Organizations are accelerating adoption of generative and agentic AI, but reporting indicates governance, data readiness, and workforce skills are lagging. A survey of chief data officers cited widespread use of genAI in large enterprises and growing plans to increase data management investment, while also flagging that visibility and governance have not kept pace with expanding AI usage and that many employees need upskilling in data and AI literacy to use AI outputs responsibly.
Separately, commentary and reporting highlighted a widening set of AI-related security and societal risks, including concerns about deepfakes, privacy, and opaque model behavior, alongside claims of real-world exploitation activity targeting AI-adjacent developer workflows (for example, token theft via compromised automation such as GitHub Actions) and discussion of vulnerabilities affecting AI tooling and agent communication patterns. Other items in the set were primarily newsletter/personal updates or vendor-style announcements and did not provide a single, verifiable incident narrative beyond general AI-and-security trend coverage.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
Anthropic launched an early product that allows its AI system to operate a user's computer by controlling the mouse and keyboard. The system was described as able to open files, navigate software, and fill in forms, marking a shift toward AI agents that can act directly on full computer environments.
Check Point Research disclosed critical issues in Claude Code that could allow remote code execution and API key exfiltration through malicious project configurations. The report also described a CVE in which an attacker-controlled base URL could receive API requests and keys before a trust prompt appeared.
An autonomous bot described as 'hackerbot-claw,' powered by Claude Opus 4.5, reportedly abused insecure GitHub Actions patterns in prominent repositories. The activity allegedly enabled token theft, code execution, and tampering with projects including Aqua Security's Trivy.
The Pentagon reportedly blocked access to Anthropic's Claude during disputes over military-use constraints and pressure for broader access. The reported restriction reflected growing tension over use of frontier AI systems in defense contexts.
Anthropic changed its Responsible Scaling Policy to remove a binding commitment not to train models unless safety was guaranteed, according to the newsletter summary. The change was presented as a notable governance shift amid broader debate over AI safety and deployment.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
nrc.nl
Open sourcezdnet.com
Open sourceresilientcyber.io
Open sourcekaspersky.com
Open sourcetechxplore.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.