CMMC Archives

Supply Chain Risks in Manufacturing AI Systems

5 Supply Chain Security Risks in Manufacturing AI Adoption

by Tim Freestone June 12, 2026June 12, 2026 | Third Party Risk

The rapid integration of artificial intelligence capabilities into manufacturing supply chains creates unprecedented security challenges. Modern manufacturers increasingly rely on AI-driven systems for predictive maintenance, quality control, and supply chain...

Lockdown Mode Confirms Threat, Not Governance

OpenAI Lockdown Mode Is a Warning, Not a Solution

by Patrick Spencer June 10, 2026June 10, 2026 | Cybersecurity Risk Management

When OpenAI announced the general rollout of Lockdown Mode for ChatGPT in June 2026, the more consequential read is organizational. OpenAI has concluded that prompt injection-driven data exfiltration is a...

Microsoft Named 7 Ways Your AI Agents Can Be Hacked. One Is Already Happening in Production.

by Patrick Spencer June 8, 2026June 8, 2026 | Cybersecurity Risk Management

At Microsoft Build 2026, the security research team extended its existing AI agent threat taxonomy with seven new categories reflecting what adversaries are doing — and what defenders are missing...

Defending AI Agents from Memory Poisoning Attacks

OWASP Agent Memory Guard: Stop AI Agents from Being Weaponized Through Their Own Memory

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

AI agent memory poisoning exploits the fact that agents are stateful. Unlike a traditional API call that processes input and returns output without remembering anything, an agent maintains persistent state...

npm Package Silently Steals Codex Authentication Tokens

OpenAI Codex Authentication Tokens Stolen in npm Supply Chain Attack

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

Supply chain risk has traditionally focused on software dependencies that introduce vulnerabilities into compiled products — the type of compromise represented by SolarWinds and XZ Utils. The Codex token theft...

AI Model Weights: The Overlooked Supply Chain Risk

BadBone and the AI Supply Chain: When the Model Itself Is the Risk

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

For three years, the enterprise security conversation about AI has focused almost entirely on what AI agents do with data once they are running. BadBone refocuses that conversation on something...

Zero Trust AI Security for Manufacturing Supply Chains

Supply Chain AI Security Requirements for Manufacturing Companies

by Tim Freestone June 4, 2026June 4, 2026 | Third Party Risk

Manufacturing organisations increasingly rely on artificial intelligence to optimise supply chain operations, predict demand, and automate production processes. However, integrating AI systems into critical supply chain workflows creates substantial security...

Securing AI Coding Tools from TrapDoor Supply Chain Attacks

AI Coding Tools Are Now a Supply Chain Attack Surface

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

Every developer on your team is collaborating with an AI. GitHub Copilot, Cursor, Claude — they sit inside the IDE, read project context, and suggest code. That’s the productivity story....

AI Governance Requires Controls, Not Just Logs

Monitoring AI Behavior Is Not the Same as Governing It

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

Anthropic made a significant announcement this week. Claude Enterprise now integrates with 28 security and compliance partners through the new Claude Compliance API, giving enterprise security teams programmatic access to...

AI Agent Security: The Lethal Trifecta Explained

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

In early 2026, security researchers found more than 900 AI agent gateways exposed on the public internet with no authentication — API keys, OAuth tokens, and full conversation histories stored...

AI Sandbox Bypasses Expose Data-Layer Control Gaps

When the Guardrail Fails: AI Coding Tools and the Data-Layer Question

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

There was no press conference. No breach notification letter. A flaw in a widely used AI coding assistant — one that researchers say could be chained with prompt injection to...

Pre-Auth RCE Exposes RAG Data Vulnerabilities

When Your Vector Database Hands Out Pre-Auth RCE, RAG Has a Data-Layer Problem

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

On May 18, 2026, HiddenLayer published research on ChromaToast — formally CVE-2026-45829. CVSS score: 10.0. Attack vector: network. Privileges required: none. User interaction: none. The flaw lives in the ChromaDB...

Synack 2026: AI Shrinks Exploit Window to Hours

Synack 2026 Report: The Exploit Window Has Narrowed to Hours

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

On May 14, 2026, Synack published its 2026 State of Vulnerabilities Report, an analysis of more than 11,000 exploitable vulnerabilities identified across customer environments in 2025. The central finding from...

Agentic AI Now Requires Privileged Identity Controls

CISA Just Made Agentic AI Governance an IAM Problem

by Danielle Barbour May 28, 2026May 28, 2026 | Regulatory Compliance

On May 1, 2026, CISA and the Five Eyes cybersecurity agencies published “Careful Adoption of Agentic AI Services” — stopping treating agentic AI as a clever software feature and starting...

CISA Guidelines for Secure Agentic AI Adoption

CISA Drew the Red Lines on Agentic AI — Most Are Already Across

by Uri Kedem May 28, 2026May 28, 2026 | Cybersecurity Risk Management

On April 30 and May 1, 2026, six national cybersecurity agencies jointly published Careful Adoption of Agentic AI Services, a 28-page guidance document on securing autonomous AI agents — the...

Get started.