Brief #113: NVIDIA AI Containers Escaped, GitHub Malware Distribution, CISOs Are Giving Up

Happy Sunday!

This week's State of AI report really caught my attention. The fact that 97% of organizations are experiencing security incidents related to generative AI tells us we're still in the early stages of figuring this out. What's particularly striking is that 90% of AI usage is happening in the shadows, outside IT oversight. It's giving me flashbacks to the early days of cloud adoption.

In this week's brief:

• A critical NVIDIA Container Toolkit vulnerability that lets attackers escape containers with just three lines of code
• Why CISOs are burning out at record rates and how the "Don't Fire Me" chart explains the turnover pattern
• How hackers are hiding malware inside DNS records to bypass traditional security controls

Industry News

Hackers Hide Malware Inside DNS Records To Bypass Security Controls

• Threat actors are embedding malicious code within DNS TXT records, converting binaries into hexadecimal format and splitting them across multiple subdomains, effectively bypassing traditional security monitoring systems.

• This technique exploits a security blind spot as DNS traffic is often less scrutinized than web or email traffic, with the challenge amplified by encrypted DNS protocols like DOH (DNS over HTTPS) and DOT (DNS over TLS).

• DomainTools researchers discovered this method being used to distribute Joke Screenmate malware and also found DNS records containing text designed for prompt-injection attacks against AI chatbots.

Critical Container Escape Vulnerability Found in NVIDIA Container Toolkit

• Wiz Research discovered a critical vulnerability (CVE-2025-23266) in NVIDIA Container Toolkit with a CVSS score of 9.0, allowing attackers to escape container isolation with just a three-line Dockerfile and gain full root access to host machines.

• The vulnerability affects all NVIDIA Container Toolkit versions up to v1.17.7 and GPU Operator versions up to 25.3.1, posing significant risks to AI cloud services where multiple customers share GPU infrastructure.

• Organizations should immediately upgrade to the latest version or implement NVIDIA's provided mitigations, as this vulnerability does not require internet exposure but can be exploited through container images from untrusted sources.

Malware-as-a-Service Operation Exploits GitHub To Distribute Payloads

• Cisco Talos researchers discovered a MaaS operation using public GitHub accounts to distribute malicious software, providing attackers with a reliable platform that's typically whitelisted in enterprise networks with software development teams.

• The campaign, active since February 2025, deployed the Emmenhtal (PeakLight) loader to deliver Amadey malware, which collects system information and downloads customized secondary payloads based on infected device characteristics.

• GitHub removed the three malicious accounts after notification, but the campaign demonstrates how threat actors can bypass web filtering in environments where GitHub access is required for legitimate development purposes.

Leadership Insights

2025 State of AI Report Highlights Key Trends in AI Product Development and Security

• The report reveals that hallucinations and explainability/trust are the top challenges when deploying AI models, with 39% and 38% of respondents citing these issues respectively, followed by proving ROI (34%).

• AI-native companies are progressing faster through development cycles than AI-enabled peers, with 47% of AI-native products already at scaling stage compared to just 13% of AI-enabled products.

• While 80% of companies rely on third-party AI APIs, high-growth organizations are increasingly developing proprietary models and implementing advanced security monitoring – 75% of scaled AI products now feature advanced performance monitoring with drift detection.

CyberCube Analysis Identifies 2% of Large Firms at Highest Scattered Spider Ransomware Risk

(https://insights.cybcube.com/en/firms-highest-scattered-spider-risk?ref=cybersecstats.com)

• Scattered Spider has resurfaced with renewed intensity, conducting 11 major attacks between April-July 2025 across retail, insurance, and airline industries, causing significant financial damage (up to $592 million to UK retailers alone).

• The threat actor exhibits a pattern of targeting multiple companies within one sector before moving to another, utilizing sophisticated social-engineering tactics to bypass authentication systems and infiltrate high-value corporate networks.

• CyberCube's Portfolio Threat Actor Intelligence (PTI) solution has identified Manufacturing, Education, IT, and Retail sectors as having the highest concentrations of potential targets for Scattered Spider attacks.

AI Security Is API Security: Key Issues Affecting Enterprise Protection

• 97% of organizations report security incidents related to generative AI, with approximately 90% of AI usage classified as "shadow AI" operating outside IT oversight.

• API vulnerabilities remain the primary attack vector for AI systems, with authorization flaws, authentication weaknesses, and parameter manipulation being the most common exploit paths.

• Effective AI security requires comprehensive discovery of all AI assets (including third-party integrations) and adoption of emerging frameworks like OWASP LLM Top 10 and ISO 42001.

Discover my collection of industry reports, guides and cheat sheets in Cyber Strategy OS

Career Development

The "Don't Fire Me" Chart Explains CISO Turnover Pattern

• Security improvement cycles often appear worse before getting better - as CISOs implement better monitoring and risk assessment tools, they uncover previously hidden issues, creating a false impression of deteriorating security posture.

• High CISO turnover occurs when leadership misinterprets the discovery of additional security issues as program failure rather than recognizing it as a necessary phase in the improvement cycle.

• Long-term leadership commitment is essential - organizations that support security leaders through the entire improvement cycle ultimately achieve sustainable risk reduction, unlike those that repeatedly restart the process with new hires.

CISOs Face Increasing Burnout And Personal Liability As Regulatory Demands Grow

• CISOs are experiencing unprecedented levels of burnout with 91% reporting moderate to high stress, as they face increased responsibilities without proportional authority, creating what one expert calls an "unsustainable" imbalance.

• Many security leaders are structurally underpowered within organizations, often reporting to CTOs or CFOs rather than having direct board access, while simultaneously facing growing personal accountability and legal liability for security incidents.

• A new Professional Association of CISOs (PAC) is forming to establish standardized accreditation, advocate for legal protections, and create support networks to help address the growing challenges of the role.

Cybersecurity Professionals Share Day-To-Day Responsibilities On Reddit Thread

• SOC Analysts describe their daily routines of triaging alerts, investigating potential threats, and using various security tools to determine if incidents require escalation.

• Information Security professionals highlight responsibilities including vulnerability management, CIS hardening, phishing email analysis, and serving as escalation points for MSSP alerts.

• Senior roles such as executives and department heads report spending significant time in meetings, managing organizational governance, and handling administrative tasks like budgeting and vendor management.

AI & Security

Amazon Launches Bedrock AgentCore for Enterprise-Grade AI Agent Deployment

• AWS has introduced Amazon Bedrock AgentCore in preview, a comprehensive suite of services that helps developers securely deploy and operate AI agents at scale using any framework and model, eliminating the need to build foundational infrastructure.

• The suite includes seven key components: AgentCore Runtime (for isolated serverless environments), Memory (for context management), Observability (for visualization and debugging), Identity (for secure access to services), Gateway (for API transformation), Browser (for web automation), and Code Interpreter (for running generated code).

• AgentCore works with open source or custom AI agent frameworks, supports AWS Marketplace integration, and is available in preview in four regions with free usage until September 2025 when pricing will begin.

Researchers Call For Expanded AI Red Teaming Beyond Model-Level Testing

• Current AI red teaming practices focus too narrowly on finding individual model vulnerabilities, overlooking broader sociotechnical systems and emergent behaviors that arise from interactions between models, users, and environments.

• Authors propose a comprehensive framework with both macro-level (system) red teaming spanning the entire AI development lifecycle and micro-level (model) red teaming, drawing on cybersecurity experience and systems theory.

• Effective AI red teaming requires multifunctional teams examining risks across seven lifecycle stages: inception, design, data, development, deployment, maintenance, and retirement.

Cloud Security Alliance Introduces First Vendor-Agnostic AI Controls Matrix

• The AI Controls Matrix (AICM) is designed to help organizations develop and implement AI technologies securely, featuring 243 control objectives across 18 security domains and built on the foundation of the Cloud Control Matrix.

• Set for release on July 10, 2025, the AICM bundle includes a control matrix, assessment questionnaire, and mappings to major standards including BSI AIC4, NIST AI 600-1, with ISO 42001 and EU AI Act mappings coming soon.

• The framework takes an open, expert-driven, consensus-based approach to help organizations assess AI-specific risks, build trustworthy AI systems, and align with international standards in a measurable way.

Market Updates

Zero Networks Secures USD 20 Million Series B Funding For Network Segmentation Solution

• Zero Networks has raised $20M in Series B funding led by US Venture Partners (USVP), following a five-fold revenue increase, bringing total funding to $45M for their lateral movement prevention solution.

• The company's SaaS platform automatically creates granular security policies that restrict user and machine access, requiring multi-factor authentication for accessing sensitive protocols commonly exploited by attackers.

• Founded in 2019, Zero Networks serves diverse customers including global banks, US retailers, manufacturing corporations, and healthcare organizations across the US, Europe, and the Middle East.

Empirical Security Raises $12M Seed Round for AI-Powered Enterprise Cybersecurity

• Empirical Security's platform uses a dual-model AI architecture that builds both global and local cybersecurity models tailored to each enterprise's specific infrastructure and risk profile.

• The funding round was led by Costanoa Ventures with participation from DNX Ventures, Sixty Degree Capital, HPA, and strategic investors including former security leaders from Google and Qualys.

• Founded by the team behind Kenna Security, Empirical aims to transform prioritization by analyzing millions of daily exploitation events and adapting that intelligence to each client's unique threat environment.

Cybersecurity Funding Reaches Three-Year High in First Half of 2025

• Investors poured $9.4 billion into cybersecurity and privacy startups in H1 2025, with Q2 funding surging to $4.9 billion, marking the highest level in three years.

• AI-powered security platforms dominated large funding rounds, with Cyera securing the largest Q2 investment of $540 million at a $6 billion valuation, while 11 companies received rounds of $100 million or more.

• Despite strong investment activity, exits remained muted in Q2 with no cybersecurity IPOs and only a few notable acquisitions of well-funded startups like Red Canary, TrueWork, and Protect AI.

Tools

BitLyft AIR Platform

BitLyft AIR Platform is a managed detection and response solution that combines AI-driven security monitoring with human expertise to provide comprehensive threat detection and incident response services.

Cloudflare Access

Cloudflare Access is a zero trust network access solution that secures applications and resources by implementing identity-based authentication and authorization without traditional VPN infrastructure.

Netenrich Resolution Intelligence

A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity, leadership and AI updates, follow me on LinkedIn, BlueSky and Mastodon.

Best, 
Nikoloz