Cloud Telemetry, AI Safeguards, and Critical Patches
Coverage: 02 Apr 2026 (UTC)
< view all daily briefs >Cloud providers tightened telemetry pipelines and AI safeguards, while urgent patches and active exploitation demanded immediate attention. Amazon expanded observability with native OpenTelemetry metrics in CloudWatch, and Gemma 4 brought new open-weight options for regulated and sovereign deployments. Alongside these proactive moves, guidance for securing agentic AI, high‑impact vendor advisories, and fresh incident reporting framed the day’s risk picture.
Cloud observability aligns with OpenTelemetry
AWS advanced standards-based telemetry by adding native OpenTelemetry (OTel) metrics ingestion to CloudWatch in public preview, letting teams send OTLP directly and query application and cloud service metrics together using PromQL. The preview integrates with anomaly detection and a new Query Studio in the console, lowering instrumentation overhead for hybrid environments. In Kubernetes estates, Container Insights for Amazon EKS now supports OTel metrics, enriching each metric with up to 150 Kubernetes- and tag-derived labels and offering curated health dashboards and PromQL analysis; installation is streamlined via the CloudWatch Observability EKS add‑on. These previews are available in select regions with no preview charges, easing evaluation before broader rollout. See Container Insights for details.
CloudWatch also widened automatic telemetry onboarding. New enablement rules can now auto‑configure CloudFront Standard access logs, AWS Security Hub CSPM finding logs, and Amazon Bedrock AgentCore memory and gateway telemetry to flow into CloudWatch Logs across organizations, accounts, or tagged resources. This reduces manual setup and helps central teams standardize coverage at scale, though log ingestion is billed per standard CloudWatch pricing. See CloudWatch enablement for scoping and regional availability.
Securing AI workflows and expanding model options
The Google GenAI Security Team outlined a continuous, layered program to mitigate indirect prompt injection across Workspace products. Purpose-built red teaming, ML-driven testing, and an AI VRP feed a centralized policy engine that enforces deterministic controls such as user confirmations, URL sanitization, and tool‑chaining rules, while Gemini receives model hardening to better ignore embedded malicious instructions. Effectiveness is measured with end‑to‑end simulations and automated retraining pipelines. See the Google blog for the defense-in-depth details. In parallel, Google Cloud released Gemma 4—open weights spanning 2B edge models to 31B dense and a 26B MoE—designed for enterprise reasoning, multimodal inputs, extended context, and compliant deployment across managed and sovereign environments.
AWS published four security principles for agentic AI that extend existing cybersecurity practice to probabilistic systems. The guidance emphasizes secure SDLC with adversarial evaluation, infrastructure-enforced least privilege outside the agent’s reasoning loop, and progressive, evidence-based autonomy for high‑consequence actions. Mapped to Amazon Bedrock AgentCore, the approach combines compute isolation, fine‑grained IAM identities, a Cedar‑policy gateway, and robust observability. See AWS principles for the building blocks and operational posture.
Advisories and patches target high‑impact vulnerabilities
Cisco shipped fixes for two critical issues: an authentication bypass in the Integrated Management Controller (CVE‑2026‑20093) that lets unauthenticated attackers change any user’s password, and a Smart Software Manager On‑Prem (CVE‑2026‑20160) flaw that can lead to root‑level command execution via an exposed internal API. Organizations should prioritize updates on internet‑reachable management interfaces, rotate credentials, and restrict access pending patching. Details in Cisco patches. In operational technology, CISA republished a Hitachi Energy advisory for Ellipse: a critical Java deserialization issue in the JasperReports library (CVE‑2025‑10492, CVSS 9.8) can permit remote code execution; operators should restrict untrusted custom reports and apply vendor guidance. See CISA ICS. Separately, Apple expanded iOS/iPadOS 18.7.7 availability to protect more devices against the actively used DarkSword exploit kit, enabling users to receive security fixes without jumping to iOS 26; administrators should verify update status and monitor for Ghost* payload indicators. Coverage and device list in iOS 18.7.7.
Exploitation and operational disruptions
Cisco Talos documented large‑scale exploitation of CVE‑2025‑55182 in React Server Components/Next.js to harvest credentials from at least 766 hosts. Attackers used serialized payloads to achieve RCE, staged multi‑phase collectors to exfiltrate environment variables, SSH keys, cloud metadata‑derived IAM credentials, Kubernetes tokens, and more, and centralized results in a web‑based “NEXUS Listener” panel. Recommended actions include patching affected frameworks, auditing for public exposure, enforcing IMDSv2, rotating secrets, tightening least privilege, and treating impacted systems as high‑priority IR cases. Full analysis from Talos.
In crypto, Drift Protocol reported an attacker pre‑staged multisig‑approved durable nonce transactions to seize Security Council control, add a malicious asset, remove withdrawal limits, and drain roughly $280–$285 million before functions were frozen; the team is working with exchanges, security firms, and law enforcement while preparing a post‑mortem. See Drift Protocol. In healthcare, Stryker said it has restored operations after a March 11 destructive attack linked to the Handala group, which wiped tens of thousands of devices following domain‑level compromise. The company continues working with third‑party specialists and authorities; guidance from platform providers has focused on hardening Intune and Windows domain controls. Reporting via Stryker.