Previous Columns

Two of this week's most instructive breaches trace to credentials in version control, not zero-days; one contractor works for the agency that mandates US federal remediation timelines.

Two CVSS 10 Cisco SD-WAN bugs exploited in five months, plus a JavaScript supply chain burning two OpenAI developer devices, argues that the exploitation window has structurally closed.

Google's confirmation of an AI-built zero-day in criminal deployment is a measurement, not a milestone: the exploitation window is now shorter than any current TRM timeline assumes.

Anthropic's Mythos appearing on institutional threat registries forces a question that procurement frameworks and cyber insurance policies were not built to answer.

Treasury's 'nuclear weapon' framing for AI in finance is institutional acknowledgment that the attack surface has changed faster than the governance structures meant to contain it.

Frontier AI is compressing the exploit window while supply chain attacks compromise the very tools defenders use to close it.