"Limiting access to one American model does not stop criminals or foreign adversaries from getting similar capabilities. They will use stolen accounts, foreign models, open-weight tools, and anything else that helps them create a working exploit.
The people slowed down most by restrictions are the security teams trying to test their own systems and patch vulnerabilities before attackers find them.
That is also why trusted access to the most frontier models should not stop with a small group of companies. If these capabilities are spreading, defenders need a path to use them safely and quickly." - Danny Jenkins
From the ThreatLocker blog
Patch management, application control, and where sports and cybersecurity meet
What's happening: To counter growing concerns surrounding AI vulnerability discovery, Apple announced this week they would be fast-tracking security updates rather than coupling them with major iOS updates. While this doesn't mean all updates should be deployed immediately, it does reinforce the importance of a thoughtful patch management strategy. Effective patch management is one of the most important ways to reduce risk in your environment, but the strategy must balance speed with security and stability.
Why it matters:Some professionals prefer the n-1 strategy to avoid the operational disruptions patches may cause. Attackers, however, are hunting for vulnerabilities, and in the age of AI-assisted attacks, the hesitation is not worth it. Because automatic updates have been exploited in recent supply chain attacks, one of the most important elements of a patch management strategy is to deploy in a test environment first and perform QA testing.
The big picture: Patch management is not only crucial to your environment's security. It also plays a big part in the business plan as insurance providers hold policyholders more accountable for breaches caused by outdated security.
How application control stops threats before they start
What's happening: Application control is one of the most effective ways to prevent breaches and malicious activity. It begins with allowlisting dictating what can run in your environment and what can't. This is followed by application containment which restricts how trusted applications can behave and reduces the attack surface. Lastly, least privilege access controls significantly limit the potential of stolen credentials and insider threats.
Why it matters:Advancements in AI have many searching for new controls in order to harden their environments. However, application control doesn't care whether the threat was generated by AI or not. The mission is to block all unknown activity and verify continuously.
The big picture: Detection-based security hinges on known malware signatures and behavioral monitoring and analysis. Application control is meant to complement these policies by reducing the likelihood that security teams will have to respond to alerts, decreasing alert fatigue.
Like cybersecurity, professional sports run on information
What's happening: Major sporting events have long triggered a rise in cyberattacks, but the threats against teams are becoming more commonplace. Sports teams, like banks and hospitals, hold large volumes of sensitive data, whether it's personal information of fans who have purchased tickets or attended a game, health data about their players, or tactical intelligence and strategy. Data exposure can lead to competitive losses, safety concerns, and breach of privacy laws. Sports teams also operate with a web of partners such as stadium operators, broadcast and ticketing vendors, and league infrastructure.
Why it matters:Sports teams share many characteristics with conventional enterprises, but their diversity gives them one of the widest attack surfaces of any business.
The big picture: Sports aren't often considered a major target for attackers. However, the 2018 Winter Olympics Opening Ceremony was targeted out of retaliation, Manchester United was forced to temporarily shut down critical systems in 2020 due to an attack, and the Houston Rockets confirmed a ransomware attack in 2021. Threat actors chase valuable data and vulnerable systems, regardless of industry.
Threat you need to know
An LLM runs an attack from start to finish
Sysdig finds fully automated ransomware attack
AI agent exploits old, already-patched bug in Langflow
What's happening: Security firm Sysdig calls the operator JADEPUFFER, and they believe it to be the first ransomware attack operated completely by an AI agent. The Threat Research Team says an LLM handled the entire job. First, it broke in and stole credentials, then it moved through the network and encrypted and wiped a company's production database. The research team said the clearest sign that this was a fully AI attack was the code. The payloads included explanatory notes many LLMs produce by default.
Why it matters: If an LLM has everything it needs to run a successful attack already, attackers no longer need skill or intellect. All they need is access.
The big picture: Circling back to the importance of timely and thoughtful patch management, this attack began by exploiting a known bug in Langflow that was patched in 2025, yet many servers never updated. With AI becoming more and more capable, the pressure remains on defenders to be more proactive.
ThreatLocker events
Meet the Cyber Hero Team in person at these upcoming events
"ThreatLocker solved alert fatigue for us. What I noticed was that the product, the interface, and the amount of data it surfaces allowed some of my more junior team members to become effective responders within our environment. It became a force multiplier for my team."