Exposure Brief

Exposure Brief

Home
Archive
Leaderboard
About

March 2026

GitHub Copilot Used Its Access to Your Codebase to Run Ads
The vendors you trust with access to your systems are changing the terms of that access faster than your governance can track.
  Thomas Harrison
A Federal Court Just Made AI Vendor Guardrails Legally Enforceable
Accountability for AI systems crossed from theory to enforcement this week.
  Thomas Harrison
RSAC 2026 Proved That AI Coding Tools Operate Outside Every Security Control You Have
Check Point demonstrated six CVEs across Claude Code, Cursor, Codex, and Gemini CLI. The same week, a supply chain attack cascaded across five DevSecOps…
  Thomas Harrison
AI Is Now Part of the Attack Lifecycle. Governance Gaps Remain the Root Cause.
Mandiant documents AI-enabled malware in the wild. A popular AI library was compromised on PyPI. Meta's agent went rogue. Financial regulators are…
McKinsey Hired an AI Agent to Test Its Security. It Found Full Database Access in Two Hours.
Meta’s AI agent triggered a Sev-1. A supply chain attack hit 300,000 AI agent users. The visibility gap is now an active attack surface.
You Were Just Asked to Audit Every AI Tool in Your Organization. Now What?
85% of enterprises deployed AI. Only 25% can see what employees are doing with it.
Who Writes for You?
The CISO reads Dark Reading. The board reads Gartner. The CEO reads Morning Brew. You now have Exposure Brief.
© 2026 Common Nexus LLC · PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture