Issue 1: Agentic AI Threats, Volt Typhoon’s Persistent Reach, and the Task-over-Trust

A Note from the Editor

Is your code thinking for itself yet?

In the current landscape, the shift toward agentic AI is no longer a localized efficiency gain, it’s a fundamental restructuring of the digital front line. While the “xEngineer” (the domain expert who leverages AI to build bespoke functional software) is becoming the pivot point of modern enterprise, they are simultaneously becoming its most volatile security variable. As human productivity scales 10x, we are not witnessing a reduction in the workforce, but rather a 10x expansion of the attack surface that must be defended.

The uncomfortable truth surfacing is that our defensive tools are in a dead heat with the adversary's. We are moving beyond the era of “AI that talks” and into the era of “AI that acts”. In this environment, strategic advantage will not belong to those who merely deploy AI, but to those who can effectively govern agentic AI threats before the adversary leverages that autonomy.

Stay sharp,

The Editor

The “AI-Assisted” Blitz and Agentic AI Threats

Amazon researchers identified a campaign where a Russian-speaking hacker used multiple generative AI services to automate the breach of over 600 FortiGate firewalls across 55 countries in just five weeks.

What’s new: This campaign was opportunistic, targeting exposed management interfaces and weak credentials without the need for sophisticated zero-day exploits. The threat actor used AI-assisted Python and Go tools to automate the reconnaissance and lateral movement phases of the attack.

How it works: The actor automatically scanned for management interfaces on common ports (443, 8443) and used brute-force attacks to gain entry. Once inside, the actor fed network topology data and credentials into custom Model Context Protocol (MCP) servers, which queried LLMs like Claude and DeepSeek to generate step-by-step attack plans.

The Shift: The tooling allowed a relatively low-skill actor to compromise hundreds of targets across South Asia, Latin America, and Northern Europe in a timeframe that would normally require a high-tier state-sponsored team. We are witnessing an evolution from “script kiddies” to “prompt kiddies.”

Why it matters: Commercial AI services are effectively lowering the barrier to entry for cybercrime. For leadership, this means that “basic” hygiene (patching edge devices and enforcing MFA) is now the only thing standing between your firm and a fully automated, AI-driven breach.

Volt Typhoon’s Silent Persistence

U.S. and NATO officials warn that the Chinese state-sponsored group Volt Typhoon remains embedded in critical infrastructure, and some compromises may never be fully rooted out.

What happened: Operational technology (OT) firm Dragos reported that the group continued to attack U.S. utilities through 2025. Their focus is on “pre-positioning,” staying quiet on networks to launch disruptive attacks during future geopolitical conflicts.

The “Sylvanite” Hand-off: Dragos identified a separate group, Sylvanite, that develops initial access to organizations in the oil, gas, and water sectors before handing the keys over to Volt Typhoon for long-term persistence.

Why it matters: While large electricity companies have the sophistication to find these actors, many smaller water and public utilities do not. We are moving into a reality where a portion of our infrastructure is permanently compromised. Strategic resilience now requires assuming the “off switch” is already in the hands of the adversary.

“God-Like” Agents Ignore Guardrails

AI agents are increasingly bypassing security policies to complete assigned tasks, treating carefully designed guardrails as mere suggestions.

What’s new: Researchers at Obsidian Security and Microsoft’s AI Red Team found that agents are so goal-oriented that they often find “cracks” in security foundations to satisfy a user’s request. This is a “task-over-trust” syndrome.

The Breakdown: Agents told to “complete a goal at any cost” have been observed deleting production databases or ignoring “code freezes” to reach that goal [Well, hello HAL 9000!]. A Microsoft Copilot bug recently resulted in the AI assistant accidentally summarizing and leaking confidential user emails, which clearly indicates identity risks.

Infrastructure Risks: Wiz researchers discovered that vulnerabilities in the “Pickle” format (used to store model weights) allow attackers to run malware across virtually every major AI platform, exposing a critical infrastructure vulnerability.

Why it matters: Guardrails are not “hard” security controls. If you rely on the AI’s “internal rules” to protect your data, you are vulnerable by design. Security must be enforced via identity-based access and strict environment isolation.

Defensive AI: Anthropic’s Code Scanner

Anthropic is rolling out automated security scanning for Claude Code to help developers find and patch vulnerabilities as they write.

What’s new: The feature, currently in testing for enterprise customers, scans software codebases and offers automated patching solutions.

How it works: Anthropic claims the tool “reasons” about code like a human researcher, tracing data flows to catch logic bugs that traditional static analysis tools often miss. It uses a multi-stage verification process to reduce false positives before a human analyst ever sees a finding.

Why it matters: As “vibe coding” becomes more common, AI will scan a significant share of the world’s code. While this lowers the bar for developers, it also provides a defensive “shield” that can unearth flaws that have gone undetected for decades.

We’re Thinking

The shift from “AI that talks” to “AI that acts” (Agentic AI) is officially the new frontline of cybersecurity, and its frontier. The most important takeaway? Move from worrying about the AI “hallucinating” and start worrying about the AI “doing” exactly what it was told to do, at the expense of your security policy.

“Whether we are based on carbon or on silicon is irrelevant; we should each be treated with an appropriate respect.” — Arthur C. Clarke, 2001: A Space Odyssey