Anthropic to Brief the Financial Stability Board on Cyber Flaws Found by Project Glasswing Mythos, Bank of England Chair Andrew Bailey Requesting the Briefing
The Financial Times reported on May 18 that Anthropic will brief the Financial Stability Board on cybersecurity weaknesses surfaced by Mythos, the unreleased cybersecurity model developed under Project Glasswing. The briefing was requested by Bank of England Governor Andrew Bailey, who chairs the FSB, and signals that frontier AI capability has now moved into the prudential supervision agenda for the global financial system. About 40 organizations including Amazon, Microsoft, and JPMorgan Chase have been given Mythos access to date so they can address vulnerabilities the model surfaces. Bailey named Mythos in an April 15 speech at Columbia University as one of two events that moved cyber up regulators' risk ranking faster than any other category in recent years.
For Canadian governance leaders, the Mythos briefing is a leading indicator that AI assisted vulnerability discovery now sits inside the financial stability conversation, not only enterprise cybersecurity operations. OSFI, the Bank of Canada, and provincial regulators have signalled similar concerns through 2026 on technology and cyber risk. The May warnings from the ECB, the IMF, and BaFin on AI assisted attack capability against banks all point in the same direction. Expect Canadian supervisory conversations on cyber resilience, third party risk, and AI governance to converge through the second half of 2026, with multinational Canadian financial institutions and any organization in federal critical infrastructure chains drawn into the same framing.
- Anthropic to brief the Financial Stability Board on cyber flaws surfaced by Mythos under Project Glasswing
- Briefing requested by Bank of England Governor Andrew Bailey, who chairs the FSB
- Approximately 40 organizations including Amazon, Microsoft, and JPMorgan Chase already have Mythos access
- Follows May warnings from the ECB, the IMF, and BaFin on AI assisted attack capability in banking
Implications
Regulated financial institutions and any organization operating inside critical infrastructure or federal supply chains should treat the FSB briefing as directional for near term Canadian supervisory expectations. Map response to ISO/IEC 27001:2022 A.5.7 threat intelligence, A.5.24 incident management planning, A.8.8 management of technical vulnerabilities, and A.8.16 monitoring activities. ISO/IEC 42001:2023 AI management system requirements apply to organizations developing or deploying AI in regulated contexts. Add documented AI threat scenarios to scheduled tabletop exercises through the rest of 2026 and request a board level one page status on threat intelligence intake, detection coverage, and authentication strength against AI assisted exploitation.
Verizon 2026 DBIR: Vulnerability Exploitation Has Overtaken Stolen Credentials as the Top Breach Entry Point, AI Compressing the Patch Window From Months to Hours
Verizon released the 2026 Data Breach Investigations Report on May 19. For the first time in the report's 19 year history, vulnerability exploitation has overtaken stolen credentials as the top breach entry point: 31% of breaches now start with vulnerability exploitation versus 13% from credential abuse. Verizon attributes the shift in part to AI compressing the disclosure to exploitation window from months to hours. Median time to fully patch worsened to 43 days, and organizations remediated only 26% of CISA KEV listed vulnerabilities. Ransomware activity rose to 48% of breaches from 44% in the prior year, and 62% of breaches involved a human element.
For Canadian governance leaders this is the first time vulnerability management overtakes identity hardening in DBIR ranking, and the operational implication is direct: patch cycle reliability, exposure inventory, and KEV remediation completeness become first order board level metrics. The AI accelerated exploitation pattern reinforces this week's Mythos and Microsoft Defender developments, and ties through to the upcoming CPCSC defence supplier readiness window. Detection programs anchored on signatures will under perform against AI generated exploits; behavioural detection coverage needs to be reassessed.
- Vulnerability exploitation at 31% of breaches overtakes credential abuse at 13% as the top entry point for the first time in 19 years
- Median time to full patch worsened to 43 days; only 26% of CISA KEV listed vulnerabilities were remediated last year
- Ransomware grew to 48% of breaches from 44%; 62% of breaches involved a human element
- Verizon attributes the shift in part to AI compressing the disclosure to exploitation window from months to hours
Implications
Boards and audit committees should request a one page DBIR aligned status from technology operations: KEV remediation rate, median patch time, exposure surface inventory, ransomware tabletop date, and AI assisted exploitation detection coverage. Map response to ISO/IEC 27001:2022 A.8.8 management of technical vulnerabilities, A.5.7 threat intelligence, A.8.16 monitoring activities, A.5.24 incident management planning, and A.6.3 information security awareness. NIST SP 800 53 RA 5, SI 2, and SI 4 controls apply. CPCSC Level 1 readiness work should be re scoped to ensure vulnerability management and KEV remediation evidence are explicit, not implicit.
SonicWall Gen6 SSL VPN MFA Bypass (CVE 2024 12802): Firmware Patch Alone Does Not Close the Gap, Six Manual LDAP Reconfiguration Steps Are Required
ReliaQuest disclosed that CVE 2024 12802, a SonicWall Gen6 SSL VPN MFA bypass tied to separate UPN and SAM account handling in Active Directory integration, was exploited in the wild between February and March 2026, with intrusion activity consistent with the Akira ransomware ecosystem. The critical operational point is that the firmware patch alone does not remediate the vulnerability on Gen6 devices; six manual LDAP reconfiguration steps are required, and standard patch management workflows are not designed to verify them. Gen6 also reached end of life on April 16, 2026, sharpening the legacy VPN exposure question for organizations that have not yet migrated.
In one ReliaQuest observed intrusion, attackers reached a file server and deployed pre ransomware staging tools within 30 minutes of gaining VPN access. The lesson is that MFA does not compensate for incomplete patch completion or configuration drift on legacy infrastructure, and that vendor patch advisories must be read against the actual operational steps required to close exposure on the deployed estate. Newer Gen7 and Gen8 devices are mitigated by the firmware update alone.
- CVE 2024 12802 SonicWall Gen6 SSL VPN MFA bypass exploited in the wild February to March 2026, consistent with Akira tooling
- Firmware patch alone does not close the gap on Gen6; six manual LDAP reconfiguration steps are required
- Gen6 reached end of life April 16, 2026
- One observed intrusion reached file server access and pre ransomware staging within 30 minutes of VPN entry
Implications
Verify on the actual estate that the six manual Gen6 LDAP reconfiguration steps have been completed, do not rely on the patch status field alone. Plan Gen6 retirement now given the April 16, 2026 end of life. Map response to ISO/IEC 27001:2022 A.5.16 identity management, A.5.17 authentication information, A.8.5 secure authentication, A.8.8 management of technical vulnerabilities, and A.8.16 monitoring activities. Update lifecycle and asset management policies so that vendor end of life dates trigger automatic retirement timelines rather than ad hoc decisions.
CISA Adds Two Actively Exploited Microsoft Defender Zero Days to the KEV Catalogue, Federal Remediation Deadline June 3, 2026
CISA added two actively exploited Microsoft Defender flaws to the Known Exploited Vulnerabilities catalogue on May 20: CVE 2026 41091 (privilege escalation via link following in the Microsoft Malware Protection Engine, CVSS 7.8, gains SYSTEM) and CVE 2026 45498 (denial of service against Defender, CVSS 4.0). Used in sequence the pair allows an attacker to first disable endpoint protection and then escalate privileges, an unusually direct path against the security product itself. Patches are available in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. Federal Civilian Executive Branch agencies must remediate by June 3, 2026.
When the endpoint protection product becomes the exposure point, patch governance for security tooling cannot be operated to lower assurance than business application patching. Many Canadian estates monitor patch status for productivity and ERP applications more rigorously than for endpoint protection because Defender is assumed to update silently. That assumption is the gap this week's KEV entries exploit.
- CISA added CVE 2026 41091 and CVE 2026 45498 to KEV on May 20 after observed active exploitation
- CVE 2026 45498 disrupts Defender; CVE 2026 41091 escalates to SYSTEM through link following in the Malware Protection Engine
- Patches in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7
- Federal Civilian Executive Branch remediation deadline June 3, 2026
Implications
Confirm Defender platform versions on the estate match or exceed the patched levels and that any management overrides have not blocked the update. Add endpoint protection tooling to the patch governance scope monitored at audit committee level, not only business application patching. Map response to ISO/IEC 27001:2022 A.8.7 protection against malware, A.8.8 management of technical vulnerabilities, A.8.16 monitoring activities, and A.5.7 threat intelligence. NIST SP 800 53 SI 3 malicious code protection and SI 4 information system monitoring apply.
GitHub Confirms Internal Repository Breach Traces to Compromised Nx Console VS Code Extension, Itself a Downstream Casualty of the TanStack npm Supply Chain Attack
GitHub CISO Alexis Wales confirmed that the breach of approximately 3,800 internal GitHub repositories traces back to a malicious version of the Nx Console VS Code extension (version 18.95.0, 2.2 million installs), live on the Visual Studio Marketplace for about 11 minutes on May 18. The Nx Console compromise itself originated from the May 11 TanStack npm supply chain attack, in which an attacker abused a pull_request_target Pwn Request pattern combined with GitHub Actions cache poisoning to publish 84 malicious versions across 42 @tanstack/* packages using TanStack's legitimate trusted publishing identity. Grafana, OpenAI, and Mistral AI are also confirmed downstream casualties. Attribution points to a threat actor group tracked as TeamPCP, with the campaign codenamed Mini Shai Hulud.
This is one of the most consequential developer ecosystem compromises in recent memory because the attack chained through three trust layers in sequence: npm package publishing, IDE extension marketplace publishing, and ultimately employee credential exposure inside a major code hosting provider. Canadian software organizations should treat developer environment hardening, extension allowlisting, and CI/CD credential rotation as immediate operational items, not Q3 backlog. The same TeamPCP actor was previously linked to the Aqua Security Trivy scanner compromise in March and the Bitwarden CLI npm package compromise in April.
- GitHub confirms approximately 3,800 internal repositories breached via malicious Nx Console v18.95.0 VS Code extension
- Nx Console compromise traces upstream to the May 11 TanStack npm supply chain attack via @tanstack/zod-adapter@1.166.15
- Grafana, OpenAI, and Mistral AI confirmed downstream casualties
- Attribution to threat actor group TeamPCP, codenamed Mini Shai Hulud, previously linked to Trivy and Bitwarden CLI compromises
Implications
Move developer environment hardening, IDE extension allowlisting, CI/CD credential rotation, and trusted publishing identity protection to the top of the operational queue. Map response to ISO/IEC 27001:2022 A.8.25 secure development life cycle, A.8.28 secure coding, A.5.19 information security in supplier relationships, A.5.21 managing information security in the ICT supply chain, A.5.16 identity management, and A.8.16 monitoring activities. NIST SP 800 218 Secure Software Development Framework applies in full. Boards should request a one page supply chain integrity status: known compromised package exposure, npm and extension allowlist coverage, CI/CD credential rotation cadence, and trusted publishing identity controls.
Defence Supplier CPCSC Readiness Tightens as Verizon DBIR, AI Generated Exploitation, and the Nx Console Supply Chain Breach Land in the Same Week
CPCSC Level 1 self attestation has been available to Canadian defence suppliers since April 1, 2026 and contract integration begins Summer 2026. This week's developments tighten the operational case for completing Level 1 evidence work in May: the Verizon 2026 DBIR shows vulnerability exploitation has overtaken stolen credentials as the top breach entry point, Anthropic is briefing the Financial Stability Board on AI surfaced cyber weaknesses, CISA added two actively exploited Microsoft Defender zero days to KEV, and GitHub confirmed the Nx Console VS Code extension breach as a downstream casualty of the TanStack npm supply chain attack. Level 2, scheduled for spring 2027, will require external assessment by accredited certification bodies.
The 13 Level 1 controls anchor on the foundational tier of NIST SP 800 171 and the CCCS industrial cyber security baseline. Suppliers preparing for Summer 2026 contract integration should pair attestation with documented operational evidence covering vulnerability management cycle reliability, CISA KEV remediation discipline, endpoint protection patch governance, software supply chain controls, and AI assisted exploitation detection coverage. Prime contractor flow downs and BDC Defence Platform due diligence will surface these dimensions even where the Level 1 control wording does not call them out explicitly.
- CPCSC Level 1 self attestation available since April 1, 2026; contract integration begins Summer 2026; Level 2 external assessment scheduled spring 2027
- Verizon DBIR ranks vulnerability exploitation above credential abuse for the first time in 19 years
- Anthropic Mythos FSB briefing signals AI assisted attack capability has entered financial stability supervision
- CISA KEV additions for Microsoft Defender and Drupal this week reinforce remediation discipline expectations
- Nx Console and TanStack chain raises developer environment hardening and CI/CD supply chain controls into operational priority
Implications
Defence suppliers should pair Level 1 self attestation with operational evidence packages: KEV remediation cadence, endpoint protection patch verification, software supply chain controls, IDE extension allowlisting, CI/CD credential rotation, and AI assisted exploitation detection coverage. Map response across ISO/IEC 27001:2022 Annex A and NIST SP 800 171 in a single integrated control register. Organizations expecting Level 2 should begin gap assessments now while accredited certification body capacity is being built in the Canadian market.
Trump Postpones AI Oversight Executive Order After Last Minute Pressure From Musk, Zuckerberg, and Sacks
President Trump postponed the signing of his administration's AI oversight executive order on Thursday May 21, hours before a scheduled signing ceremony. The draft order would have empowered the US government to pre evaluate frontier AI models on a voluntary basis 90 days before public release, identifying security vulnerabilities before deployment. Postponement followed a concentrated lobbying push from Elon Musk, Mark Zuckerberg, and former US AI and crypto czar David Sacks, who argued the order risked slowing US AI competitiveness against China. Trump confirmed the postponement to reporters in the Oval Office, citing concerns about disrupting US leadership.
The directional read for Canadian governance leaders is that US federal AI oversight is becoming fragmented, voluntary, and commercially contested rather than codified. Canadian organizations cannot rely on a US oversight regime to set baseline expectations for frontier model evaluation, deployment governance, or security posture. Internal AI control frameworks anchored on ISO/IEC 42001:2023 and the NIST AI Risk Management Framework now carry more weight, not less. The EU AI Act implementation timeline, which advanced earlier in May, is the more reliable external anchor for multinational Canadian operators.
- Trump postponed the AI oversight executive order signing on May 21, hours before the scheduled ceremony
- Draft order would have allowed voluntary government pre evaluation of frontier models 90 days before public release
- Last minute lobbying pressure from Musk, Zuckerberg, and Sacks cited as the proximate cause
- Postponement reflects fragmentation between voluntary frameworks and competitive pressure with China
Implications
Canadian organizations developing or deploying AI should anchor governance on ISO/IEC 42001:2023 AI management system requirements, the NIST AI Risk Management Framework, and the EU AI Act implementation timeline rather than assume a US federal baseline. Procurement should ask AI vendors for written model evaluation, red teaming, and deployment governance commitments rather than rely on US executive branch policy. Boards should expect AI customer assurance and due diligence to harden through 2026 as US oversight remains contested.
Drupal Core SQL Injection (CVE 2026 9082, SA CORE 2026 004) Added to CISA KEV After Active Exploitation, PostgreSQL Sites Face May 27 Federal Deadline
Drupal published advisory SA CORE 2026 004 (CVE 2026 9082) on May 20, a highly critical unauthenticated SQL injection vulnerability in Drupal core's database abstraction API that affects sites running PostgreSQL. The vulnerability can lead to information disclosure, privilege escalation, and in some cases remote code execution. Drupal updated the advisory on May 22 to confirm exploit attempts in the wild, and CISA added the CVE to the Known Exploited Vulnerabilities catalogue the same day with a May 27 federal remediation deadline. Imperva observed more than 15,000 attack attempts targeting almost 6,000 sites across 65 countries.
Affected versions span 8.9.0 through 11.3.x with patched releases issued in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, and 11.3.10. Public facing CMS exposure remains one of the fastest paths from disclosure to exploitation in the Verizon DBIR ranking this week, and the PostgreSQL specific scope narrows the question for many Canadian operators but does not eliminate it. The May 27 federal deadline is a useful external anchor for Canadian critical infrastructure and federally regulated entities aligning to the same timeline.
- CVE 2026 9082, SA CORE 2026 004: unauthenticated SQL injection in Drupal core, PostgreSQL backed sites only
- Drupal confirmed exploit attempts in the wild on May 22; CISA added to KEV the same day with May 27 remediation deadline
- Imperva observed 15,000+ attack attempts across nearly 6,000 sites in 65 countries
- Patched releases: 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10
Implications
Identify all PostgreSQL backed Drupal estates in the asset inventory, patch to the listed releases, and review web application logs for indicators of compromise covering at least the period since disclosure. Map response to ISO/IEC 27001:2022 A.8.8 management of technical vulnerabilities, A.8.16 monitoring activities, A.8.25 secure development life cycle, and A.8.26 application security requirements. NIST SP 800 53 RA 5 and SI 4 controls apply. Boards of organizations running customer facing or regulator facing Drupal estates should request a written status confirming remediation against the May 27 federal anchor and identifying any unsupported Drupal versions requiring upgrade.