CIO/CISO IT Security Strategy – jonas.colmsjo.com

CIO/CISO ITsec Summary week 18, 2026

CISA and Five Eyes partners issue landmark guidance on agentic AI deployment the same week the EU AI Act’s August enforcement countdown enters its final 90 days, while new surveys reveal a 4.8 million person cybersecurity skills gap and insurance carriers tighten underwriting around AI governance controls.

CIO/CISO ITsec Summary week 17, 2026

Three converging regulatory deadlines — the EU AI Act in August, Colorado’s AI liability law in June, and the EU CRA’s vulnerability reporting mandate in September — create an unusually compressed compliance sprint for security leaders, while a week of industry surveys confirms that most organisations are not operationally prepared for the threats they face.

CIO/CISO ITsec Summary week 16, 2026

NIST’s decision to restrict CVE enrichment to only exploited and federal-scope vulnerabilities forces a fundamental rethink of enterprise vulnerability management, while fresh survey data showing 73% of organizations would not be ready for a major attack today and approaching EU AI Act deadlines define a week of strategic recalibration for CIOs and CISOs.

CIO/CISO ITsec Summary week 15, 2026

Anthropic’s Project Glasswing unites major tech firms around AI-driven vulnerability discovery, the US Cyber Strategy sparks hackback debate, and Google accelerates post-quantum cryptography migration to 2029 — a week that redefined how defenders, regulators, and enterprises approach strategic cyber risk.

CIO/CISO ITsec Summary week 14, 2026

The IAPP Global Summit reframes privacy governance around autonomous AI agents, while Mandiant’s M-Trends 2026 reveals adversary hand-off times have collapsed to 22 seconds and the axios npm supply chain compromise demonstrates the escalating threat to software ecosystems.

CIO/CISO ITsec Summary week 13, 2026

RSAC 2026 exposed critical agentic AI governance gaps as 63% of organizations cannot enforce purpose limitations on AI agents, a supply chain attack on LiteLLM compromised the AI infrastructure layer, and multiple regulatory deadlines converged with NIS2 enforcement going live in Poland and Finland while the DORA Register of Information submission closed.

CIO/CISO ITsec Summary week 12, 2026

The Trump administration’s AI legislative framework seeks to preempt state AI laws, the EU Council agreed its position to streamline AI Act enforcement timelines, Microsoft launched Zero Trust for AI ahead of RSAC 2026, and TLS certificate validity drops to 200 days forcing enterprises to automate certificate management.

CIO/CISO ITsec Summary week 11, 2026

Google closed its $32 billion Wiz acquisition reshaping cloud security strategy, the Trump administration released a national cyber strategy pivoting toward offensive operations, the EU endorsed the first binding international AI treaty, and the weaponization of Claude against the Mexican government demonstrated that agentic AI guardrails remain fundamentally bypassable.

CIO/CISO ITsec Summary week 10, 2026

Geopolitical conflict reshapes cyber risk posture as Iran threats escalate alongside a crippled CISA, while the NIST agentic AI comment deadline and new EU CRA guidance force strategic compliance decisions.

CIO/CISO ITsec Summary week 09, 2026

CISA replaced its acting director and announced a mission-narrowing reorganization just as the OWASP Top 10 for Agentic Applications formalized the security taxonomy for autonomous AI systems, NSA published the most actionable zero trust implementation guidelines to date, and ETH Zurich researchers dismantled the ‘zero-knowledge’ marketing claims of three major password managers serving 60 million users — while 80% of enterprise employees now use unsanctioned AI tools and Okta launched Agent Discovery to map shadow AI blast radius.

CIO/CISO ITsec Summary week 08, 2026

The DHS shutdown reduced CISA to 38% capacity just as the Promptware Kill Chain research formalized LLM attacks as a seven-stage malware class, Kyndryl launched policy-as-code governance for agentic AI, and the WEF Global Cybersecurity Outlook revealed that 94% of leaders see AI as the most significant driver of change in cybersecurity — while cyber insurance premiums face 15–20% increases and CISOs report that 52% find their scope no longer fully manageable.

CIO/CISO ITsec Summary week 07, 2026

Week 7 saw Palo Alto Networks close its historic $25B CyberArk acquisition — declaring identity the new security perimeter for the AI agent era — while the Pentagon threatened to sever its $200M Anthropic contract over AI safeguards, South Korea levied $25M in fines on luxury brands for SaaS security failures, and Google blocked a 100,000-prompt campaign to clone Gemini’s reasoning capabilities.

CIO/CISO ITsec Summary week 06, 2026

Week 6 saw Gartner name agentic AI oversight and post-quantum cryptography among its top six cybersecurity trends for 2026, OMB rescind Biden-era software attestation requirements in favor of a risk-based model, and the EU unconditionally approve Google’s $32B Wiz acquisition — while the SEC’s Regulation S-P compliance deadline arrived for large firms and CISA launched a new insider threat framework amid its own workforce reductions.