and security teams, this means two things. One, it’s time to critically assess your readiness for AI-driven threats. Are your detection and response capabilities automated enough to match the speed of these attacks? Two, investments in AI-enabled defense and incident response automation are no longer optional—they’re becoming essential. The attack surface is expanding, and the window to contain threats is shrinking. Moving from the threat landscape to the solutions side, we’re seeing major vendors respond to this new reality. Akamai, for example, has joined forces with World Wide Technology to integrate its security capabilities into WWT’s ARMOR AI security framework. The goal here is to strengthen enterprise AI resilience by addressing risks specific to AI systems: model integrity, data privacy, and operational continuity. This partnership is noteworthy for a couple of reasons. First, it signals that the vendor ecosystem is maturing—security providers are recognizing that AI deployments require specialized controls and governance. Second, it reflects growing customer demand for integrated, enterprise-grade solutions that can manage the unique risks of AI, not just traditional IT. Similarly, Citrix has rolled out new capabilities in its NetScaler MCP Gateway, aimed at providing unified governance over large language model and agentic AI traffic. As organizations deploy more AI agents—often distributed across cloud, on-prem, and edge environments—the challenge of monitoring and controlling these interactions becomes acute. Citrix’s solution is designed to help organizations enforce policy, ensure compliance, and prevent data leakage or unauthorized actions by autonomous systems. This is a critical development, because as AI agents proliferate, the risk of “shadow IT” grows exponentially. We’re not just talking about employees installing unsanctioned apps anymore. Now, it’s about autonomous agents spinning up, accessing data, making decisions, and even interacting with external systems—often outside the visibility or control of central IT and security teams. The rise of AI agent sprawl is creating a new class of shadow IT risk. Unlike traditional shadow IT, where rogue devices or apps might slip under the radar, AI agents can be far more dynamic and harder to inventory. They can self-replicate, move across environments, and interact with sensitive data in ways that legacy governance models simply weren’t designed to handle. This introduces real risks: uncontrolled data flows, inconsistent security controls, and increased exposure to regulatory violations. So what can organizations do? The first step is to develop a comprehensive inventory of all AI agents and LLM deployments across the enterprise. This isn’t just about asset management—it’s about understanding where your data is flowing, who or what has access to it, and how decisions are being made. From there, organizations need to implement unified governance frameworks that can enforce policy consistently across distributed environments, regardless of where the AI agents reside. It’s also important to recognize that many organizations’ governance strategies are stuck in the past—still optimized for the desktop era, not for the realities of distributed, agentic AI. Modern governance needs to account for the opacity of today’s AI models, the speed at which agents can operate, and the potential for these systems to act autonomously in ways that may be difficult to predict or audit. While AI risks are grabbing the headlines, traditional cyber threats remain as acute as ever. In the past 24 hours, GitLab has released patches for eight security vulnerabilities affecting both its Community and Enterprise Editions. These flaws could allow attackers to escalate privileges, access sensitive data, or disrupt CI/CD pipelines. For organizations that rely on GitLab as the backbone of their software development and DevOps workflows, timely patching is critical. Attackers continue to exploit known vulnerabilities, and the window between disclosure and exploitation is shrinking. Similarly, Microsoft has patched a critical vulnerability in Defender, known as ‘RoguePlanet.’ This flaw could have allowed attackers to bypass security controls or execute malicious code on protected endpoints. Defender is widely deployed and often serves as the first—and sometimes last—line of defense in enterprise environments. Delaying patches here can leave organizations exposed to fast-moving threats. Ransomware remains a persistent threat across all sectors. Mount Royal University has confirmed that data was stolen during a recent ransomware attack, underscoring the ongoing risks to educational institutions and the potential for sensitive data exposure. This is a reminder that ransomware preparedness isn’t just about having backups—it’s about having a comprehensive incident response plan, regular testing, and a clear understanding of your most critical assets and data flows. On the services front, Quorum Cyber has launched a new suite of AI security offerings focused on helping organizations secure the foundations of their AI deployments. These services cover risk assessment, governance, and operational security for AI systems. The message here is clear: AI-specific security expertise and managed services are quickly becoming critical components of enterprise risk management. As organizations accelerate AI adoption, the skills and tools needed to secure these systems are evolving just as rapidly. We’re also seeing movement in the public sector. Telos Corporation has been awarded a contract to support the U.S. Air Force’s Distributed Common Ground System mission, with a focus on secure, resilient information systems. This highlights the strategic importance of robust security and governance in mission-critical, AI-enabled defense environments. As military and defense organizations integrate AI into their operations, the stakes for security and resilience are higher than ever. One of the more nuanced challenges emerging is what’s being called the “AI security paradox.” Organizations are placing increasing trust in AI systems that they can’t fully audit or understand. The lack of transparency in modern AI models—especially large language models—complicates risk assessments and compliance efforts. When you can’t see inside the “black box,” it’s difficult to know whether the system is making decisions in a way that aligns with your policies, regulatory requirements, or even basic ethical standards. This paradox creates a tension for security leaders. On one hand, there’s pressure to accelerate AI adoption for competitive advantage. On the other, there’s a real risk that opaque systems could introduce vulnerabilities or compliance gaps that are hard to detect until it’s too late. The solution isn’t to halt AI adoption, but to push for greater visibility and explainability in AI deployments. That means working with vendors who can provide transparency, investing in tools that offer auditability, and building internal expertise to interpret and challenge AI-driven outcomes. Leadership is also in focus, with new CISOs appointed at both Starburst and the Solana Foundation. These changes signal ongoing investment in security leadership as organizations navigate evolving threats and regulatory landscapes. New security leaders often bring fresh perspectives and may drive new initiatives around AI governance, incident response, and risk management. Let’s take a step back and look at the strategic implications of these developments. First, AI-driven attacks are no longer a future concern—they’re a present reality. The emergence of fully autonomous ransomware means that traditional detection and response methods may be inadequate. Security teams need to modernize their defenses, automate wherever possible, and be prepared for adversaries that can move at machine speed. Second, the proliferation of AI agents and the lack of unified governance frameworks are creating new operational, compliance, and data security risks. Shadow IT is no longer just about unsanctioned apps; it’s about autonomous systems operating outside established control