Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most threat modeling assumes the attacker has to break something. AI agents change that assumption. An attacker who controls a prompt can make the agent misbehave without breaking anything at all. The prompt can be a customer support ticket the agent reads, a document it retrieves, or a tool response it processes — any input the agent treats as context is an attack surface. On Kubernetes, that attack surface has physical form.

Your platform team already runs a production-readiness review on every workload that ships to Kubernetes. When the workload is an AI agent, the PRR doesn’t get thrown out — it gets a delta. Most of the items still apply; specific ones need extension when the workload is non-deterministic, calls tools dynamically, and exercises identity at runtime in ways the manifest didn’t predict.

On 2026-05-22, an attacker rewrote every repository tag across four Composer packages in the Laravel-Lang ecosystem to point at malicious commits. The affected packages are laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, and laravel-lang/actions. The rewrite took place on 2026-05-22 into the early hours of 2026-05-23. Every malicious commit makes the same two-file change: one entry added to composer.json, and one new file at src/helpersphp.

On May 22 and May 23, 2026, an attacker republished hundreds of malicious versions under historical release tags for four community-maintained Laravel localization libraries that are published on Packagist under the laravel-lang namespace.

On May 22, 2026, we detected an active supply chain attack against Laravel-Lang. We filed a report with the maintainers immediately. The attacker published malicious version tags across three widely used repositories, injecting credential-stealing code that loads automatically via composer’s autoloader feature. What makes this particularly sneaky is that the malicious code was never committed to the official repos at all.

CMMC is one of the most modern cybersecurity frameworks out there, and while it’s limited to just the Department of Defense contractor chain, it’s still very important to know about it if you’re part of that ecosystem. After all, over 300,000 organizations are part of the defense ecosystem and DIB. The point of CMMC is simple: securing controlled unclassified information and federal contract information from top to bottom in the defense supply chain. The details are not so simple.

Author: Alexander Ivanyuk, Senior Director, Technology Generative AI in business is no longer just one chatbot in one browser tab. In many environments, it is already a mix of web-based AI apps, built-in assistants inside larger platforms, internal agents created for specific workflows and model context protocol (MCP)-connected tools that let AI reach documents, services and business systems beyond the model itself. That changes the conversation completely.

Security architects who understood the large language model (LLM) risk two years ago are now confronting a more complex problem. The enterprise AI stack has split into two distinct architectural patterns, retrieval-augmented generation (RAG) and agentic AI, and the security posture required for each is fundamentally different. Conflating them is how programs end up with coverage gaps.

Automation works well until a step needs judgment, like an alert that needs context or an exception that doesn't match any rule. Those judgment steps are where the chain breaks, and where teams lose the capacity automation was supposed to give back. Intelligent workflow automation closes that gap. It orchestrates business processes across deterministic automation, AI for triage and decisions, and human-in-the-loop checkpoints in one workflow, so the ambiguous, judgment-driven steps don't break the chain.