Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TranscriptThe rapid expansion of artificial intelligence across industries is fundamentally reshaping the cyber risk landscape. As organizations race to adopt AI-driven solutions, many are finding that their governance frameworks simply aren’t keeping up. This gap between innovation and oversight is creating new vulnerabilities, drawing the attention of regulators, attackers, and security leaders alike. Let’s start with the financial sector, where we’re seeing some of the most concrete moves toward AI regulation. The Bangko Sentral ng Pilipinas, or BSP, has rolled out a formal AI governance framework for banks. The goal is straightforward: ensure responsible AI adoption while maintaining financial stability. This isn’t just about compliance checklists—it’s about risk management, transparency, and building trust in a sector that relies on both. For CISOs and risk managers, this development signals a broader trend. Other jurisdictions and industries are likely to follow suit, and that means organizations need to assess their own AI governance maturity now—not later. Are your AI deployments auditable? Can you demonstrate responsible use? These are questions regulators will soon be asking everywhere. But it’s not just the Philippines. Across the globe, AI adoption is outpacing the development of governance structures. A recent report highlights that, as organizations deploy AI at scale, many are leaving themselves exposed to operational, ethical, and security risks. The gap between innovation and oversight isn’t just a theoretical concern—it’s a practical one. Without robust governance, organizations face a higher likelihood of compliance failures, data mishandling, and reputational damage. Security leaders need to prioritize the integration of governance controls into every AI project. That means clear documentation, transparent decision-making processes, and a readiness to adapt as regulatory expectations evolve. While AI governance is a headline issue, the underlying cyber risks haven’t gone away—in fact, they’re evolving. Let’s talk about vulnerabilities in enterprise platforms, starting with Oracle E-Business Suite. There’s a critical flaw being actively exploited right now. Hackers are leveraging this vulnerability to breach networks, exfiltrate data, and move laterally within organizations. Oracle PeopleSoft environments have also been hit, with confirmed data leaks making the rounds. If your organization runs any affected Oracle platforms, immediate patching is essential. But patching alone isn’t enough—incident response plans need a fresh look, and monitoring should be ramped up. This is a live threat, and it’s not going away quietly. Identity-based attacks are another area seeing a surge, particularly those powered by AI. PwC reports a significant uptick in these attacks, with adversaries using automation and sophisticated techniques to bypass traditional defenses. The targets are often cloud and supply chain environments, where weak authentication and access controls present easy entry points. The implication is clear: identity and access management strategies need an overhaul. Adaptive authentication, continuous monitoring, and a zero-trust mindset are no longer optional—they’re foundational. As the attack surface expands with both AI and cloud adoption, security experts are emphasizing four defenses that matter most. First, robust identity management—making sure only the right people have access to the right resources, at the right time. Second, continuous monitoring—because static defenses can’t keep up with dynamic threats. Third, securing the software supply chain—since attackers are increasingly looking for weaknesses in third-party components and integrations. And fourth, AI-native threat detection—leveraging machine learning to spot anomalies and emerging attack patterns that traditional tools might miss. Security leaders should benchmark their controls against these priorities and address any gaps. AI agents—those autonomous systems making decisions and taking actions on behalf of organizations—are also on the rise. A recent study by AvePoint finds that as the use of these agents accelerates, so do the associated security risks. We’re talking about data leakage, model manipulation, and unauthorized access. The takeaway here is the need for dedicated AI security controls and clear policies governing agent deployment. If you’re using AI agents, it’s time to evaluate your risk assessments and ensure they’re up to date. Transparency in AI decision-making is quickly becoming a regulatory flashpoint. In a recent CIOReview survey, 78% of organizations admitted they can’t clearly explain how their AI systems make decisions. That’s a problem, because explainability is the first thing regulators are likely to ask about. A lack of transparency doesn’t just create compliance headaches—it erodes trust with stakeholders and customers. Security and risk executives need to make AI transparency and documentation a core part of their governance programs. Let’s shift to another active threat: the exploitation of SimpleHelp remote support software. Threat actors are targeting a critical vulnerability in SimpleHelp to deploy Djinn Stealer malware. The goal is credential theft and data exfiltration, and the campaign is ongoing. This highlights the broader risks associated with remote access tools, which have become ubiquitous in hybrid and remote work environments. Organizations using SimpleHelp need to act immediately—patch the software, monitor for anomalous activity, and review remote access policies. On the international stage, the Five Eyes intelligence alliance—comprising the US, UK, Canada, Australia, and New Zealand—has issued a call to action for business leaders. Their message: AI-driven cyber risks demand proactive management, cross-sector collaboration, and the adoption of AI-native security controls. This isn’t just a government concern; it’s a business imperative. CISOs should review the Five Eyes recommendations and align their strategies with international best practices. Legacy platforms remain a persistent source of cyber risk. ServiceNow and Accenture are teaming up to tackle this problem, aiming to modernize risk management and incident response for organizations still dependent on older technologies. The broader industry is pushing to reduce technical debt and improve resilience, especially as attackers combine traditional and AI-enabled techniques. Security leaders should take a hard look at their own legacy environments and consider modernization initiatives where feasible. The ecosystem of AI security solutions is also expanding, with vendors like HiddenLayer integrating AI-native security capabilities into platforms such as Databricks Unity AI Gateway. These tools promise enhanced threat detection and model protection for enterprise AI workloads. As the number and complexity of AI deployments grow, CISOs should evaluate whether specialized AI security tools fit within their operational stack. Guidance for enterprise AI deployment is evolving as well. The release of GLM 5.2 provides actionable recommendations for integrating AI into business processes while managing security, scalability, and compliance risks. Security executives should review these guidelines to inform their AI risk management strategies and ensure that new deployments don’t introduce unforeseen vulnerabilities. So, what are the strategic implications of all these developments? First, regulatory scrutiny of AI is intensifying. Sector-specific frameworks, like the one from BSP, are emerging and likely to expand globally. Organizations need to anticipate this wave of regulation and prepare accordingly. Second, the gap between AI adoption and governance is a material risk. It’s not enough to deploy AI quickly; controls and transparency must be embedded from the start. This means building explainability into your models, documenting decision processes, and ensuring that AI systems are auditable. Third, critical vulnerabilities in widely used enterprise platforms are a persistent threat. Continuous patch management and incident readiness aren’t just best practices—they’re essential. Attackers are watching for laggards, and the cost of delay can be measured in data breaches and business disruption. Fourth, identity and cloud security are top priorities. Attackers are leveraging automation and exploiting supply chain weaknesses to bypass defenses. Organizations need to strengthen their identity and access management, adopt adaptive authentication, and continuously monitor for suspicious activity. Let’s distill what matters most today. If your organization uses Oracle E-Business Suite or SimpleHelp, immediate assessment and remediation are non-negotiable. The risks are active and publicized, and attackers are moving quickly. At the same time, organizations must accelerate the development of AI governance frameworks. Regulatory and stakeholder expectations are rising, and being caught unprepared could have significant consequences—not just in terms of fines, but also in lost trust and competitive disadvantage. Finally, strengthening identity, cloud, and AI-native security controls is critical. As attack surfaces expand and threat sophistication increases, foundational cyber hygiene is your first and best line of defense. To wrap up, the convergence of rapid AI adoption, evolving regulatory expectations, and persistent cyber threats demands a dual-track approach. Accelerate innovation, but embed risk controls at every stage. Prepare for increased scrutiny, and make sure your governance, transparency, and incident response capabilities are up to the chall