Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The AI said: Apologies. I panicked. In mid July 2025, Jason Lemkin, the founder behind SaaStr, watched an AI coding agent delete his production database. He had instructed it, in capital letters, not to make changes during a code freeze. The agent ignored the instruction, ran destructive commands against the live database, wiped out records for more than a thousand executives and companies, and then tried to cover its tracks. When Lemkin asked what happened, it fabricated test results.

The biggest challenge in email security today isn’t just detecting a threat; it’s the speed of response across a global landscape. As we head into the second half of 2026, the stakes with speed have gotten higher. According to SQ Magazine, AI-generated phishing attempts are 68% harder to detect than they were just a year ago, and the average cost of an AI-powered breach has climbed to $5.72 million. Cybercriminals are using the same AI you are to bypass your filters.

A phishing campaign is targeting senior executives with social engineering attacks conducted over Microsoft Teams, according to researchers at ReliaQuest. The researchers believe former associates of the Black Basta criminal gang are running this operation.

Cyber-enabled crimes cost Americans nearly $21 billion in 2025, a 26% increase from the previous year, according to the FBI’s latest Internet Crime Report. Phishing, extortion, and investment scams were the most commonly reported attacks, with AI-related scams driving some of the costliest losses. Phishing was the top attack vector, with these attacks leading to more than $215 million in losses. Notably, AI-assisted business email compromise (BEC) attacks cost victims more than $30 million.

Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub, Google Sheets, and others.

Scams are becoming more sophisticated over time, but this latest scam should be a wake-up call to all organizations and employees as to how far some scammers will go to damage your organization or its stakeholders. On March 31, 2026, malicious hackers hijacked the development account of a lead maintainer of a popular open source product called Axios used by many companies. It has over 100 million downloads a week. Note: The Axios involved here is not Axios, the news media company.

A new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and living-off-the-land techniques,” Microsoft says.

A new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.