Cloud Security Alliance Blog

The SKILL .md file is the new package.json. And it's already compromised. Developers and business users trust Claude Skills the way engineers once trusted npm packages. Install a skill on Claude Code,claude.ai, or via the API. Extend the agent's capabilities. Ship faster. But the parallels don't stop at convenience. They extend to the attack surface.

In cybersecurity, the most damaging attacks are not always the most sophisticated. Sometimes, they begin with something as mundane as a forgotten DNS record. That reality came into sharp focus when researchers uncovered a large-scale campaign involving hijacked university subdomains across institutions including UC Berkeley, Columbia University, and Washington University in St. Louis.

Written by Sunil Gentyala, Lead Cybersecurity and AI Security Consultant, HCLTech. EXECUTIVE SUMMARY Enterprise artificial intelligence has transitioned from isolated, static Large Language Model (LLM) prompts to dynamic, multi-agent systems (MAS) operating at high levels of operational autonomy.

Varonis Threat Labs discovered SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows an attacker to steal sensitive data — MFA codes, email messages, meeting details, and private organizational files — with a single click. Varonis Threat Labs has uncovered a new three-stage vulnerability chain that turns Microsoft 365 Copilot Enterprise Search into a silent data exfiltration weapon.

Imagine telling an AI assistant: “Find me the best flight to Chicago next Thursday. Book a hotel within walking distance of the conference center, stay under my travel budget, and use my rewards points if it makes sense.” Now imagine that assistant not only making recommendations, but actually completing the purchases on your behalf. No extra approvals, switching between apps, or manually entering payment information. That is the emerging reality of agentic payments.

Cloud adoption is rapidly on the rise. that 90% of organizations will adopt hybrid clouds through 2027. There are many reasons why organizations are migrating on-premises infrastructure to the cloud. It can increase the speed and scale of computing resources, improve reliability and resilience, and save time by outsourcing the spinning up, patching, and updating of infrastructure. However, despite these benefits, it is complex to secure.

It is tempting to read Mythos as a weapon that arrived overnight. It is more useful to treat Mythos as two things at once: an audit you have already failed, and an alarm for the attacks you have not yet seen. When Anthropic unveiled Claude Mythos Preview in April 2026, the headlines wrote themselves. A model too dangerous to release. Thousands of vulnerabilities surfaced across every major operating system and browser.

AI is embedded in hiring decisions, customer service workflows, financial systems, and product development pipelines, among other essential business operations and services. AI undoubtedly comes with enhanced efficiency, scalability, and productivity, but it also brings concerns around risks, bias, transparency, reliability, and security.

Adversaries operate on a short timeline that renders traditional defense cycles obsolete. The CrowdStrike 2025 Global Threat Report reveals average eCrime breakout times dropped to just 48 minutes, with the fastest lateral movement clocked at 51 seconds. Let’s contrast this velocity with enterprise response capabilities. Data from the Automox 2026 State of Endpoint Management report indicates that half of organizations take five or more days to patch systems or cannot quantify their MTTP at all.

Introduction: MCP risks As MCP becomes the control plane for autonomous AI agents, it also introduces a new attack surface whose potential impact can extend across development pipelines, operational systems and even customer workflows. From content-injection attacks and over-privileged agents to supply chain risks, traditional controls often fall short.