Executive Summary

The defining development of the week was the Trump administration’s visible pivot toward AI safety oversight — a sharp reversal from its January deregulatory stance. The Center for AI Standards and Innovation signed pre-deployment testing agreements with Google DeepMind, Microsoft, and xAI, while the White House began circulating plans for Pentagon-led safety evaluations of frontier models deployed to federal and state governments. At the same time, Cobalt’s annual State of Pentesting Report documented that AI system penetration tests produce high-risk findings at a rate 2.5 times higher than traditional enterprise software, turning AI governance from a compliance exercise into a material risk management imperative. The UK NCSC separately warned that AI-accelerated vulnerability discovery will produce a sustained patch wave across all software categories, testing patch management capacity that most organisations have not designed for that volume. For CIOs and CISOs, the week’s collective signal is that AI risk has simultaneously become a regulatory expectation, an insurance underwriting factor, and a measurable technical threat — and that the window for treating it as a strategic topic rather than an operational one is closing.

This report covers strategic IT security topics for executive leadership. For tactical CPS/ICS vulnerabilities, see the CPS Threat Intelligence report. For ransomware incidents, see the Ransomware Intelligence report.

Week of May 1 – May 8, 2026

Regulatory and Compliance

The GDPR reached its tenth anniversary this week, providing a moment for the European Data Protection Board to restate enforcement priorities and for practitioners to take stock of the regulation’s actual influence on the global privacy landscape. The Board’s 2026 enforcement focus centres on Article 17 — the right to erasure — meaning organisations with inadequate data deletion workflows can expect elevated scrutiny in the year ahead. More consequentially, the European Commission’s EU Digital Omnibus proposal is advancing through deliberation: it proposes targeted compliance simplification for small and mid-sized organisations without altering core individual rights, which matters for enterprise vendor risk assessments involving SME suppliers who have historically struggled to demonstrate GDPR compliance at scale. The Regulation’s durability as a global template is evident in the network of laws it has inspired across approximately 160 jurisdictions, but the tenth-anniversary commentary from enforcement authorities is clear that the original goals — genuine control over personal data and meaningful liability for misuse — remain incompletely achieved.

A LinkedIn complaint filed with EU data protection authorities this week illustrates how GDPR enforcement disputes are migrating into product feature decisions. The allegation that LinkedIn’s restriction of “who viewed your profile” data to paid subscribers violates the data portability and access rights of free account holders could, if upheld, force product changes that redefine how social platforms monetise engagement data in the EU. The outcome is worth monitoring by any organisation operating a freemium model with EU users.

On the US side, the Center for AI Standards and Innovation — a division of the Department of Commerce — announced pre-deployment safety testing agreements with Google DeepMind, Microsoft, and xAI. CAISI has now completed approximately 40 evaluations. The administration is considering an executive order structuring these evaluations along lines similar to FDA pre-market review, which would represent the first formal US pre-deployment requirement for frontier AI models. Critically, CAISI operates with roughly 30 staff and approximately $30 million in total funding — a capacity that analysts from the America First Policy Institute describe as chronically underfunded for the mandate it is being asked to execute. CIOs and CISOs considering US government AI deployment timelines should treat CAISI review as an emerging dependency.

AI Governance and Agentic AI

The week’s most operationally significant AI governance development was the compound signal from both government and the security research community that AI systems are not being governed at the risk level they warrant. Cobalt’s State of Pentesting Report found that 32 percent of findings from AI system engagements were rated high risk — compared to roughly 13 percent for traditional enterprise software. The gap reflects structural differences in how AI systems handle trust, input validation, and privilege boundaries, not merely implementation quality. Prompt injection, model-layer data leakage, and agentic privilege escalation are the dominant finding categories. For organisations that have adopted AI systems under the assumption that standard secure software development practices transfer directly, the Cobalt data is a material corrective.

The Model Context Protocol is emerging as a specific blind spot in enterprise security programmes. As the connective tissue linking AI models to enterprise tools, databases, and APIs, MCP has proliferated rapidly — hundreds of servers are available for download — but most Continuous Threat Exposure Management programmes have not incorporated it into their scope. The risk surface is structurally similar to what shadow IT presented a decade ago: developers and business units deploy MCP integrations outside security governance, creating credential exposure, prompt injection pathways, and confused deputy vulnerabilities that perimeter controls cannot see. Security programmes that have not inventoried deployed MCP servers and applied access controls comparable to those governing API gateways have a gap that warrants immediate attention.

AI deepfake technology has reached a threshold where it creates professional liability exposure for individuals, not just organisations. The documented pattern of clinicians being used as unwitting stars in health-product deepfake campaigns is the most visible example this week, but the pattern extends to any executive or professional whose public profile provides sufficient training material. The calls from clinicians and their professional associations for transparency and consent requirements are likely to produce regulatory responses, but the near-term risk is reputational and legal rather than regulatory.

The NCSC’s warning about an AI-fuelled vulnerability patch wave deserves specific attention from security operations leadership. The mechanism is straightforward: AI models are dramatically accelerating the pace at which researchers — and attackers — can identify vulnerabilities across large codebases, both open source and proprietary. The expected consequence is a sustained increase in critical-severity patch releases across all software categories simultaneously. Organisations that manage patching through manual workflows, deferred maintenance windows, or exception processes scaled for the current pace of disclosure will face capacity failures. The NCSC’s practical guidance emphasises internet-facing attack surface prioritisation, automated patching where possible, and explicit acknowledgement that legacy and end-of-life systems cannot be made safe regardless of the patch effort applied.

Board-Level Risk and CISO Strategy

The gap between how CISOs currently communicate cyber risk and what boards actually need to make decisions received concrete documentation this week from CSO Online’s analysis of board psychology and risk communication. The central finding confirms what practitioners have observed for several years: boards understand that cyberattacks are expensive, but they consistently lack the specific exposure view that would allow them to prioritise. The most effective CISO-to-board communication uses business metrics — potential revenue loss, operational downtime cost, regulatory penalty exposure — rather than threat actor profiles or technical severity ratings. Boards want to know what the realistic worst-case scenario is for their specific business and what the minimum viable security investment is to make that scenario materially less likely.

The structural challenge for many CISOs is that they lack the risk quantification methodology to produce that analysis on demand. Investments in FAIR modelling or equivalent frameworks are not optional enhancements for organisations whose boards have matured beyond compliance-era framing. The insurance market has created an external forcing function: carriers are increasingly treating AI governance documentation, identity controls, and demonstrated incident response capability as conditions of coverage rather than factors in pricing, meaning that security programme gaps visible at renewal are no longer merely a premium issue but a coverage issue.

Cloud Security Posture

Cloud security posture management and cloud-native application protection have converged into a single architecture problem centred on identity. The dominant finding from the CSPM market analysis published this week is that misconfigured storage and overly permissive identity and access management roles account for approximately 75 percent of cloud breaches — a ratio that has remained stable as cloud environments have grown more complex. What has changed is the governance model: CSPM tooling is becoming primarily an identity story, because the actionability of any misconfiguration finding depends on understanding which identities can exploit it and what blast radius that creates. Organisations that treat CSPM and identity governance as separate programmes should expect gap risk at the intersection.

The CSPM market itself is growing from approximately $2 billion in 2025 toward a projected $12 billion by 2030, driven by the combination of multi-cloud complexity, AI-assisted misconfiguration detection, and regulatory pressure. The practical implication for procurement is that CSPM capabilities are increasingly bundled into CNAPP platforms rather than sold as standalone products, making point solution decisions difficult to justify on a total cost basis.

Identity, Access Management and Zero Trust

Zero trust has completed its transition from strategic aspiration to operational expectation. The relevant question for most organisations is no longer whether to adopt zero trust but at what maturity level and integration depth. The most significant evolution in the framework this week is the recognition that non-human identities — AI agents, service accounts, API keys, and automation scripts — now constitute a larger and more dynamic share of access requests than human users in many enterprise environments. Gartner’s identification of non-human identity governance as a top CISO priority for 2026 reflects a structural gap: most identity governance infrastructures were designed for human users and have no native capability to manage agent credentials with purpose-scoped constraints, behavioural monitoring, or circuit-breaker mechanisms.

The AI-powered authentication research circulating this week adds a specific concern for high-privilege account management. Standard TOTP-based multi-factor authentication is consistently bypassed by adversary-in-the-middle proxy phishing toolkits that are now widely available and operationally accessible. Organisations that implemented TOTP as a ceiling rather than a floor for privileged access — executive accounts, cloud console access, identity provider administration — should treat the current adversary-in-the-middle tooling landscape as a specific gap driver, not a theoretical risk.

Vendor and Supply Chain Risk

Supply chain attacks have continued their trajectory from 2024 to 2025, with identity and token abuse at the vendor layer emerging as the primary entry vector. The OAuth over-permissioning pattern — where vendor integrations request and retain far broader scope than their function requires — is the underlying mechanism. For CIOs managing third-party integrations, the operational control is vendor-specific OAuth scope review combined with periodic token revocation audits; the governance control is including scope-of-access review in vendor onboarding and renewal processes.

A CVE refresh cycle risk that many organisations are not tracking was surfaced in the hardware procurement context this week: servers purchased in 2017 and reaching the typical 5-6 year refresh window in 2022-2023 are entering a period where their firmware, BMC, and embedded OS components carry known vulnerabilities that vendors have stopped patching. The refresh decision is often framed as a hardware cost question, but the underlying driver is a software supply chain risk — running infrastructure whose vulnerability surface is known, public, and unresolvable without replacement. Security leaders should ensure hardware refresh planning incorporates CVE exposure analysis for out-of-support components, not just performance and capacity metrics.

Industry Surveys and Research

Cobalt’s 2026 State of Pentesting Report is the week’s most consequential research output for enterprise security planning. The finding that AI systems produce high-risk penetration test findings at 2.5 times the rate of traditional systems provides empirical grounding for what practitioners have suspected: AI systems require their own security assessment methodology, and the frequency and depth of assessment should be calibrated to that higher risk profile, not inherited from legacy application testing schedules.

The GDPR tenth-anniversary analyses from the European Data Protection Board and practitioner community confirm that the regulation’s enforcement trajectory is accelerating rather than stabilising. The combination of EDPB priority enforcement areas, the EU Digital Omnibus simplification proposal, and the expanding regulatory ecosystem — AI Act, Digital Services Act, Cyber Resilience Act — means that data protection and cybersecurity compliance are now inseparably linked for any enterprise operating in or selling to the EU.

Strategic Recommendations

Inventory AI system risk and schedule structured assessments. Cobalt’s data documenting 32 percent high-risk findings in AI system pentests means that any AI deployment that has not undergone structured security assessment since deployment carries unknown risk. Prioritise assessments for AI systems with access to sensitive data, external APIs, or operational decision authority.

Map deployed MCP servers before attackers do. Model Context Protocol adoption has outrun governance in most enterprises. Treat MCP discovery and access control as an immediate shadow IT exercise: inventory deployed MCP integrations, apply least-privilege access constraints, and include MCP scope in Continuous Threat Exposure Management programmes.

Prepare patching infrastructure for increased volume. The NCSC’s AI-fuelled patch wave warning is a capacity planning signal, not just a threat advisory. Audit current patch management workflows against a scenario of simultaneous critical patches across multiple vendor categories. Identify where automation, prioritisation rules, and emergency change procedures need strengthening before the volume arrives.

Upgrade high-privilege account authentication to phishing-resistant methods. TOTP-based MFA is demonstrably insufficient against deployed adversary-in-the-middle toolkits. Hardware security keys and passkeys for executive accounts, cloud console access, and identity provider administration are the specific gap this week’s evidence supports closing.

Connect CISO board reporting to quantified business risk. With boards explicitly requesting financial-metric framing and cyber insurance carriers conditioning coverage on governance documentation, investment in risk quantification methodology addresses a gap that simultaneously affects board credibility and insurance outcomes. Assess FAIR modelling or equivalent approaches as a near-term initiative rather than a multi-year programme.

CIO/CISO ITsec Summary week 19, 2026