Welcome to The Cybersecurity Pulse (TCP)! I’m Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security innovation and industry news. Subscribe to receive weekly updates! 📧

Subscribe now

Share

Hi 👋 - Hope you’re having a great week wherever you’re reading from!

Ever since TeamPCP started popping off in March and the Mythos news broke, it feels like the security space has just been on overdrive. So many vulns, supply chain attacks, and breaches. Definitely a sign of what’s to come. HugOps to the defenders, product builders and security leaders securing our critical infrastructure and the companies we all rely on.

That said, I took last week off from TCP weekly as things continue to heat up at Monad, but I did ship a recap on the AI SOC Nasdaq event I attended earlier this month. Lots of gold around SecOps, board-level vibe, and how CISOs are using Mythos news to achieve better outcomes.

Also, I’ll be in Boston next week for Tech Week and am hosting a small intimate dinner on Tuesday for security leaders and practitioners. You can register here. I’m also speaking on a panel with security leader friends. More details here. If you’re in or around town, definitely come hang out for some friendly banter, great food and good vibes. DM me if you have any questions!

Lastly, our friends at Surf are running a short survey to help bring more insight into what’s actually happening across security teams, AI, and SOC workflows in 2026. Take the survey here.

Now onto this week’s news!

The Phishing Threat Evolved. Your Simulations Should Too.

Most phishing simulations are still templated emails. Adaptive runs hyperrealistic, multi-channel simulations: AI voice clones, OSINT-based spear phishing, and attacks across email, SMS, and phone. Fully automated, no manual lift.

The result: measurable reductions in click rates and a workforce prepared for what's actually hitting them today. Trusted by security teams at PayPal, Ramp, Bose, and more.

Tour the platform

TL;DR ✏️

• 🐙 GitHub’s rough quarter — Internal repos stolen via poisoned VS Code extension after 20 degraded-service incidents in three months.

• 📕 DBIR 2026 lands — Verizon analyzed 22,000+ breaches; vuln exploitation is now the top initial access vector exceeding credential theft

• ☁️ Cloudflare tests Mythos — Anthropic’s model chained low-severity bugs into working exploits across 50+ repos.

• 🐍 TeamPCP hits DurableTask — Malicious durabletask PyPI versions stole cloud, Kubernetes, Vault, and password manager secrets.

• 🍎 Mythos bypasses Mac defenses — Calif used Mythos to help build a macOS kernel LPE chain on M5 in five days.

• 🤖 Exaforce raises $125M — Series B brings total funding to $200M for its AI-native SOC platform

• 🌅 OpenAI ships Daybreak — New vuln defense initiative bundles GPT-5.5-Cyber, Codex Security, and yet another confusing name.

• 🌊 Ocean raises $28M — Lightspeed led the round for agentic email security startup

• 🧠 Torq buys Jit — Torq adds context graphs across code, identity, privileges, data sensitivity, and runtime behavior.

• 🌐 Akamai buys LayerX — $205M deal gives Akamai more AI and browser security controls

Plus: Boost Security raises $4M and buys SecureIQx + Korbit.ai; Tanium and ServiceNow automate endpoint patching.

⚒️ Picks of the Week ⚒️

GitHub says internal repos were stolen after poisoned VS Code extension attack

GitHub confirmed attackers compromised an employee device through a poisoned VS Code extension from the official Marketplace, then exfiltrated GitHub-internal repositories. GitHub says the incident appears limited to internal repos, with no evidence so far that customer enterprises, organizations, or repositories were impacted.

The attacker’s claim of roughly 3,800 stolen repos is “directionally consistent” with GitHub’s investigation, according to The Register, and GitHub says it is rotating secrets, reviewing logs, and watching for follow-on activity.

The absurd part is the attack path. GitHub, the platform everyone uses to secure, review, build, and ship software, got popped through the developer tool supply chain. Not a Mythos zero-click magic spicy nation-state digital nuke. A poisoned VS Code extension. GitHub’s line that customer repos were not affected matters, but internal source code is still useful attacker material. It can expose architecture, workflows, secrets hygiene, internal tooling assumptions, and future attack paths.

Zoom out and you can see Github has been in a tough spot recently. GitHub’s own availability reports show six degraded-service incidents in February, four in March, and 10 in April. That is 20 incidents in three months before May even gets a full report. GitHub has also said it is designing for a future that requires 30X today’s scale, driven by AI coding growth. The degraded service/ post-mortem reports are truly educative btw.

So the question is getting harder to dodge: can GitHub keep up with the AI-generated code flood, AI agent traffic, extension supply chain risk, and uptime expectations all at once, or is there finally room for a serious alternative that is safer, more boring, and online more often? Reuters reported in March that OpenAI is developing a GitHub alternative after recurring GitHub disruptions hit its engineers.

What GitHub does is hard. And doing it for how long they’ve done it is seriously impressive but have they been caught off guard by the nature of code in 2026?

How Databricks Scales Modern Identity Governance with Opal Security

Most identity governance platforms add work instead of reducing it. Databricks took a different approach with Opal, using automation and developer-friendly policy controls to manage access at scale while maintaining visibility and control.

Automated workflows speed provisioning.

Policy-driven governance scales access rules.

Unified visibility shows who has access and why.

Read the case study

Verizon DBIR 2026: Faster Old Problems

The 2026 DBIR is live, and it is 121 pages of hard data and reminders that the basics are still where most teams bleed. It is well worth the full read-through, especially this year, because the story is not “AI changed everything.” It is that exposed apps, slow patching, stolen creds, third-party cloud auth, help desk social engineering, and unmanaged AI are all moving faster. Verizon analyzed 31,000+ incidents and 22,000+ confirmed breaches, its largest breach dataset yet.

Here are the top 5 takeaways I’d pull out:

1. Vuln exploitation is now the front door.
   Exploitation of vulnerabilities became the top initial access vector at 31%, passing credential abuse at 13%. Only 26% of CISA KEV vulns were fully remediated, and median full remediation slipped to 43 days.

2. Ransomware grew, but payments cracked.
   Ransomware appeared in 48% of breaches, up from 44% last year. But 69% of victims did not pay, and the median payment fell to $139,875. That reads like margin compression for criminals.

3. Third-party risk is now core breach risk.
   Third-party involvement hit 48% of breaches, up 60% from last year. Weak cloud auth, missing MFA, poor credential rotation, and permission misconfigs keep showing up. Vendor risk questionnaires are not going to save us here.

4. AI is accelerating known tradecraft.
   Threat actors are using GenAI for targeting, initial access, malware development, and tooling. But less than 2.5% of AI-assisted malware observations involved rare techniques. AI is mostly making known bad work faster and cheaper.

5. Social engineering moved closer to the phone.
   The human element appeared in 62% of breaches. Mobile-centric vectors like voice and SMS had a 40% higher median click rate than email in simulations. Email training alone is starting to look pretty incomplete.

Cloudflare says Mythos can chain low-severity bugs into working exploits

Cloudflare tested Anthropic’s Mythos Preview across 50+ internal repos and found the model was best at the part scanners usually botch: turning small primitives into a working exploit chain. It could write PoCs, compile them, run them, read the failure, adjust the hypothesis, and try again. That loop matters because “possible vuln” is cheap. Reproducible exploitability is not.

The team also found the chat-agent model breaks down fast. One generic agent pointed at a huge repo covers basically nothing useful before context gets messy. Cloudflare got better results with a harness: recon, narrow parallel hunts, independent validation, gapfill, dedupe, reachability tracing, and structured reporting. The trace stage is the money step: it turns “bug exists” into “attacker-controlled input can actually reach it.”

This is the shape of AI AppSec that actually matters. Not “ask Claude to find bugs.” More like distributed vuln research pipelines with adversarial review and reachability analysis. Also, Cloudflare is honest about the ugly part: the same capability helps attackers compress vuln research timelines. Faster patching helps, but architecture still decides how bad the blast radius gets.

TeamPCP compromises Microsoft DurableTask PyPI package

TeamPCP compromised durabletask, Microsoft’s official Python client for the Durable Task framework, publishing malicious PyPI versions 1.4.1, 1.4.2, and 1.4.3. Wiz tied the attack to the earlier @antv wave: a compromised GitHub account likely dumped repo secrets, exposed the PyPI token, and let the actor publish directly.

The payload targeted Linux systems and stole AWS, Azure, GCP, Kubernetes, Vault, filesystem, and password manager secrets. It also added AWS SSM propagation, Kubernetes lateral movement, shell history scraping, and brute-force attempts against Bitwarden, 1Password, and GPG. PyPI quarantined the malicious packages after Wiz’s analysis.

TeamPCP are turning trusted developer infrastructure into a propagation layer: GitHub secrets to PyPI tokens, PyPI installs to cloud creds, cloud creds to lateral movement. The package manager is the initial access vector. The build and runtime environment is the blast radius.

Anthropic’s Mythos helped bypass Apple’s Mac security

Anthropic’s unreleased Claude Mythos Preview helped researchers find a macOS privilege escalation chain that reportedly bypassed Apple’s Memory Integrity Enforcement on M5 systems. The bug let a standard user gain root on macOS 26.4.1, according to reporting on Calif’s AI-discovered bugs work.

Frontier models are getting useful at chaining real vuln research against hardware-backed mitigations. Not good.

🔮 The Future of Security 🔮

AI Security

OpenAI launches Daybreak, plus a naming problem

OpenAI launched Daybreak, a cybersecurity initiative that uses GPT-5.5, GPT-5.5-Cyber, and Codex Security to find, validate, patch, and verify software vulnerabilities.

If you’re confused, that’s okay. I am too. The naming is getting messy enough that OpenAI may need marketing help, which is a deeply weird thing to say about a company with hundreds of million in marketing budget and that made “ChatGPT” a household name.

As best as I can tell: Trusted Access for Cyber is the vetted-access program, GPT-5.5-Cyber is the specialized model tier, Codex Security is the code scanning and remediation product, and Daybreak is the umbrella initiative for vuln defense.

Ultimately, OpenAI wants to own more of the remediation loop, not just give defenders a smarter bug-finding assistant. Finding more vulns is easy to market and brutal to operationalize.

Application Security

Boost Security raises $4M, buys two AppSec startups

Boost Security, founded by Zaid Al Hamami and Rajiv Sinha, raised $4 million from White Star Capital, Amiral Ventures, Accelia Capital, and Sorensen Capital, bringing total funding to $16 million. The company also acquired SecureIQx and Korbit.ai, adding reachability analysis, SAST, and AI-assisted code review to its SDLC defense platform.

Browser Security

Akamai buys LayerX for $205M to push AI controls into the browser

Akamai agreed to acquire LayerX for roughly $205 million, adding browser-level controls for GenAI apps, SaaS AI, IDEs, and agentic workflows. LayerX gives Akamai visibility and policy enforcement where employees actually touch AI: the browser, not some clean architecture diagram nobody’s environment matches.

The browser is becoming the AI security control plane. DLP, CASB, and proxy controls still matter, but a lot of risky AI use now happens in copy-paste land, browser extensions, SaaS copilots, and agents acting through web apps.

Email Security

Ocean raises $28M to fight AI phishing

Ocean emerged from stealth with $28 million for an agentic email security platform built to catch AI-generated phishing, impersonation, and fraud. The round was led by Lightspeed Venture Partners, with participation from Picture Capital and Cerca Partners, plus angels including Wiz CEO Assaf Rappaport and Armis co-founders Yevgeny Dibrov and Nadir Izrael. Customers include Kayak, Kingston Technology, and Headspace.

Endpoint Security

Tanium and ServiceNow team up on autonomous patching

Tanium and ServiceNow launched ITOM AI Prime powered by Tanium, a joint offering that feeds Tanium’s real-time endpoint data into ServiceNow workflows for patching and remediation. ServiceNow agents get endpoint state from Tanium, then execute OS and third-party patching through approved change processes.

ServiceNow is uniquely positioned for the long-run in security given how much enterprise IT context and visibility they have as a go-to CMDB + the recent Armis and Veza acquisitions. Will be fun to watch what they do in the space.

Security Operations

Torq buys Jit to bring context graphs into the SOC

Torq acquired Jit, an AI security startup building context graphs that map relationships across code, identities, roles, privileges, data sensitivity, and runtime behavior.

Jit started as a security-as-code platform with SAST, SCA, IaC scanning, secrets detection, container scanning, and SBOM generation, but Torq wants the graph layer underneath its AI SOC agents.

This is the right direction for AI SOC, at least on paper. Alerts without context are just expensive confetti. If agents are going to investigate or contain anything with confidence, they need an environment-specific graph of what matters, who can touch it, and what blast radius looks like. The hard part is keeping that graph fresh enough to trust.

More SecOps news

• Exaforce raises USD $125m in Series B for AI security

• Inside CrowdStrike Automated Leads: A Transformative Approach to Threat Detections

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of 20,000+ CISOs, practitioners, founders, and investors across 135+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!