This week’s Department of Know is hosted by Rich Stroffolino, with guests Andrew Storms, security engineering, Kilo Code, and Eduardo Ortiz-Romeu, VP, global head of cybersecurity, Techtronic Industries.
Missed the live show? Check it out on YouTube.
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com.
Cal.com abandons open source
Open source project Cal.com is shifting its core scheduling platform to a proprietary model due to rising security risks from AI tools that can quickly analyze public code to find vulnerabilities. The company says modern models like Claude make open-source software significantly easier to exploit, forcing a tradeoff between transparency and protecting sensitive user data. Cal will maintain a separate open-source version for hobbyists.
(ZDNET)
Minnesota calls in the National Guard after cyberattack
Minnesota Governor Tim Walz sent in the National Guard to Winona County, citing a cyberattack that caused “significant disruptions.” The Guard will help ensure “vital municipal services continue without interruption.” Back on January 23rd, Winona County officials said they had suffered a ransomware attack, but Walz’s executive order this week does not say if this is related to the incident that occurred this week. County officials are working with the FBI and state IT Services to recover.
Two new ways to mess with AI
Google DeepMind researchers identified a new class of “AI Agent Traps,” where malicious web content manipulates autonomous AI agents into leaking data, spreading misinformation, or executing unintended actions. The team outlined six attack categories, including hidden prompt injections, semantic manipulation, memory poisoning, and system-level coordination attacks that exploit how agents process content and follow instructions.
Then Manifold Security found that by setting a fake author name and email in Git, the research team could fool Claude and “made a commit appear to originate from a trusted source, then passed it through an automated review flow where the model approved it.”
NIST’s NVD changes vulnerability assessment rules
NIST announced changes coming to the National Vulnerability database to address its ongoing backlog. Data analysis on vulnerabilities will shift to a “risk-based approach that will guide how they prioritize which CVE to process and enrich first.” This change will include dropping enrichment for all vulnerabilities reported before March 1, 2026, but will retain prioritization of CISA’s Know Exploited Vulnerabilities catalog.
Huge thanks to our sponsor, Conveyor
If there is, here’s something worth knowing.
The teams that have fully automated their customer security reviews didn’t just get a better trust center. They switched to an AI platform built for the whole workflow.
Conveyor handles trust center, questionnaire automation, and self-serve for sales, all in one place, with AI keeping the knowledge base current so answers are always accurate.
Learn why enterprise SaaS teams choose Conveyor at conveyor.com.
Mythos fallout
Last week we had the announcement and early access of Mythos Preview, Anthropic’s latest model that’s making some bold claims about vulnerability discovery. This is still a tightly controlled model, but we’ve got some early findings. The AI Security Institute reports that Mythos successfully completed advanced capture-the-flag tasks at a rate higher than other models and autonomously executed a multi-step attack simulations that previously required days of human work and had never been completed by an LLM.
And it seems that despite being labeled as a supply chain risk, the US government is looking to get early Mythos access, with the Treasury, Commerce, and various congressional committees reportedly in talks.
Not to be outdone, OpenAI is rolling out GPT-5.4-Cyber to a limited group of trusted users to help identify software vulnerabilities, expanding access from hundreds to thousands in the coming weeks as part of its Trusted Access for Cyber program.
Open-source tool attacks reveal the future of supply chain compromise
A feature article in The Register this week looks at the future of supply chain attacks. This follows two recent attacks, both of which we reported on, one from North Korea linked Axios and the other from Trivy, which is associated with TeamPCP. The attacks “infected open-source tools with malware and used this access to steal secrets from tens of thousands of organizations.” Mandiant Consulting CTO Charles Carmakal, speaking to The Register, said, “the data that was taken a few weeks ago will likely be leveraged this week, next week, next month – probably for several months – and the blast radius will continue to expand.”
Critical infrastructure under attack
We saw two major infrastructure breach stories this week. One saw attackers accessing the control interface of the pumping system in Venice, and soon afterwards began releasing evidence in the form of screenshots of control panels, system layouts, and valve states. The hackers, using names like “Infrastructure Destruction Squad” and “Dark Engine” said, in a Chinese language Telegram post, that their goal was to expose critical infrastructure weaknesses, and offered to sell full root access to the system for just $600.
Then U.S. agencies including the FBI, CISA, and NSA say Iranian-linked hackers are targeting internet-exposed industrial controllers used in critical infrastructure, particularly Rockwell/Allen-Bradley PLCs. The attacks have reportedly been active since last month and involve manipulating operational data and extracting system files, causing disruptions across sectors like energy and water.