Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Director’s note: AI ethics and Pope Leo XIV

Secretary of State Marco Rubio meets Pope Leo XIV in Vatican City on May 7, 2026. (Vatican Media via U.S. State Department)

Dear readers,

The executive order on vetting powerful new AI models that was expected this week failed to materialize at the last minute. While the security community is waiting to see what the administration’s course of action will be after the release of Mythos, there is another anticipated event that is expected to frame AI governance concerns in the context of responsibility, humanity and theology. On Monday, Pope Leo XIV is expected to personally present his first major teaching document on the ethical challenges posed by artificial intelligence, Justin McLellan reported at National Catholic Reporter. Not only is it atypical for a pope to launch his own encyclical, but he’ll be joined at the event by Anthropic co-founder Chris Olah, as these questions increasingly demand engagement from all stakeholders. The Pope also established a commission focused on the opportunities, risks and ethical implications posed by AI technologies, Jorge Enrique Mújica reported at ZENIT News.

On this week’s Cyber Focus, I sat down with Walter Haydock, founder of StackAware and a former House Homeland Security Committee staff member, to break down the hard realities of AI risk management as the rush to deploy artificial intelligence across enterprise environments has outpaced corporate governance. Pushing back against compliance-heavy, “check-the-box” legislation, he argued that true resilience requires outcome-based policy, C-suite ownership of risk and a domestic environment that prioritizes American innovation to prevent ceding the technological battlefield to autocratic regimes such as China. Our conversation also explored the practical mechanics of accountability, exploring why “non-human identities” turbocharge third-party risk, how unpredictable AI agents can mimic internal insider threats and a three-tiered framework for human oversight. 

On the subject of insider threats, Brian Krebs reported this week on what security experts said could be “one of the most egregious government data leaks in recent history” – a public GitHub repository managed by a CISA contractor that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. In response to the news, Sen. Maggie Hassan (D-N.H.) requested an urgent classified briefing for lawmakers from Acting Director Nick Andersen, Sam Sabin reported at Axios. The incident is also a stark reminder that third-party risk and basic credential hygiene remain persistent vulnerabilities even inside the federal cybersecurity ecosystem.

As Congress broke for the holiday recess without an Iran war powers vote in the House, and the next steps in the ceasefire are uncertain, pro-Iran threat actors aren’t resting when it comes to targeting our critical infrastructure. U.S. officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, Sean Lyngaas reported at CNN. Sensing a “renewed outbreak” of war, Iran hackers said they are preparing for “dozens” of “devastating” attacks on the energy and IT sectors, Bridget Johnson reported at Threat Beat in a piece also featured on the Drudge Report. The communications sector has appropriately moved to address the risks posed by this volatile threat environment for infrastructure security in founding the Communications Cybersecurity Information Sharing and Analysis Center, or C2 ISAC, as Eric Geller reported on at Cybersecurity Dive. Congratulations to the founding members – particularly inaugural board chair Rich Baich, Senior Vice President and Chief Information Security Officer at AT&T, and Executive Director Valerie Moon – for helping stand up this important initiative and strengthening operational collaboration across the communications sector.

In a sky-high sector, the United States, China and now Russia are on the prowl in geosynchronous orbit with recent notable developments in the increasingly crowded field of “inspector” satellites, Stephen Clark reported at Ars Technica. Until now, Russia’s spying in geosynchronous orbit has primarily focused on eavesdropping on foreign communications, but the trend has shifted toward reconnaissance and surveillance of other satellites. Russia has now joined the fray with the recent arrival of its own suspected inspector (or attack) satellite in GEO, he writes, while the U.S. Space Force is poised to order more reconnaissance satellites of its own to send into the geosynchronous belt.

And as the U.S. and other countries increasingly look to field-tested autonomous military innovation from Ukraine, Patrick Tucker reported at Defense One on one robot that really stood its ground. A single remote-controlled Ukrainian ground combat vehicle armed with a machine gun defended a “key intersection under constant adversary attack” for 45 days last summer, according to officials who called it “Ukraine’s first fully robotic defensive operation of a position.” 

This week by the numbers:

  • 13 Middle East and North Africa countries participated in an operation focused on neutralizing phishing and malware threats, resulting in 201 arrests and 382 additional suspects identified. (INTERPOL)
  • While 59% of respondents in a European hospital cybersecurity survey said they were confident that their hospitals could operate safely for 24 hours without core electronic health record access, that figure fell to 32% at 48 hours and just 14% at 72 hours. (IT Pro)
  • B1ack’s Stash, one of the most active illicit card shops on the dark web, announced the free release of approximately 4.6 million stolen credit card records. (SOCRadar)
  • 7-Eleven confirmed a data breach after ShinyHunters claimed it stole more than 600,000 Salesforce records containing personal and corporate information. (Security Affairs)
  • Commercial electricity consumption is likely to surpass residential use for the first time on record in 2027, the U.S. Energy Information Administration said, with a projected increase of 2.2% to about 1,530 billion kWh in 2026 followed by 5.3% growth next year. (Utility Dive)

For those looking for deeper strategic reads over the long weekend, The Jamestown Foundation released two China-focused reports of note: Christopher Nye and Charles Sun delve into how the PRC is entrenching its asymmetric closed-door strategy, constructing a functional regime for the core factors of production while simultaneously retaining people, capital, frontier technology and proprietary information inside the country under the banner of national security. And Sunny Cheung analyzes how China’s long-term policy and operational infrastructure has been guiding both industry pathways and investor behavior to drive quantum breakthroughs.

This Memorial Day, we pay our respects to those who have served and sacrificed for our freedom. The Cyber Briefing will return to your inbox on Tuesday. Have a wonderful and restful holiday weekend.

War Eagle,

Frank Cilluffo

Click to listen highlighted text!