Claude Sonnet 4.5 executed the Equifax breach exploit using standard Kali tools. No custom malware. No specialized cyber toolkit. Just the same utilities any pentester has on their laptop.
Speaking of pentesting, AI is coming for it at a success rate above 9/10 humans and about 1/3rd as expensive. At least, according to a study out of Cornell University.
The other news of the week is around zero days in Javascript package managers. Specifically npm told researchers that six zero-days were "working as expected" basically saying to all of us "it's your problem." On the other hand alternatives like Yarn and pnpm shipped fixes. Spicy.
Anthropic's research demonstrated that Claude Sonnet 4.5 successfully executed the exploit chain behind the 2017 Equifax breach, affecting 147 million people, using nothing but standard Kali Linux tools. No custom malware. No specialized cyber toolkit. Just the same penetration testing utilities any security professional has on their laptop.
The capability jump is measurable. Claude Sonnet 4.5 now solves 76.5% of CTF challenges on Cybench, a twofold increase in six months. The ARTEMIS study, the first peer-reviewed comparison of AI versus human pentesters in live environments, found AI agents cost $18/hour compared to $60/hour for human professionals, while competing economically with testers earning $125k/year.
Bruce Schneier's analysis frames the strategic shift: AI models can now read CVE descriptions, understand vulnerability mechanics, select exploitation tools, and execute attacks without human guidance. What previously required weeks of skilled attacker research now takes hours of compute time. The vulnerability count stays the same. The pool of people who can exploit them just expanded from "skilled researcher" to "anyone with API access."
The weaponization is already happening. Check Point documented HexStrike-AI, a tool that reduces exploitation time from days to under 10 minutes. Zscaler's 2026 AI Threat Report found the median time to first critical failure was just 16 minutes, with 90% of systems compromised in under 90 minutes.
Teleport announced its Agentic Identity Framework the same week.
Defensive guardrails are racing to catch up with offensive capability.
Six zero-day vulnerabilities across JavaScript package managers. Three different responses. One ecosystem fracture.
Researchers at Koi Security disclosed PackageGate, a set of flaws affecting how npm, Yarn, pnpm, vlt, and Bun handle package installations. The response times tell the story:
• pnpm: Fixed in 2 weeks
• vlt: Fixed in 8 days
• Bun: Fixed in 3 weeks
• npm: Closed as "works as expected"
npm's official response to researchers: "npm users are responsible for vetting the content of packages that they choose to install."
This creates a two-tier security ecosystem. Teams using Yarn or pnpm get platform-level protections. Teams locked into npm inherit the audit burden themselves.
The vulnerability affecting npm, a bypass of the --ignore-scripts flag via git dependency .npmrc injection, remains unpatched. Separately, researchers demonstrated bypasses to npm's Shai-Hulud malware detection through Git dependencies, showing that even npm's existing defenses have gaps.
The risk is quantifiable. ReversingLabs' 2026 report found a 73% increase in malicious open-source packages in 2025, with npm malware representing 90% of all detections. Supply chain breaches cost an average of $4.91 million globally, with 267 days average detection time.
npm's explicit refusal to patch creates measurable supply chain risk. Is package manager migration on your roadmap?
The ARTEMIS study put AI agents head-to-head against human pentesters earning $125,000 in live environments. The AI supposedly outperformed humans 90% of the time at a cost of $18/hour vs $60/hour for AI.
A $125k pentester works roughly 2,000 hours annually. An AI agent running at $18/hour for the same duration costs $36,000. So that's a That's a 71% cost reduction. Plus, AI agents don't sleep.
Perhaps this means that continuous automated red-teaming becomes economically viable for mid-market companies that could never afford dedicated pentest teams.
Continuous AI-powered testing is now cheaper than annual human assessments. I'm wondering how the humans move up the stack here.
The attack surface now includes the tools developers use to build software. Malicious VSCode extensions with over 1.5 million combined downloads remained on Microsoft's marketplace this week, installing info-stealers onto developer machines.
Here's the breakdown.
ChatGPT Chinese version (1.34M installs) and ChatMoss (152K installs). Both were fully functional AI assistants that provided real value while silently exfiltrating code to China-based servers. They remained on the marketplace three days after disclosure, passing Microsoft's review process and accumulating massive download counts before detection.
This isn't supply chain compromise through packages. This is direct developer machine compromise through the IDE itself. The G_Wagon malware targets 100+ cryptocurrency wallets and browser credentials through npm packages. ReversingLabs reports a 73% increase in malicious open-source packages in 2025, with npm malware representing 90% of all detections.
Every layer of the development stack is now an attack vector:
• Package managers
• Build tools
• IDE extensions
• AI coding assistants
Developer toolchain security requires the same rigor as production infrastructure. Make sure extension allowlisting, marketplace verification, and isolated dev environments are set up.
CVE-2026-21509 — Microsoft Office Severity: CVSS 7.8 | Impact: RCE | Status: Actively Exploited
FortiGate — FortiCloud SSO Authentication Bypass — Fortinet FortiGate Severity: Critical | Impact: Auth Bypass | Status: Actively Exploited
GNU telnetd — Authentication Bypass — GNU telnetd Severity: Critical | Impact: Auth Bypass | Status: Actively Exploited
VMware vCenter — RCE — VMware vCenter Severity: Critical | Impact: RCE | Status: Actively Exploited
CVE-2026-0723 — GitLab Severity: Critical | Impact: Auth Bypass | Status: Patch Available
OpenSSL — CMS/PKCS#12 Buffer Overflow — OpenSSL Severity: CVSS 10.0 | Impact: RCE | Status: Patch Available
vm2 — Sandbox Escape — vm2 NodeJS Library Severity: Critical | Impact: RCE | Status: PoC Available
SmarterMail — Admin Access Flaw — SmarterMail Severity: Not specified | Impact: Auth Bypass | Status: Actively Exploited
Zimbra Collaboration — Vulnerability — Zimbra Collaboration Severity: Not specified | Impact: Not specified | Status: Actively Exploited
WinRAR — Path Traversal — WinRAR Severity: Not specified | Impact: RCE | Status: Actively Exploited
CVE-2026-21962 — Oracle HTTP Server / WebLogic Severity: Not specified | Impact: Not specified | Status: Patch Available
Versa, Vite, Prettier — Multiple Vulnerabilities — Versa / Vite / Prettier Severity: Not specified | Impact: Not specified | Status: Actively Exploited
AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities — Why it's worth your time: Bruce Schneier's authoritative analysis of Anthropic's research showing AI can weaponize CVEs without human guidance, fundamentally changing patch window assumptions.
Teleport tackles agentic trust with new Agentic Identity Framework — Why it's worth your time: First major framework for securing autonomous AI agents in production. Addresses identity management gap as enterprises deploy agentic AI at scale.
Overcoming AI fatigue — Why it's worth your time: CISO perspective distinguishing generative vs agentic AI risk profiles. Practical framework for implementing guardrails before AI becomes embedded.
CISA confirms active exploitation of four enterprise software bugs — Why it's worth your time: Federal mandate with Feb 12 deadline for Versa, Zimbra, Vite, Prettier patches. Directly actionable for compliance-bound organizations.
Furl Raises $10 Million for Autonomous Vulnerability Remediation — Why it's worth your time: Validates market demand for automated remediation despite AI-related attack vector concerns this week.