Network Intelligence, 535, Fifth Avenue, 4th Floor, New York, NY (2026)

05/25/2026

Trivy. Checkmarx. LiteLLM. Bitwarden. Accurics.

Not victims of cyber attacks. These are tools your developers install to keep your software secure.

All compromised by the same group in 16 days.

The most diligent companies were the most exposed. Because they ran the security scanner on their source code, and the security scanner was the attack.

Here is the cascade:

Misconfigured GitHub Actions at Aqua Security → Trivy backdoored for 4 hours → thousands of CI/CD pipelines pull it → AWS keys, GCP accounts, Kubernetes secrets, database passwords all exfiltrated.

Then the stolen credentials chained outward:

Trivy → Checkmarx → LiteLLM (used by 36% of cloud environments) → Telnyx, Bitwarden CLI, Accurics.

4TB of data sold on the dark web. Buyer: LAPSUS$. Seller: Team P*P.

Three things to do right now:
→ Pin every dependency to an immutable commit hash, not a version
→ CI/CD pipelines should never carry direct production credentials. Use short-lived rotating tokens.
→ If you used any tool in this chain, rotate every credential your pipeline touched.

The attackers are no longer breaking your perimeter. They are poisoning the tools you trust to protect it.

📺 Subscribe: https://www.youtube.com/
✍️ [email protected]

05/18/2026

A $34 billion company was defeated by a 10-minute phone call.
No malware. No zero-days. No broken encryption. Just a teenager who knew how to talk.

MGM Resorts. Caesar's Palace. Marks & Spencer. Harrods. Jaguar Land Rover. All hacked by the same group. Most of them teenagers. Some still in school.

They call themselves Scattered Spider. The FBI tracks them as UNC3944. In Las Vegas they are known as the kids who broke the casino industry.

Here is how the MGM attack happened:
September 2023. One of them calls the MGM IT help desk. Sounds American. Sounds calm. Says he is a senior systems engineer locked out of his account. He reads out the engineer's full name, employee ID and date of birth. All scraped from LinkedIn in under 5 minutes.

The help desk resets the password.

10 minutes later, they are inside the network of a $34 billion company.

For the next 72 hours: slot machines stopped working. Hotel key cards stopped opening doors. ATMs went dark. Reservations vanished. MGM lost $100 million in 8 days. Caesar's Palace paid a $15 million ransom.

The same playbook then hit Marks & Spencer at £300M, the Co-op, Harrods, and Jaguar Land Rover. 5 weeks of factory shutdowns. £1.9 billion in damage. The most expensive cyber attack in British history.

Three groups have now merged under one name: LAPSUS$.

Here is what matters for your security:
Your perimeter is no longer your firewall. It is your help desk.

Three things to do this week:
→ Your help desk should never reset a password from a phone call alone
→ Every privileged account reset needs a video call to a known number
→ Treat LinkedIn as hostile reconnaissance. Stop letting employees post internal job titles and sensitive details.

The most sophisticated attacks of the last two years did not use sophisticated tools. They used a phone and a LinkedIn profile.

📺 Subscribe for weekly threat intelligence:
https://www.youtube.com/

📩 [email protected] | https://www.networkintelligence.ai/

05/16/2026

𝗠𝗼𝘀𝘁 𝗼𝗳 𝘂𝘀 𝗵𝗮𝘃𝗲 𝗴𝗼𝗻𝗲 𝗳𝗿𝗼𝗺 𝘂𝘀𝗶𝗻𝗴 𝗔𝗜 𝗼𝗻𝗰𝗲 𝗼𝗿 𝘁𝘄𝗶𝗰𝗲 𝗮 𝗱𝗮𝘆 𝘁𝗼 𝗿𝗲𝗹𝘆𝗶𝗻𝗴 𝗼𝗻 𝗶𝘁 𝘁𝗵𝗿𝗼𝘂𝗴𝗵𝗼𝘂𝘁 𝘁𝗵𝗲 𝗱𝗮𝘆.
A recent Anthropic paper made us pause.

The paper, titled "Disempowerment Patterns in Real-World AI Usage", analyzed 1.5 million Claude conversations. It found that severe disempowerment occurs in roughly 1 in 1,000 conversations.

That sounds small. But given how many people use AI and how often, even a very low rate affects a very large number of people.

The research identified three types of disempowerment:
• Reality distortion: AI led people to believe incorrect notions about their own suitability for roles and decisions
• Value judgment distortion: people began weighing considerations they would not normally prioritize
• Action distortion: AI prompted people to take actions they otherwise would not have taken

And four factors that make disempowerment more likely:
→ Authority: treating AI as the definitive authority
→ Attachment: forming a relationship attachment with the AI
→ Reliance: becoming dependent on AI for day-to-day tasks
→ Vulnerability: engaging with AI during major life disruptions or acute crises

The root cause, according to the researchers, is AI's sycophantic nature. It tends to agree with you and lean into your preconceived notions.

The single most effective defense is simple: Always ask AI to challenge your idea. Challenge your project. Challenge your assumptions.

As AI becomes more embedded in how we think and decide, using it well is not just a productivity skill. It is a critical thinking skill.

📺 Subscribe for more on AI, security and the future of work:

https://www.youtube.com/

05/14/2026

𝗧𝘄𝗼 𝗿𝗲𝘀𝘂𝗺𝗲𝘀. 𝗦𝗮𝗺𝗲 𝟮 𝘆𝗲𝗮𝗿𝘀 𝗼𝗳 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲. 𝗢𝗻𝗹𝘆 𝗼𝗻𝗲 𝗴𝗲𝘁𝘀 𝗳𝗼𝗿𝘄𝗮𝗿𝗱𝗲𝗱 𝘁𝗼 𝘁𝗵𝗲 𝘁𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝘁𝗲𝗮𝗺.

KK Mookhey, Founder and CEO of Network Intelligence and Transilience AI, has read thousands of resumes over 25 years. In this video, he reviews two real ones side by side and shows exactly what makes him hit forward versus delete.

What gets you deleted:
→ Generic boilerplate cover notes
→ Listing Burp Suite, Nmap and Metasploit as if they are achievements. They are table stakes.
→ CEH when hiring managers want OSCP
→ Zero cloud security or AI red teaming skills

What gets you hired:
→ A personalized note that proves you researched the company
→ Open-source projects with real traction
→ Published CVEs and bug bounty recognition
→ Technical write-ups that people actually read
→ OSCP, CRTP and cloud certifications

The lesson: table stakes get you deleted. Proof of work gets you hired.
━━━━━
Want to build the emerging skills KK talks about? Two opportunities from our team:
𝗙𝗿𝗲𝗲 𝗪𝗲𝗯𝗶𝗻𝗮𝗿: The AI-First Cybersecurity Journey: Tools, Techniques and Real-World Skills - Register Now: https://live.zoho.in/osjb-yxv-oms

Black Hat USA 2026 Training: Adversarial AI Red Teaming the Entire AI Supply Chain - Details: https://blackhat.com/us-26/training/schedule/ -ai-red-teaming-the-entire-ai-supply-chain---from-rag-to-agents-to-production-50434

Subscribe to our YouTube Channel for more such updates: https://www.youtube.com/
Visit https://www.networkintelligence.ai/ or write to us on [email protected] for any queries.

05/12/2026

Mid 2023. KK Mookhey walks into a room of senior execs and says: a tsunami is coming.

Late 2023. He presents to the Board. Gets approval for a $1M investment in AI capability.

Early 2024. He realizes the platform he's imagining, think Minority Report, think Jarvis, needs technical depth that doesn't exist yet.

Mid 2024. Venkat Pothamsetty joins as CTO and co-founder. Transilience AI is incorporated.

End 2025. The team meets for an offsite. LLMs have become a different beast entirely. They trash a year's worth of code and rebuild from scratch.

What comes out of that isn't just a new platform. It's a philosophy.

Security is non-negotiable. Yet somehow getting it done feels like writing a thesis no one will ever read. Audits after audits. Checklists after checklists. Skilled engineers turned into data processors.

Transilience AI changes that model. AI agents handle data and knowledge. Your team handles wisdom and judgment. One unified interface. No tool sprawl. No cognitive overload. A closed-loop security posture, active within days.

The Full-Stack Security OS is now live.

Watch the launch video below. Then schedule a demo and see it for yourself.
Schedule a demo: [email protected]
Explore the Full-Stack Security OS: https://www.transilience.ai/

05/05/2026

If your organization runs a website on cPanel, stop reading and patch right now.

cPanel and WHM are being mass exploited in the wild as we speak.
CVE-2026-41940. CVSS score: 9.8 out of 10.

Here is what this means in plain terms:

An unauthenticated remote attacker can bypass authentication entirely and gain full administrative access to your website and hosting environment. No credentials needed. No prior access required.

70 million websites run on cPanel. A basic internet scan shows 1.5 million cPanel instances currently exposed. And active exploitation is already confirmed.

This is not a theoretical risk. It is happening right now.

One action to take immediately:
→ Contact your web admin and patch cPanel to one of the fixed versions today. Not this week. Today.

Please reach out to us at [email protected] or comment on this post to get the full technical analysis and IOCs.

Subscribe for real-time threat intelligence and cybersecurity updates:
https://www.youtube.com/

05/01/2026

334 vulnerabilities marked critical. Claude said only 85 actually matter. In minutes.

That is the gap between scanner noise and real risk. And AI is closing it fast.

In this video, KK Mookhey, Founder and Group CEO, .ai walks through 10 ways Claude is transforming cybersecurity workflows right now:

→ Vulnerability prioritisation with CVSS, asset context and exploit status
→ RFP to proposal in minutes, not hours
→ Daily threat briefings on autopilot
→ Full threat intel reports with IOCs and MITRE mapping
→ Bulk resume screening for security roles
→ AWS and Azure compliance toolkit built through prompting
→ Content ideation via web scraping with Apify MCP
→ Open source pen testing in 20 to 30 minutes
→ Personalised security learning roadmaps
→ Security questionnaire automation with citations

Every one of these tasks used to take hours. Now they take minutes and a few tokens.

All tools and repos linked below:
🔗 https://github.com/transilienceai/communitytools
🔗 https://github.com/transilienceai/shasta
🔗 https://vulns.transilienceapi.com/docs

Watch full YouTube Video: https://www.youtube.com/watch?v=J32LYXEZjp8
Subscribe: https://www.youtube.com/

04/27/2026

The AI supply chain RAG, agents, production systems is one of the most complex and least understood attack surfaces in security today.

Testing it rigorously, and making sense of what's truly at risk, demands offensive security thinking at its deepest.

This August, KK Mookhey, Founder & Group CEO of Network Intelligence, brings that to the Black Hat stage. Two days of intensive, hands-on training on adversarial AI red teaming the entire AI supply chain, from architecture to production.

The session is open for registration. Details below:
🗓 August 1–2, 2026
📍 Mandalay Bay, Las Vegas
🔗 Register Now: https://blackhat.com/us-26/training/schedule/? -ai-red-teaming-the-entire-ai-supply-chain---from-rag-to-agents-to-production-50434

04/25/2026

𝗩𝗲𝗿𝗰𝗲𝗹 𝘄𝗮𝘀 𝗵𝗮𝗰𝗸𝗲𝗱 𝘁𝗵𝗶𝘀 𝘄𝗲𝗲𝗸.
OpenAI, Nike and Meta all run on Vercel. And a single OAuth token from a third-party app just exposed internal environment variables across the platform.

Here is the attack chain:
Vercel employee signs up to Context.ai with their enterprise Google account → clicks Allow All
→ Context.ai gets hit by an info stealer in March
→ OAuth token stolen
→ attacker enters Vercel internal systems
→ enumerates every environment variable not marked sensitive
→ API keys, database credentials and tokens exposed in plain text.

The sensitive flag was opt-in. Most were not flagged. Shiny Hunters listed the data on breach forums for $2 million.

If you use Vercel, do this right now:
→ Rotate every environment variable not marked sensitive
→ Flip all variables to sensitive. Vercel has now made this the default.
→ Check Google Workspace admin for Context.ai OAuth access and revoke it

One employee. One third-party app. One misconfigured flag. That is all it took.

Subscribe for weekly threat intelligence: https://www.youtube.com/

04/21/2026

𝗕𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝘄𝗶𝘁𝗵 𝗔𝗜 𝗶𝘀 𝗲𝗮𝘀𝘆. 𝗦𝗲𝗰𝘂𝗿𝗶𝗻𝗴 𝗔𝗜, 𝗻𝗼𝘁 𝘀𝗼 𝗺𝘂𝗰𝗵.

One critical component most organisations are overlooking right now: MCP. Model Context Protocol.

MCP went from 100,000 to 97 million downloads a month in 18 months. It is the USB-C of AI, connecting your agents to Jira, Slack, HubSpot, databases and more.

In the last 60 days alone, 30 critical vulnerabilities were found in MCP-supporting software. A security firm analysed 7,000 MCP servers and found 36.7% had a critical vulnerability.

Here are the 6 risks every security professional needs to understand right now:

🔸 Tool Poisoning
MCP servers expose tool descriptions to your AI agent. That description can be poisoned, causing your agent to malfunction silently.

🔸 Prompt Injection
Hidden instructions inside documents, tool outputs and data returned by MCP servers. No exploit needed. Just social engineering your AI.

🔸 Token Mismanagement
Hard-coded credentials, long-lived tokens, secrets sitting in model memory and protocol logs. One prompt manipulation and your entire auth boundary collapses.

🔸 Supply Chain Attacks
5,800 MCP servers sit in public registries. Most are unvetted. Think LiteLLM and Axios. If your MCP depended on those packages, your MCP is now compromised.

🔸 Shadow MCP
Your finance team could be running an MCP server right now and you would not know it. No audit. Full permissions. Completely exposed to prompt injection.

🔸 Excessive Agency
Do not give AI agents write access to production systems. MCP makes this tempting. It is also how you lose control of your crown jewels.

MCP is becoming one of the most popular components in AI infrastructure. It is also becoming one of the biggest security exposures for most organisations.

Three actions to take this week:
→ Run an MCP scan across your environment
→ Review the OWASP MCP Top 10
→ Add MCP as a key risk in your AI governance framework

Subscribe for weekly AI security insights:
https://www.youtube.com/

Network Intelligence

05/25/2026

05/18/2026

05/16/2026

05/14/2026

05/12/2026

05/05/2026

05/01/2026

04/27/2026

04/25/2026

04/21/2026

Address

Telephone

Website

Alerts

Contact The Business

Shortcuts

Share

Category