The Current Risk Landscape
Your management-focused view of notable cybersecurity risks affecting organizations this month.
Last updated: May 2026
Risk Area: AI Adoption
What's Happening
Agentic AI systems are increasingly integrated into mission-critical environments, automating complex tasks and supporting operational goals.The guidance provides actionable recommendations to help organizations anticipate, assess, and mitigate agentic AI-specific risks.
Business Impact
The interconnected nature of Agentic AI introduces new cybersecurity risks, including privilege escalation, emergent behaviors, and accountability gaps.
Leadership Considerations
-
Align agentic AI risk management with existing cybersecurity frameworks and risk posture.
-
Limit agent autonomy by ensuring agents are not granted broad or unrestricted access, especially to sensitive data or critical systems.
-
Implement layered defense strategies, strong identity management, and robust oversight mechanisms.
-
Conduct comprehensive threat modeling, continuous monitoring, and regular security assessments to defend against evolving threats.
https://www.cisa.gov/resources-tools/resources/careful-adoption-agentic-ai-services
Risk Area: Operational Technology (OT) Cybersecurity
What's Happening
CISA, in coordination with the Department of War, Department of Energy, Federal Bureau of Investigation, and Department of State, released Adapting Zero Trust Principles to Operational Technology, joint guidance for organizations applying zero trust (ZT) principles to operational technology (OT). Zero trust is a modern, adaptive approach to cybersecurity that eliminates implicit trust and requires continuously validating access based on identity, context, and risk.
Business Impact
OT systems that were traditionally isolated or manually operated are now increasingly interconnected, digitally monitored, and remotely controlled. This IT-OT convergence introduces new cybersecurity risks that make perimeter-based defenses and implicit trust models inadequate for safeguarding OT systems and the critical physical processes they control.
Leadership Considerations
Entities should focus on establishing comprehensive asset visibility, proactively addressing supply chain risks, and implementing robust identity and access management while stressing the importance of layered security measures, including network segmentation, secure communication protocols, and vulnerability management.
https://www.cisa.gov/resources-tools/resources/adapting-zero-trust-principles-operational-technology
Risk Area: Government-Linked Covert Networks
What's Happening
CISA, in collaboration with other federal and international partners recognize threats posed by Chinese government-linked actors using covert networks of compromised devices in the US and across the world.
Business Impact
TTP's associated with Chinese government-linked covert networks built from compromised small-office-home-office routers, Internet of Things, and smart devices. Threat actors leverage these covert networks, including those previously tied to groups such as Volt Typhoon and Flax Typhoon, using large scale botnet infrastructures to obscure and enable reconnaissance, intrusion, command-and-control, and data exfiltration.
Leadership Considerations
Provide tailored defensive guidance to identify, baseline, and mitigate activity originating from dynamic, deniable covert networks to reduce organizational compromise by:
-
Mapping and understanding network edge devices, developing a clear understanding of organizational assets and what should be connected.
-
Baseline normal connections, especially to corporate VPNs or other similar devices.
-
Maintaining log collection and storage solutions.
-
Implement multi-factor authentication for remote connections.
Additionally, CISA recommends reviewing the following resources to strengthen defenses against similar malicious cyber activity:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113a