Cyber Intelligence Weekly (May 31, 2026): Our Take on Three Things You Need to Know // Echelon Risk + Cyber

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Echelon Events & Thought Leadership Highlight

The attacker is already inside.

Part 2 of Echelon's Purple Team simulation picks up mid-intrusion with lateral movement, cloud compromise, and data exfiltration, showing exactly what defenders see on the backend in real time.

Join experts Matt Donato, Devin Jones, and Bryce Hayes as they walk both sides of the attack chain and share recurring findings from real-world purple team engagements.

Missed Part 1? Catch up on demand first. https://lnkd.in/eka9ieQb

Away we go!

1. Congress Unveils Sweeping AI Bill That Could Reshape Cybersecurity and AI Governance

Congress has taken one of its boldest steps yet toward regulating artificial intelligence. A bipartisan group of lawmakers recently introduced the Great American Artificial Intelligence Act, a sprawling proposal that seeks to establish guardrails around the development of advanced AI systems while simultaneously strengthening America's cybersecurity posture and AI workforce. If enacted, the legislation would create new transparency requirements for the largest AI developers, establish independent oversight mechanisms, expand federal AI testing capabilities, and provide direct support to the open-source software ecosystem that underpins much of today's digital infrastructure.

One of the most significant provisions targets developers of frontier AI models. Large AI companies would be required to publicly document how they assess and mitigate risks associated with their systems, including risks tied to cyberattacks, model misuse, data leakage, prompt injection, jailbreaks, and other emerging AI security concerns. The proposal would also formalize the role of the National Institute of Standards and Technology's Center for AI Standards and Innovation, giving it responsibility for developing best practices, evaluating advanced AI systems, coordinating security research, and overseeing independent verification organizations that would audit compliance efforts. The bill effectively creates a framework where AI companies would be expected to demonstrate not only innovation, but also accountability.

From a cybersecurity perspective, the legislation may have an even broader impact. The bill directs federal agencies to support critical open-source software maintainers through grants, security assessments, vulnerability remediation efforts, and access to advanced AI tools capable of identifying and fixing software flaws. It also calls for the creation of AI security testbeds where researchers, government agencies, and private industry can evaluate the strengths and weaknesses of advanced models in controlled environments. These initiatives recognize a growing reality: AI is becoming both a powerful defensive capability and a potential attack surface, requiring continuous testing, validation, and security oversight.

Not surprisingly, the proposal has already generated debate. Supporters view it as a long-overdue attempt to establish a national AI governance framework while strengthening cybersecurity resilience. Critics, however, have raised concerns about provisions that could override state-level AI regulations, arguing that states should retain flexibility to address emerging risks as the technology evolves. Regardless of where the debate ultimately lands, the introduction of this legislation signals that AI governance is rapidly moving from theoretical discussions into concrete regulatory action. For organizations building, deploying, or relying on advanced AI systems, now is the time to begin preparing for a future where transparency, security, and independent validation become expected business requirements rather than voluntary best practices.

OpenAI Incident Highlights Growing Risk of Software Supply Chain Attacks

A recent disclosure from OpenAI serves as another reminder that cloud security is increasingly dependent on the security of the software supply chain. OpenAI revealed that attackers were able to steal limited internal credential material after two employee devices were compromised through the ongoing "Mini Shai-Hulud" npm supply chain campaign. The attackers leveraged malicious packages hidden within trusted software dependencies, allowing them to gain access to employee systems before exfiltrating credentials from internal repositories.

Fortunately, OpenAI stated there is no evidence that production systems, customer data, or deployed software were impacted. However, the incident was significant enough that the company initiated a rotation of signing certificates used by several desktop products, including ChatGPT Desktop, Codex App, Codex CLI, and Atlas. The attack is part of a broader campaign that has targeted developer ecosystems through compromised npm packages, GitHub workflows, and CI/CD pipelines.

Why does this matter? Modern cloud environments are built on layers of open-source software, automation pipelines, and third-party integrations. Organizations often spend substantial resources securing cloud infrastructure while overlooking the software components used to build and deploy applications. Threat actors understand this and are increasingly targeting developer tooling as a path to higher-value environments.

Key Takeaways:

Audit and inventory all third-party software dependencies.
Implement software bill of materials (SBOM) programs where practical.
Require code signing verification and package integrity validation.
Monitor CI/CD pipelines for unauthorized changes.
Deploy least-privilege access controls for developers and service accounts.
Consider package allow-listing and private repositories for critical applications.

Real-World Impact: If attackers can compromise a trusted package used across hundreds or thousands of organizations, they can potentially reach far more targets than by attacking each organization individually. Supply chain attacks continue to demonstrate that security must extend beyond cloud infrastructure and into the software development lifecycle itself.

2. Five Eyes Warn of Chinese Intelligence Recruitment Campaigns Targeting Professionals Online

A rare joint warning from the Five Eyes intelligence alliance is shining a spotlight on an increasingly sophisticated espionage tactic: the use of professional networking sites and online job platforms to recruit individuals with access to sensitive information. Security agencies from the United States, United Kingdom, Canada, Australia, and New Zealand recently issued a public bulletin warning that Chinese military intelligence services are actively using fake recruiters, consulting firms, and seemingly legitimate job opportunities to identify and cultivate potential sources.

Unlike traditional espionage operations that relied on direct approaches or covert meetings, these campaigns begin in places many professionals visit every day. According to the intelligence agencies, operatives are posting advertisements on platforms such as LinkedIn, Indeed, and Upwork while posing as employees of consulting firms, think tanks, or recruiting organizations located outside of China. Candidates are often selected based on their resumes, security clearances, military experience, government affiliations, industry knowledge, or even indirect access to valuable information. What starts as a paid research assignment or consulting engagement can gradually evolve into requests for increasingly sensitive information.

The Five Eyes bulletin outlines a structured recruitment process. Targets are typically asked to complete a trial report on topics such as foreign policy, defense strategy, international trade, or Indo-Pacific security issues. As trust develops, communications often move to encrypted messaging applications and compensation increases. Intelligence officials warn that even seemingly harmless, unclassified information can be aggregated with other sources to build a detailed operational picture of government activities, military capabilities, economic priorities, and critical infrastructure. In many cases, the value lies not in classified documents themselves, but in personal insights, professional networks, and contextual information that help fill intelligence gaps.

For organizations operating in government, defense, critical infrastructure, higher education, research, and adjacent sectors, this warning reinforces the need for insider threat awareness and security education. Employees should be encouraged to scrutinize unsolicited consulting offers, verify recruiter identities, and report suspicious approaches through established channels. As nation-state actors continue to blend espionage with everyday business interactions, cybersecurity and personnel security teams must recognize that some of the most effective attacks no longer begin with malware. They begin with a conversation.

AI-Assisted Attacks Reach Operational Technology and Critical Infrastructure

A recent investigation involving a breach of a major Mexican water utility provides one of the clearest examples yet of how artificial intelligence is being incorporated into real-world cyberattacks. Between late 2025 and early 2026, threat actors reportedly leveraged APIs from leading AI models to automate reconnaissance, privilege escalation, database mapping, credential harvesting, and attack infrastructure development across multiple Mexican government organizations.

According to researchers involved in the investigation, AI performed much of the technical heavy lifting once the attackers gained access to victim environments. In the case of the water utility, the AI systems identified operational technology (OT) assets connected to industrial control systems and even generated attack recommendations targeting those systems. Fortunately, an attempted password spraying attack against the utility's industrial gateway failed due to strong password controls and security hygiene.

The incident demonstrates that AI is not replacing attackers. Rather, it is dramatically increasing their speed, efficiency, and scale. Tasks that once required specialized expertise and hours of manual effort can now be performed in minutes. This effectively lowers the barrier to entry for sophisticated attacks while allowing experienced threat actors to move much faster through victim environments.

Key Takeaways:

Strong foundational security controls still work against AI-assisted attacks.
Multifactor authentication remains one of the most effective defenses.
OT and industrial environments should be segmented from enterprise IT networks.
Organizations should monitor for abnormal reconnaissance and credential harvesting activity.
Asset inventories become even more critical as AI tools help attackers quickly identify high-value systems.
Security teams should assume attackers are using AI to accelerate post-compromise activities.

Real-World Impact: The most important lesson from this incident is that AI did not defeat the utility's defenses. Good password management and proper security controls prevented the attacker from successfully accessing critical operational systems. As AI becomes more prevalent in offensive operations, organizations that have invested in strong cybersecurity fundamentals will remain far better positioned to withstand these emerging threats.

3. Anthropic Expands AI Cyber Defense Program to Protect Global Critical Infrastructure

As artificial intelligence continues to reshape cybersecurity, Anthropic is taking a significant step toward putting advanced AI capabilities in the hands of defenders. The company announced a major expansion of Project Glasswing, its initiative designed to help organizations identify and remediate software vulnerabilities using its powerful Claude Mythos AI model. What began as a limited pilot involving roughly 50 organizations has now expanded to include approximately 150 additional participants across more than 15 countries, with a new focus on critical infrastructure sectors such as energy, water, healthcare, telecommunications, and hardware manufacturing.

The expansion reflects a growing recognition that cyber threats against critical infrastructure are becoming increasingly sophisticated and potentially more disruptive. According to Anthropic, many of the newly added organizations operate systems where a successful software compromise could impact tens or even hundreds of millions of people. Unlike the program's initial rollout, which was heavily concentrated among large U.S. technology and cybersecurity companies, the latest cohort includes utilities, healthcare providers, communications operators, government organizations, and international partners throughout Europe, Asia-Pacific, and North America.

Perhaps most noteworthy is the reported effectiveness of the program so far. Anthropic says participants have already uncovered more than 10,000 high and critical severity vulnerabilities using Claude Mythos Preview. Beyond simply finding flaws, organizations are leveraging the technology to accelerate vulnerability triage, generate remediation guidance, improve secure coding practices, and assist with patch development. The company believes that future generations of AI-powered security tools will fundamentally change the economics of cybersecurity by dramatically reducing the time required to discover and fix software weaknesses before attackers can exploit them.

The broader message is clear: AI is rapidly becoming both a cybersecurity challenge and a cybersecurity solution. Anthropic warns that similarly capable cyber-focused AI models are likely to become widely available within the next 6 to 12 months, potentially empowering both defenders and adversaries. As organizations prepare for that reality, initiatives like Project Glasswing offer an early glimpse into how AI may help shift the advantage toward defenders. For security leaders, the takeaway is simple: organizations that begin integrating AI-assisted vulnerability management, secure development practices, and automated remediation workflows today will be far better positioned for the next generation of cyber threats.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about