ICS Patches, Agent RCE Risks, and Cloud-Scale AI Rollouts

Critical fixes and platform changes defined the day. A new ICS advisory addresses a critical authorization flaw in AVEVA Pipeline Simulation, while fresh research warns that an architectural choice in the Model Context Protocol (MCP) reference implementation has enabled widespread remote code execution across agent tools, as detailed by CSOonline. Meanwhile, vendors rolled out new capabilities for building agentic applications at scale, and cloud providers announced performance and resilience updates.

Critical Fixes for ICS and Identity

CISA expanded its industrial-control advisories. Beyond AVEVA’s update, the agency detailed numerous issues in Anviz devices in an ICS advisory covering CX2 Lite, CX7, and CrossChex Standard, including unauthenticated firmware uploads and command injection that could lead to full compromise. A second ICS advisory warns of weak-password protections in Horner Automation’s Cscape and XL PLCs, enabling brute-force enumeration. The guidance urges isolation of control networks, stronger authentication, and prompt application of vendor updates.

In the enterprise stack, Cisco customers face multiple critical issues. According to CSOonline, Webex requires administrators to upload a new IdP SAML certificate to close an impersonation risk (CVE-2026-20184), and Identity Services Engine updates address remote code execution and path traversal flaws. There are no workarounds; organizations should prioritize the configuration changes and patches and monitor for anomalous admin activity.

Exploit activity also accelerated. A publicly released RedSun PoC shows local privilege escalation to SYSTEM on Windows when Microsoft Defender is enabled, heightening operational risk until an official fix arrives. Separately, attackers are exploiting a Marimo notebook RCE to deploy NKAbuse variants and steal credentials; Sysdig tracks the campaign and advises immediate upgrades, as reported by BleepingComputer.

Securing Agentic AI at Scale

OX Security’s findings underscore how agent frameworks can inherit unsafe defaults; maintainers often view command execution as intended behavior, but downstream SDKs and tools propagate risk. In response to growing automation on both sides of the kill chain, CrowdStrike joined OpenAI’s TAC program and integrated a frontier cyber model into its platform; CrowdStrike frames the approach as governed access paired with prioritized telemetry and enforcement close to runtime. The goal is to turn model output into decisions that map to real adversary tradecraft.

Defensive guidance is converging on automation and zero-trust design. Google Cloud recommends AI-enabled SecOps, aggressive asset discovery, and formal remediation SLAs to keep pace as models accelerate vulnerability discovery. On the platform side, Google is also expanding its AI to counter malvertising at scale; BleepingComputer reports increased use of Gemini to block malicious ads earlier in the submission process.

Cloudflare Builds an Agent Stack

Cloudflare repositioned its AI services as a unified inference layer with a catalog spanning dozens of providers. The update lets developers swap models behind a single API call and adds operational controls and failover; see the AI Platform overview. To simplify retrieval, Cloudflare released AI Search, a managed vector-plus-keyword search primitive with configurable fusion and reranking that agents can instantiate dynamically.

To make agents inbox-native, Cloudflare introduced Email Service sending in public beta, with automatic SPF/DKIM/DMARC and signed reply routing for secure agent threads. For large-model performance, Cloudflare detailed LLM hosting improvements—prefill/decode disaggregation, cache sharing, and speculative decoding—to cut latency and raise throughput for extra-large contexts.

New state primitives target developer scale. Artifacts offers a Git-speaking, versioned filesystem for agent state and very large repositories, with blobless clones and on‑demand hydration. Cloudflare also expanded its database story with PlanetScale integration, enabling Postgres and MySQL provisioning from the Cloudflare console and optimized connectivity via Hyperdrive.

AWS Performance and Resilience

AWS introduced high-throughput compute with the GA of EC2 C8in and C8ib, delivering up to 43% better performance over C6in and scaling to 384 vCPUs, with 600 Gbps networking or 300 Gbps EBS bandwidth, respectively. For managed models, Bedrock added Opus 4.7, emphasizing improved instruction following, long-horizon autonomy, and zero operator data access.

For regulated recovery needs, AWS made AWS DRS available in the European Sovereign Cloud (Germany), offering continuous block-level replication and orchestrated failover to meet data-residency and compliance requirements while reducing the cost and complexity of traditional DR infrastructure.