Cloudflare and AWS Roll Out AI Controls as Urgent Patches Land

Platform hardening and AI‑operations controls led today’s updates, with new tooling to make agentic applications safer to deploy and large‑scale ML systems easier to run and scale. Alongside those proactive moves, maintainers shipped a critical Java template engine fix and defenders faced active exploitation of a widely used messaging broker, while fresh guidance detailed a social‑engineering playbook pivoting from Teams chats to data theft.

Operational guardrails for agentic apps

Cloudflare introduced Agent Memory, a managed, persistent memory service for AI agents that stores structured “memories” in named profiles, performs multi‑stage, deterministic extraction and validation, and synthesizes recalls via fused retrieval channels. The service integrates with Workers, a REST API, and an Agents SDK, emphasizing data portability through exportable profiles. In parallel, Cloudflare launched Flagship, an OpenFeature‑based feature‑flag platform built for edge‑first deployments. It decouples deployment from release with typed evaluators at the edge, prioritized rules, percentage rollouts, and a full audit trail—positioned to keep autonomous or high‑velocity releases under tight control.

To help sites interoperate cleanly with automated agents and training crawlers, Cloudflare published an agent‑readiness assessment and dataset via Agent Readiness, finding low adoption of emerging signals and standards but measurable efficiency gains when content is optimized for agents. It also rolled out Redirects for AI Training, enforcing canonical content for verified training crawlers by issuing 301 redirects based on existing rel="canonical" tags, reducing the risk that models ingest stale documentation.

AWS streamlines ML deployment and data operations

AWS added flexible instance groups to SageMaker’s distributed training service, enabling capacity‑resilient cluster creation and simpler retries via ordered instance preferences. With HyperPod, customers can specify multiple instance types and subnets in a single group; HyperPod will attempt higher‑priority types first and automatically fall back on constrained capacity, reducing manual scaling and configuration overhead. For foundation models, JumpStart now offers pre‑tuned, task‑aware deployment profiles with visible latency and throughput metrics, targeting SageMaker AI Managed Inference endpoints or HyperPod clusters for faster, more predictable production rollouts.

AWS Professional Services released a configuration‑driven accelerator to convert diverse security logs into OCSF v1.1 Parquet for analytics, exposed in an open‑source implementation. The solution orchestrates serverless ETL with S3, Lambda, DynamoDB, Step Functions, and supports enrichment from JDBC sources. The OCSF ETL mappings and metadata live in S3 and DynamoDB, with checkpointing for reliable historical loads across EMR Serverless or AWS Glue. For media pipelines, AWS also introduced an AI‑powered troubleshooting assistant for its managed render service; Deadline Cloud now parses failed job logs and metrics to surface prioritized fixes using a pre‑trained knowledge base, running within the customer’s account via Amazon Bedrock.

Advisories and exploitation: patch now

Maintainers of the Thymeleaf Java template engine fixed a critical sandbox bypass that enables server‑side template injection and potential remote code execution when unvalidated input reaches expressions. The flaw, addressed in 3.1.4.RELEASE, stemmed from gaps in defense‑in‑depth checks that allowed class instantiation and subsequent escalation via widely used Spring components; organizations should identify affected deployments and update promptly. Coverage: CSO Online. Separately, CISA reported active exploitation of a long‑standing Apache ActiveMQ vulnerability and set an aggressive remediation deadline for U.S. civilian agencies, with researchers noting clear indicators in broker logs and the recurring targeting history of the platform—an urgency signal for private operators to prioritize fixes and related mitigations. Details: BleepingComputer. The common thread is straightforward: known exploitation paths and simple triggers make rapid updates essential.

Human‑operated intrusions and mobile spyware

Microsoft documented a user‑initiated intrusion path that begins with cross‑tenant Teams messages impersonating helpdesk staff, then escalates through remote‑assist tooling, DLL sideloading under trusted binaries, HTTPS beacons, and credential‑backed lateral movement before targeted exfiltration with file‑sync utilities. Recommended countermeasures include restricting remote admin protocols to management workstations, enforcing Conditional Access and MFA for admin roles, enabling ASR/WDAC to block sideloading, and applying Safe Links in Teams. Playbook: Microsoft. In a separate case study, Defender’s predictive shielding constrained a domain compromise by revoking sessions and blocking pivots for exposed high‑privilege principals mid‑campaign, disrupting lateral movement even as attackers shifted techniques. Case details: Defender.

On mobile, researchers outlined two sophisticated iOS spyware toolkits—one chaining six vulnerabilities on modern devices and another leveraging dozens of bugs, many in WebKit, to target older versions. Both operate as silent, zero‑click compromises on legitimate sites injected with malicious code and exfiltrate broad device data, with evidence of crypto‑asset theft extensions. Users should promptly install the latest iOS/iPadOS updates, enable background security improvements, consider Lockdown Mode, and reboot regularly to clear fileless payloads. Report: Kaspersky.

Reflecting the accelerating shift to agent‑driven offense and defense, Palo Alto Networks formed the Frontier AI Alliance with major consultancies to pair platform automation and exposure analysis with partner‑led remediation and governance. The initiative aims to shorten the path from assessment to hardened posture by combining validated blueprints and on‑the‑ground implementation capacity.