"There’s a growing belief that because of new threats, you need AI to fight AI. I believe that’s the wrong focus. While defenders should certainly use the same penetration testing tools that attackers use, the conversation of AI stopping AI risks is distracting us from something more immediate. There are proven steps that organizations can deploy today that do not depend on AI, and we must do so with urgency because Anthropic won’t delay release indefinitely. The focus should be on limiting what new exploits can do, even before they’re identified." - Danny Jenkins
What's happening: Anthropic revealed last week that their newest AI model Claude Mythos Preview is sophisticated enough to find and exploit vulnerabilities at scale. For the time being, it is only being released to 40 industry stakeholders as part of Project Glasswing. Anthropic has cautioned that Mythos' capabilities are such that it can chain vulnerabilities together and puts expert-level security research capabilities and technical acumen at the fingertips of whoever accesses it.
Why it matters:On the surface, it appears as though Mythos Preview could provide attackers with an infinite number of exploits that would've taken experienced security researchers years to discover. It could also further lower the barrier to entry for attackers and increase the speed and precision of advanced threats.
The big picture: Whenever Mythos Preview is eventually released to the public, the fact remains that in an AI-driven world, Zero Trust is still supreme. You must prevent unauthorized actions from executing in the first place, regardless of how quickly they’re created. ➡️Read more about how Mythos finds vulnerabilities
The growing risk of supply chain attacks in open-source ecosystems
What happened: Attackers published malicious versions of an npm package tied to Axios to distribute remote access trojan (RAT) malware. On March 31, malicious Axios npm releases 1.14.1 and 0.30.4 were published and remained available for several hours before removal from the npm registry. Once installed, the package executed obfuscated scripts that reached out to attacker-controlled infrastructure and deployed a RAT. Because the malicious code was injected into a widely used dependency, the malware was silently delivered into developer environments and any systems running the affected code.
Why it matters:Developers and organizations inherently trust widely used tools and libraries, meaning a single compromise can cascade across thousands of environments. In this instance, more than 10,000 users were affected in under an hour. This attack didn't target users though; it targeted their trusted software.
The big picture: Application containment is crucial to preventing supply chain attacks from affecting your environment. In addition to default-deny allowlisting, organizations should test and validate all updates in a controlled environment rather than automatically pushing them into production. ➡️Read the full compromise analysis from ThreatLocker Threat Intelligence
A broader approach to security, resilience, and governance
What's happening: Following the release of NIST CSF 2.0 in 2024, NIST added a draft Cyber AI Profile in late 2025. The addition extends the core principles of NIST CSF 2.0 to address unique risks and opportunities introduced by AI. It accounts for AI-specific threats such as model manipulation, data poisoning, and unintended system behavior. It highlights the need for continuous validation of AI systems to ensure they behave as intended.
Why it matters:IBM's Data Breach Report of 2025 notes that 97% of organizations that reported an AI-related incident also lacked proper AI access controls. Cyber risk is a major business risk rather than merely a technical one and the advancement of AI only heightens that risk. The updated framework reflects the need for executive oversight, better risk communication, and more adaptive security strategies.
The big picture: Cyber risk is a business risk, but managing it well creates opportunity. As NIST CSF 2.0 points out, carefully targeted controls can actually drive revenue and unlock new markets. ➡️How alignment with NIST CSF provides a strategic advantage
Supply chain attacks are rising because they are effective. Instead of targeting you directly, attackers compromise your trusted vendors, software, or service providers to gain access and move laterally once inside.
The good news? You can stop these attacks before they execute.
See how to stop supply chain attacks before they execute, and learn how to block attackers, even after a compromise.
CISA warns of actively exploited Exchange and Windows flaws
Both flaws being leveraged in attacks against government and enterprise networks
What's happening: CISA has warned that attackers are actively exploiting vulnerabilities in Microsoft Exchange and the Windows Common Log File System (CLFS). These flaws can enable privilege escalation and remote compromise, giving attackers a foothold in enterprise environments. Analysts have noted that privilege escalation flaws are typically used as part of a multi-stage attack. The Exchange vulnerability involves the deserialization of untrusted data.
Why it matters: CLFS is a vital component in numerous Windows processes for system logging, and attackers exploiting this bug could gain administrative control, disable security mechanisms, or move laterally across a network. Meanwhile, exploiting the Exchange Server flaw could allow attackers to deploy remote commands, install backdoors, and pivot deeper into networks.
The big picture: Patching these vulnerabilities is the first critical step organizations should take. To protect against similar vulnerabilities in the future, application containment policies and enforcing least privilege access can limit the blast radius and restrict what attackers are able to do after compromise.
Okta targeted in ongoing vishing campaigns
One an account compromise, now an instant data breach
What's happening: Threat actors are targeting Okta environments with vishing and credential-theft attacks. Instead of phishing emails, they are posing as IT support or employees and calling victims or help desks to trick them into weakening or resetting MFA, sharing one-time passcodes, or handing over passwords. One successful call can bypass MFA entirely, and the attacker has immediate SSO access to apps like SharePoint, OneDrive, Google Workspace, VPNs, and more.
Why it matters: MFA blocks technical attacks relatively well, but humans falter under pressure. Attackers can grab enough personal info from LinkedIn and company websites to create a convincing vishing campaign.
The big picture: A single stolen credential shouldn't give away the keys to the castle. Employee education against popular attack techniques (like asking for one-time codes) is important, but it's more critical to assume attackers will find a way in and limit what they can do. Enforce device-based access for SaaS applications and control exactly what different applications are allowed to do, and you limit the attackers' blast radius.
Ready to see how ThreatLocker can protect your organization against AI-boosted threats, zero-days, LOTL attacks, and more?
