Two numbers set the morning: 81 million, the login attempts thrown at Microsoft 365 accounts in a password-spraying campaign, and one, the Homeland Security Information Network DHS confirmed was breached. Neither is exotic tradecraft. Both are volume plays against defenses banks and regulators in Hong Kong and Singapore assume hold. Kai Tanner's column on North Korean macOS malware built to fool the AI triage model explains why: if the model doing the sorting can itself be gamed, the pitch that AI strengthens detection moved the weak point up a layer instead of removing it. A CISO who added an AI-based triage tool this year should ask the vendor what the model does when a sample is built to look benign to it specifically. Anthropic winning US export control relief for frontier cybersecurity AI models is the same story from Washington's side, treating defensive AI as an export category worth easing rather than restricting. Away from cyber, the $2.8 trillion M&A record and Meta's cloud ambitions confirm capital keeps chasing AI infrastructure regardless of the detection problem sitting underneath it. Eurozone inflation cooling to 2.8% gives the ECB room the Fed does not have. Watch whether Microsoft names the login campaign's origin by evening HK time; attribution changes the disclosure clock for anyone with US-domiciled cloud tenancy.