{"id":5231,"date":"2026-05-24T14:09:35","date_gmt":"2026-05-24T19:09:35","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5231"},"modified":"2026-05-25T17:49:33","modified_gmt":"2026-05-25T22:49:33","slug":"ai-ml-security-brief-may-24-2026","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5231","title":{"rendered":"AI-ML Security Brief &mdash; May 24, 2026"},"content":{"rendered":"<style>\n.single .entry-title,\n.single .entry-header .entry-title,\n.single .post-title,\n.single header.entry-header h1,\n.single h1.entry-title,\n.single .page-title,\n.post-template-default h1.entry-title,\n.post-template-default .entry-header,\narticle .entry-header,\narticle .entry-title { display: none !important; }\n.single .entry-header { margin: 0 !important; padding: 0 !important; }\n.single .entry-content { margin-top: 0 !important; padding-top: 0 !important; }\n<\/style>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"background-color:#f4f5f7;\">\n<tr>\n<td align=\"center\" style=\"padding:24px 12px;\">\n<table role=\"presentation\" width=\"680\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"max-width:680px;width:100%;background-color:#ffffff;border-radius:8px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,0.08);\">\n<tr>\n<td style=\"background-color:#581c87;background:linear-gradient(135deg,#581c87 0%,#9333ea 100%);padding:32px 28px 24px;color:#ffffff;\">\n<div style=\"font-size:12px;letter-spacing:2px;text-transform:uppercase;opacity:0.75;margin-bottom:8px;color:#ffffff;\">AI-ML Bulletin &middot; Issue May 24, 2026<\/div>\n<div style=\"margin:0;font-size:28px;line-height:1.2;font-weight:700;color:#ffffff !important;mso-line-height-rule:exactly;\">The AI-ML Brief<\/div>\n<p style=\"margin:8px 0 0;font-size:14px;opacity:0.85;color:#ffffff;\">AI in security &middot; AI for security &middot; agentic AI in operations<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 4px;\">\n<h2 style=\"margin:0 0 12px;font-size:18px;color:#0f172a;border-bottom:2px solid #9333ea;padding-bottom:6px;\">This week at a glance<\/h2>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">The week the agent-platform wars went enterprise. At <strong>Code with Claude London<\/strong>, Anthropic shipped <strong>self-hosted sandboxes and MCP tunnels<\/strong> for Claude Managed Agents &mdash; tool execution and MCP traffic now stay inside customer networks while orchestration stays at Anthropic. Anthropic also published the first quantified <strong>Project Glasswing<\/strong> results: ~50 partner organizations (AWS, Apple, CrowdStrike, Google, JPMorgan, NVIDIA, Palo Alto, Cloudflare, Mozilla and more) using Claude Mythos Preview have identified <strong>10,000+ high\/critical-severity vulnerabilities<\/strong>.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">Microsoft AI Red Team open-sourced <strong>RAMPART and Clarity<\/strong> &mdash; a pytest-native adversarial test framework on top of PyRIT plus a structured design-review tool &mdash; pulling agent safety testing into CI. <strong>Google I\/O 2026<\/strong> launched Gemini 3.5 and 3.5 Flash with strengthened cyber\/CBRN safeguards, expanded CodeMender into the Gemini Enterprise Agent Platform, and rolled out DLP-enforced Agent Gateway, identity and observability across the stack. And the <strong>NSA AI Security Center<\/strong> dropped a 17-page CSI on <strong>Model Context Protocol security design<\/strong> &mdash; filtering proxies, DLP, sandboxing, message integrity, output filtering, local MCP scans &mdash; the first primary-source MCP guidance from a U.S. signals-intelligence agency.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">Underneath the platform launches, the <strong>agent-governance and runtime-control category exploded<\/strong>. Babel Street put tradecraft-trained agents into threat-intel investigations. ASAPP added Continuous Red Teaming on Promptfoo aligned to OWASP LLM Top 10 and NIST AI RMF. CTERA shipped InsightAI for agentic analysis of unstructured data. LangChain launched LangSmith Engine to close the agent debug loop. NanoCo AI raised $12M (turning down a $20M buyout) to scale NanoClaw &mdash; an open-source agent harness with a ~500-line auditable core in MicroVM Docker sandboxes. Help Net Security framed the underlying threat model: LLMs in operational roles as a <em>confused-deputy problem<\/em>, with prompt injection through tickets\/wikis, retrieval poisoning and telemetry manipulation as the dominant agentic-AI attack vectors.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">The <strong>bug-bounty economy buckled<\/strong> under AI-generated submissions: HackerOne slashed Internet Bug Bounty payouts 70&ndash;85% as valid-report rates fell below 5%, while Cisco Talos&#8217;s own test of LLMs for IR-report drafting cut drafting time 50% but produced cross-case data contamination, hallucinated IOCs and inconsistent style. And on the M&amp;A side, <strong>Cyera acquired five-month-old Genie Security<\/strong> for ~$50M &mdash; Genie&#8217;s endpoint tech catches sensitive-data leaks via human action <em>or via generative AI tools such as Claude<\/em>, formalizing the GenAI-DLP category as its own vendor segment.<\/p>\n<p style=\"margin:0 0 4px;font-size:15px;color:#374151;\">Strategic context for the 12-month roadmap: Dan Shipper&#8217;s 12 predictions for the AI work era (super-agent-in-Slack patterns, users-bring-own-tokens, forward-deployed engineers as the new essential role) and CIO&#8217;s <em>7 signs your data isn&#8217;t ready for AI<\/em> both land squarely on the security architect&#8217;s desk &mdash; governance gaps become permissions gaps, shadow BI becomes shadow data exfil. With 25 articles across NSA primary source, vendor research, agent governance, Glasswing, Google I\/O, Anthropic, bug-bounty stress, M&amp;A, and strategic context, this is the issue to share with the AI security committee.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:18px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Entity graph &mdash; agents, harnesses, frontier labs, and how they cross-correlate<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<p style=\"margin:0 0 8px;font-size:11px;color:#64748b;\">Every named entity extracted from this week&#8217;s 25 articles, with edges showing the agent-platform \/ governance \/ capital web.<\/p>\n<div style=\"background-color:#ffffff;border:1px solid #e2e8f0;border-radius:8px;padding:14px;\">\n<img decoding=\"async\" src=\"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-content\/uploads\/2026\/05\/topic-map-ai-ml-2026-05-24-1.png\" alt=\"Topic map for ai ml\" style=\"width:100%;max-width:880px;height:auto;display:block;margin:0 auto;\" \/>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Article index<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:14px 0 8px;font-size:15px;color:#1d4ed8;text-transform:uppercase;letter-spacing:1px;\">NSA &mdash; MCP security design (primary source)<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.nsa.gov\/Press-Room\/Press-Releases-Statements\/Press-Release-View\/Article\/4196829\/nsa-releases-security-design-considerations-for-ai-driven-automation-leveraging\/\" style=\"color:#1d4ed8;text-decoration:none;\">NSA Releases Security Design Considerations for AI-Driven Automation Leveraging the Model Context Protocol<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">NSA<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#16a34a;text-transform:uppercase;letter-spacing:1px;\">Microsoft AI red team &mdash; RAMPART and Clarity open-sourced<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/20\/introducing-rampart-and-clarity-open-source-tools-to-bring-safety-into-agent-development-workflow\/\" style=\"color:#1d4ed8;text-decoration:none;\">Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Microsoft Security Blog<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/microsoft-rampart-clarity-ai-agent-security-open-source\/\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft open-sources tools for designing and testing AI agents (Clarity &amp; RAMPART)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/ai-red-teaming-agents-llm-testing\/\" style=\"color:#1d4ed8;text-decoration:none;\">AI red teaming agents change how LLMs get tested<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#0ea5e9;text-transform:uppercase;letter-spacing:1px;\">Anthropic &mdash; Code with Claude London, sandboxes &amp; MCP tunnels<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.anthropic.com\/news\/managed-agents-self-hosted-sandboxes-mcp-tunnels\" style=\"color:#1d4ed8;text-decoration:none;\">New in Claude Managed Agents: self-hosted sandboxes and MCP tunnels<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Anthropic<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.infoq.com\/news\/2026\/05\/anthropic-mcp-tunnels\/\" style=\"color:#1d4ed8;text-decoration:none;\">Anthropic Introduces MCP Tunnels for Private Agent Access to Internal Systems<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">InfoQ<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/9to5mac.com\/2026\/05\/19\/anthropic-claude-managed-agents-mcp-tunnels-self-hosted-sandboxes\/\" style=\"color:#1d4ed8;text-decoration:none;\">Anthropic enhances Claude Managed Agents with two new privacy and security features<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">9to5Mac<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#7c3aed;text-transform:uppercase;letter-spacing:1px;\">Anthropic Glasswing &mdash; first quantified results<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.anthropic.com\/news\/project-glasswing-initial-update\" style=\"color:#1d4ed8;text-decoration:none;\">Project Glasswing: An initial update (10,000+ critical vulnerabilities)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Anthropic<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.techtimes.com\/articles\/anthropic-claude-mythos-glasswing-10000-bugs-2026.htm\" style=\"color:#1d4ed8;text-decoration:none;\">Anthropic Moves Closer to Public Claude Mythos Release: 10,000 Critical Bugs Found First<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">TechTimes<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 24, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#dc2626;text-transform:uppercase;letter-spacing:1px;\">Google I\/O 2026 &mdash; Gemini 3.5 and the agentic Gemini era<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/blog.google\/technology\/google-deepmind\/google-io-2026-agentic-gemini-era\/\" style=\"color:#1d4ed8;text-decoration:none;\">I\/O 2026: Welcome to the agentic Gemini era<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Google (blog.google)<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/cloud.google.com\/blog\/topics\/google-cloud-next\/innovations-from-google-io-26-on-google-cloud\" style=\"color:#1d4ed8;text-decoration:none;\">Innovations from Google I\/O 26 on Google Cloud<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Google Cloud Blog<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#9333ea;text-transform:uppercase;letter-spacing:1px;\">AI policy &mdash; postponed Trump AI cybersecurity EO<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/techcrunch.com\/2026\/05\/21\/trump-delays-ai-security-executive-order-language-blocker\/\" style=\"color:#1d4ed8;text-decoration:none;\">Trump delays AI security executive order, saying language &#8216;could have been a blocker&#8217;<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">TechCrunch<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#d97706;text-transform:uppercase;letter-spacing:1px;\">Agent governance, runtime control, and the confused-deputy problem<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/20\/llm-ai-assistant-production-confused-deputy\/\" style=\"color:#1d4ed8;text-decoration:none;\">When your AI assistant has the keys to production<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/19\/babel-street-insights-investigator-agentic-ai\/\" style=\"color:#1d4ed8;text-decoration:none;\">Babel Street targets AI-driven threats with new agentic investigation capabilities<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/asapp-continuous-red-teaming-enterprise-ai\/\" style=\"color:#1d4ed8;text-decoration:none;\">ASAPP expands adversarial testing for enterprise AI systems<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/venturebeat.com\/ai\/nanoclaw-secure-open-source-ai-agent-harness-enterprise-second-brain\/\" style=\"color:#1d4ed8;text-decoration:none;\">NanoClaw&#8217;s creators are turning the secure, open source AI agent harness into an enterprise &#8216;second brain&#8217;<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">VentureBeat<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/ctera-insightai-unstructured-data\/\" style=\"color:#1d4ed8;text-decoration:none;\">CTERA brings AI insights and automation for unstructured data (InsightAI)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/venturebeat.com\/ai\/langsmith-engine-agent-debugging-multi-model-enterprise\/\" style=\"color:#1d4ed8;text-decoration:none;\">LangSmith Engine closes the agent debugging loop automatically &mdash; but multi-model enterprises still need a neutral layer<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">VentureBeat<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/techcrunch.com\/2026\/05\/20\/nanoclaw-nanoco-ai-12m-seed-20m-buyout-turned-down\/\" style=\"color:#1d4ed8;text-decoration:none;\">NanoClaw creator turns down $20M buyout offer, raises $12M seed instead<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">TechCrunch<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#b91c1c;text-transform:uppercase;letter-spacing:1px;\">Bug bounties buckle &mdash; the AI-slop crisis<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.theregister.com\/2026\/05\/21\/hackerone_bug_bounty_cuts\/\" style=\"color:#1d4ed8;text-decoration:none;\">HackerOne takes an axe to its bug bounty rewards<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Register<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.technology.org\/2026\/05\/18\/bug-bounty-ai-generated-junk-reports\/\" style=\"color:#1d4ed8;text-decoration:none;\">Bug Bounty Schemes Buckle Under Flood of AI-Generated Junk Reports<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Technology.org<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 18, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.theregister.com\/2026\/05\/22\/cisco_talos_ai_incident_reports\/\" style=\"color:#1d4ed8;text-decoration:none;\">Cisco used AI to write security incident reports, with mixed results<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Register<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#0f766e;text-transform:uppercase;letter-spacing:1px;\">M&amp;A &mdash; AI-era DLP becomes its own vendor segment<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.calcalistech.com\/ctechnews\/article\/cyera-acquires-genie-security-50-million-deal\" style=\"color:#1d4ed8;text-decoration:none;\">Cyber unicorn Cyera acquires five-month-old startup Genie Security in $50 million deal<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CTech \/ Calcalistech<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#475569;text-transform:uppercase;letter-spacing:1px;\">Strategic context &mdash; AI work era, data readiness, monthly roundup<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.lennysnewsletter.com\/p\/the-ai-paradox-dan-shipper\" style=\"color:#1d4ed8;text-decoration:none;\">The AI paradox: More automation, more humans, more work | Dan Shipper<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Lenny&#8217;s Newsletter<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 24, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.cio.com\/article\/4015720\/7-signs-your-data-isnt-ready-for-ai.html\" style=\"color:#1d4ed8;text-decoration:none;\">7 signs your data isn&#8217;t ready for AI<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CIO<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Detailed write-ups<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">NSA publishes Model Context Protocol security design considerations (May 20)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">The NSA AI Security Center released a 17-page Cybersecurity Information Sheet on <strong>security design considerations for AI-driven automation leveraging MCP<\/strong>. The CSI walks through filtering proxies, DLP, sandboxing, message integrity, output filtering, and local MCP scans &mdash; the first primary-source MCP guidance from a U.S. signals-intelligence agency. Read it next to Anthropic&#8217;s MCP tunnels announcement: the agencies and the protocol&#8217;s authors are landing on a compatible threat model where MCP traffic stays inside customer perimeter, with structured controls in the proxy and gateway layers.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.nsa.gov\/Press-Room\/Press-Releases-Statements\/Press-Release-View\/Article\/4196829\/nsa-releases-security-design-considerations-for-ai-driven-automation-leveraging\/\" style=\"color:#1d4ed8;text-decoration:none;\">NSA<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Microsoft AI Red Team open-sources RAMPART and Clarity (May 20&ndash;21)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\"><strong>RAMPART<\/strong> is a pytest-native adversarial test framework built on top of PyRIT &mdash; teams write pytest cases that simulate prompt injection, data exfiltration, jailbreaks and tool-abuse against agents in CI. <strong>Clarity<\/strong> is a structured design-review tool that bakes threat-modeling into the agent SDLC before code is even written. Together they pull AI red-teaming out of one-off security engagements and into the developer inner loop. Help Net Security&#8217;s coverage adds the operator angle: agent-orchestrated red-teaming where autonomous agents pick attacks, run them, produce structured findings &mdash; compressing weeks of testing into hours.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/20\/introducing-rampart-and-clarity-open-source-tools-to-bring-safety-into-agent-development-workflow\/\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft Security Blog<\/a> &middot; <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/microsoft-rampart-clarity-ai-agent-security-open-source\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (RAMPART\/Clarity)<\/a> &middot; <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/ai-red-teaming-agents-llm-testing\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (red-teaming agents)<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Anthropic ships self-hosted sandboxes and MCP tunnels at Code with Claude London (May 19)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Announced at the London developer day: <strong>self-hosted sandboxes<\/strong> (public beta) and <strong>MCP tunnels<\/strong> (research preview) for Claude Managed Agents. The enterprise-perimeter angle is the key story &mdash; orchestration stays at Anthropic, but tool execution, credentials, and MCP traffic all stay inside the customer&#8217;s network. MCP tunnels in particular let agents reach private MCP servers without exposing them to the public internet. This is Anthropic answering the same concern NSA put in writing the next day: how do you connect an external frontier model to internal systems without giving up control of the data plane.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.anthropic.com\/news\/managed-agents-self-hosted-sandboxes-mcp-tunnels\" style=\"color:#1d4ed8;text-decoration:none;\">Anthropic<\/a> &middot; <a href=\"https:\/\/www.infoq.com\/news\/2026\/05\/anthropic-mcp-tunnels\/\" style=\"color:#1d4ed8;text-decoration:none;\">InfoQ<\/a> &middot; <a href=\"https:\/\/9to5mac.com\/2026\/05\/19\/anthropic-claude-managed-agents-mcp-tunnels-self-hosted-sandboxes\/\" style=\"color:#1d4ed8;text-decoration:none;\">9to5Mac<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Project Glasswing &mdash; 10,000+ critical vulnerabilities found (May 22&ndash;24)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Anthropic&#8217;s first quantified update: ~50 partner organizations using <strong>Claude Mythos Preview<\/strong> have identified <strong>10,000+ high\/critical-severity vulnerabilities<\/strong>. Disclosed partner list includes AWS, Apple, CrowdStrike, Google, JPMorgan, NVIDIA, Palo Alto Networks, Cloudflare, and Mozilla. Anthropic&#8217;s stance: Mythos-class models get general release only with stronger safeguards in place &mdash; the partner program is now serving as both a defensive proof-of-value and a public test of whether frontier-tier vulnerability discovery can be operated responsibly at scale. Read alongside the OpenAI Daybreak launch from last week&#8217;s bulletin: every frontier lab is now shipping a defensive program with a high-profile partner network.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.anthropic.com\/news\/project-glasswing-initial-update\" style=\"color:#1d4ed8;text-decoration:none;\">Anthropic<\/a> &middot; <a href=\"https:\/\/www.techtimes.com\/articles\/anthropic-claude-mythos-glasswing-10000-bugs-2026.htm\" style=\"color:#1d4ed8;text-decoration:none;\">TechTimes<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Google I\/O 2026 &mdash; Gemini 3.5, CodeMender, and the agentic Gemini era (May 19)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Sundar Pichai&#8217;s keynote launched <strong>Gemini 3.5 and 3.5 Flash<\/strong> with strengthened cyber and CBRN safeguards and pulled <strong>CodeMender<\/strong> &mdash; Google&#8217;s autonomous vulnerability-remediation agent &mdash; into the Gemini Enterprise Agent Platform. The Cloud-side announcements added <strong>DLP-enforced Agent Gateway<\/strong>, identity and observability components, and managed sandboxing &mdash; the same enterprise-perimeter pattern Anthropic shipped at Code with Claude London. CodeMender external API access is new this week, which puts an autonomous OSS-patch-submitting agent inside reach of any enterprise running Gemini Enterprise.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/blog.google\/technology\/google-deepmind\/google-io-2026-agentic-gemini-era\/\" style=\"color:#1d4ed8;text-decoration:none;\">Google<\/a> &middot; <a href=\"https:\/\/cloud.google.com\/blog\/topics\/google-cloud-next\/innovations-from-google-io-26-on-google-cloud\" style=\"color:#1d4ed8;text-decoration:none;\">Google Cloud Blog<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Trump AI cybersecurity executive order postponed (May 21)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">The White House pulled a planned executive order on AI cybersecurity at the last minute, with the President telling reporters the language &ldquo;could have been a blocker.&rdquo; The withdrawn draft, per earlier Axios reporting, would have required AI labs to share covered frontier models with the federal government 90 days pre-release and given critical-infrastructure providers early access. The pause leaves the U.S. policy posture on frontier-model access for cyber defense undefined while NSA, Microsoft, Anthropic, and Google all ship their own controls-by-design. Track this one for re-introduction with softer language &mdash; the underlying signal is that federal early-access to frontier models is no longer hypothetical policy.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/techcrunch.com\/2026\/05\/21\/trump-delays-ai-security-executive-order-language-blocker\/\" style=\"color:#1d4ed8;text-decoration:none;\">TechCrunch<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">When your AI assistant has the keys to production &mdash; the confused-deputy problem (May 19&ndash;21)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Help Net Security framed this week&#8217;s underlying threat model bluntly: LLMs in operational roles are a <strong>confused-deputy problem<\/strong>. The dominant agentic-AI attack vectors are <strong>prompt injection through tickets and wikis<\/strong> (the agent ingests adversary-controlled content as instructions), <strong>retrieval poisoning<\/strong> (the RAG index has been seeded with hostile content), and <strong>telemetry manipulation<\/strong> (the agent&#8217;s observation surface gets gamed). This week&#8217;s vendor announcements all map directly onto that threat model: Babel Street&#8217;s tradecraft-trained agents add transparent research plans for investigative workloads; ASAPP&#8217;s Continuous Red Teaming on Promptfoo runs OWASP LLM Top 10 \/ NIST AI RMF aligned probes against jailbreaks, many-shot attacks and system-override attempts; CTERA InsightAI brings agentic analysis to unstructured data with audit-log and file-activity hooks; LangSmith Engine closes the agent debug loop by detecting, diagnosing, drafting fixes for, and regression-testing agent failures.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/20\/llm-ai-assistant-production-confused-deputy\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (confused deputy)<\/a> &middot; <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/19\/babel-street-insights-investigator-agentic-ai\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (Babel Street)<\/a> &middot; <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/asapp-continuous-red-teaming-enterprise-ai\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (ASAPP)<\/a> &middot; <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/21\/ctera-insightai-unstructured-data\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security (CTERA)<\/a> &middot; <a href=\"https:\/\/venturebeat.com\/ai\/langsmith-engine-agent-debugging-multi-model-enterprise\/\" style=\"color:#1d4ed8;text-decoration:none;\">VentureBeat (LangSmith Engine)<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">NanoCo raises $12M for verifiable-sandbox agent harness (May 20)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">NanoCo AI turned down a $20M buyout and instead raised $12M seed to scale <strong>NanoClaw<\/strong> &mdash; an open-source agent harness whose ~500-line auditable core runs in MicroVM Docker sandboxes. The thesis: verifiable sandboxing is the differentiator that wins the enterprise-agent procurement. The story bookends the agentic-infrastructure thread &mdash; on one end, Anthropic shipping a managed enterprise perimeter; on the other, an open-source project betting that an inspectable, minimal core is the only acceptable trust boundary for production agents. Worth watching alongside the broader agent-harness ecosystem (OpenClaw, EnterpriseClaw, etc.).<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/techcrunch.com\/2026\/05\/20\/nanoclaw-nanoco-ai-12m-seed-20m-buyout-turned-down\/\" style=\"color:#1d4ed8;text-decoration:none;\">TechCrunch<\/a> &middot; <a href=\"https:\/\/venturebeat.com\/ai\/nanoclaw-secure-open-source-ai-agent-harness-enterprise-second-brain\/\" style=\"color:#1d4ed8;text-decoration:none;\">VentureBeat<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Bug-bounty economics buckle under AI slop (May 18&ndash;22)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">HackerOne <strong>cut Internet Bug Bounty payouts 70&ndash;85%<\/strong> as AI-generated submissions overwhelm triage. Valid-report rates have fallen below 5% on some programs. The original economics &mdash; humans hunting bugs, programs paying for verified, novel finds &mdash; presumed adversary effort would be the rate-limiter; LLM-assisted automated discovery has broken that assumption. Cisco Talos&#8217;s own LLM-in-IR-reports test rhymes with the bug-bounty story: drafting time fell 50% but the output produced <strong>cross-case data contamination, hallucinated IOCs, and inconsistent style<\/strong> &mdash; useful for the first 80% and dangerous for the last 20%. The lesson for AI-ML security architects: AI-generated security work product needs structured validation, not just acceleration.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.theregister.com\/2026\/05\/21\/hackerone_bug_bounty_cuts\/\" style=\"color:#1d4ed8;text-decoration:none;\">The Register (HackerOne)<\/a> &middot; <a href=\"https:\/\/www.technology.org\/2026\/05\/18\/bug-bounty-ai-generated-junk-reports\/\" style=\"color:#1d4ed8;text-decoration:none;\">Technology.org<\/a> &middot; <a href=\"https:\/\/www.theregister.com\/2026\/05\/22\/cisco_talos_ai_incident_reports\/\" style=\"color:#1d4ed8;text-decoration:none;\">The Register (Cisco Talos)<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Cyera acquires Genie Security &mdash; AI-era DLP becomes its own segment (May 20)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Data-security unicorn <strong>Cyera<\/strong> ($9B valuation, ~1,500 employees, deployed in 20% of Fortune 500) acquired five-month-old, five-employee <strong>Genie Security<\/strong> for ~$50M. Genie&#8217;s endpoint tech detects, in real time, attempts to leak sensitive information <em>whether through human action or via generative AI tools such as Claude<\/em>. The Genie team joins Cyera&#8217;s enterprise DLP division. Founders Nadav Noy (ex-Unit 8200) and Noam Dotan (ex-Matzov, ex-Legit Security founding team) were backed by Mensch Capital, Dynamic Loop, and angels including Assaf Rappaport (Wiz CEO). This is Cyera&#8217;s <strong>fifth acquisition in a year<\/strong> (after Ryft $100M, Trail Security $162M, Otterize, Shape AI) and a marquee signal that <strong>endpoint controls catching GenAI prompt-paste exfil are now a discrete vendor segment<\/strong> &mdash; not a feature line in an existing DLP product.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.calcalistech.com\/ctechnews\/article\/cyera-acquires-genie-security-50-million-deal\" style=\"color:#1d4ed8;text-decoration:none;\">CTech \/ Calcalistech<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Strategic context for the 12-month AI security roadmap<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Two non-vendor pieces to share with the AI security committee. <strong>Dan Shipper&#8217;s 12 predictions<\/strong> for the AI work era (super-agent-in-Slack patterns, users-bring-own-tokens, forward-deployed engineers as the new essential role, CLIs over, automation as a &#8220;lie&#8221;) set up several security-relevant design questions: how do you do agent IAM and identity for a Slack-resident super-agent; what&#8217;s the DLP and credential-surface story when users bring their own AI tokens into apps; what does &#8220;building software for humans and agents together&#8221; mean for your access-control model. <strong>CIO&#8217;s <em>7 signs your data isn&#8217;t ready for AI<\/em><\/strong> pulls the parallel security threads: governance gaps become permissions gaps (&#8220;AI may access content it was never intended to see&#8221;); shadow BI workarounds are shadow data exfil paths; data debt is the hidden driver of hallucination and bad-decision risk in production agents. If your agentic deployments are running ahead of your data foundation, this is your evidence file.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.lennysnewsletter.com\/p\/the-ai-paradox-dan-shipper\" style=\"color:#1d4ed8;text-decoration:none;\">Lenny&#8217;s Newsletter<\/a> &middot; <a href=\"https:\/\/www.cio.com\/article\/4015720\/7-signs-your-data-isnt-ready-for-ai.html\" style=\"color:#1d4ed8;text-decoration:none;\">CIO<\/a><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Calls to action for the next 7 days<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<ol style=\"margin:0 0 12px 18px;padding:0;font-size:14px;color:#374151;\">\n<li style=\"margin-bottom:8px;\"><strong>Adopt the NSA MCP CSI as your reference design.<\/strong> Map your current MCP deployments against filtering proxies, DLP, sandboxing, message integrity, output filtering, and local MCP scans &mdash; gap-list everything that doesn&#8217;t have a control owner today.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Wire RAMPART into CI for at least one production agent.<\/strong> Start with pytest cases that simulate prompt injection through user-supplied tickets\/wikis and a credential-exfil tool-abuse probe. Use Clarity for the next agent design review.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Pilot self-hosted sandboxes and MCP tunnels<\/strong> if you run Claude Managed Agents in production &mdash; or the equivalent Gemini Enterprise Agent Gateway \/ DLP-enforced gateway pattern if you&#8217;re on Google. Move tool execution and MCP traffic inside the customer perimeter.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Stand up an AI-era DLP review<\/strong> in light of the Cyera\/Genie deal &mdash; specifically endpoint controls that catch GenAI prompt-paste exfil and outbound traffic to consumer AI tools. Treat it as a separate vendor category, not a feature line in your existing DLP.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Update your AI-assisted security work-product policy.<\/strong> If your SOC or AppSec team is using LLMs for incident reports, triage notes, or bounty-report intake, build a validation step that catches cross-case data contamination and hallucinated IOCs (the Cisco Talos failure modes).<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Inventory agent-shaped attack surface against the confused-deputy model<\/strong>: enumerate every place an agent ingests adversary-influenceable content (tickets, emails, wiki pages, RAG indices, telemetry feeds), and apply the OWASP LLM Top 10 \/ NIST AI RMF checks (ASAPP-style Continuous Red Teaming is one off-the-shelf option).<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 32px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:12px;text-align:center;\">\n<p style=\"margin:0 0 6px;color:#6b7280;\">The AI-ML Brief &middot; a Newshunter publication<\/p>\n<p style=\"margin:0 0 6px;color:#6b7280;\">Weekly news items are from the previous seven days. Foundational reading is refreshed each week.<\/p>\n<p style=\"margin:0 0 10px;color:#6b7280;\"><a href=\"*|UNSUB|*\" style=\"color:#1d4ed8;text-decoration:none;\">Unsubscribe<\/a> &middot; <a href=\"*|ARCHIVE|*\" style=\"color:#1d4ed8;text-decoration:none;\">View in browser<\/a><\/p>\n<p style=\"margin:14px 0 4px;font-size:11px;color:#9ca3af;\">Newsletter design, layout, and editorial curation &copy; 2026 Security Radar LLC. All rights reserved.<\/p>\n<p style=\"margin:0;font-size:11px;color:#9ca3af;\">Article titles and summaries are excerpted for review and commentary; all linked articles remain the copyright of their respective publishers and authors.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>AI-ML Bulletin &middot; Issue May 24, 2026 The AI-ML Brief AI in security &middot; AI for security &middot; agentic AI in operations This week at a glance The week the agent-platform wars went enterprise. At Code with Claude London, Anthropic shipped self-hosted sandboxes and MCP tunnels for Claude Managed Agents&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[],"class_list":["post-5231","post","type-post","status-publish","format-standard","hentry","category-ai-ml"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5231"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5231\/revisions"}],"predecessor-version":[{"id":5258,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5231\/revisions\/5258"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}