Plus: Why Apple adjusted its security update strategy ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
Zero Trust Weekly

This week in Zero Trust

Prevention is a defender's best tool against AI

Estimated reading time: 4-5 minutes

 

In this issue:

  • Apple adjusts update release strategy in response to AI concerns
  • Application control: The foundation of Zero Trust
  • Threat actors' new favorite target: Sports
  • Threat you need to know: A ransomware attack run entirely by an LLM
View in browser

Manage preferences

From the CEO

On Mythos and Fable 5

 

"Limiting access to one American model does not stop criminals or foreign adversaries from getting similar capabilities. They will use stolen accounts, foreign models, open-weight tools, and anything else that helps them create a working exploit.
 
The people slowed down most by restrictions are the security teams trying to test their own systems and patch vulnerabilities before attackers find them.
 
That is also why trusted access to the most frontier models should not stop with a small group of companies. If these capabilities are spreading, defenders need a path to use them safely and quickly.
"  - Danny Jenkins

From the ThreatLocker blog

Patch management, application control, and where sports and cybersecurity meet

 

Apple, AI vulnerability discovery, and patch management

The problem with the n-1 strategy

  • What's happening: To counter growing concerns surrounding AI vulnerability discovery, Apple announced this week they would be fast-tracking security updates rather than coupling them with major iOS updates. While this doesn't mean all updates should be deployed immediately, it does reinforce the importance of a thoughtful patch management strategy. Effective patch management is one of the most important ways to reduce risk in your environment, but the strategy must balance speed with security and stability.
  • Why it matters: Some professionals prefer the n-1 strategy to avoid the operational disruptions patches may cause. Attackers, however, are hunting for vulnerabilities, and in the age of AI-assisted attacks, the hesitation is not worth it. Because automatic updates have been exploited in recent supply chain attacks, one of the most important elements of a patch management strategy is to deploy in a test environment first and perform QA testing. 
  • The big picture: Patch management is not only crucial to your environment's security. It also plays a big part in the business plan as insurance providers hold policyholders more accountable for breaches caused by outdated security. 

What can run, what it can do, and how it can be elevated

How application control stops threats before they start

  • What's happening: Application control is one of the most effective ways to prevent breaches and malicious activity. It begins with allowlisting dictating what can run in your environment and what can't. This is followed by application containment which restricts how trusted applications can behave and reduces the attack surface. Lastly, least privilege access controls significantly limit the potential of stolen credentials and insider threats.  
  • Why it matters: Advancements in AI have many searching for new controls in order to harden their environments. However, application control doesn't care whether the threat was generated by AI or not. The mission is to block all unknown activity and verify continuously. 
  • The big picture: Detection-based security hinges on known malware signatures and behavioral monitoring and analysis. Application control is meant to complement these policies by reducing the likelihood that security teams will have to respond to alerts, decreasing alert fatigue.

How cybersecurity became an operational priority in sports

Like cybersecurity, professional sports run on information

  • What's happening: Major sporting events have long triggered a rise in cyberattacks, but the threats against teams are becoming more commonplace. Sports teams, like banks and hospitals, hold large volumes of sensitive data, whether it's personal information of fans who have purchased tickets or attended a game, health data about their players, or tactical intelligence and strategy. Data exposure can lead to competitive losses, safety concerns, and breach of privacy laws. Sports teams also operate with a web of partners such as stadium operators, broadcast and ticketing vendors, and league infrastructure. 
  • Why it matters: Sports teams share many characteristics with conventional enterprises, but their diversity gives them one of the widest attack surfaces of any business.   
  • The big picture: Sports aren't often considered a major target for attackers. However, the 2018 Winter Olympics Opening Ceremony was targeted out of retaliation, Manchester United was forced to temporarily shut down critical systems in 2020 due to an attack, and the Houston Rockets confirmed a ransomware attack in 2021. Threat actors chase valuable data and vulnerable systems, regardless of industry.

 Threat you need to know

An LLM runs an attack from start to finish

 

Sysdig finds fully automated ransomware attack

AI agent exploits old, already-patched bug in Langflow

  • What's happening: Security firm Sysdig calls the operator JADEPUFFER, and they believe it to be the first ransomware attack operated completely by an AI agent. The Threat Research Team says an LLM handled the entire job. First, it broke in and stole credentials, then it moved through the network and encrypted and wiped a company's production database. The research team said the clearest sign that this was a fully AI attack was the code. The payloads included explanatory notes many LLMs produce by default.

  • Why it matters: If an LLM has everything it needs to run a successful attack already, attackers no longer need skill or intellect. All they need is access.
  • The big picture: Circling back to the importance of timely and thoughtful patch management, this attack began by exploiting a known bug in Langflow that was patched in 2025, yet many servers never updated. With AI becoming more and more capable, the pressure remains on defenders to be more proactive. 

ThreatLocker events

Meet the Cyber Hero Team in person at these upcoming events

  • CISO Melbourne | July 15
    Melbourne, AU
  • FLGISA Annual Conference | July 20
    Aventura, FL
  • Cyber Security Summit | July 23 Washington D.C.
  • Black Hat USA | August 1–6

    Las Vegas, Nevada

  • Gartner SRM Brazil | August 4–5
    Sao Paulo, BR
  • ILTACON 2026 | August 23-27
    Nashville, TN
See more upcoming events

"ThreatLocker solved alert fatigue for us. What I noticed was that the product, the interface, and the amount of data it surfaces allowed some of my more junior team members to become effective responders within our environment. It became a force multiplier for my team."

 

Dan Bourdeau

Michigan Municipal Risk Management Authority

Director of Technology and Cybersecurity 

Book a ThreatLocker demo
ThreatLocker: Zero Trust Platform | Zero Trust Weekly

ThreatLocker, 1901 Summit Tower Blvd, Orlando, Florida 32810, United States

Manage preferences

Connect with us

                             

©2026 ThreatLocker Inc., All Rights Reserved