Full Report
Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE's major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks.Key takeawaysGoogle is forecasting that AI will kick off a new era for the cybersecurity world, as the use of AI tools becomes the new normal for both attackers and defenders. A new version of the MITRE ATT&CK framework includes intel on threats against Kubernetes, CI/CD pipelines, and cloud databases – and more. McKinsey advises orgs to treat agentic AI tools as privileged "digital insiders" and implement a three-phase security strategy to manage their unique cyber risks.Here are five things you need to know for the week ending November 7.1 - Google: In 2026, AI tools will become mainstream for cyber attackers and cyber defendersBy next year, AI tools won’t be novel. They’ll be standard issue for threat actors and for cyber teams, as the AI arms race irreversibly transforms the cybersecurity landscape.That’s one of the main insights from Google’s “Cybersecurity Forecast 2026” report, published this week. “2026 will usher in a new era of AI and security, both for adversaries and defenders,” the report reads.“While threat actors will leverage AI to escalate the speed, scope, and effectiveness of attacks, defenders will also harness AI agents to supercharge security operations and enhance analyst capabilities,” it adds.In other words, get ready for a new level of sophistication and stealth across all type of attacks, including social engineering campaigns. For example, fraudsters will craft hyperrealistic vishing messages using AI-driven voice cloning to impersonate executives or IT staff.In addition to using AI technology, attackers will also seek to compromise and leverage victims’ AI systems, particularly via prompt injection attacks, which tamper with an AI system to bypass its own security protocols. “We anticipate a rise in targeted attacks on enterprise AI systems in 2026, as attackers move from proof-of-concept exploits to large-scale data exfiltration and sabotage campaigns,” the report reads.Hackers will also adopt agentic AI systems, which act autonomously, to automate and scale up attacks across the entire attack lifecycle. They’ll also hunt “shadow” agentic AI tools used by employees without their organizations’ knowledge, and compromise them to steal confidential business data. However, cyber defenders will also augment their use of AI. Google envisions the emergence of agentic SOCs where security analysts increasingly deploy AI agents to correlate data and summarize incidents.This shift will require organizations to adopt a new "agentic identity management" framework so that the privileges, access and permissions granted to AI agents aren’t excessive and comply with least-privilege principles and with just-in-time access controls.To meet the challenge, Google recommends that cybersecurity teams adopt proactive, multi-layered cyber defenses, beef up their AI governance, and continuously adapt their security tactics as threats evolve.The report also covers trends in cybercrime and in nation-state cyber threats.For more information about AI security, check out these Tenable Research blogs:“Frequently Asked Questions About DeepSeek Large Language Model (LLM)”“Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications”“Frequently Asked Questions About Vibe Coding”“AI Security: Web Flaws Resurface in Rush to Use MCP Servers”“CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison)”2 - MITRE ATT&CK update tackles Kubernetes security, CI/CD threats and moreMITRE has released the latest version of its widely used ATT&CK framework, adding and deepening coverage of threats against Kubernetes clusters, CI/CD pipelines, and cloud databases.MITRE ATT&CK version 18 also has enhanced guidance for protecting software supply chains, cloud identities, and edge and virtualization systems.Also new in this popular knowledge base of adversary tactics, techniques and procedures: A new approach for attack detections via a more structured, behavior-focused model. “We’ve spent the last six months focused on making ATT&CK more usable and actionable for defenders,” reads a MITRE blog about the framework’s update. Here’s just a small sampling of new framework components:Technique 1059.013: Command and Scripting Interpreter: Container CLI/API addresses how attackers execute commands, pull images, spin up pods, and steal cloud credentials using the Docker command line interface (CLI), Kubernetes application programming interfaces (APIs), and container software development kits (SDKs).Technique 1677: Poisoned Pipeline Execution outlines how attackers poison CI/CD pipelines by altering configuration files, corrupting build scripts, and creating malicious pull requests that leak secrets and inject compromised components.Technique 1636.005: Protected User Data: Accounts details how adversaries collect account data from compromised mobile devices. For example, on Android, they abuse the AccountManager API to list accounts; while on iOS, they leverage Keychain services.Three new asset types expand ATT&CK’s industrial control system (ICS) equipment coverage:Asset 0017: Distributed Control System (DCS) Controller, representing microprocessor units that manage large-scale, continuous industrial processes, and that operate within coordinated networks of controllers, software and operator stations.Asset 0016: Firewall, representing gateways that enforce network access policies and that are critical in ICS environments for segmenting ICS from business networks, restricting ingress and egress, and defining security zones to limit attacker movement.A0015: Switch, representing network devices that connect endpoints, including workstations, servers, human-machine interfaces (HMIs), and programmable logic controllers (PLCs), and forward traffic at the Open Systems Interconnection (OSI) Layer 2 or 3 using MAC or IP addresses. In addition, MITRE ATT&CK now also features information about multiple new threat groups, software tools, and campaigns.To get more details, read:The blog “ATT&CK v18: The Detection Overhaul You’ve Been Waiting For”The changelog detailing what’s new in MITRE ATT&CK version 18The release notes for MITRE ATT&CK version 183 - McKinsey's playbook: Treat Agentic AI like a "digital insider"Is your organization spinning up autonomous AI agents? Then it’s time for the IT and cybersecurity teams to learn how to mitigate their significant cyber risks.To that end, McKinsey recently published a playbook for technology leaders tasked with securing agentic AI tools, stressing that, unlike other tools, these ones act as “digital insiders” operating with various degrees of privilege and authority.“Just like their human counterparts, these digital insiders can cause harm unintentionally, through poor alignment, or deliberately if they become compromised,” reads the document titled “Deploying agentic AI with safety and security: A playbook for technology leaders.”(Image created by Tenable using Google Gemini)Unlike traditional systems, these AI agents can make decisions and interact with systems and other agents, creating novel vulnerabilities and new risk drivers, including: Chained vulnerabilities, where a flaw in one agent cascades to othersCross-agent task escalation, where malicious agents exploit trust to gain unauthorized privilegesSynthetic-identity risk, where adversaries impersonate agent identitiesUntraceable data leakage from autonomous agent-to-agent communicationData corruption propagation, where flawed data silently undermines decision-making across multiple agentsSo how can technology and security leaders, including CIOs and CISOs, mitigate these severe risks? McKinsey recommends a three-phase playbook:Prior to deployment: Organizations must update their core AI policy, risk management frameworks, and governance structures to specifically address the risks of autonomous agents. This includes defining roles, access management, and accountability.Prior to launching a use case: Leaders must establish a central AI portfolio management system for oversight and ensure the organization has the necessary security skills and resources to manage agentic systems.During deployment: This phase requires implementing technical and procedural controls, including:securing agent-to-agent communicationsapplying robust identity and access management (IAM) to agentsensuring complete traceability by logging all agent actions and decisions for auditscreating contingency plans with sandbox environments to isolate agents that fail or behave unexpectedlyIn short, McKinsey cautions against making agentic AI security an afterthought, and urges security and technology leaders to start assessing the current adoption of these tools in their organizations and begin planning how to secure them.“The agentic workforce is inevitable. As more companies adopt AI agents, new challenges for maintaining the confidentiality and integrity of data and systems will arise,” the document reads.For more information about AI security, check out these Tenable resources:“2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud” (on-demand webinar)“Cloud & AI Security at the Breaking Point — Understanding the Complexity Challenge” (solution overview)“Exposure Management in the realm of AI” (on-demand webinar)“Expert Advice for Boosting AI Security” (blog)“AI Is Your New Attack Surface” (on-demand webinar)4 - Alert: Patch your on-prem Exchange servers nowThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other global cyber agencies are sounding the alarm: Attackers are relentlessly hammering vulnerable on-prem Exchange servers.If you're running them, stop what you're doing and check the new "Microsoft Exchange Server Security Best Practices" guide.“Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of compromise,” CISA said in a statement. The document guide stresses the importance of keeping your servers updated and applying security patches immediately.The guide also strongly advises organizations to migrate from “end of life” Exchange versions that Microsoft no longer supports nor provides security updates for. Other critical steps include ensuring the Emergency Mitigation (EM) service is enabled for automatic fixes; applying security baseline configurations; and using either built-in or third-party antivirus, anti-spam and anti-malware software.Other key recommendations include:Leverage OAuth 2.0 and enable multi-factor authentication (MFA).Configure the Extended Protection (EP) feature to mitigate adversary-in-the-middle and authentication relay attacks.Restrict access to Exchange administrative environments, such as the Exchange Admin Center (EAC).“This guidance empowers organizations to proactively mitigate threats, protect enterprise assets, and ensure the resilience of their operations,” Nick Andersen, Executive Assistant Director for the Cybersecurity Division at CISA, said in a statement.For more information about securing Exchange, SharePoint and other Microsoft products, check out these Tenable resources:“CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability”“Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)”“Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)”“CVE-2025-53770: Frequently Asked Questions About Zero-Day SharePoint Vulnerability Exploitation”“Service Accounts in Active Directory: These OG NHIs Could Be Your Weakest Link”5 - CIS Benchmarks get a refreshTime to harden your software configurations. The Center for Internet Security (CIS) just updated its gold-standard Benchmarks.The following CIS Benchmarks were updated:CIS Google Android Benchmark v1.6.0, which now features updated guidance mirroring the Apple iOS BenchmarkCIS Microsoft Windows Server 2016 Benchmark v4.0.0, which gained 13 new security settingsCIS Oracle MySQL 8.0 Enterprise Edition Benchmark v1.5.0, which backports a recommendation for FIPS 140-2 Open_SSL CryptographyIn addition, CIS released these brand new Benchmarks:CIS FortiGate 7.4.x Benchmark v1.0.0CIS Sophos Firewall v21 Benchmark v1.0.0Meanwhile, various Linux distributions now have Build Kits, which are tools that automate the CIS Benchmarks’ configuration process:CIS Alibaba Cloud Linux 3 Benchmark v2.0.0CIS AlmaLinux OS 8 Benchmark v4.0.0CIS Oracle Linux 8 Benchmark v4.0.0CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0CIS Rocky Linux 8 Benchmark v3.0.0Currently, CIS has 100-plus Benchmarks to harden the configurations of cloud platforms; databases; desktop and server software; mobile devices; operating systems; and more.To get more details, read the CIS blog “CIS Benchmarks Monthly Update October 2025.” For more information about the CIS Benchmarks list, check out its home page and FAQ, as well as:“Getting to Know the CIS Benchmarks” (CIS)“Security Via Consensus: Developing the CIS Benchmarks” (Dark Reading)“How to Unlock the Security Benefits of the CIS Benchmarks” (Tenable)“CIS Benchmarks Communities: Where configurations meet consensus” (Help Net Security)“CIS Benchmarks: DevOps Guide to Hardening the Cloud” (DevOps)
Analysis Summary
# Threat Intelligence Report Summary: Key Cybersecurity Developments (Week Ending Nov 7)
## Main Topic
A summary of critical cybersecurity findings, focusing on the anticipated transformation driven by Artificial Intelligence (AI), updates to the MITRE ATT&CK framework, security guidelines for agentic AI, and urgent advisories regarding Microsoft Exchange protection and CIS Benchmarks.
## Key Points
- **AI as Mainstream Security Tool:** Google forecasts that by 2026, AI tools will be standard for both cyber attackers and defenders, ushering in a new era of sophisticated attacks and augmented security operations (Agentic SOCs).
- **Agentic Security Posture:** McKinsey recommends treating autonomous AI agents like "digital insiders" due to their inherent privileges, requiring a structured, three-phase security strategy covering policy, oversight, and technical controls during deployment.
- **MITRE ATT&CK Major Update:** Version 18 introduces significant updates, deepening coverage for threats against cloud-native environments (Kubernetes, CI/CD pipelines, cloud databases) and overhauling detection guidance with a behavior-focused model.
- **Urgent Exchange Patching:** CISA and global agencies are alerting organizations about persistent, high-risk threat activity targeting vulnerable on-premises Microsoft Exchange servers, necessitating immediate patching and configuration hardening.
- **Benchmark Refresh:** CIS released multiple updates to existing Benchmarks (Android, Windows Server 2016, MySQL 8.0 Enterprise Edition) and introduced new Benchmarks for specific firewalls (FortiGate, Sophos Firewall), alongside distribution-specific Build Kits for automation.
## Threat Actors
- **General Threat Actors (Adversaries):** Expected to leverage AI to escalate the speed, scope, and effectiveness of attacks.
- **Nation-State Actors:** Trends in nation-state cyber threats were covered in the Google forecast (specific details not listed).
## TTPs
- **AI-Enhanced Attacks:**
- Crafting hyperrealistic vishing messages using AI-driven voice cloning to impersonate executives or IT staff.
- Executing prompt injection attacks to tamper with enterprise AI systems to bypass security protocols.
- Compromising and leveraging victims' AI systems for large-scale data exfiltration and sabotage.
- Adopting autonomous agentic AI systems to automate and scale attacks across the entire lifecycle.
- Hunting for unmanaged "shadow" agentic AI tools used by employees for data theft.
- **Container/Cloud Attacks (MITRE ATT&CK v18 additions):**
- **Technique T1059.013 (Command and Scripting Interpreter: Container CLI/API):** Using Docker CLI, Kubernetes APIs, and SDKs to execute commands, pull images, spin up pods, and steal cloud credentials.
- **Technique T1677 (Poisoned Pipeline Execution):** Altering CI/CD configuration files, corrupting build scripts, and creating malicious pull requests to leak secrets and inject compromised components.
- **Mobile Device Theft (MITRE ATT&CK v18):**
- **Technique T1636.005 (Protected User Data: Accounts):** Abusing Android AccountManager API or leveraging iOS Keychain services to gather account data.
## Affected Systems
- **AI Systems:** Enterprise AI systems targeted for large-scale data exfiltration and sabotage.
- **Microsoft Exchange Servers:** On-premises versions remain under relentless attack.
- **Container Environments:** Kubernetes clusters, CI/CD pipelines, and cloud databases are subject to new coverage in ATT&CK.
- **Mobile Devices:** Android and iOS devices targeted to collect protected account data.
- **ICS Equipment (New ATT&CK Asset Types):** Distributed Control System (DCS) Controllers, Firewalls, and Switches.
## Mitigations
- **AI Governance & Defense:**
- Adopt proactive, multi-layered cyber defenses.
- Beef up AI governance structures.
- Implement a new "agentic identity management" framework for AI agents, enforcing least-privilege and just-in-time access controls.
- **Agentic AI Security (McKinsey Playbook):**
- **Prior to Deployment:** Update AI policy, risk management frameworks, and governance to address autonomous agents (defining roles, access management, and accountability).
- **Prior to Use Case Launch:** Establish central AI portfolio management for oversight; ensure necessary security skills are available.
- **During Deployment:** Secure agent-to-agent communications; implement robust IAM for agents; log all agent actions for traceability; create sandbox environments for contingency planning.
- **Exchange Server Hardening (CISA Guidance):**
- Apply security patches immediately and keep servers updated.
- Migrate from "end of life" Exchange versions.
- Ensure the Emergency Mitigation (EM) service is enabled.
- Apply security baseline configurations.
- Use AV/anti-malware solutions.
- Leverage OAuth 2.0 and enable MFA.
- Configure Extended Protection (EP) to mitigate relay attacks.
- Restrict access to administrative environments (EAC).
- **Configuration Hardening:** Implement updated CIS Benchmarks for various platforms (e.g., Android v1.6.0, Windows Server 2016 v4.0.0).
## Conclusion
The cybersecurity landscape is rapidly evolving toward AI-centric operations on both sides of the conflict, demanding immediate foundational security updates. Organizations must drastically rethink identity management to account for autonomous agents and must urgently triage on-premises Exchange deployments. Concurrently, defenders should adopt the latest MITRE ATT&CK additions to enhance detection capabilities against emerging threats in cloud and supply chain infrastructure.
# Morning News Roll-up {current_date}
## Overview
This week's intelligence highlights include Google's 2026 AI security forecast, major updates to the MITRE ATT&CK framework, a crucial playbook for securing autonomous AI agents from McKinsey, an urgent patch alert for Microsoft Exchange servers, and recent updates to CIS Benchmarks.
## Top Stories
### Google Forecasts 2026: AI Tools Become Mainstream for Cyber Defense and Offense
- Summary: Anticipates that by 2026, AI tools will transition from novelties to standard issue for both attackers and defenders, increasing attack stealth and sophistication (e.g., hyperrealistic vishing) and necessitating agentic SOCs for defense. Attacks on enterprise AI systems via prompt injection are expected to scale significantly.
- Source: [Context provided]
### MITRE Releases ATT&CK v18 with Expanded Coverage for Cloud and CI/CD Threats
- Summary: The latest version deepens coverage against threats targeting Kubernetes, CI/CD pipelines (Technique 1677: Poisoned Pipeline Execution), and cloud databases. It also introduced a more structured, behavior-focused model for attack detections. New ICS asset types (DCS Controller, Firewall, Switch) were added.
- Source: [Context provided]
### McKinsey Releases Playbook: Treat Agentic AI as Privileged "Digital Insiders"
- Summary: Advises technology leaders to implement a three-phase strategy (prior to deployment, prior to use case launch, during deployment) to mitigate novel risks posed by autonomous agents, such as cross-agent privilege escalation and untraceable data leakage. Technical controls like robust IAM and complete logging are essential.
- Source: [Context provided]