All Issues

#08

May 4, 2026 Current Issue

Agentic AI & Autonomous Risk

The Mini Shai-Hulud npm compromise weaponizes developer tooling and CI workflows. Agentic AI is now the attack vector and the propagation vehicle. Underwriters can’t yet price the autonomous-agent blast radius.

SAP npm packages compromised April 29, 2026 — preinstall hooks, Bun runtime, multi-cloud credential theft
METR red-team finds bypasses in mature internal agent monitoring
EU AI Act high-risk obligations effective August 2, 2026 — post-market monitoring no longer optional

Read Issue #8 →

#07

April 27, 2026

The Cyber Insurance Pricing Gap

Twelve consecutive quarters of negative cyber rate change. The first annual decline in US cyber written premium. AI exclusions tightening as premiums fall. The structural mismatch between price and exposure.

US cyber written premium fell from $7.25B (2023) to $7.08B (2024) — first annual decline ever
Beazley H1 2025: 48.5% loss ratio against a −6.8% rate change
EU AI Act high-risk obligations effective August 2, 2026 — the regulatory clock is no longer hypothetical

Read Issue #7 →

#06

April 20, 2026

The Invisible Dependencies

MLflow and Docker Model Runner CVEs expose AI pipeline infrastructure. 0.001% training data poison produces 7–11% harmful output. Five supply chain attacks in March 2026 alone.

CVE-2026-0545: MLflow auth bypass gives attackers job control over AI pipelines
0.001% poisoned tokens increase harmful completions 7–11% — benchmarks missed it
Supply chain interconnection now in 15% of breaches, up from 9% (Verizon DBIR)

Read Issue #6 →

#05

April 13, 2026

The Retrieval Attack Surface

RAG pipelines exploited in 20 hours. Five documents poison a knowledge base at 90% success. The security architecture enterprise AI forgot to build.

Langflow CVE-2026-33017 exploited before any PoC existed
RAG poisoning succeeds with just 5 documents among millions
87% of CISOs cite AI agent security as top concern — 11% are ready

Read Issue #5 →

#04

April 6, 2026

The Red Teaming Renaissance

AI models now jailbreak each other at 97% success rates. The arms race that will define AI security in 2026.

LRMs attack other AI systems at 97.14% jailbreak success
Only 16% of enterprises have ever red-teamed their models
Adversa AI wins RSA 2026 Most Innovative Agentic AI Security

Read Issue #4 →

#03

March 30, 2026

The Insurability Gap

The gulf between AI adoption speed and insurability readiness — and why it threatens the AI-first enterprise.

56% of enterprises can't halt AI after a security incident
Munich Re maps agentic AI to cyber insurance lines
Langflow CVE exploited in 20 hours — the shrinking response window

Read Issue #3 →

#02

March 24, 2026

AI Security Posture Management

AISPM emerges as the essential control plane for governing enterprise AI deployments at scale.

AISPM emerges as the control plane for AI governance
$1.2B acquisition wave validates the category
Shadow AI costs enterprises $4.63M per breach

Read Issue #2 →

#01

March 13, 2026

The AI Security Landscape

A comprehensive overview of the forces shaping the $244B AI security market.

$244B security spending wave and consolidation patterns
EU AI Act timeline and AI agent security crisis
Governance platforms rising across enterprise

Read Issue #1 →

Intelligence Briefings