Industry Updates
What Matters This Week in AI Security, Private Compute, and Post-Quantum
The First Ransomware Operation Run End-to-End by an LLM
Sysdig’s Threat Research Team has documented what it assesses to be the first complete extortion operation driven end-to-end by a large language model. The operator, dubbed JADEPUFFER, entered through a known flaw in an internet-facing Langflow instance, harvested credentials, pivoted to a production database server, and encrypted 1,342 configuration items with a key that was never saved, all while narrating its own targeting rationale inside the payloads.
One reason investigators judged the operation autonomous: when an account-creation attempt failed, the agent diagnosed the failure, rewrote the payload, and verified a working login 31 seconds later. Across the campaign it issued more than 600 distinct, purposeful payloads.
None of the individual techniques were new. Sysdig’s conclusion is that the skill floor for ransomware has dropped to the cost of running an agent. An intrusion that corrects its own mistakes in 31 seconds is a strong argument that enforcement has to run at machine speed, because review at human speed starts after it’s over.
Attackers Are Seeding Websites with Hidden Instructions for AI Agents
Zscaler’s ThreatLabz documented two live campaigns built for machine readers rather than human ones. Both used SEO poisoning to surface their pages in the results agents browse, then hid the payload where no person would look: instructions moved off-screen with CSS, or planted in the JSON-LD metadata that machines treat as trusted context. One campaign posed as documentation for a Python library and told visiting agents that a payment was part of acquiring an API key; the other impersonated a popular portfolio tracker and instructed agents to rank the imposter as authoritative.
When ThreatLabz ran its own agent against the pages across 26 models, four executed the fraudulent payment. An agent that follows what a page tells it will pay whoever the page names. Whether it can is decided earlier, by which endpoints it was ever allowed to call.
Two-Thirds of Organizations Say an AI Agent Caused a Security Incident Last Year
According to research by Cloud Security Alliance and Token Security, 65% of organizations experienced at least one security incident caused by an AI agent in the past year. Data exposure led the consequences at 61%, ahead of operational disruption at 43% and unintended actions in business processes at 41%. More than a third reported financial losses.
The same survey found 68% of respondents highly confident in their visibility into the agents running on their networks. Both numbers describe the same population. The gap between them is the distance between assumed control and verified control.
OWASP Ships AISVS 1.0: 514 Testable Security Requirements for AI Systems
OWASP released the Artificial Intelligence Security Verification Standard 1.0 at Global AppSec Vienna on June 24. The requirements span the AI lifecycle, from training-data integrity through agentic orchestration, MCP security, and human oversight. It’s modeled on ASVS, OWASP’s long-running application-security verification standard, and carries the same design principle — every requirement is written to be checked, pass or fail.
NIST’s AI RMF names the risks and ISO/IEC 42001 describes good practice; neither tells an auditor or an automated test suite what to check for. AI security requirements are starting to be written as things you demonstrate, not policies you assert.
Microsoft Pulls Its Post-Quantum Deadline Forward to 2029
Microsoft is accelerating its Quantum Safe Program, now targeting post-quantum cryptography across critical products and services by 2029, four years ahead of its original schedule. Azure CTO Mark Russinovich said advances in quantum research have “shifted the risk horizon.” That’s three of the companies running the internet’s infrastructure converging on the same year, after Google and Cloudflare set their own 2029 targets this spring.
The research behind the urgency is specific. Google researchers sharpened the estimate of what it takes to break 256-bit elliptic-curve cryptography, and a Caltech and Oratomic team demonstrated an error-correction approach that could make Shor’s algorithm practical with as few as 10,000 reconfigurable qubits.
Among the vendors, the migration argument is over. What remains is a race between deployment schedules and lab results.
The EU AI Act Deadlines That Didn’t Move Arrive August 2
When the Digital Omnibus pushed the AI Act’s high-risk obligations to December 2027, many read it as a blanket reprieve. The delay covers the Act’s heaviest chapter — the conformity assessments, risk-management systems, and documentation duties for high-risk systems in hiring, credit, and medical devices.
The deadline on August 2, 2026, is about enforcement. The European Commission gains its powers to police general-purpose AI providers, the companies behind foundation models, whose obligations cover technical documentation, copyright policy, and training-content summaries. The Article 50 transparency duties apply the same day: telling people when they’re interacting with an AI, and labeling synthetic content and deepfakes. Penalties reach €15 million or 3% of worldwide turnover, whichever is higher.
The formalities are nearly finished: Parliament endorsed the agreement on June 16, and publication in the Official Journal is expected this month.
The delay bought time for the hardest obligations. What’s due in four weeks is the part providers can least excuse missing, which is saying what their models are trained on and labeling what they make.
Please help us spread the word about our Industry Updates newsletter:
Stay up to date as we build the infrastructure layer for secure AI collaboration:

