Security leaders are changing how they measure success.

Instead of only trying to prevent attacks, they are now prioritizing keeping business operations running when disruptions happen.

Recovery and continuity are becoming central to planning, not just an extra task.

Disruptions Are Normal

Incidents that stop employees from using their devices are increasingly common.

Ransomware, data breaches, and system failures now regularly affect remote and hybrid workforces.

Downtime can halt access to key systems, stretching both security and IT teams as they work to restore operations.

Longer Recovery Times

Fixing issues often takes days, not hours.

Restoring endpoints and coordinating tools and support can be costly, sometimes reaching millions of dollars.

Indirect losses like reduced productivity add to the pressure.

Boards are paying close attention to how quickly companies can bounce back.

Preparing for the Next Incident

Security leaders expect interruptions to continue, including ransomware, insider problems, supply chain issues, and compliance failures.

Risks are now assessed based on their ability to stop work, not just technical severity.

Rising Responsibility

CISOs feel personal stakes growing.

Severe downtime could impact their careers or bring legal or financial consequences.

Recovery accountability is now a visible expectation at the executive level.

Software and Internal Failures Matter

Failures in trusted security tools are now seen as risks that can cause wide disruption.

Planning and testing now include scenarios where internal systems fail, alongside external attacks.

Managing Expectations

Executives often hope investments will fully prevent breaches, creating tension.

CISOs are focusing conversations on resilience, emphasizing preparation and rapid recovery over unrealistic prevention.

Organizations are realizing that keeping operations running through disruption is just as important as stopping attacks.

Microsoft, together with international law enforcement, took action against RedVDS, a global cybercrime subscription service.

RedVDS allowed criminals to rent virtual computers to commit fraud, including real estate scams, for as little as $24 a month.

International Cooperation

Authorities in the United States, United Kingdom, and Germany, along with Europol, worked with Microsoft to seize key systems and shut down RedVDS’s online marketplace.

This coordinated effort disrupted the network criminals relied on for automated and AI-assisted fraud.

Impact on Criminal Operations

By taking these services offline, Microsoft and its partners removed a tool that made cybercrime cheap, scalable, and harder to trace.

The move highlights how private companies and governments can work together to protect people and businesses from digital threats.

Stopping these services helps reduce fraud and demonstrates the power of collaboration in keeping online systems safe.

Traditional security often treats systems like bridges—engineered to anticipate every problem. In today's cloud and AI-driven environments, that mindset is risky because interactions are unpredictable and complex. Instead, we need a model more like biology, where systems adapt and respond to threats dynamically.

Robustness vs. Resilience

A robust system is rigid—like a fortress that eventually breaks under pressure. A resilient system behaves more like an immune system, recovering and adapting to threats. CISOs are now focusing on resilience, training teams to design systems that can absorb failures and continue operating rather than trying to prevent every possible issue.

Securing Unpredictable AI

AI agents interacting with each other create pathways no human could foresee. This makes traditional control methods ineffective. Emergent security focuses on monitoring behaviors, applying constraints, and designing systems that can respond safely even when the exact interactions are unknown.

New Primitives for AI Agents

Time-bound access, automatic throttling, and other “biological primitives” are ways to limit risk in AI systems. While reminiscent of Zero Trust principles, their application needs to account for the autonomous and adaptive behavior of AI agents, not just static access rules.

Bridging Compliance Gaps

Compliance frameworks are often static, expecting clear rules and checklists. Leaders must explain that probabilistic approaches—measuring risk dynamically and responding in real time—are valid, rigorous methods for security, even if they differ from traditional audits.

Designing for Safe Failures

Organizations are learning to accept that some failures are unavoidable. Designing subsystems with safe failure modes allows critical functions to continue while minimizing harm, rather than chasing impossible 100% uptime.

Security is shifting from rigid prevention to adaptable, resilient systems that can thrive in uncertainty.

ServiceNow, widely used by Fortune 500 companies, faced a severe AI-related security flaw that could let attackers take full control of its platform and connected systems.

The vulnerability stemmed from its “Virtual Agent” chatbot, which used the same credential across third-party services and required only an email address for authentication.

How Attackers Could Exploit It

An attacker could easily identify company ServiceNow instances online.

With the universal credential and minimal user information, they could impersonate users, manipulate workflows, and access sensitive HR, customer service, and security systems.

The addition of the “Now Assist” AI agent increased the risk, enabling powerful automated actions.

Impact and Response

Although ServiceNow fixed the issue and reported no confirmed malicious use, experts warn that attackers could have exploited it before the patch.

Organizations are advised to perform thorough security reviews to ensure no hidden breaches remain.

This case highlights the rising dangers of AI features in widely used enterprise platforms and the need for careful oversight of automated systems.

For the first time, CEOs are more worried about cyber-enabled fraud than ransomware.

According to the World Economic Forum's 2026 report, fraud now outranks ransomware, AI vulnerabilities, and software exploitation as a top business risk.

Why the Shift

CEOs are seeing financial losses from fraud firsthand. In 2025, 73% of executives were affected directly or knew someone impacted.

Most also reported that cyber fraud and AI-related risks are rising.

CISO vs. CEO Perspectives

While CEOs focus on preventing financial losses, CISOs remain most concerned about ransomware and supply chain disruptions.

This shows leaders balance protecting money with keeping operations running smoothly.

AI Risks Are Changing

Last year, adversarial AI—hackers using AI—was the main worry.

Now, unintended data exposure from employees using AI tools internally has become the bigger concern.

Organizations are increasingly checking AI security before deployment and using AI tools for threat detection and monitoring.

Business leaders are adjusting priorities: protecting money from fraud has become as urgent as defending systems from attacks.

Hackers claim to have stolen internal source code from Target and posted samples on a public Git platform.

They offered the full dataset, reportedly around 860 GB, for sale through private channels.

Sample Repositories

The published repositories included internal developer documentation, API references, and names of Target engineers.

The listings suggested access to multiple internal systems and tools, indicating the data likely came from Target’s private development environment rather than public projects.

Immediate Action

After being contacted, Target removed the repositories and took its developer Git server offline.

The server is now inaccessible from the internet, preventing further exposure while investigations continue.

Potential Impact

While the full dataset’s authenticity hasn’t been independently confirmed, the sample content raises concerns about sensitive internal systems and intellectual property.

This incident underscores the ongoing risk of insider-targeted breaches in enterprise environments.

Even major retailers are vulnerable to attacks on their development infrastructure, highlighting the importance of securing internal code repositories.