system: OPERATIONAL
← back to categories

GOVERNANCE

(22)

22 hack(s).

GOVERNANCE MEDIUM NEW

GPT-5.6 Sol: a frontier model released through a government gate

OpenAI previewed GPT-5.6 Sol on June 26, 2026 and, at the US government's request, started with a partner-only rollout. The release turns an emerging pattern into policy: advanced cyber capability now ships behind a government-in-the-loop gate.

2026-07-17//7 min
GOVERNANCE LOW NEW

Adobe splits Patch Tuesday in two as AI compresses the exploit window

From 14 July 2026 Adobe publishes security bulletins twice a month instead of once, citing AI-accelerated vulnerability discovery that is shrinking the disclosure-to-exploitation window from days to hours.

2026-07-15//5 min
GOVERNANCE MEDIUM NEW

AI moved to production before its security did: the 2026 posture gap

Orca's 2026 State of AI Security Report (July 2026, 1,200+ cloud environments) finds 56% run AI agents in production, 81% ship vulnerable AI packages, and 99.9% of fixable AI vulnerabilities stay unpatched.

2026-07-14//6 min
GOVERNANCE MEDIUM NEW

The EU's Cybersecurity and AI Action Plan: pre-market evaluation reaches frontier models

On July 7, 2026 the European Commission unveiled an Action Plan that builds the missing testing capacity behind the AI Act — third-party evaluation of advanced models before they reach the EU market, plus an ENISA blueprint for secure access.

2026-07-13//6 min
GOVERNANCE MEDIUM NEW

Institutional red-teaming: deployment rules shape multi-agent safety

A July 2026 paper shows the rules you set for a multi-agent deployment causally change safety outcomes — moving collective harm by 22-58 points with the model held fixed.

2026-07-13//6 min
GOVERNANCE LOW NEW

AI-found vulnerabilities are reshaping the Windows patch cycle

Microsoft is moving AI vulnerability discovery into the Windows lifecycle and warns Patch Tuesday will get heavier. The real story is what defenders should change now.

2026-07-10//5 min
GOVERNANCE MEDIUM NEW

South Korea publishes the first government standard for AI red teaming

On July 8, 2026, South Korea's Ministry of Science and ICT released two guidelines that turn 'we red-teamed our AI' from an unverifiable claim into an auditable one — the first such government standard anywhere.

2026-07-10//6 min
GOVERNANCE MEDIUM NEW

An AI agent platform lands in CISA's exploited-vulnerabilities catalog

On July 7, 2026, an open-source AI-agent builder became the first orchestration platform ever listed in CISA's Known Exploited Vulnerabilities catalog — a signal for how defenders should prioritize AI infrastructure.

2026-07-09//6 min
GOVERNANCE LOW NEW

Do your agent logs actually prove what it did? A benchmark for evidence sufficiency

A late-June 2026 benchmark shows that having traces, ledgers, or schemas in place is not the same as having enough evidence. Presence-based logging overclaims 'sufficient' on up to 75% of cases.

2026-07-04//6 min
GOVERNANCE MEDIUM NEW

FIRST's mid-year forecast: ~66,000 CVEs in 2026, but exploitable risk stays flat

On June 15, 2026, FIRST revised its 2026 CVE projection to ~66,000 — 46.3% above February — driven mainly by AI-assisted discovery. The actionable subset triaged by EPSS and CISA KEV has not grown at the same rate.

2026-06-19//6 min
GOVERNANCE MEDIUM NEW

EU AI Act: how the draft guidelines classify agentic systems as high-risk

The European Commission's 19 May 2026 draft guidelines on Article 6 say agentic AI systems must be assessed as a whole — a single narrow component can pull the entire configuration into the high-risk regime.

2026-06-17//6 min
GOVERNANCE MEDIUM NEW

AI CEOs ask Congress to make DNA synthesis screening mandatory

On June 5, 2026, the heads of OpenAI, Anthropic, Google DeepMind and Microsoft AI co-signed a letter urging Congress to require nucleic-acid synthesis screening — framing it as a defensive control against AI-eroded bioweapon barriers.

2026-06-16//6 min
GOVERNANCE MEDIUM NEW

Disclosure at machine speed: lessons from the first AI vulnerability ledger

Anthropic's coordinated-disclosure ledger, analysed by VulnCheck on June 9, 2026, shows AI surfacing 23,019 candidate bugs while just 1,596 reached maintainers — a preview of coordinated disclosure under machine-speed discovery.

2026-06-16//7 min
GOVERNANCE MEDIUM NEW

When a government pulls a model: the Fable 5 / Mythos 5 suspension

On June 12, 2026, a US export-control directive forced Anthropic to disable Claude Fable 5 and Mythos 5 worldwide. The reported trigger was a 'jailbreak' that amounts to asking a model to read code and fix flaws — a capability defenders use daily.

2026-06-15//7 min
GOVERNANCE LOW NEW

DeepMind and partners open a $10M multi-agent AI safety research fund

On June 11, 2026, Google DeepMind, Schmidt Sciences, the Cooperative AI Foundation and ARIA opened a $10M call to build a research field around the safety of millions of interacting AI agents.

2026-06-12//6 min
GOVERNANCE MEDIUM NEW

OWASP State of Agentic AI Security 2026: prompt injection ties most agent failures together

OWASP's State of Agentic AI Security and Governance v2.01 (June 1, 2026) moves from hypothetical threats to documented CVEs and breaches. Prompt injection now maps to six of the ten agentic risk categories.

2026-06-12//6 min
GOVERNANCE MEDIUM NEW

OWASP's agentic maturity model: don't run in the red cells

OWASP's June 2026 State of Agentic AI report adds an Enterprise Adoption Maturity Model — a two-axis grid where agent autonomy outruns governance, leaving 'red cells' no one can see into.

2026-06-11//6 min
GOVERNANCE MEDIUM NEW

No two labs measure prompt injection the same way

A June 1, 2026 comparison of the prompt-injection disclosures from Anthropic, OpenAI, Google and Meta found that no two labs share a metric, a surface, or a definition of success — so vendor numbers cannot be compared.

2026-06-05//6 min
GOVERNANCE MEDIUM NEW

US AI security executive order: a vulnerability clearinghouse and frontier review

Signed June 2, 2026, the US executive order on AI innovation and security creates a federal AI vulnerability clearinghouse and a voluntary 30-day pre-release review of 'covered frontier models'.

2026-06-03//6 min
GOVERNANCE MEDIUM

CISA + Five Eyes publish the first joint guidance on agentic-AI adoption

On May 1, 2026, CISA, NSA and the Five Eyes cyber agencies released 'Careful Adoption of Agentic AI Services' — a 5-risk taxonomy and a deployment playbook that critical-infrastructure operators are now expected to fold into their existing cybersecurity frameworks.

2026-05-28//7 min
GOVERNANCE MEDIUM NEW

NSA AISC publishes MCP security design guidance for production AI

On May 20, 2026, NSA's Artificial Intelligence Security Center released a 15-page Cybersecurity Information Sheet on Model Context Protocol — eight classes of weakness, five real-world incidents, nine defensive recommendations.

2026-05-28//8 min
GOVERNANCE MEDIUM NEW

The pressure: open-source security teams under the AI-assisted vulnerability flood

On May 26, 2026, curl's Daniel Stenberg published 'The pressure' — more than one credible security report per day, twelve confirmed CVEs in half a release cycle, and a pattern other maintainers are now reporting in parallel.

2026-05-28//7 min