Think before you deploy the agent.

Five Eyes agencies issue agentic AI guidance. A federal database leaks Social Security numbers. A stealthy worm poisons open source packages. OT firms are sidelined from frontier cyber models. The FBI warns of a surge in cyber-enabled cargo theft. Officials flag likely election interference as security programs face cuts. Researchers uncover a covert Python backdoor. Ubuntu’s site takes Iranian-linked DDoS fire. Cyber pros are sentenced in a ransomware case. Our guest is Andrew Carr, Global Head of Threat Management at Booz Allen, discussing how AI is accelerating cyberattacks. OpenAI joins the invitation-only club.

Today is Friday May 1st 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The Five Eyes offer agentic AI guidance. 

Agentic AI can automate useful tasks, but new multinational guidance warns it should be adopted cautiously, especially in critical infrastructure and defense. The guidance, co-authored by cyber agencies from Australia, the United States, Canada, New Zealand, and the United Kingdom, says agentic systems can reason, plan, use tools, and act without constant human oversight. That autonomy creates risks beyond traditional generative AI, including prompt injection, excessive privileges, identity spoofing, rogue agents, cascading failures, opaque decision-making, and data exposure. The agencies recommend limiting agentic AI to low-risk, non-sensitive tasks, aligning controls with existing cybersecurity programs, and avoiding broad access to sensitive systems. Key safeguards include least privilege, strong identity management, sandboxing, phased deployment, human approval for high-impact actions, continuous monitoring, red teaming, logging, and rollback plans. The central message: prioritize resilience and containment over efficiency gains.

A government database leaks social security numbers. 

The Centers for Medicare and Medicaid Services (CMS) inadvertently exposed Social Security numbers of some health care providers in a database supporting a new Medicare provider directory, according to The Washington Post. The publicly accessible database, intended to improve transparency and help seniors identify participating providers, contained sensitive identifiers linked to names. The exposure lasted several weeks before officials removed the data after notification. CMS said the issue resulted from providers entering information incorrectly and stated safeguards are being strengthened. The directory is part of a broader modernization effort led in part by Amy Gleason, but it has faced accuracy concerns and criticism from Jeff Merkley and Ron Wyden. CMS Administrator Mehmet Oz said improvements will continue to support informed coverage decisions. 

A sophisticated worm poisons open source packages. 

Mini Shai-Hulud, a sophisticated worm targeting open-source supply chains, has compromised multiple ecosystems by poisoning widely used packages including PyTorch Lightning on PyPI and the Intercom client on npm. The malware silently executes during installation, stealing SSH keys and GitHub Actions tokens and expanding into Packagist, RubyGems, and Go modules. Researchers at Socket, Aikido Security, and OX Security identified the malicious releases. The campaign focuses on developer machines and continuous integration pipelines, where stolen credentials enable deeper backdoor insertion into enterprise software builds. Polyglot development environments increase exposure because each package manager creates a separate attack surface. The incident highlights weakening trust in public registries and underscores the need for tighter dependency governance, internal mirrors, runtime monitoring, and Software Bills of Materials to limit supply-chain compromise impact.

OT firms miss out on cutting edge AI models. 

Operational technology (OT) cybersecurity firms have been excluded from restricted programs granting early access to advanced vulnerability-discovery models from Anthropic and OpenAI, raising concerns about risks to critical infrastructure. The initiatives aim to help select defenders identify software flaws before attackers gain similar artificial intelligence capabilities, but OT vendors say they were not invited to participate. Industry representatives argue the omission reflects a cultural gap between major technology firms and smaller infrastructure operators such as utilities. Experts warn OT systems face unique constraints, long lifecycles, and different vulnerability priorities, making standard disclosure processes less effective. Programs like Project Glasswing and Trusted Access for Cyber include open-source stakeholders and researchers, yet critics say excluding OT weakens coordinated defense as AI-driven threat capabilities continue to expand across critical infrastructure environments.

The FBI tracks a cyber-enabled surge in cargo theft. 

The FBI warns that cyber-enabled cargo theft is surging, with hackers targeting brokers and carriers through phishing emails, fake sites, malware, and remote access tools. The schemes abuse trucking load boards, compromised broker accounts, and stolen carrier identities to win high-value shipments. Attackers may alter federal records, double-broker loads, move goods through cross-docking or transloading, then sell them or hold them for ransom. Cargo theft caused more than $700 million in 2025 losses, up 60% from 2024.

Officials warn congress of likely election interference in the face of cuts to federal security programs. 

Army Gen. Joshua Rudd, head of U.S. Cyber Command and the National Security Agency, told the Senate Armed Services Committee that foreign interference in upcoming midterm elections is likely, citing past activity by Russia, China, and Iran. Officials said adversaries continue relying on cyber intrusions and disinformation. The Election Security Group has coordinated with the FBI and Cybersecurity and Infrastructure Security Agency since 2018, including operations disrupting Russian propaganda infrastructure before the 2024 election. A proposed budget would eliminate CISA’s election security program, raising defense concerns.

Researchers identify a stealthy Python-based backdoor. 

Researchers at Securonix identified a stealthy Python-based backdoor called Deep#Door that enables persistent remote access and surveillance on Windows systems. Delivered via a batch script that disables protections such as SmartScreen and Defender safeguards, the malware establishes persistence through registry changes, scheduled tasks, and Startup-folder scripts. It evades analysis with anti-sandbox checks and covert command channels, then supports command execution, credential theft, keylogging, and webcam access. The tool can also overwrite the Master Boot Record, indicating potential destructive capability alongside espionage use.

Ubuntu’s website suffers Iranian DDoSing. 

Canonical says its web infrastructure is facing a sustained distributed denial-of-service attack after the pro-Iran hacktivist group Islamic Cyber Resistance in Iraq, also known as 313 Team, claimed responsibility. The disruption took down Ubuntu’s main website and limited user access to downloads and accounts for hours beyond the group’s stated timeline. The attackers also issued an apparent extortion message warning the assault would continue without contact. Canonical is working to restore services, while the motive for targeting the Ubuntu developer remains unclear.

Cyber experts face jail time for ransomware. 

Ryan Goldberg and Kevin Martin were sentenced to four years in prison for deploying ALPHV BlackCat ransomware against multiple U.S. victims in 2023 alongside Angelo Martino. All three worked in the cybersecurity industry and used their professional expertise securing networks to conduct the attacks. Acting as ransomware-as-a-service affiliates, they shared proceeds with platform administrators and extorted about $1.2 million from one victim, laundering their share. Prosecutors said the campaign targeted organizations including medical providers and engineering firms and involved leaking patient data to increase pressure. Officials from the U.S. Department of Justice and Federal Bureau of Investigation said the case highlights continued enforcement against skilled insiders misusing defensive expertise for ransomware operations.

OpenAI joins the invitation-only club. 

OpenAI is preparing a limited rollout of its new GPT-5.5-Cyber model to a select group of “trusted defenders,” a move that arrives shortly after CEO Sam Altman criticized Anthropic for doing much the same with its Claude Mythos system. Altman said the model will help secure companies and infrastructure by finding vulnerabilities before attackers do, though access will initially remain tightly controlled. Independent testing by the UK AI Security Institute suggests the tool is unusually capable, completing complex cyberattack simulations end to end. The rollout follows Altman’s recent complaints that restricting advanced cyber models concentrates power in too few hands. Now, however, OpenAI appears to be running its own velvet-rope policy, checking badges at the entrance while insisting the party is for everyone’s safety. As always with tools that can both defend and break systems, the real question is not what they can do, but who gets there first.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.