AI should be treated like any other untrusted entity
"Deny-by-default functions just the same against AI-powered capabilities as it would against any other. When attempting to enter an environment governed by strict controls, AI tools will have a very limited, even nonexistent, pathway." - Danny Jenkins
From the ThreatLocker blog
Password security, agentic AI, and software trust failures
Browser memory issue reignites conversation about post-compromise security
What's happening: A security researcher recently tested every Chromium-based browser for how credentials are handled in memory, and he discovered that Microsoft Edge was the only one that loaded the entire password vault into plaintext process memory. Microsoft admitted that this was not a flaw but part of Edge's architectural design. Comparing Edge to Chrome, the latter protects its decryption keys with App-Bound Encryption, which was added in 2024 in response to the growth in infostealer malware.
Why it matters:The researcher disclosed a working proof-of-concept tool and the attack demonstrated didn't rely on a zero-day or complex exploitation. It relied only on the ability to read process memory. Infostealer malware is readily available through underground forums and enables attackers to easily harvest credentials out of browser memory.
The big picture: The takeaway from this revelation isn't that password managers are all risky. It's that security does not end when data is encrypted on a disk. Once credentials are in memory, they're only as safe as what else is allowed to run alongside them. To reduce risk in this instance, controls must focus on execution, not storage. If unknown code isn't allowed to run, it can't read memory—plaintext or not. Get the full breakdown.
What's happening: The governments of the U.S., UK, Canada, Australia, and New Zealand (known as the Five Eyes alliance) have recommended organizations adopt a Zero Trust posture to combat the security risks of agentic AI. The guidance warns that compromised or overprivileged AI could execute malicious scripts, modify records, move laterally, exfiltrate data, access financial systems, and disable security controls. To control these risks, least privilege, application containment, and Zero Trust principles are crucial.
Why it matters:While fast detection is still critical to security posture, the new guidance makes it clear that prevention must come first, particularly when it comes to fighting AI threats.
The big picture:Agentic AI is bringing with it numerous unknown threats. The only one way to stop them is to block the unknown. The organizations best prepared will be the ones who control what users, applications, and AI agents can do from the start. In-depth review of the latest guidance.
What's happening: JDownloader and Daemon Tools both served malicious and trojanized installers. JDownloader was compromised thanks to an unpatched ACL vulnerability that allowed the attackers to swap installer links. The compromise was discovered within 24 hours. The Daemon Tools compromise was more complicated and involved three core executables being trojanized. This compromise ran for about a month before detection, and research suggests advanced planning took place.
Why it matters: These attacks specifically targeted user trust, this time in the websites they were downloading from. In the JDownloader case, Windows SmartScreen warnings were triggered but, in some cases, ignored. Because the Daemon Tools installers carried valid signatures, no SmartScreen alerts were triggered. Official websites and valid signatures are signs of legitimacy, but they cannot be trusted as conclusive evidence.
The big picture: Zero Trust exists for this scenario. When you cannot trust the source, verify the binary. When you cannot verify the binary, do not execute it. And when a trusted binary behaves in ways that were never approved, contain it. Read full analysis of JDownloader and Daemon Tools compromises.
What's happening: ThreatLocker is back to show Adam Savage malicious hacking devices hiding in plain sight, how they work, and how to stop them. Watch to see how a simple charging cable can have a full keyboard inside it, a webcam can record you on a continuous loop without your knowledge, and why IT departments are right to not let employees use their own devices.
Why it matters: Many of these devices work as intended: They'll charge your phone and work as your keyboard or webcam. But they're also hiding malicious activity like recording every keystroke and collecting passwords.
The big picture: Instead of hoping you're not interesting enough to a bad actor, you have to assume users will be compromised, whether it's through a malicious device or a phishing campaign. Watch Adam Savage's Tested.
The rise in software trust abuse and supply chain compromise makes visibility, access, and execution control more critical than ever.
Next week: Protect your environment with granular admin controls
Leaving privileges in the hands of individual employees is a major vulnerability. Instead, set application permissions at the exact level required and nothing more.
A nine-year-old Linux flaw is a reminder that trusted systems still fail
What's happening: CVE-2026-43284 (Dirty Frag) is a local privilege escalation (LPE) flaw within Linux kernel's IPsec ESP subsystems. Dirty Frag links two vulnerabilities to gain root privileges. The second half of the exploit chain is CVE-2026-43500, RxRPC Page-Cache Write. While Copy Fail takes advantage of file-backed page caches in writable scatterlists, Dirty Frag combines xfrm-SP and RxRPC, which both allow a write action to the page cache of sensitive binaries.
Why it matters: No patch exists at this time, and many Linux distributions may be affected. Compared to Copy Fail, Dirty Frag covers a much wider subset of vulnerable victims.
The big picture: Dirty Frag reinforces the lesson that privilege escalation flaws can remain hidden for years, and individual organizations cannot rely on operating system defenses alone. Assume compromise and enforce strict controls that limit the actions of users and applications—malicious or not.
AI used in working zero-day exploit
Google discovered the vulnerability before weaponization
What's happening: Researchers from Google Threat Intelligence Group (GTIG) discovered a threat actor was able to leverage AI to develop a working zero-day exploit, what is believed to be the first successful use of AI in this manner. Researchers do not believe Mythos was used in this case. With AI models becoming more capable of identifying vulnerabilities, the number of discovered exploits will increase This report follows the report of an unknown hacker's attempt to breach a Mexican water utility using Claude and other AI tools.
Why it matters: State-linked and financially motivated groups are increasingly using AI to scale and accelerate campaigns. Organizations already struggle to patch vulnerabilities quickly enough, which becomes an even bigger problem when the window between disclosure and exploitation shrinks.
The big picture: AI is reshaping both cybersecurity and cyberattacks. Detection alone is not enough, and limiting potential impact is a crucial part of prevention.
“ThreatLocker was the most intuitive solution we tested. The responsiveness of the organization and their willingness to work closely with us made a big difference. It’s great to have an ongoing relationship with a company that is so responsive to our requests.”
Rob Thackeray
End User Technical Architect, Heathrow Airport
ThreatLocker events
Meet the Cyber Hero Team in person at these upcoming events
TechEx North America | May 18-19 San Jose, California
Cybersec Europe | May 20-21 Brussels, Belgium
AISA Cyber Connect | May 27-28 Canberra, Australia
Gartner Security & Risk Management | June 1-3 | Washington D.C.
