Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE's major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks.

Here are five things you need to know for the week ending November 7.

1 - Google: In 2026, AI tools will become mainstream for cyber attackers and cyber defenders

By next year, AI tools won’t be novel. They’ll be standard issue for threat actors and for cyber teams, as the AI arms race irreversibly transforms the cybersecurity landscape.

That’s one of the main insights from Google’s “Cybersecurity Forecast 2026” report, published this week. “2026 will usher in a new era of AI and security, both for adversaries and defenders,” the report reads.

“While threat actors will leverage AI to escalate the speed, scope, and effectiveness of attacks, defenders will also harness AI agents to supercharge security operations and enhance analyst capabilities,” it adds.

In other words, get ready for a new level of sophistication and stealth across all type of attacks, including social engineering campaigns. For example, fraudsters will craft hyperrealistic vishing messages using AI-driven voice cloning to impersonate executives or IT staff.

In addition to using AI technology, attackers will also seek to compromise and leverage victims’ AI systems, particularly via prompt injection attacks, which tamper with an AI system to bypass its own security protocols. 
 

“We anticipate a rise in targeted attacks on enterprise AI systems in 2026, as attackers move from proof-of-concept exploits to large-scale data exfiltration and sabotage campaigns,” the report reads.

Hackers will also adopt agentic AI systems, which act autonomously, to automate and scale up attacks across the entire attack lifecycle. They’ll also hunt “shadow” agentic AI tools used by employees without their organizations’ knowledge, and compromise them to steal confidential business data. 

However, cyber defenders will also augment their use of AI. Google envisions the emergence of agentic SOCs where security analysts increasingly deploy AI agents to correlate data and summarize incidents.

This shift will require organizations to adopt a new "agentic identity management" framework so that the privileges, access and permissions granted to AI agents aren’t excessive and comply with least-privilege principles and with just-in-time access controls.

To meet the challenge, Google recommends that cybersecurity teams adopt proactive, multi-layered cyber defenses, beef up their AI governance, and continuously adapt their security tactics as threats evolve.

The report also covers trends in cybercrime and in nation-state cyber threats.

For more information about AI security, check out these Tenable Research blogs:

• “Frequently Asked Questions About DeepSeek Large Language Model (LLM)”
• “Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications”
• “Frequently Asked Questions About Vibe Coding”
• “AI Security: Web Flaws Resurface in Rush to Use MCP Servers”
• “CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison)”

2 - MITRE ATT&CK update tackles Kubernetes security, CI/CD threats and more

MITRE has released the latest version of its widely used ATT&CK framework, adding and deepening coverage of threats against Kubernetes clusters, CI/CD pipelines, and cloud databases.

MITRE ATT&CK version 18 also has enhanced guidance for protecting software supply chains, cloud identities, and edge and virtualization systems.

Also new in this popular knowledge base of adversary tactics, techniques and procedures: A new approach for attack detections via a more structured, behavior-focused model. 

“We’ve spent the last six months focused on making ATT&CK more usable and actionable for defenders,” reads a MITRE blog about the framework’s update.
 

Here’s just a small sampling of new framework components:

• Technique 1059.013: Command and Scripting Interpreter: Container CLI/API addresses how attackers execute commands, pull images, spin up pods, and steal cloud credentials using the Docker command line interface (CLI), Kubernetes application programming interfaces (APIs), and container software development kits (SDKs).
• Technique 1677: Poisoned Pipeline Execution outlines how attackers poison CI/CD pipelines by altering configuration files, corrupting build scripts, and creating malicious pull requests that leak secrets and inject compromised components.
• Technique 1636.005: Protected User Data: Accounts details how adversaries collect account data from compromised mobile devices. For example, on Android, they abuse the AccountManager API to list accounts; while on iOS, they leverage Keychain services.
• Three new asset types expand ATT&CK’s industrial control system (ICS) equipment coverage:
  • Asset 0017: Distributed Control System (DCS) Controller, representing microprocessor units that manage large-scale, continuous industrial processes, and that operate within coordinated networks of controllers, software and operator stations.
  • Asset 0016: Firewall, representing gateways that enforce network access policies and that are critical in ICS environments for segmenting ICS from business networks, restricting ingress and egress, and defining security zones to limit attacker movement.
  • A0015: Switch, representing network devices that connect endpoints, including workstations, servers, human-machine interfaces (HMIs), and programmable logic controllers (PLCs), and forward traffic at the Open Systems Interconnection (OSI) Layer 2 or 3 using MAC or IP addresses. 

In addition, MITRE ATT&CK now also features information about multiple new threat groups, software tools, and campaigns.

To get more details, read:

• The blog “ATT&CK v18: The Detection Overhaul You’ve Been Waiting For”
• The changelog detailing what’s new in MITRE ATT&CK version 18
• The release notes for MITRE ATT&CK version 18

3 - McKinsey's playbook: Treat Agentic AI like a "digital insider"

Is your organization spinning up autonomous AI agents? Then it’s time for the IT and cybersecurity teams to learn how to mitigate their significant cyber risks.

To that end, McKinsey recently published a playbook for technology leaders tasked with securing agentic AI tools, stressing that, unlike other tools, these ones act as “digital insiders” operating with various degrees of privilege and authority.

“Just like their human counterparts, these digital insiders can cause harm unintentionally, through poor alignment, or deliberately if they become compromised,” reads the document titled “Deploying agentic AI with safety and security: A playbook for technology leaders.”

^{(Image created by Tenable using Google Gemini)}

Unlike traditional systems, these AI agents can make decisions and interact with systems and other agents, creating novel vulnerabilities and new risk drivers, including: 

• Chained vulnerabilities, where a flaw in one agent cascades to others
• Cross-agent task escalation, where malicious agents exploit trust to gain unauthorized privileges
• Synthetic-identity risk, where adversaries impersonate agent identities
• Untraceable data leakage from autonomous agent-to-agent communication
• Data corruption propagation, where flawed data silently undermines decision-making across multiple agents

So how can technology and security leaders, including CIOs and CISOs, mitigate these severe risks? McKinsey recommends a three-phase playbook:

• Prior to deployment: Organizations must update their core AI policy, risk management frameworks, and governance structures to specifically address the risks of autonomous agents. This includes defining roles, access management, and accountability.
• Prior to launching a use case: Leaders must establish a central AI portfolio management system for oversight and ensure the organization has the necessary security skills and resources to manage agentic systems.
• During deployment: This phase requires implementing technical and procedural controls, including:
  • securing agent-to-agent communications
  • applying robust identity and access management (IAM) to agents
  • ensuring complete traceability by logging all agent actions and decisions for audits
  • creating contingency plans with sandbox environments to isolate agents that fail or behave unexpectedly

In short, McKinsey cautions against making agentic AI security an afterthought, and urges security and technology leaders to start assessing the current adoption of these tools in their organizations and begin planning how to secure them.

“The agentic workforce is inevitable. As more companies adopt AI agents, new challenges for maintaining the confidentiality and integrity of data and systems will arise,” the document reads.

For more information about AI security, check out these Tenable resources:

• “2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud” (on-demand webinar)
• “Cloud & AI Security at the Breaking Point — Understanding the Complexity Challenge” (solution overview)
• “Exposure Management in the realm of AI” (on-demand webinar)
• “Expert Advice for Boosting AI Security” (blog)
• “AI Is Your New Attack Surface” (on-demand webinar)

4 - Alert: Patch your on-prem Exchange servers now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other global cyber agencies are sounding the alarm: Attackers are relentlessly hammering vulnerable on-prem Exchange servers.

If you're running them, stop what you're doing and check the new "Microsoft Exchange Server Security Best Practices" guide.

“Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of compromise,” CISA said in a statement.
 

The document guide stresses the importance of keeping your servers updated and applying security patches immediately.

The guide also strongly advises organizations to migrate from “end of life” Exchange versions that Microsoft no longer supports nor provides security updates for. 

Other critical steps include ensuring the Emergency Mitigation (EM) service is enabled for automatic fixes; applying security baseline configurations; and using either built-in or third-party antivirus, anti-spam and anti-malware software.

Other key recommendations include:

• Leverage OAuth 2.0 and enable multi-factor authentication (MFA).
• Configure the Extended Protection (EP) feature to mitigate adversary-in-the-middle and authentication relay attacks.
• Restrict access to Exchange administrative environments, such as the Exchange Admin Center (EAC).

“This guidance empowers organizations to proactively mitigate threats, protect enterprise assets, and ensure the resilience of their operations,” Nick Andersen, Executive Assistant Director for the Cybersecurity Division at CISA, said in a statement.

For more information about securing Exchange, SharePoint and other Microsoft products, check out these Tenable resources:

• “CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability”
• “Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)”
• “Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)”
• “CVE-2025-53770: Frequently Asked Questions About Zero-Day SharePoint Vulnerability Exploitation”
• “Service Accounts in Active Directory: These OG NHIs Could Be Your Weakest Link”

5 - CIS Benchmarks get a refresh

Time to harden your software configurations. The Center for Internet Security (CIS) just updated its gold-standard Benchmarks.

The following CIS Benchmarks were updated:

• CIS Google Android Benchmark v1.6.0, which now features updated guidance mirroring the Apple iOS Benchmark
• CIS Microsoft Windows Server 2016 Benchmark v4.0.0, which gained 13 new security settings
• CIS Oracle MySQL 8.0 Enterprise Edition Benchmark v1.5.0, which backports a recommendation for FIPS 140-2 Open_SSL Cryptography

In addition, CIS released these brand new Benchmarks:

• CIS FortiGate 7.4.x Benchmark v1.0.0
• CIS Sophos Firewall v21 Benchmark v1.0.0

Meanwhile, various Linux distributions now have Build Kits, which are tools that automate the CIS Benchmarks’ configuration process:

• CIS Alibaba Cloud Linux 3 Benchmark v2.0.0
• CIS AlmaLinux OS 8 Benchmark v4.0.0
• CIS Oracle Linux 8 Benchmark v4.0.0
• CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0
• CIS Rocky Linux 8 Benchmark v3.0.0

To get more details, read the CIS blog “CIS Benchmarks Monthly Update October 2025.” For more information about the CIS Benchmarks list, check out its home page and FAQ, as well as:

• “Getting to Know the CIS Benchmarks” (CIS)
• “Security Via Consensus: Developing the CIS Benchmarks” (Dark Reading)
• “How to Unlock the Security Benefits of the CIS Benchmarks” (Tenable)
• “CIS Benchmarks Communities: Where configurations meet consensus” (Help Net Security)
• “CIS Benchmarks: DevOps Guide to Hardening the Cloud” (DevOps)