AI agents under active attack

CybersecurityHQ weekly analysis

Welcome reader to your CybersecurityHQ report

Brought to you by:

👉 Cypago - Cyber governance, risk management, and continuous control monitoring in a single platform

🤖 Akeyless - The unified secrets and non-human identity platform built for scale, automation, and zero-trust security

🧠 Ridge Security - The AI-powered offensive security validation platform

-

Forwarded this email? Join 70,000 weekly readers by signing up now.

#OpenToWork? Try our AI Resume Builder to boost your chances of getting hired!

Get lifetime access to our deep dives, weekly cyber intel podcast report, premium content, AI Resume Builder, and more — all for just $799. Corporate plans are now available too.

This Week in Cybersecurity: AI Agents Breached, Budget Cuts Backfire, and Attack Surface Chaos

AI agents are no longer pilots or experiments. They are embedded across enterprise workflows, interfacing with systems, data, and user identities. And now, they are increasingly under attack. The lesson is not new, but it is urgent: AI is not secure by default. Enterprise deployment speed has outpaced the security model. Adversaries, unconstrained by procurement cycles or regulatory friction, are adapting in real time.

Simultaneously, public cybersecurity infrastructure is being de-prioritized. A proposed $500 million cut to CISA signals a dangerous assumption. Foundational cyber resilience is being treated as optional at a time when threats are accelerating. But adversaries are not negotiating. They are scaling, innovating, and using the very tools we are still piloting.

Most organizations are defending static perimeters using outdated telemetry. Meanwhile, AI-native threats are targeting trust structures, federation links, and autonomous systems. The kill chain is now minutes long. Threat actors are using our own tooling, models, APIs, agents, against us.

This is not a blip. It is a directional shift. Here is what matters now.

Major Security Incidents

Canadian Electric Utility Breach

Corporate IT systems at Nova Scotia Power were targeted in a cyberattack, but no confirmed grid disruptions were reported. The incident still exposes weak segmentation between IT and OT environments, underscoring urgent gaps in infrastructure resilience.

Ascension Health Systems

A ransomware attack disrupted clinical operations across multiple hospitals, forcing ambulance diversions and system outages. While attribution is ongoing, the incident mirrors previous attacks tied to file transfer software flaws, spotlighting third-party risk.

State-Aligned Threat Activity

APT29 Expands Tactics

CrowdStrike confirms renewed activity from APT29, also known as Cozy Bear, now targeting identity infrastructure with "Magic Web" malware inserted into ADFS systems. This is not just persistence; it is privilege escalation through trust abuse. Expect similar tactics across federated and hybrid authentication stacks.

Chinese Espionage Techniques Evolve

Chinese threat actors are increasing the use of adversary-in-the-middle attacks and compromised update mechanisms. These campaigns bypass traditional detection methods by exploiting misconfigurations in identity systems and software supply chains.

Zero-Day and Vulnerability Exploits

Langflow AI Builder Exploited

Langflow's vulnerability was added to CISA’s Known Exploited Vulnerabilities list within days of proof-of-concept publication. AI tooling, particularly in open-source ecosystems, is moving faster than enterprise defensive cycles can adapt.

SonicWall, Apache Pinot, SAP NetWeaver

All three platforms were exploited before patches reached production environments. Organizations relying on third-party vendors must demand rapid disclosure and patch validation to prevent being caught in the gap between vulnerability discovery and remediation.

Critical Exploited Vulnerabilities (May 2025)

Vendor/Product

CVE ID

Exploit Type

CISA KEV

Patch Available?

Exploited in Wild?

Zero-Day?

SonicWall SMA100

CVE-2023-44221

OS Command Injection

✅ Yes

✅ Yes

✅ Yes

❌ No

SonicWall SMA100

CVE-2024-38475

Path Traversal (Apache HTTP)

✅ Yes

✅ Yes

✅ Yes

❌ No

Apache Pinot

CVE-2024-56325

Authentication Bypass

❌ No

✅ Yes

✅ Yes

❌ No

SAP NetWeaver

CVE-2025-31324

Unauthenticated File Upload

✅ Yes

✅ Yes

✅ Yes

✅ Yes

AI Threat Vectors

Prompt Injection: DeepSeek R1 Breached

Security researchers achieved a 100 percent success rate using prompt injection attacks against DeepSeek R1. The findings highlight the weakness of current guardrails and the urgent need for context isolation in AI agents.

AI Integration Risk

Enterprise AI pilots are being deployed at speed, often without red teaming or adversarial testing. The result is a dangerous blind spot where models operate without sufficient security oversight or context control.

Strategic Investment and Architecture

RSA 2025: Innovation Without Integration

The narrative at RSA this year was clear. The market is saturated with tools, but architecture is falling behind. CISOs are demanding integrated, scalable defense models rather than fragmented dashboards.

Funding vs Execution

Cybersecurity startups raised over $2.1 billion in Q1, yet SOC staffing has remained flat. Without orchestration and operational cohesion, more tools only increase the complexity of already strained environments.

Geopolitical Risk Brief

India–Pakistan Escalation

Military tension has risen after Indian airstrikes in Pakistani territory. Enterprises with exposure in the region should prepare for retaliatory cyber operations that could target telecom, finance, and infrastructure sectors.

Gaza Conflict Continues

The prolonged conflict is driving increased hacktivist campaigns and cyberattacks targeting Western-affiliated NGOs, media outlets, and government entities. Disinformation, phishing, and data leaks are becoming more frequent.

UK Cyber Surge Amid AI Adoption

The UK reported a doubling of major cyberattacks over the past year, including disruptions across retail and infrastructure sectors. Pro-Russian groups have claimed responsibility for recent DDoS attacks. New legislation under consideration would prohibit ransom payments by critical industries.

CISO Watchlist: Key Events from May 1–7, 2025

Title

Summary

Relevance

M&S and Co-op Breached via Social Engineering

Scattered Spider impersonated staff to trick IT help desks into resetting privileged accounts.

Highlights identity recovery risk and need for multi-step verification.

Apple AirPlay Flaw (“AirBorne”) Exposes Devices on Public Wi-Fi

Critical AirPlay exploit allows local attackers to hijack iPhones and access sensitive data.

Reinforces need for mobile security and third-party patch coverage.

UK Infrastructure Hit by Pro-Russian DDoS Campaign

Group NoName057(16) disrupts ports and council services via sustained DDoS attacks.

Tied to geopolitical escalation and low-cost cyber disruption trends.

Massive Breach Exposes 19 Billion Passwords

19B real passwords leaked online, with high reuse across personal and enterprise accounts.

Password reuse remains a systemic threat. Emphasizes need for passwordless solutions.

Google Detects New Russian Malware “LOSTKEYS”

Cold River APT deploys new malware for data exfiltration and system mapping.

TTP evolution targeting strategic entities. Aligns with APT29 trends.

Digital Passkeys Replace Passwords in UK Government

Passkeys officially adopted to replace passwords, using biometrics and local device credentials.

Long-term trend toward passwordless identity models.

Strategic Recommendations for CISOs

AI and Agent Security

  • Treat all AI agents as privileged systems. Authenticate, authorize, and audit every action and request.

  • Isolate agents using strict scope control and sandboxed execution environments.

  • Red-team AI models for context injection, output manipulation, and privilege abuse.

Identity and Federation Risk

  • Revalidate all federated identity systems, especially ADFS and Azure AD.

  • Deploy deception technologies and behavioral monitoring to detect lateral movement.

Cloud and Infrastructure Exposure

  • Apply accelerated patch cycles for SonicWall, Pinot, and NetWeaver systems.

  • Enforce continuous posture management and misconfiguration scanning in cloud environments.

Nation-State Threat Containment

  • Monitor adversary TTPs continuously. Assume modular campaigns are already in motion.

  • Require vendors to disclose SBOMs and commit to clear remediation timelines as part of procurement standards.

Closing Signal

Cybersecurity is not a support function. It is the core operating system of trust, uptime, and brand equity. The attack surface now includes models, agents, federated identities, and assumptions.

Enterprises that fail to embed security into architecture are not just exposed. They are structurally outpaced. The velocity of threat evolution no longer allows for delayed responses or siloed defenses.

This is not about defending what you know. It is about preparing for what is already inbound.

CybersecurityHQ: This Week's Reports Derived from Technical Research Papers and Briefings

🔒 Pro subscriber-only 🔒

  1. How publicly traded companies are adapting cyber risk disclosures to meet new SEC cybersecurity regulations 👉 Read the report

  2. Preventing model inversion in federated learning: Effective cryptographic techniques by data sensitivity level 👉 Read the report

  3. Key challenges and strategies for recruiting and retaining cybersecurity talent in emerging technology markets 👉 Read the report

  4. How detailed threat actor personas improve predictive accuracy of cyber attack strategies compared to generic profiles 👉 Read the report

  5. Securing the edge: Cybersecurity strategies for AI-driven manufacturing environments 👉 Read the report

And more inside - check out the full list here.

🎙️ Cyber Intel Brief: Key Insights from Leading Security Podcasts

This is what you missed in this week’s Cyber Intel Report, sourced from top cybersecurity podcasts and webinars, if you haven’t upgraded your membership: critical insights, expert takes, and the latest threats unpacked. Don’t let this slip by—upgrade today to get the full scoop!

Cybersecurity Vendors Under Siege
Nation-states now target security providers directly. Compromising the protectors to infiltrate the enterprise.

AI Worms Are Live
Autonomous agents are being hijacked by adversarial prompts. Few organizations are prepared.

Healthcare’s IoT Crisis
14 connected devices per hospital bed. Most unpatchable. Many unsecured.

Insiders: Accidental but Devastating
Over half of insider incidents stem from negligence. Dwell times can stretch into years.

AI-Powered Phishing Surges
Deepfake voices and LLM-crafted emails bypass traditional defenses. One CFO scam resulted in $35M lost.

And more insights in this week’s full CISO briefing.

Interesting Read

FDA Collaborates with OpenAI on AI-Driven Drug Evaluation

The U.S. Food and Drug Administration is piloting an initiative with OpenAI, tentatively called cderGPT, to explore how large language models can accelerate the review of drug applications and clinical data. The goal is to assist human reviewers by summarizing scientific documents, spotting anomalies, and referencing past regulatory decisions.

While still in early stages, this signals a broader shift toward integrating AI into regulatory workflows. It also raises new challenges around AI transparency, bias, and compliance, spotlighting areas CISOs must monitor as AI adoption expands into sensitive government and healthcare environments.

Fresh From the Field: Security Resources You Can Use

Title and Source

Summary

Link

NIST IR 7621r2 IPD: Small Business Cybersecurity – Non-Employer Firms (NIST)

Guidance for solopreneurs and consultants on applying the NIST Cybersecurity Framework 2.0. Provides worksheets and practical, non-technical advice tailored for non-employer firms.

Read the whitepaper

From Texts to Shields: Convergence of Large Language Models and Cybersecurity (arXiv)

Examines how LLMs are integrated into cybersecurity, including 5G threat detection, generative security engineering, and human-in-the-loop architectures.

Read the whitepaper

Artificial Intelligence Index Report 2025 (Stanford HAI)

Comprehensive global report analyzing trends in AI development, use, governance, inference cost, and ethical practices. Essential for CISO strategy benchmarking.

Read the whitepaper

The Impact of Generative AI on Critical Thinking (Microsoft Research)

Survey-based research on how reliance on generative AI tools affects users’ critical thinking, with implications for secure decision-making in enterprise environments.

Read the whitepaper

Twitter Highlights

Stay safe, stay secure.

The CybersecurityHQ Team

Reply

or to participate.