44.5% of Cloud Intrusions Now Start With Unpatched Code
Big Picture
Software vulnerabilities are now the primary way attackers enter cloud environments: 44.5% of intrusions versus 27.2% for credentials. Six months ago it was 2.9%. The same week, OpenAI entered AppSec with Codex Security and a $119M Promptfoo acquisition, $325M total flooded agentic security startups, and the agents everyone deployed kept failing basic red team tests. AppSec is dead. Long live AppSec.
TL;DR
The 44.5% Shift -- Unpatched Code Is Now Cloud's #1 Attack Vector (and APIs Are Half the Problem)
Google Cloud's H1 2026 Threat Horizons Report puts software vulnerability exploitation at 44.5% of initial access vectors, up from 2.9% in H1 2025. Credential abuse dropped from 47.1% to 27.2%. Not a gradual shift. A reversal in one reporting period. React2Shell (CVE-2025-55182) went from disclosure to mass exploitation in 48 hours, with North Korean and Chinese state actors among the first to weaponize it. 73% of cloud incidents targeted data theft.
Wallarm's 2026 API ThreatStats adds the granularity: APIs are only 17% of published CVEs but 43% of CISA KEV additions (106 of 245 in 2025). Why the disproportionate targeting:
• 97% exploitable with a single HTTP request, 59% require no authentication
• AI-related vulnerabilities surged 400% YoY (439 to 2,185), 36% overlapping API flaws
• MCP protocol flaws grew 270% from Q2 to Q3
Meanwhile: 48,000 CVEs published in 2025 (67% increase from 2023), 81% of orgs knowingly deploy vulnerable code, and 24.7% of AI-generated code ships with vulnerabilities.
Takeaways
If 44.5% of initial access is through unpatched software and your budget still allocates 60-70% to identity controls, there is a line item mismatch between your spending and your actual threat exposure. The 48-hour React2Shell window is not an outlier. It is the new baseline.
OpenAI Enters AppSec With 11,000 Bugs and a $119M Acquisition
Codex Security scanned 1.2 million commits and surfaced 792 critical and 10,561 high-severity vulnerabilities in 30 days. Separately, OpenAI is acquiring Promptfoo for $119M to integrate AI agent security testing. One product finds bugs in code. The other hardens the AI agents writing it.
The distribution play matters more than the detection capability. Codex Security integrates directly into ChatGPT Enterprise. Netgear is already trialing it. Competing against a scanning tool embedded in the platform developers already use is a different fight than competing on accuracy alone.
Takeaways
If ChatGPT Enterprise reaches your developers before your AppSec team evaluates Codex Security, adoption happens bottom-up without security review. That is the distribution threat, not the detection capability.
AI Agents Keep Failing Security Tests. The Industry Keeps Deploying Them.
Thirty-eight researchers from five universities spent two weeks red-teaming AI agents and found 11 critical vulnerabilities. Agents obeyed commands from non-owners, shared 124 private emails without verification, and executed shell commands from unauthorized users. Documented, reproducible trust model failures.
Meta's AI Safety Chief could not prevent her own agent from being exploited via a GitHub Actions misconfiguration. Microsoft confirmed threat actors are using AI across every stage of the attack lifecycle. And the supply chain is already weaponized: fake Claude Code pages distributing Amatera infostealer, GhostClaw RAT via malicious npm packages, and 100+ GitHub repos distributing BoryptGrab stealer.
Takeaways
Three questions for every AI agent with production access: who authorized its permissions, what data can it reach, and what happens when it follows instructions from someone outside your team? If you cannot answer all three today, that is your actual risk surface.
$208M in One Week Signals Where Security Investors See the Market Heading
Kevin Mandia's Armadin launched with $190M for AI-powered red teaming. Escape raised $18M Series A from Balderton Capital for agent-driven pentesting and remediation. The Mandiant founder is now building an AI offensive security company. Combined with OpenAI's $119M Promptfoo acquisition, $325M flowed into AI-powered security in a single week.
The shared thesis: human-speed security testing cannot keep pace with AI-speed code production. Whether autonomous agents deliver consistent results or create the next generation of false confidence is the open question.
Takeaways
$325M in one week is a market signal, not a coincidence. If your pentest vendor still operates on annual engagement cycles, their investors are probably already having a conversation about that.
Vulnerabilities in the Wild
Actively Exploited
React2Shell (CVE-2025-55182) -- React Server Components
Critical RCE went from disclosure to mass exploitation deploying cryptomining malware in 48 hours. Nation-state actors from North Korea and China among the first to weaponize.
Severity: Critical | Status: Actively Exploited
SolarWinds Web Help Desk (CVE-2025-26399)
Actively exploited vulnerability added to CISA KEV catalog. Federal patch deadline: March 23, 2026.
Severity: Critical | Status: Actively Exploited / CISA KEV
Ivanti Endpoint Manager (Multiple CVEs)
Recently patched Ivanti EPM flaw now actively exploited in attacks. Added to CISA KEV with March 23 federal deadline.
Severity: Critical | Status: Actively Exploited / CISA KEV
Microsoft Windows (CVE-2026-21262) -- Zero-Day
Publicly disclosed before patch availability. Patched in March 2026 Patch Tuesday.
Severity: Critical (Zero-Day) | Status: Zero-Day / Patch Available
Microsoft Windows (CVE-2026-26127) -- Zero-Day
Second zero-day in March Patch Tuesday. Publicly disclosed before patch availability.
Severity: Critical (Zero-Day) | Status: Zero-Day / Patch Available
Critical
Fortinet FortiClient EMS (CVE-2026-21643)
Pre-authentication SQL injection allowing unauthenticated attackers to execute arbitrary SQL commands.
Severity: Critical | Status: Patch Available
Microsoft Windows Shell (CVE-2026-21510)
Remote code execution vulnerability. Part of 8 critical CVEs in March Patch Tuesday.
Severity: Critical | Status: Patch Available
SAP NetWeaver / FS-QUO (Multiple CVEs)
SAP patched 15 vulnerabilities including critical flaws in NetWeaver and Financial Services products.
Severity: Critical | Status: Patch Available
Rocket.Chat Enterprise (CVE-2026-28514)
Authentication bypass allowing sign-in with any password. Discovered using open-source AI framework.
Severity: Critical | Status: Patch Available
High
Linux Kernel Packet Sockets (CVE-2025-38617)
Race condition enabling privilege escalation through exploitation of concurrent access patterns.
Severity: High | Status: Patch Available
Salesforce Aura (Multiple CVEs)
ShinyHunters claims ongoing data theft via guest user permission misconfiguration. Persistent exploitation despite vendor guidance.
Severity: High | Status: Actively Exploited (Unpatched/Misconfiguration)
Also Patched This Week
• Microsoft Patch Tuesday -- 83 CVEs (8 critical, 2 zero-days). One vulnerability discovered using AI (Claude Opus 4.6).
• Adobe Patch Tuesday -- 80 vulnerabilities across 8 products.
• SAP Security Patches -- 15 vulnerabilities including critical NetWeaver and FS-QUO flaws.
Curated Reading List
Thought-Provoking
Shift-Left Has Shifted Wrong: Why AppSec Teams Must Lead Security in the Age of AI Coding Why it's worth your time: Argues that shift-left orthodoxy fails when 24.7% of AI-generated code contains vulnerabilities and 81% of orgs knowingly ship vulnerable code. Makes the case that AppSec teams, not developers, must lead security in the AI coding era.
When AI Safety Constrains Defenders More Than Attackers Why it's worth your time: Examines the asymmetry where AI guardrails block legitimate security testing by defenders while attackers use open-weight models without restrictions. A structural argument that current AI safety approaches inadvertently advantage adversaries.
Uncovering Agent Logging Gaps in Copilot Studio Why it's worth your time: Datadog security research reveals Microsoft Copilot Studio lacks adequate logging for agent actions, creating audit blind spots. Practical evidence that enterprise AI agent deployments have observability gaps.
Current Events
OMB Rolled Back the Rules. Security Did Not Get Easier Why it's worth your time: OMB memo M-26-05 rescinds federal SBOM and secure software development mandates. If your compliance roadmap assumed these requirements were permanent, your planning horizon just changed.
CVE Program Funding Secured, Easing Fears of Repeat Crisis Why it's worth your time: CISA and MITRE renegotiated the CVE program contract with a protected budget line, resolving the 2025 funding cliff. The vulnerability identification infrastructure the entire industry depends on is now structurally more stable.
Cybersecurity's Need for Speed and Where To Find It Why it's worth your time: Phil Venables (Google Cloud CISO) on why security organizations must match engineering velocity. Frames the speed gap as an organizational design problem, not a tooling problem. Relevant context for the 48-hour React2Shell window.
