CIO/CISO ITsec Summary week 08, 2026

The DHS shutdown reduced CISA to 38% capacity just as the Promptware Kill Chain research formalized LLM attacks as a seven-stage malware class, Kyndryl launched policy-as-code governance for agentic AI, and the WEF Global Cybersecurity Outlook revealed that 94% of leaders see AI as the most significant driver of change in cybersecurity — while cyber insurance premiums face 15–20% increases and CISOs report that 52% find their scope no longer fully manageable.
itsec
Published

February 21, 2026

Executive Summary

The week of February 13–20, 2026 was defined by the collision of institutional fragility and accelerating AI risk. The DHS partial shutdown reduced CISA to just 38% staffing — halting proactive scanning, suspending security assessments, and pausing CIRCIA rulemaking — at precisely the moment when adversaries are industrializing AI-powered attacks and critical infrastructure operators most need federal coordination. On the research front, the “Promptware Kill Chain” framework published by Bruce Schneier and colleagues at Lawfare formalized what practitioners have long suspected: prompt injection has evolved into a structured, multi-stage malware class that can persist, escalate privileges, and move laterally across agentic AI systems. Enterprise responses are emerging — Kyndryl debuted policy-as-code governance for agentic AI workflows and Redpanda introduced a unified governance layer for AI agent data access — but the gap between AI deployment speed and governance maturity continues to widen, with the WEF Global Cybersecurity Outlook finding that while 94% of leaders identify AI as the most significant cybersecurity change driver, only 64% assess their AI tools for security.

This report covers strategic IT security topics for executive leadership. For tactical CPS/ICS vulnerabilities, see the CPS Threat Intelligence report. For ransomware incidents, see the Ransomware Intelligence report.

Week of February 13 - February 20, 2026

Regulatory and Compliance

The most disruptive regulatory development this week was not a new regulation but the absence of the agency responsible for enforcing many of them. The DHS partial shutdown that began on February 14 reduced CISA to 888 of its 2,341 staff, effectively crippling the nation’s primary civilian cybersecurity agency at a moment of elevated threat. Acting CISA chief Bridget Bean had warned Congress in testimony the prior week that a funding lapse would “limit and halt” core agency functions, and that warning has materialized. Proactive vulnerability scanning of federal networks has stopped, security assessments for government agencies and critical infrastructure partners are suspended, stakeholder engagement and training exercises have been cancelled, and — critically for the compliance landscape — work on finalizing the CIRCIA cyber incident reporting rule has likely halted. This pause compounds the regulatory uncertainty created by the January OMB M-26-05 memo rescinding standardized software attestation requirements, leaving federal contractors and critical infrastructure operators navigating a period without clear forward guidance on either incident reporting or software assurance obligations. (Nextgov, SecurityWeek, CyberScoop)

In Brussels, the EU’s cybersecurity package proposed on January 20 continued to generate legal analysis throughout the week. The revised Cybersecurity Act (CSA 2), which introduces the EU’s first horizontal ICT supply chain security framework, will allow authorities to identify, restrict, or exclude “high-risk” suppliers based on both technical and non-technical criteria — including potential influence of third states. CMS Law-Now published a detailed overview noting that the proposal also introduces a streamlined certification framework enabling organizations to certify their overall cyber posture rather than individual products, potentially easing NIS2 compliance burdens. The Cyber Resilience Act’s September 11, 2026 application date continues to approach, at which point mandatory vulnerability and incident reporting requirements will apply to all products with digital elements sold in the EU. Organizations that have not begun CRA readiness assessments should consider the remaining timeline critically short. (CMS Law-Now, Hogan Lovells)

The SEC’s 2026 examination priorities, now in active enforcement, reveal a notable shift: cybersecurity and AI have displaced cryptocurrency as the dominant risk topic for financial sector oversight. Examiners are scrutinizing data-loss prevention, access controls, incident response preparedness, and vendor oversight — with explicit attention to AI-driven threats. Organizations that have not updated their examination-readiness programs to address AI governance alongside traditional cybersecurity controls may find themselves underprepared. (Corporate Compliance Insights)

AI Governance and Agentic AI

The most significant intellectual contribution to AI security this week came from the “Promptware Kill Chain” research published by Bruce Schneier and colleagues at Lawfare and archived on arXiv. The paper argues that prompt injection has evolved beyond isolated input manipulation into a structured, multi-stage attack mechanism that mirrors traditional malware kill chains. The seven stages — initial access via prompt injection, privilege escalation through jailbreaking, reconnaissance, persistence through memory and retrieval poisoning, command and control, lateral movement across agent ecosystems, and actions on objective — were validated against thirty-six documented real-world incidents, with at least twenty-one attacks traversing four or more stages. The framework’s most consequential insight for enterprise leaders is its recommended defensive posture: rather than attempting to prevent initial prompt injection (which the authors consider inevitable in production LLM systems), organizations should adopt defense-in-depth strategies that break the chain at subsequent stages by constraining agent privileges, preventing persistence, and strictly limiting the actions agents can take autonomously. A Black Hat webinar on the topic is scheduled for February 26. (Lawfare, arXiv, Security Boulevard)

On the enterprise governance front, Kyndryl unveiled its policy-as-code capability for agentic AI on February 11, designed to translate organizational rules, regulatory requirements, and operational controls into machine-readable policies that govern how AI agent workflows execute. The approach addresses a core challenge that has stymied agentic AI adoption in regulated industries: how to ensure that autonomous agents operate within deterministic boundaries while maintaining the flexibility that makes them useful. Kyndryl’s implementation enforces pre-defined policies at runtime, logs every agent action for audit trails, and blocks unauthorized actions regardless of hallucination or unexpected model behavior. The announcement reflects a broader industry pattern — policy-as-code is emerging as the primary governance mechanism for bridging the gap between AI agent capability and enterprise compliance requirements. (Kyndryl, PR Newswire)

Separately, Redpanda announced new capabilities including a centralized AI gateway, observability and evaluation tools, and unified authentication forming what the company describes as a unified governance layer for connecting AI agents to live enterprise data. The solution addresses the data access governance challenge — as AI agents increasingly need to query production databases, message streams, and APIs, the question of who controls what data an agent can access has become a pressing security concern. (Help Net Security)

The Model Context Protocol (MCP), which has rapidly become the de facto standard for connecting AI agents to external tools and data sources, is proving to be a significant attack surface. Check Point’s analysis of approximately 10,000 MCP servers found security vulnerabilities in 40% of them, including command injection, server-side request forgery, path traversal, and missing authentication. Adversa AI’s February MCP security resource roundup documented multiple critical vulnerabilities in production MCP implementations, including three CVEs in Anthropic’s own Git MCP server that enable remote code execution via prompt injection. The emerging MCP ecosystem resembles the early days of web APIs — rapid adoption without mature security practices, creating exploitable gaps that adversaries are already probing. (Check Point Research, Adversa AI, Endor Labs)

Security Boulevard reported on a shift in industry recognition programs from celebrating AI hype to focusing on governing agentic AI, reflecting a broader maturation in how the industry approaches autonomous systems. The trend mirrors survey data from 300 technology leaders showing that over three quarters rate AI governance as “extremely important,” with system integration risks, data security, and LLM cost management cited as top concerns. (Security Boulevard)

Board-Level Risk and CISO Strategy

The strain on CISOs continues to intensify. A survey cited by CSO Online found that 52% of CISOs now report their scope is no longer fully manageable, warning that scope-resource imbalances are resulting in delayed strategic priorities, eroded long-term resilience, and reactive security operations with diminishing quality. The RSA Conference published guidance noting that 66% of CISOs feel at risk of burnout, with more than half reporting lost sleep due to the compounding pressures of accountability, regulatory complexity, and expanding threat surfaces. Gartner’s earlier forecast that nearly half of cybersecurity leaders would change jobs by 2025, with 25% moving into entirely different roles, appears to be playing out as organizations struggle to retain experienced security leadership. (CSO Online, RSAC)

The Munich Security Report 2026, released during the annual conference this week, placed cyberattacks at the top of the G7 risk index for the first time. Germany scored 75/100 on cyber risk with 39% of respondents feeling unprepared, while the UK reached 74/100 — a five-point increase from 2024. For board-level risk committees, the Munich report’s framing of cyber as a geopolitical weapon rather than a technical nuisance reinforces the need to evaluate cybersecurity posture through a geopolitical lens. The WEF Global Cybersecurity Outlook 2026 reinforced this perspective, finding that 64% of organizations now account for geopolitically motivated cyberattacks in their risk strategies, with 91% of the largest organizations having changed their cybersecurity strategies due to geopolitical volatility. (Munich Security Report 2026)

The WEF report also revealed a widening priorities gap between CEOs and CISOs that boards should address. CEOs now rank cyber-enabled fraud as their top concern — a shift from ransomware to emerging risks including deepfake-powered fraud and AI vulnerabilities. CISOs, meanwhile, continue to prioritize ransomware and supply chain resilience as their leading concerns. This divergence suggests that executive teams and security leaders may be optimizing for different threat models, creating potential blind spots in organizational risk posture. Less than 45% of private-sector CEOs express confidence in their country’s ability to respond to major cyber incidents targeting critical infrastructure. (WEF, Kiteworks)

Cyber insurance market dynamics are shifting in ways that directly affect CISO budgets and board risk discussions. S&P Global Ratings forecasts a 15–20% premium increase in 2026, and the combination of rising client cybersecurity investment and increased insurance capacity is reshaping underwriting behavior. Marsh’s analysis indicates that policies increasingly reflect risk-based segmentation, with favorable terms for organizations demonstrating strong cyber defenses and higher premiums or coverage limitations for those that cannot. Insurers are heavily scrutinizing enterprise security practices — organizations without phishing-resistant MFA, extended detection and response capabilities, and immutable backups may face difficulty obtaining coverage at any price. (Insurance Business, Cybersecurity Dive)

Cloud Security Posture

The Dragos 2026 OT Cybersecurity Year in Review, released February 17, contained findings with direct relevance to cloud security strategy. Dragos documented that 73% of OT intrusions involved exploitation or credential reuse of VPNs, jump hosts, and remote access points — the very infrastructure designed to provide secure remote access, often cloud-hosted. This finding underscores that cloud-connected remote access to operational environments represents a critical attack surface, and that organizations must extend cloud security posture management to encompass OT connectivity infrastructure, not just traditional cloud workloads. (Dragos, Help Net Security)

The CSPM market continues its rapid expansion. Industry analysts project the global market will grow from $6.29 billion in 2025 to $14.48 billion by 2031, a 14.91% CAGR driven by enterprise adoption of hybrid and multi-cloud architectures. Modern CSPM solutions are evolving beyond simple misconfiguration detection, embedding large language models to automatically produce remediation code, translate natural-language queries into governance policies, and explain security findings in real time. The integration of AI into CSPM tools introduces its own governance challenge, however — organizations must now ensure that the AI capabilities within their security tools are themselves governed, creating a recursive governance requirement that few organizations have yet addressed.

Cybersecurity budget data suggests that software-defined security is winning the spending battle. Software now commands approximately 40% of enterprise security budgets, surpassing the combined spending on hardware and outsourced services. Global cybersecurity spending is projected to reach approximately $240 billion in 2026 according to Gartner, representing a 12.5% increase from the 2025 baseline, though growth rates have slowed from 8% to 4% year-over-year as economic uncertainty constrains budgets. (GovTech)

Identity, Access Management and Zero Trust

Zero trust adoption reached a threshold this week: 81% of organizations are now adopting zero trust architectures in 2026, according to industry data — but the nature of what “zero trust” means operationally is shifting. SecurityWeek’s Cyber Insights 2026 analysis characterizes 2026 as the year of transition from architectural planning to operational enforcement. True zero trust in 2026 means cryptographically binding identity to every request across its entire lifecycle, not just at the authentication entry point. The challenge lies in interoperability — the fragmentation of identity and security platforms continues to limit unified visibility, with comprehensive zero trust adoption realistically projected for 2027–2029.

The non-human identity challenge has reached a scale that demands immediate board-level attention. As organizations scale AI and cloud automation, non-human identities — service accounts, API keys, machine credentials, AI agent tokens — now outnumber human accounts by orders of magnitude. A survey found that 51% of respondents consider the security of non-human identities just as important as human accounts, yet current governance practices lag dramatically behind. AI-powered continuous authentication is emerging as the proposed solution: identity management systems that verify through multi-factor authentication, behavioral analysis, and real-time risk scoring rather than relying on static policies that become stale the moment they are applied. (SecurityWeek, The Hacker News, RidgeIT)

The banking sector provides a concrete example of zero trust implementation at scale. Security Boulevard published a February analysis of zero-trust frameworks for cloud banking, where the combination of regulatory pressure, high-value transaction data, and sophisticated adversaries has accelerated adoption. Financial institutions are implementing microsegmentation of cloud workloads, continuous authentication for both human and machine identities, and real-time behavioral analytics that flag anomalous transaction patterns before they result in fraud. The banking sector’s experience offers lessons for other industries approaching zero trust maturity. (Security Boulevard)

Vendor and Supply Chain Risk

The OMB M-26-05 policy shift continues to create uncertainty in the federal software supply chain. With standardized attestation requirements rescinded, agencies must now independently determine assurance mechanisms — potentially creating a patchwork of SBOM requests, attestation forms, or alternative evidence requirements across different contracts. Dark Reading reported that SBOMs in 2026 inspire “some love, some hate, much ambivalence” — many organizations recognize their theoretical value but struggle with practical implementation challenges. SBOMs generated too late in the development lifecycle, lacking context about how components are actually used, or failing to reflect what is truly shipped in compiled software provide limited security value. An estimated 70–90% of modern applications are composed of open-source components, many sitting several layers deep and invisible to developers until a vulnerability surfaces. (Dark Reading, Inside Government Contracts)

AI-fuelled software supply chain attacks are forcing organizations to rethink their approach to cyber risk. Security Review Magazine reported that threat actors are increasingly using AI to generate convincing malicious packages, craft sophisticated social engineering campaigns targeting developers, and automate the discovery of exploitable dependencies. The industrialization of supply chain attacks — documented by Sonatype’s finding of 454,648 malicious packages across major registries in 2025 — represents a fundamental shift from opportunistic to sustained, organized campaigns. (Security Review Magazine, Ironside IT)

Geopolitical vendor risk continues to reshape procurement decisions. The EU’s proposed revised Cybersecurity Act, with its mechanisms for restricting “high-risk” suppliers based on both technical and geopolitical criteria, signals a future where vendor selection will increasingly be shaped by sovereignty considerations. Organizations should begin stress-testing their supply chains against scenarios where specific vendors or countries of origin become restricted, ensuring they have identified alternative suppliers for critical capabilities.

Industry Surveys and Research

The WEF Global Cybersecurity Outlook 2026, based on surveys of more than 100 CEOs and extensive CISO engagement, found that AI is the most significant driver of cybersecurity change — cited by 94% of respondents — while 87% flagged AI-related vulnerabilities as the fastest-growing risk. The percentage of organizations that assess the security of their AI tools nearly doubled from 37% in 2025 to 64% in 2026, suggesting that awareness is translating into action, albeit unevenly. Confidence in national cyber preparedness declined, with 31% of respondents reporting low confidence, up from 26% the prior year. (WEF, Industrial Cyber)

The Check Point Cyber Security Report 2026, published January 28, documented that organizations experienced an average of 1,968 cyber attacks per week in 2025 — a 70% increase since 2023. Beyond the volume increase, the nature of attacks is shifting: AI-driven social engineering was named the top 2026 threat by ISACA’s poll of 2,963 professionals, and Group-IB’s research documented a “fifth wave” of cybercrime in which deepfake-as-a-service is available for $10 per month and dark-web discussions about AI criminal tools have grown from approximately 50,000 annual messages in 2020–2022 to 300,000 annually since 2023. (Check Point Research, Infosecurity Magazine)

The AV-Comparatives Security Survey 2026, based on 1,328 participants across 87 countries, offered a global snapshot of threat perception. Respondents named Russia, China, the United States, and North Korea as the most feared sources of state-sponsored cyber attacks. The survey also revealed that Linux usage has reached macOS-comparable levels among security-aware users — a shift with implications for enterprise endpoint security strategies that have historically prioritized Windows and macOS coverage. (AV-Comparatives)

The Dragos 2026 OT Cybersecurity Year in Review, while primarily relevant to industrial security, contains data points that CIOs and CISOs across all sectors should internalize. Industrial ransomware groups surged 49% year-over-year, with 119 groups impacting 3,300 organizations globally. Organizations with comprehensive OT visibility detected ransomware in an average of 5 days compared to the 42-day industry average — a data point that quantifies the ROI of visibility investments in terms any board can understand. (Dragos)

The global cyber insurance market, valued at $26.25 billion in 2025, is projected to reach $33.05 billion in 2026 and $223.47 billion by 2034, reflecting both growing demand and expanding coverage requirements. However, market profitability remains concentrated, with loss ratios averaging 40–50% and growth rates cooling to approximately 5% year-over-year since 2022. Underinsured small and medium enterprises represent the key growth opportunity, though these organizations often lack the security maturity that insurers increasingly demand. (Fortune Business Insights, Heimdal Security)

Strategic Recommendations

  1. Plan for sustained CISA degradation. The DHS shutdown compounds earlier workforce reductions, effectively removing two-thirds of CISA’s capacity relative to a year ago. Critical infrastructure operators should increase reliance on sector-specific ISACs, commercial threat intelligence, and direct vendor advisory channels. Organizations that relied on CISA for vulnerability scanning, security assessments, or threat-sharing coordination should evaluate whether commercial alternatives can fill the gap for the duration of the funding lapse — and potentially beyond.

  2. Apply the Promptware Kill Chain defensively. The Schneier et al. framework provides a structured model for evaluating agentic AI exposure. Security teams should map their AI agent deployments against the seven stages and identify where defensive controls can break the chain — particularly at privilege escalation (constraining what agents can access), persistence (preventing memory poisoning), and actions on objective (strictly limiting autonomous actions). Organizations deploying MCP-connected agents should audit their MCP server implementations against the 40% vulnerability rate documented by Check Point.

  3. Evaluate policy-as-code for AI agent governance. Kyndryl’s announcement and the broader trend toward deterministic policy enforcement for AI workflows suggest that policy-as-code is becoming the standard approach for governing agentic AI in regulated environments. Organizations should assess whether their current AI governance relies on procedural controls that agents can bypass, and explore whether machine-readable policy frameworks can provide more reliable enforcement.

  4. Address the CEO-CISO priorities gap. The WEF data showing CEOs focused on cyber-enabled fraud while CISOs prioritize ransomware represents a strategic risk. Boards should ensure that security strategy addresses both threat models explicitly, and that executive reporting bridges the gap between fraud-focused CEO concerns and the operational realities that CISOs manage daily.

  5. Prepare for CRA compliance by September 2026. The EU Cyber Resilience Act begins applying on September 11, mandating vulnerability and incident reporting for products with digital elements. Organizations selling into the EU market that have not begun compliance programs face a timeline that is now critically short for products requiring design changes, SBOM generation capabilities, or vulnerability handling process development.

Sources Referenced

RSS/Primary Sources

Web Search Discoveries