This week’s Department of Know is hosted by Rich Stroffolino with guests Peter Clay, CISO, Aireon, and Chris Ray, Field CTO, GigaOm
Missed the live show? Check it out on YouTube
The Department of Know goes live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
Palo Alto Networks boss calls AI agents biggest insider threat
This is according to Chief Security Intel Officer Wendi Whitmore, describing them as the new insider threat to companies in 2026. She describes the threat as a double edged sword, because “CISO and security teams find themselves under a lot of pressure to deploy new technology as quickly as possible, and that creates this massive amount of pressure to go through procurement processes, security checks, and understand if the new AI applications are secure enough for the use cases that these organizations have.” She added “One of the risks stems from the superuser problem, which occurs “when the autonomous agents are granted broad permissions, creating a superuser that can chain together access to sensitive applications and resources without security teams’ knowledge or approval. More details from her interview are available in the show notes to this episode.
Will prompt injection ever be ‘solved’?
OpenAI says prompt injection attacks against browser-based AI agents like ChatGPT Atlas may never be fully eliminated, after internal red-teaming uncovered a new class of attacks that can hijack agents during routine web workflows. The company shipped an update with a newly adversarially trained model and stronger safeguards, but warned that agents with access to email, documents, and web services are inherently higher-value targets.
Korean Air shares supplier attack
Korean Air disclosed a data breach after its in flight catering and duty free subsidiary Korean Air Catering and Duty Free, or KC&D, was hacked, exposing personal data tied to about 30,000 airline employees. The airline says customer data was not affected and that the leaked information appears limited to employee names and account numbers stored on KC&D’s ERP system. The Clop ransomware group has claimed responsibility for the KC&D attack and says it has already leaked the stolen data. (Security Affairs)
DarkSpectre campaigns exposed
Koi Security researchers say a Chinese-linked threat actor they track as DarkSpectre has run three long-running malicious browser extension campaigns that together impacted more than 8.8 million users across Chrome, Edge, Firefox, and Opera. The campaigns, dubbed ShadyPanda, GhostPoster, and Zoom Stealer, used legitimate-looking extensions to hijack searches, commit ad fraud, and quietly collect sensitive corporate meeting data from platforms like Zoom, Google Meet, and Microsoft Teams. Koi describes the operation as infrastructure for large-scale corporate espionage, rather than consumer fraud.
Huge thanks to our sponsor, Hoxhunt
Diesel generators and aircraft engines in high demand to power AI
The developers of data centers are now using aeroderivative turbines, “based on or made from jet engines,” as well as diesel generators, to address a growing need for power to process AI technology. This is being done to counter the issue of supply chain shortages and wait times of up to seven years to connect to the grid, as well as growing backlash over their impact on consumer utility bills. This power is needed for the training and running of artificial intelligence models. As a result, local and federal regulators in the U.S. are starting to loosen the restrictions on the use of backup generators and are even floating the idea of commandeering existing backup generators, such as those located behind many large stores and businesses, in order to support the demand.
Coupang to spend over $1 billion to compensate users
South Korea’s leading e‑commerce and logistics platform, often dubbed “Korea’s Amazon” has announced the amount, specifically the equivalent of $1.17 billion to compensate almost 34 million people affected by its recent data breach. This will be in the form of purchase vouchers for impacted users. Coupang plans to “sequentially notify all 33.7 million account users via text message regarding the voucher redemption process.”
Sedgwick confirms New Years Eve cyber incident
The claims administration company has confirmed that its government-focused subsidiary is dealing with a cybersecurity incident. Sedgwick “provides claims and risk management services to federal agencies like the DHS, Immigration and Customs Enforcement, Customs and Border Protection, Citizenship and Immigration Services, the Department of Labor, and CISA. The TridentLocker ransomware gang has claimed responsibility. Sedgwick stresses that its Government Solutions arm is segmented from the rest of its our business, and that “no wider Sedgwick systems or data were affected.”