Cloud Keys, Private MCP, and Active Exploits Across Platforms

Cloud providers emphasized stronger control over encryption keys, private connectivity for AI workflows, and measurable operations at scale. At the same time, several actively exploited vulnerabilities and a major infrastructure seizure underscored the need for prompt patching and infrastructure-aware defenses. The day’s updates collectively point to a tighter integration of security, governance, and performance across AI and cloud platforms.

Keys, Secrets, and Independent Assurance on AWS

Quick Research now supports customer-managed keys (CMKs) in AWS KMS across all regions where the service is offered, giving organizations control over key lifecycle and encryption policies. Customers can designate multiple CMKs with a default per account and region, provided keys reside in the same account and region as the resources; only symmetric keys are supported. Integration with CloudTrail supplies detailed audit trails, and key revocation typically propagates in about 15 minutes, allowing rapid response to incidents and fine-grained dataset segmentation under enterprise governance.

AgentCore Identity now accepts customer-managed secrets stored in AWS Secrets Manager, enabling teams to apply their own encryption, tagging, rotation, and resource policies from creation onward. By referencing an existing secret ARN in the Credential Provider, organizations transfer lifecycle control to their standards without changing application behavior. The capability is generally available across 14 AWS Regions and aligns secret handling for AgentCore Identity with established organizational controls.

AWS SOC reports for Spring 2026 are available, covering 188 services for April 1, 2025–March 31, 2026. SOC 1 and SOC 2 can be downloaded via AWS Artifact, while SOC 3 is available on the SOC Compliance Page and Artifact. AWS is the first cloud provider to publish these reports in NIST OSCAL JSON, supporting automation in compliance workflows. Customers are directed to verify services in scope and can provide feedback via contact details included in the OSCAL package.

Private Connectivity and Network Controls for Cloud AI

Amazon Quick adds VPC connectivity for Model Context Protocol (MCP) servers, removing the prior requirement to expose MCP over the public internet. Enterprises can register privately hosted MCP servers—on Amazon EC2, AWS Fargate, AWS AgentCore, or other internal compute—by selecting a VPC connection during connector setup. All interactions then traverse the chosen VPC, maintaining network isolation while extending proprietary tools and data sources into Quick’s AI workflows across all supported regions.

AWS Direct Connect now supports Virtual Interface (VIF) Rate Limiters on dedicated connections to mitigate congestion from sudden traffic spikes. Administrators can cap bandwidth for up to 10 VIFs per connection in increments from 50 Mbps to as high as 1.6 Tbps with link aggregation; excess traffic is dropped symmetrically on ingress and egress. New CloudWatch metrics report utilization as a percentage of the configured capacity and dropped packet counts, enabling alarms and automated responses. Configuration is available via console, API, or SDK wherever dedicated connections are supported.

SageMaker HyperPod supports EFA-only network interfaces, addressing IP exhaustion risks in large training clusters. Previously, the default efa interface attached both Elastic Fabric Adapter (EFA) and ENA, consuming IP addresses. With efa-only, customers can attach dedicated EFA devices for inter-node communication without provisioning ENA, improving density and scalability. Configure via the ClusterNetworkInterface setting using efa-only when creating or updating clusters; availability aligns with regions that support HyperPod.

Operating AI at Scale: Managed Access, Telemetry, and Capacity

AlloyDB MCP is generally available as a fully managed Remote MCP Server, providing AI agents a secure, HTTP-based path to live operational data. The service integrates with Agent Registry for discovery, uses IAM for fine-grained authorization, and exposes a read-only execute SQL tool. AlloyDB features such as scalable vector search (ScaNN), hybrid search, embeddings via AI Functions, and unified access with BigQuery and Lakehouse Federation target accuracy and performance, with actions logged in Cloud Audit Logs and optional Model Armor to screen prompts and responses.

GKE standby buffer introduces suspended node capacity that resumes 2–3x faster than cold starts while costing far less than always-on headroom. Working alongside active buffers, standby buffers provide a deeper reservoir for bursts, with Google reporting sub-second scheduling for certain workloads and up to 90% cost reductions in tests. Capacity is declared via the CapacityBuffer API, and a simulator helps teams size buffers; availability begins with GKE 1.36.0-gke.2253000.

Bedrock metrics now cover the bedrock-mantle endpoint that serves OpenAI- and Anthropic-compatible APIs, bringing parity with bedrock-runtime telemetry. In CloudWatch’s AWS/BedrockMantle namespace, teams can track inference counts, input/output tokens, and client errors at account, project, model, and project-and-model levels across supported regions, aiding production monitoring, alarming, and cost attribution.

Bedrock models add general availability for OpenAI’s GPT-5.5, GPT-5.4, and Codex, combining these capabilities with Bedrock’s security and governance controls. Codex is accessible via an app, CLI, and IDE integrations; administrators can route Codex inference through Bedrock. Pricing mirrors OpenAI’s first-party rates, and usage contributes toward existing AWS commitments, with documentation and regional availability detailed in AWS materials.

Check Point described infrastructure-level defenses for AI factories using NVIDIA’s Vera BlueField-4 STX DPU and DOCA, focusing on east–west visibility, segmentation, tenant data controls, and runtime enforcement close to the data path. The company’s AI Factory Firewall integrates with BlueField and DOCA to support Kubernetes-based AI, distributed inference, private LLMs, and automated agent workflows, aiming for scalable, consistent policy enforcement in high-performance AI environments.

Patches, Active Exploits, and Infrastructure Disruption

CSOonline reports Oracle’s first monthly Critical Security Patch Update (CSPU), fixing 35 flaws: 11 critical, 18 high, and 6 medium. Highlights include critical issues in Oracle REST Data Services (one CVSS 10.0, CVE-2026-46840), E-Business Suite, Universal Work Queue, and Oracle Payments. Several fixes address older supply-chain and open-source components with available PoC exploits. Oracle positions CSPUs as smaller, targeted updates on a third-Tuesday cadence, with cloud customers receiving automatic patching.

BleepingComputer notes that Belgium’s CCB warns of in-the-wild exploitation of CVE-2026-41089, a critical Windows Netlogon stack buffer overflow enabling unauthenticated RCE on domain controllers. Microsoft patched the flaw in May 2026, and CCB assigned a CVSS 9.8 score while urging immediate updates and heightened monitoring across domain infrastructure.

CSOonline covers CVE-2026-40933 in self-hosted Flowise, where the Custom MCP tool’s stdio transport can execute attacker-controlled commands when a malicious chatflow is imported. Researchers show that input validations can be bypassed and recommend disabling stdio MCP (for example, setting CUSTOM_MCP_PROTOCOL=sse), pinning trusted packages, and auditing imported workflows, given the potential for high-impact server compromise (CVSS 9.9).

The Hacker News reports active exploitation of CVE-2026-8732 in the WP Maps Pro plugin, allowing unauthenticated creation of administrator accounts. Versions up to 6.1.0 are affected; a patch in 6.1.1 restricts the vulnerable endpoint. The flaw stems from an unauthenticated AJAX action with an exposed nonce and a code path that unconditionally provisions an admin user and returns a magic login URL. Administrators should update promptly and review sites for unexpected accounts.

Infosecurity highlights active exploitation of CVE-2026-0257, an authentication bypass in Palo Alto’s PAN-OS GlobalProtect when authentication override cookies are enabled with specific certificate settings. Observed attacks used forged cookies to bypass checks; Rapid7 reported successful exploitation across several customers. Palo Alto advises immediate patching, disabling override cookies if needed, or using a dedicated, securely stored certificate. CISA added the CVE to the KEV catalog with a federal remediation deadline.

Check Point details a May 22 seizure of about 800 servers at data centers linked to WorkTitans B.V., assessed as central to multiple Iranian-linked espionage groups. The action disrupted varied campaigns and illustrates the effectiveness of targeting abuse at the hosting layer. Researchers urge defenders to move beyond isolated IP blocking toward assessing hosting organizations, ASN reputation, passive DNS, domain churn, and behavioral signals such as scanning and brute-force attempts.