
AI-Ready Cloud Security, Active Exploits, and Policy Shifts
Coverage: 14 Jul 2026 (UTC)
< view all daily briefs >Major cloud providers introduced new controls for AI workloads and multicloud visibility, while defenders faced urgent patching windows for actively exploited flaws. Identity and OAuth integrations remained a common weak point across incidents, and a U.S. defense program pause signaled a reset in compliance strategy. Together, the updates underscore the need to pair rapid remediation with stronger governance across AI, identity, and third‑party integrations.
Cloud Providers Add AI-Aware and Multicloud Defenses
AWS Security Hub expanded to protect AI workloads and to monitor Microsoft Azure alongside AWS environments. The Azure integration discovers VMs, container images, Function Apps, and identities, evaluates them against the CIS Microsoft Azure Foundations Benchmark, and normalizes findings into existing workflows. For AI use cases, Security Hub now folds in GuardDuty AI detections, AI-powered investigations that produce dispositions with confidence and MITRE ATT&CK classifications, and an AI inventory that maps AI assets to underlying infrastructure and security signals. Security Hub Extended also adds 21 curated partners across nine categories to ingest partner findings in OCSF for cross-solution correlation.
GuardDuty AI introduces continuous detection tailored to AI workloads across services such as Amazon Bedrock and Amazon SageMaker. It analyzes CloudTrail activity to flag anomalous model invocations, cost-harvesting attempts that drive up GPU or token usage, and prompt-injection vectors, with findings routed to Security Hub for centralized triage. Administrators can enable the capability per account or via AWS Organizations; a 30‑day free trial is available, with regional availability and pricing aligned to GuardDuty.
Security Hub AI now provides an organization-wide AI inventory at no extra cost for Security Hub Essentials users. It discovers managed AI services via AWS Config (Amazon Bedrock, Bedrock AgentCore, Amazon SageMaker), identifies self-hosted AI endpoints and models using enhanced SBOM analysis from Amazon Inspector (including frameworks like Ollama, vLLM, and Hugging Face TGI), and surfaces third-party AI API usage via GuardDuty DNS telemetry. Discovered assets are correlated with security findings, enabling filtering and prioritization by account, resource type, discovery method, and model identity.
Google Cloud launched Claude as a managed endpoint on Model Garden integrated with Agent Platform, inheriting IAM, VPC Service Controls, Cloud Logging, and Cloud Monitoring. The service supports global, regional, and multi-region endpoints for availability and residency needs and is designed for regulated workloads with FedRAMP High and HIPAA compliance. Capabilities include prompt caching, streaming, extended thinking, and up to 1M‑token context windows; Agent Platform adds batch prediction, provisioned throughput, and infrastructure-level memory and scheduling, complemented by an agent development-to-runtime flow.
AWS WAF Bot Control now supports Web Bot Authentication using asymmetric cryptography and HTTP Message Signatures to verify AI agent identities. Verified requests receive labels such as verified, invalid, expired, or unknown_bot, plus vendor and account metadata for granular policy. With the Bot Control rule group on CloudFront-associated web ACLs, verified agent traffic can be allowed by default while unverified or failed signatures can be blocked, rate-limited, or monitored; AWS notes ongoing standards alignment work and plans to simplify agent registration workflows.
Urgent Patching: Active Exploits and Critical Fixes
SonicWall SMA1000 appliances are under active exploitation via two zero-days: CVE‑2026‑15409 (critical SSRF in the Appliance Work Place interface, unauthenticated) and CVE‑2026‑15410 (post-authentication code injection in the Management Console). Patches are available in hotfixes 12.4.3‑03453 and 12.5.0‑02835 and later. SonicWall shared indicators of compromise and urges immediate updates, forensic checks, re-imaging if compromised, and rotation of all credentials and TOTP tokens. CISA added both to KEV with a July 17, 2026 remediation deadline for federal agencies.
Talos highlighted Microsoft’s July 2026 Patch Tuesday addressing 622 vulnerabilities, including 57 critical. Two flaws are confirmed exploited: CVE‑2026‑56155 (AD FS elevation of privilege) and CVE‑2026‑56164 (SharePoint Server spoofing/authentication issue). The release features numerous RCE and EoP fixes across Windows, Office, SharePoint, SQL Server, drivers, Media Foundation, and Remote Desktop, with several RCEs assessed as more likely to be exploited. Talos issued Snort rules to detect exploitation attempts and advises prioritizing patches for exploited and higher-likelihood vulnerabilities, alongside updated intrusion-detection signatures and compensating controls where needed.
SAP Updates remediate multiple high-severity issues. CVE‑2026‑44747 (CVSS 9.9) in SAP NetWeaver AS ABAP is an out-of-bounds write leading to memory corruption, with SAP and Onapsis advising kernel updates over disruptive workarounds. CVE‑2026‑27690 (CVSS 9.1) addresses HTTP request/response smuggling in Approuter deployments outside Cloud Foundry, and CVE‑2026‑44761 (CVSS 9.1) corrects default credentials stemming from a sample OAuth 2.0 client in SAP Commerce Cloud. Operators are urged to patch and, where applicable, remove or rotate any sample OAuth client configurations.
UEFI Shims signed by Microsoft but outdated were found to bypass Secure Boot, enabling arbitrary code execution at boot. Researchers identified 11 vulnerable shim versions, with exploitation allowing persistent bootkits. CERT/CC reported that vendors failed to re-sign or revoke their bootloaders after upstream fixes; Microsoft revoked the affected signatures as part of its June 2026 Patch Tuesday. The issues are tracked as CVE‑2026‑8863 and CVE‑2026‑10797.
Claude Extension for Chrome contains two reported weaknesses. A content script that loads allowlisted tasks does not check event.isTrusted, allowing another extension to synthesize clicks that trigger data‑access tasks such as reading Gmail; the impact ranges from high to critical depending on user automation settings. A separate panel parameter, skipPermissions, can disable consent checks when true. Manifold disclosed both on May 21; Anthropic acknowledged the reports but v1.0.80 (updated July 7) still reflects the issues. Suggested mitigations include rejecting synthetic clicks and removing permission mode parsing from URLs; users can reduce risk by disabling automatic actions and auditing extensions with access to claude.ai. No official patch or CVE was noted as of July 14.
OAuth Blind Spots and Supply‑Chain Abuse
Microsoft Analysis maps year‑long Salesforce data theft across three intrusion paths that did not leverage platform vulnerabilities: vishing to obtain OAuth consent for attacker-controlled apps, theft of OAuth tokens from third‑party vendors, and misconfigured guest access on Experience Cloud/Aura endpoints. Microsoft and Salesforce enhanced Defender for Cloud Apps and the Salesforce connector to ingest Real‑Time Event Monitoring, attribute calls to specific connected apps, expose scopes and session context, and add app risk scoring and governance. Recommended steps include enabling event logs, tightening guest roles, scoping connected apps to least privilege, and planning for rapid token revocation and rotation.
Proofpoint detailed OAuth client ID spoofing against Microsoft Entra ID, where attackers supply syntactically plausible but unregistered client IDs—often via the ROPC flow—to elicit distinct error codes that validate usernames and passwords without generating normal sign‑in telemetry. Campaigns from two clusters probed millions of accounts across thousands of tenants using cloud infrastructure, complicating detection and rate‑limiting. Defenders are advised to broaden Conditional Access scopes, update detection logic for anomalous token endpoint traffic and error patterns, and monitor for enumeration behaviors.
npm DDoS activity leveraged 148 packages posing as student proxies to conscript visitor browsers into floods. Hidden modules fetched mutable JavaScript without integrity checks and opened large numbers of WebSocket connections using the Wisp protocol, driving server resource exhaustion and log amplification. The campaign evolved over months and can be rearmed due to remaining remote loaders. Recommended actions include blocking related domains at DNS, clearing caches and service workers for affected users, and removing the packages from manifests and lockfiles.
Forg365, a phishing‑as‑a‑service platform, streamlines Microsoft 365 account takeovers using AI‑assisted lures, device‑code phishing, adversary‑in‑the‑middle relays, and a ForgCookie extension to generate and refresh SSO cookies. Guidance includes restricting or disabling device‑code authentication where possible, adopting phishing‑resistant MFA such as FIDO2/WebAuthn, revoking refresh tokens and terminating sessions on detection, auditing for unauthorized devices, and reviewing mailbox forwarding, delegated access, and OAuth permissions.
Check Point reported that attackers are increasingly using AI as an active operator, compressing exploit development timelines and expanding the AI stack as an attack surface. The study documents growth in indirect prompt injection, widespread use of synthetic media for fraud, and a rise in sensitive data leakage through sanctioned and unsanctioned enterprise AI use. Recommended defenses emphasize visibility and red‑teaming for AI systems, operating defensive AI to match attacker speed, and governance with real‑time data loss prevention for prompts and agent actions.
Compliance and Platform Updates
IAM Identity Center achieved FedRAMP Class C authorization in scope for four U.S. regions (US East Ohio and N. Virginia; US West N. California and Oregon). The designation enables agencies and contractors to use the service for workforce access management under FedRAMP Class C controls, supporting consistent identity and access policies across AWS environments and simplifying adoption for regulated customers.
CloudFront Functions added cf.logCustomData() to embed custom key‑value data into CloudFront access logs directly from edge scripts. The feature works with both real‑time and standard v2 access logs, enabling unified analysis of function decisions and request outcomes without separate log correlation. It is available across all edge locations with no added fee beyond existing invocation and log delivery charges.
Aurora DSQL is now offered in the Europe (Spain) Region for single‑Region clusters. The serverless distributed SQL database emphasizes active‑active high availability and multi‑Region strong consistency, with zero infrastructure management and Free Tier entry, broadening options for European customers requiring low‑latency access and global consistency.
DoD CMMC Phase II requirements have been suspended pending a 60‑day review, delaying the November 10, 2026 start. Citing prohibitive costs and burdens, the department will emphasize self‑assessments and selected government-led reviews in the interim, with a CIO‑led CMMC Reform Task Force focusing on scalable, resilient cybersecurity and reduced barriers for small and non‑traditional firms. Contractors are advised not to halt compliance efforts, as certain obligations remain and the program’s future direction is under evaluation.