Cyber Intelligence Weekly

Cyber Intelligence Weekly (April 12, 2026): Our Take on Three Things You Need to Know

By Dan Desko
Posted on Apr 12 / 2026

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we turn to this week’s edition of Cyber Intelligence Weekly, I want to introduce a new Personal Spotlight Series: The Human Side of Cybersecurity.

This series is grounded in conversation rather than commentary. It centers on CISOs and other cyber leaders who are in the seat—navigating real leadership pressure, complex risk decisions, and the human realities of building and sustaining security programs. Some are earlier in their journey, others further along paths many of you may recognize or aspire toward. What they share isn’t theory. It’s experience—earned through moments of progress, frustration, growth, and reflection. These conversations are for the professionals who show up every day to quietly carry the weight of this industry.

Roy Luongo — “Strive not to be the smartest person in the room.”

In this episode, I sat down with Roy Luongo, former CISO of the United States Secret Service, whose career spans more than three decades across military intelligence, the NSA, financial services, Cyber Command, and federal leadership. Roy’s path into cybersecurity began long before the term was mainstream. From early hacking experiments as a teenager to serving as an interactive operator at the National Security Agency, Roy developed a rare perspective from both the offensive and defensive sides of the house. That journey ultimately led him into executive leadership roles where technical depth, mission focus, and people leadership had to coexist.

What makes Roy’s story especially compelling is how clearly he explains the shift from operator to leader. He described an early realization that attackers often exploit simple, overlooked weaknesses rather than the scenarios defenders spend the most time planning for. That insight became foundational to his leadership philosophy: security programs must stay grounded in reality, not just theory. Later, an entirely different lesson shaped him just as deeply, a candid moment when he was told his teams were burning out and he needed to understand work-life balance. Roy took that feedback seriously and reframed leadership as something that must adapt to people, not force people to adapt to one style.

Throughout the conversation, Roy emphasized that cybersecurity success today depends as much on humility and adaptability as it does on technical skill. Whether discussing red teams, executive leadership, or the future of AI, he consistently returned to the same principle: no single person has all the answers. Great leaders surround themselves with talented specialists, listen well, and create environments where others can thrive. It was a powerful reminder that the strongest CISOs are not defined by being the smartest in the room, they are defined by building the smartest rooms.

Additional takeaways from the conversation:

  • Leadership is built over time. Managing larger teams successfully is a progression, not a switch you flip overnight.
  • The best technical expert is not always the best leader. Deep expertise and people leadership are different skill sets.
  • Failure is a world-class teacher. In red teaming, getting caught often creates the most valuable learning.
  • Red teams should improve defenders, not just “win.” The goal is to sharpen detection and response, not merely prove compromise is possible.
  • Leaders must adapt to how others work. Communication and management should flex to the needs of the team.
  • Massive data + limited resources = imperfect outcomes. Security teams will hit dead ends and miss signals; perfection is not realistic.
  • Post-quantum panic can be overhyped. Preparation matters, but fear-based narratives often outpace practical reality.
  • Non-human identity management is underhyped. Agents, automation, and machine identities may become one of the biggest control challenges ahead.
  • There is no cybersecurity finish line. No silver bullet, no final maturity state, no day where the work is “done.”
  • If rebuilding from scratch, start with people, visibility, and data. Skilled talent, environmental awareness, and strong data governance are foundational investments.
  • CISOs are still part of the team. The title may change, but effective leaders remain connected to practitioners and mission execution.
  • Humility is a competitive advantage. Bringing smarter people into the room is a sign of strength, not weakness.

Roy’s billboard message said it best: “Strive not to be the smartest person in the room.” Behind the humor was a profound truth, great leadership is less about proving your own brilliance and more about empowering the brilliance of others.

If there was one thread that defined this conversation, it was this: the future of cybersecurity belongs to leaders who combine technical credibility, emotional intelligence, and the humility to keep learning.

Watch the Full Interview Here: https://www.youtube.com/watch?v=o8c6VAtLKso

Echelon Thought Leadership Highlight

We’re heading to CS5 West in San Diego! As CMMC continues to take center stage, we’re looking forward to connecting with organizations navigating what compliance really looks like in practice. You can find us at Booth 49, where our team will be on-site:

Chris Callahan, Partner

Alyson Pisarcik, Cybersecurity Manager

Greg DeLeonardis, Client Solutions Manager

If you’re planning to attend, let's connect! https://cs5west.org/

Away we go!

 

1. Anthropic’s Mythos Exposes a Bigger Security Problem

Anthropic’s release of its new Claude Mythos Preview model has sparked one of the biggest cybersecurity debates of the year. The company says the system can identify weaknesses across software platforms and build complex exploit chains that could dramatically lower the skill required to compromise systems. Because of those capabilities, access is being tightly controlled through a limited initiative called Project Glasswing, where select organizations such as major technology vendors and cybersecurity leaders will use the model for defensive purposes before broader availability is considered.

The headlines naturally focus on whether Mythos is a cyber superweapon. But the deeper story is less about one model and more about the fragile state of software security. Many organizations already struggle with unpatched systems, weak development practices, inherited technical debt, and overloaded security teams. If AI can discover vulnerabilities faster, it does not create the underlying problem. It exposes how long the industry has tolerated building and operating insecure technology. In that sense, Mythos is not the crisis, it is the mirror.

What appears to concern experts most is the model’s reported ability to connect multiple flaws into working exploit chains. Finding one bug is valuable. Linking several weaknesses together into a reliable attack path is what often leads to major breaches, privilege escalation, or stealthy compromise. Historically, that level of work required deep expertise and time. If advanced AI systems can automate portions of that process, defenders will need to move from human-speed security programs to machine-speed validation, patching, detection, and response.

There is also a positive interpretation of this moment. The same capabilities that could help attackers can be used to harden code, test infrastructure, review open-source dependencies, and identify design flaws before adversaries ever see them. The organizations that win in this next phase will not be the ones debating whether AI changes cybersecurity. They will be the ones using AI to build secure-by-design environments before everyone else is forced to catch up.

GitHub Actions Supply Chain Risk Continues to Pressure Cloud Environments

One of the most important cloud security lessons this week comes from the continued fallout tied to recent CI/CD and GitHub Actions supply chain compromises. Security teams are being reminded that cloud environments are no longer breached only through exposed servers or stolen passwords. Increasingly, attackers are entering through trusted automation pipelines that already have access to cloud resources, secrets, and production environments.

In several recent cases, malicious code inserted into developer workflows was able to harvest tokens, cloud credentials, and environment secrets. Once obtained, attackers could potentially access AWS, Azure, or Google Cloud resources without ever exploiting a traditional vulnerability. This is exactly why modern cloud defense must include your build systems, developer pipelines, and third-party integrations, not just workloads and firewalls.

Immediate Actions for Security Teams

  • Pin GitHub Actions and CI/CD dependencies to full commit hashes, not floating tags
  • Rotate cloud credentials, PATs, API keys, and secrets tied to build systems
  • Review IAM roles used by pipelines and remove excessive permissions
  • Enable logging and alerting for unusual token use, privilege escalation, or geographic anomalies
  • Audit build runners, artifact repositories, and container registries for suspicious changes
  • Implement workload identity federation where possible instead of long-lived secrets

Real-World Takeaway

Many organizations have strong cloud controls but weak trust boundaries around DevOps tooling. If your pipeline can deploy to production, it is a Tier 1 asset and should be protected like a crown jewel. In 2026, one compromised automation token can be just as dangerous as a compromised domain admin account.

2. Cyber Fraud Hits Record Levels as Scams and Crypto Theft Drain $17.6 Billion

The FBI’s latest Internet Crime Complaint Center report paints a stark picture of the modern threat landscape: cyber-enabled fraud is now one of the most costly crimes in America. In 2025 alone, reported losses reached an astonishing $17.6 billion, with scams and online deception responsible for the vast majority of the damage. More than one million complaints were filed, reinforcing that cybercrime is no longer limited to large enterprises or headline-making breaches. It is affecting individuals, families, small businesses, and critical infrastructure at scale.

Investment fraud accounted for the largest share of losses, totaling $8.6 billion. Business email compromise schemes followed at more than $3 billion, while tech support scams added another $2.1 billion. Cryptocurrency also remained a favored tool for attackers, tied to more than $11 billion in reported losses. These figures show how threat actors continue blending social engineering with digital payment systems, making scams faster, harder to trace, and more profitable than ever.

The report also highlights the continued evolution of ransomware. The FBI said it is currently tracking more than 200 ransomware variants, actors, and related enablers. Last year alone, investigators identified 63 new ransomware strains. While reported ransomware losses represented a smaller slice of the overall fraud total, the operational disruption to hospitals, schools, municipalities, and other essential services remains severe. Fourteen of the nation’s sixteen critical infrastructure sectors reported ransomware-related incidents during the year.

One of the most troubling findings is who is being hit hardest. Americans aged 60 and older accounted for $7.7 billion in losses, demonstrating how aggressively criminals target vulnerable populations through romance scams, fake investments, impersonation schemes, and tech support fraud. For organizations, the lesson is clear: cybersecurity today must include fraud prevention, executive awareness, employee training, identity controls, and financial verification processes. The line between cyber risk and business risk has effectively disappeared.

Agentic Coding Tools Create a New Security Risk for Developers

This week’s AI security spotlight shifts from frontier models to a more immediate enterprise concern: AI-powered coding assistants running directly on developer machines. Recent vulnerabilities disclosed in agentic coding tools such as Claude Code highlighted how local AI assistants can introduce new attack paths through unsafe project files, malicious configuration settings, exposed API keys, and unintended command execution.

The issue is bigger than any one vendor. A growing number of AI coding tools can read repositories, execute shell commands, connect to external services, and modify files automatically. That creates real productivity gains, but it also means these tools operate with privileged access inside development environments. If an attacker can manipulate a project file, dependency, plugin, or configuration, they may be able to turn the assistant into an unwitting insider.

Immediate Actions for Security Teams

  • Keep AI coding assistants fully patched and update them quickly
  • Restrict shell execution, network access, and file permissions where possible
  • Review project configuration files before opening unfamiliar repositories
  • Store API keys in secure vaults, not plaintext config files or local files
  • Monitor developer endpoints for unusual outbound connections or process behavior
  • Require code review for AI-generated changes before merge or deployment
  • Segment sensitive development environments from production systems

Real-World Takeaway

Many organizations focus on securing production AI use cases while overlooking developer AI tools already running across laptops today. If a coding assistant has access to source code, credentials, terminals, and cloud environments, it belongs in your threat model now. The next wave of AI risk may start on the workstation, not in the chatbot.

 

3.  Sensitive LAPD Records Exposed After Breach at Los Angeles City Attorney’s Office

A significant data breach involving the Los Angeles City Attorney’s Office has exposed a large volume of sensitive records tied to prior LAPD civil litigation. According to public statements, unauthorized actors gained access to a third-party digital storage or file transfer platform used to share discovery materials with outside parties. Officials emphasized that LAPD networks themselves were not compromised, but the data stored within the external system included highly sensitive law enforcement information.

Reports indicate the leaked archive may contain hundreds of thousands of files totaling several terabytes of data. Among the records allegedly exposed are officer personnel files, internal affairs investigations, witness identities, medical information, investigative materials, and legal documents that are typically restricted or heavily redacted. Even if the breach was limited to a standalone platform, the impact is substantial because discovery repositories often centralize years of confidential material in one place.

This incident is another reminder that third-party platforms can become a major point of failure in public and private sector security programs. Many organizations focus heavily on protecting internal networks while overlooking the tools used for legal collaboration, vendor access, managed services, and external file exchange. Attackers understand that these systems may hold valuable data while lacking the same level of monitoring, segmentation, and security controls as core infrastructure.

The broader lesson is clear: cybersecurity responsibility does not end at the firewall. Sensitive data must be protected wherever it lives, whether on-premises, in the cloud, or inside a vendor-managed platform. For security leaders, now is the time to review third-party risk programs, restrict data retention, enforce strong identity controls, monitor privileged access, and ensure incident response plans include external systems that store critical information.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Are you ready to get started?