Security awareness briefing · 2026

Why This Year
Is Different

The threat environment changed. Here's the data, what it means for your team, and what you can actually do about it.

Based on 97 catalogued incidents at airekt.news · scroll or press ↓ to continue

Background

Security training has always existed.

You've done the annual compliance modules. "Don't click suspicious links." "Use a strong password." "Don't plug in random USB drives." You know the drill. Some of you could pass the quiz in your sleep.

Here's the problem: those trainings were designed for a world where attackers were slower, dumber, and less organized. They assumed a human on the other end typing phishing emails with bad grammar and obvious red flags.

That world no longer exists.

The attacks happening right now would sail past every scenario in your last security training. Not because the training was bad. Because the attackers got better, faster.

What changed

AI made attackers
orders of magnitude faster.

Attackers now use AI to find vulnerabilities, write exploit code, craft convincing phishing emails, and impersonate real people. The same technology that helps you write emails and summarize documents helps them break into companies.

3h 44m From vulnerability disclosure to active exploitation of PraisonAI (May 2026)
20h From advisory to exploitation of Langflow (March 2026)
6 min Window to poison 170 software packages in the TanStack attack (May 2026)

The model

Security works in layers.
Breaches happen when the holes line up.

This is the Swiss cheese model. Every organization has multiple layers of defense: physical security, network security, host security, application security, data security, and the human layer. Each layer has gaps. No single layer is perfect. A successful attack threads through holes that happen to align across every layer at once.

Swiss cheese model diagram showing 6 defense layers — Physical, Network, Host, Application (with AI-enlarged gaps), Data, and Human Layer (strengthen here). A red dashed attack path passes through aligned holes.

AI made the holes in the technical layers bigger. Automated vulnerability scanning finds application and network bugs faster than teams can patch them. AI-crafted phishing bypasses email filters trained on older patterns. AI can brute-force host configurations that used to take weeks to enumerate.

When the outer walls thin out, the inner walls matter more. Data security practices and the human layer — that's you — have to get stronger to compensate. Shore up every defense you control.

The data

The window between "vulnerability found"
and "someone exploits it" is collapsing.

Attackers used to need days or weeks to weaponize a new vulnerability. AI-assisted scanning and exploit generation compressed that to hours. For the teams responsible for patching, this means there is essentially zero grace period.

Source: Sysdig TRT, CISA KEV database, airekt.news incident catalog. Bars show time from public advisory to first observed exploit activity.

The data

The pace of serious incidents
is accelerating.

97 incidents catalogued in five months. Many of these weren't the kind of breach that makes news for a day and disappears. Supply chain attacks that poisoned software used by millions. Ransomware that froze pharmaceutical manufacturing. AI agents that deleted production databases in under 10 seconds.

What it costs

These aren't abstract numbers.

Bybit (Feb 2026)
$1.5B stolen
KelpDAO / Lazarus (Apr 2026)
$292M stolen
Drift Protocol (Apr 2026)
$285M stolen
Canvas / ShinyHunters (May 2026)
275M student records
West Pharma ransomware (May 2026)
$30M–$100M
Foxconn / Nitrogen (May 2026)
8TB design files (Apple, NVIDIA, Intel)

North Korea alone stole over $6.5 billion in crypto through these techniques. These operations fund weapons programs. This is not hypothetical risk.

Why this matters to you personally

If you're not in a technical role,
you are probably the primary target.

Attackers don't break in through the firewall anymore. They break in through people. A finance team member who clicks a convincing invoice. An HR coordinator who opens a "resume" PDF. A sales rep who responds to a spoofed email from their "CEO."

How attacks actually start in 2026

  • AI-generated emails that perfectly mimic your coworker's writing style
  • Deepfake video calls that look and sound like your manager
  • Poisoned documents that run code when opened
  • Compromised software updates from tools you use daily
  • Social engineering over Teams, Slack, or phone

What old trainings prepared you for

  • Nigerian prince emails
  • Obvious fake login pages
  • USB drives in the parking lot
  • Weak passwords
  • Leaving your laptop unlocked

These still matter. But they're no longer the main threat.

Action items

Do your part. Seriously.

1

Don't leak data

Don't paste internal documents, customer data, source code, or credentials into public AI chatbots. Don't email spreadsheets of customer info to your personal account. Don't screenshot internal dashboards for social media. One leak can cascade.

2

Verify unusual requests

If your "CEO" emails asking for a wire transfer, call them. If IT "needs your password," they don't. If a vendor sends an unexpected attachment, verify through a different channel. Attackers count on urgency to bypass your judgment.

3

Report anything weird

Got access to a system you shouldn't? Saw a coworker's account do something odd? Received a message that felt off? Report it. False alarms cost nothing. Missed real incidents cost everything.

4

Escalate access issues

If you can see data that seems above your pay grade, say something. If a permission change gave you access to a system you've never used, that might be an attacker testing the waters. This is no longer optional. It's required.

5

Use MFA everywhere

Multi-factor authentication. On everything. Your email, your file storage, your internal tools. Use an authenticator app, not SMS. A single stolen password should not be enough to get into anything important.

6

Keep software updated

Those update prompts you keep dismissing? Some of them patch vulnerabilities that attackers are actively exploiting. The Exchange OWA zero-day in May 2026 was being exploited before the patch dropped. Install updates promptly.

Culture

Look out for each other.

Security is only as strong as your weakest link. That's not a cliche. It is the literal operational reality of every breach on this list.

Other people on your team might not be as cautious as you. They might not read security briefings. They might reuse passwords. They might not think twice about clicking a link in a Teams message.

Your job is not just to protect yourself. It's to create a culture where everyone around you takes this seriously. That means:

If you see a colleague about to do something risky, say something. Kindly.
Share articles and resources. airekt.news catalogues real incidents with plain-language writeups.
Talk to the security team. Ask them questions. They'd rather answer 50 "dumb" questions than deal with one breach.
Take it personally. If your account gets compromised, it's not just your problem. It's everyone's problem.
Encourage the people around you. Security fatigue is real. Fight it by making security conversations normal, not scary.

This is not optional anymore.

Attackers are using AI. Response windows are measured in hours, not weeks. A single compromised account can cascade into a company-wide incident. The organizations that take this seriously will survive. The ones that treat security training as a checkbox will end up on a list like this.

97 incidents catalogued
in 5 months
$2B+ stolen in crypto
alone since Feb 2026
3h 44m fastest advisory-to-exploit
in 2026

Educate yourself. Read the incidents. Talk to experts. Do your part.

Read the full catalog → Educational version →

Built with data from airekt.news · share freely