If you've been wondering when attackers would start using the same AI tools we're using to ship code faster, that question got answered this week.
Chinese state-sponsored actors reportedly automated 90% of their attack operations using Claude across the whole chain (details below).
Meanwhile, 30,000 EU organizations just inherited mandatory security disclosure requirements that they have to implement by December. And we're seeing signs that a new security discipline (MLSecOps) is emerging to handle classes of AI model vulnerabilities that didn't exist 18 months ago.
The through-line: higher velocity challenging limited capacity. Large backlogs meet AI offensive capabilities. Compliance requirements are expanding. Sub-specialties are emerging rapidly that are both necessary and strain already-limited resources and expertise. No wonder 50% of CISOs report being burnt out.
BTW the velocity/capacity dichotomy is also what's driving the pace of news across AppSec Vendors looking to deploy new capabilities to help (covered below).
Anthropic disclosed Chinese state-sponsored actors used Claude AI to automate 80-90% of a cyberattack campaign across reconnaissance, vulnerability identification, exploit crafting, and lateral movement. The same AI capabilities powering 10x code generation now enable adversaries to execute attacks at equivalent speed. As Intezer's analysis notes, manual security review cannot keep pace with AI-accelerated development—whether that code comes from your developers or from attackers probing your infrastructure.
Some researchers expressed skepticism about whether Anthropic overstated capabilities for competitive positioning.
Overstated or not, it is pretty clear that attackers now leverage the same publicly available AI infrastructure as development teams.
The German Bundestag finalized NIS2 implementation, expanding EU cybersecurity requirements from 2,000 critical infrastructure organizations to over 30,000 entities by December 2025. The change adds healthcare, transport, manufacturing, and public administration organizations to mandatory compliance.
Affected organizations now face mandatory incident reporting within 24 hours, vulnerability disclosure requirements, and supply chain security accountability.
The December deadline hits mid-market organizations where security teams already operate at capacity the hardest. AppSec unemployment remains near zero, and vendor backlogs for professional services extend months.
Three major vendors launched AI-powered development platforms within a five-day window. Google announced Antigravity, an agentic development platform promising autonomous code generation and testing workflows. Checkmarx unveiled Agentic AI for pre-commit vulnerability prevention. Snyk partnered with Continue to embed AI-powered security directly into IDE workflows.
When competitors launch similar capabilities simultaneously, it's usually responding to RFP requirements or conference positioning. The challenge for buyers: separating implementation quality from marketing claims.
Agentic AI promises can sound compelling until you ask about false positive rates, code context awareness, and merge velocity in production environments. Do your diligence. Give us a call :).
This week delivered three Chrome zero-days under active exploitation, a Fortinet FortiWeb vulnerability exploited before public disclosure, widespread XWiki exploitation by RondoDox botnet, and critical vulnerabilities across Unifi Access and N-able N-central.
Fortinet's silent patching approach sparked fierce debate. The company patched a FortiWeb vulnerability before disclosing it publicly—while attackers were already exploiting it in the wild.
Seven zero-days in one week, each demanding immediate triage, is a continuation of the pace of exploits we've documented each week since we launched this weekly briefing.
Actively Exploited:
• CVE-2025-13223 (Google Chrome) Use-after-free vulnerability in Blink rendering engine Source
• Chrome Zero-Days (2 additional CVEs) (Google Chrome) Two additional zero-day vulnerabilities under active exploitation Source
• Fortinet FortiWeb Zero-Day (Fortinet FortiWeb) Authentication bypass vulnerability exploited before public disclosure (silent patch) Source
• CVE-2025-62215 (Microsoft Windows Kernel) Windows kernel privilege escalation vulnerability Source
• XWiki Vulnerability (XWiki) Remote code execution vulnerability exploited by RondoDox botnet for mass exploitation Source
• CVE-2025-52665 (Ubiquiti Unifi Access) Remote code execution vulnerability in Unifi OS affecting 25,000+ devices Source
• N-able N-central Zero-Days (N-able N-central) Multiple zero-day vulnerabilities transitioning from N-days to active exploitation Source
High/Critical:
• Microsoft Patch Tuesday (63 CVEs) (Microsoft Multiple Products) Microsoft November 2025 Patch Tuesday addressing 63 CVEs including actively exploited Windows kernel vulnerability Source
• Imunify360 Vulnerability (Imunify360 Security Platform) Security vulnerability in Imunify360 platform could expose millions of websites to hacking Source
• CVE-2025-12101 (Citrix NetScaler) Memory leak and reflected cross-site scripting vulnerability Source
• CVE-2025-50168 (Linux Kernel) SMAP-free confidence trick on kernel pointers enabling privilege escalation (4 Bytes, 1 Lie) Source
• AI Inference Framework Vulnerabilities (Meta, Nvidia, Microsoft AI Frameworks) Copy-paste vulnerability affecting AI inference frameworks at major tech companies Source
Thought-Provoking:
• Meta paid out $4 million via bug bounty program in 2025 Why it's worth your time: Meta's $4 million bug bounty payout this year signals enterprise "find" spending continues growing while "fix" capacity remains the bottleneck—a pattern visible across organizations struggling with vulnerability backlogs.
• We found cryptography bugs in the elliptic library using Wycheproof Why it's worth your time: Trail of Bits demonstrates practical cryptography testing methodology using Google's Wycheproof test suite, providing actionable guidance for teams validating cryptographic implementations in production code.
• Hacking Gemini - A Multi-Layered Approach Why it's worth your time: Original security research exposing multiple attack vectors against Google's Gemini AI model, directly relevant to MLSecOps teams securing LLM deployments and understanding AI model attack surfaces.
• OWASP Top 10 for 2025: What's New and Why It Matters Why it's worth your time: Analysis of updated OWASP Top 10 provides benchmark for prioritizing AppSec investments and aligning vulnerability remediation efforts with industry-recognized risk patterns.
Current Events:
• Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign Why it's worth your time: Unprecedented scale of supply chain attack with 150,000 malicious NPM packages highlights why manual code review cannot structurally keep pace with modern supply chain threats.
• ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet Why it's worth your time: First major botnet campaign specifically targeting AI infrastructure (Ray clusters), demonstrating how MLSecOps attack surfaces extend beyond model security to infrastructure compromise.
• Google announces agentic development platform, Google Antigravity Why it's worth your time: Google's entry into agentic AI development platforms signals major vendor convergence on autonomous code generation, accelerating the security verification velocity gap discussed in this week's briefing.