- Cloud Security Newsletter
- Posts
- 🚨$260M CrowdStrike + CheckPoint bet on AI Security | Blueprint for Post-Breach Modern Workspace Protection
🚨$260M CrowdStrike + CheckPoint bet on AI Security | Blueprint for Post-Breach Modern Workspace Protection
AI-enhanced workspaces have fused SaaS, agents, and cloud infra into one blast radius. This week’s Chaos Mesh CVEs, AI-security M&A, and IDE supply-chain risk show why post-breach workspace controls now matter as much as pre-breach filters.
Shilpi Bhattacharjee
September 17, 2025
Hello from the Cloud-verse!
This week’s Cloud Security Newsletter Topic we cover - Rethinking Email Security for the AI Era (continue reading)
This image was generated by AI. It's still experimental, so it might not be a perfect match!
Incase, this is your 1st Cloud Security Newsletter! You are in good company!
You are reading this issue along with your friends and colleagues from companies like Netflix, Citi, JP Morgan, Linkedin, Reddit, Github, Gitlab, CapitalOne, Robinhood, HSBC, British Airways, Airbnb, Block, Booking Inc & more who subscribe to this newsletter, who like you want to learn what’s new with Cloud Security each week from their industry peers like many others who listen to Cloud Security Podcast & AI Security Podcast every week.
Welcome to this week’s Cloud Security Newsletter
Cloud security faces a critical inflection point as AI-enhanced workspaces create interconnected attack surfaces, while critical Kubernetes vulnerabilities and supply chain attacks through developer tools demand immediate enterprise response and comprehensive post-breach protection strategies.
The convergence of AI-powered productivity tools with traditional cloud infrastructure has fundamentally altered the threat landscape. This week's news includes developments from critical Kubernetes cluster takeover vulnerabilities to sophisticated AI security acquisitions underscore why enterprises must evolve beyond perimeter-based security models toward comprehensive workspace protection strategies.
đź“° TL;DR for Busy Readers
Critical Kubernetes Risk: “Chaotic Deputy” in Chaos Mesh (four CVEs) allows cluster takeover from simple in-cluster network access; upgrade to v2.7.3 or disable the controller’s debug server
AI Security M&A Surge: CrowdStrike's $260M Pangea acquisition and Check Point's Lakera purchase signal industry shift towards AI Security
Supply Chain Alert: Cursor (AI code editor) can auto-execute tasks when opening a repo due to Workspace Trust being disabled by default RCE on folder open.
Workspace Evolution: Material Security's Rajan Kapoor explains why email security must expand to full workspace protection
Agent Security: Microsoft Copilot Studio added near-real-time runtime protection external security can approve/block actions as agents execute.
đź“° THIS WEEK'S SECURITY HEADLINES
🚨 Critical Kubernetes Vulnerability Enables Cluster Takeover
JFrog Security Research disclosed multiple critical vulnerabilities in Chaos Mesh, collectively dubbed "Chaotic Deputy" (CVE-2025-59358, CVE-2025-59360, CVE-2025-59361, and CVE-2025-59359), allowing attackers with minimal cluster network access to achieve full Kubernetes cluster takeover.
This represents a severe threat to enterprise cloud infrastructure security. The vulnerabilities are "extremely easy to exploit and lead to total cluster takeover while having only cluster network access." Three of the flaws carry critical CVSS 9.8 ratings and can be exploited even in default configurations. The exposed GraphQL debugging server lacks authentication, enabling attackers to execute chaos platform fault injections and steal privileged service account tokens across the entire cluster.
Source: JFrog Security Research
đź’° CrowdStrike Acquires AI Security Firm Pangea Cyber for $260M
CrowdStrike announced its acquisition of AI security firm Pangea Cyber for approximately $260 million, targeting close this quarter. Pangea's technology focuses on securing LLM interactions, including prompt-injection defenses and AI agent safeguards that protect against data exfiltration and tool misuse.
This signals CrowdStrike's recognition that AI agents represent a new attack surface requiring specialized endpoint protection. With AI agents increasingly deployed in CI/CD pipelines, helpdesks, and SaaS workflows, expect Falcon platform integration of AI policy guardrails, behavioral analytics for AI agent activities, and "shadow AI" detection capabilities.
Source: Wall Street Journal, Crowdstrike
đź”’ Check Point Acquires AI Application Security Leader Lakera
Check Point disclosed its acquisition of Lakera, a leading AI application security company specializing in prompt injection defense and LLM security controls. Terms were undisclosed, but Lakera is recognized as a pioneer in real-time AI threat detection and has protected major enterprises including Dropbox.
This acquisition strengthens Check Point's position in securing AI workloads at the network and application layers, reflecting the industry's shift toward specialized AI security controls as traditional network security proves insufficient for modern AI attack vectors.
Source: CheckPoint
⚠️ Critical Supply Chain Risk: AI Code Editor Enables Silent Code Execution
Security researchers disclosed that Cursor AI code editor's default configuration enables silent code execution when opening folders, with Workspace Trust disabled by default. A crafted repository can auto-execute VS Code-style tasks through malicious .vscode/tasks.json files, turning a simple "open folder" action into remote code execution.
This represents a critical supply chain attack vector targeting developer environments that often contain cloud credentials, API keys, and direct access to production systems. AI-enhanced IDEs increasingly pull remote content and execute autonomous tasks/agents, expanding the attack surface beyond traditional code repositories.
Source: The Oasis Research Team
🛡️ Microsoft Enhances AI Agent Security with Real-Time Protection
Microsoft Copilot Studio launched advanced real-time protection features in public preview, calling external security systems during agent runtime to review planned actions and block threats before execution.
This represents a significant advancement in AI agent security, addressing cross-prompt injection attacks (XPIA) and user prompt injection attacks that can trick agents into leaking data or misusing tools.
Source: Microsoft Copilot Blog
🎯 Cloud Security Topic of the Week:
The Evolution from Email Security to Comprehensive Workspace Protection
The convergence of AI-powered productivity tools with traditional cloud infrastructure has fundamentally altered the threat landscape.
Featured Experts This Week 🎤
Rajan Kapoor - Field CISO at Material Security, former Director of Security at Dropbox
Ashish Rajan - CISO | Host, Cloud Security Podcast | AI Security Podcast
Definitions and Core Concepts đź“š
Before diving into our insights, let's clarify some key terms:
Workspace Security: A holistic approach to protecting interconnected productivity applications (email, drive, chat, calendars) as a unified attack surface rather than isolated systems.
Post-Breach Protection: Security controls that protect data at rest within compromised accounts, rather than only preventing initial breach attempts.
API-Based Security: Security tools that leverage cloud service APIs to gain visibility into data at rest, account configurations, and user activities within SaaS platforms.
OAuth Scope Abuse: Attack technique where malicious applications request excessive permissions during OAuth authorization, gaining persistent access to sensitive data across multiple services.
This week's issue is sponsored by Material Security.
Protect the email, files, and accounts within Google Workspace from every angle.
Material Security unifies advanced threat detection, data loss prevention, and rapid response within a single automated platform so your lean team can do more with less.
Deploy in minutes, integrate with your SIEM, and let “set-it-and-forget-it” automation run 24/7. Gain multi-tenant visibility with enterprise-grade security without enterprise overhead.
💡Our Insights from this Practitioner 🔍
Rethinking Email Security for the AI Era
Rajan Kapoor shared a fundamental shift in how enterprises must approach workspace security during this interview. His experience at Dropbox and current role as Field CISO has helped him with a unique insight into the challenges facing cloud-native organizations and how email security is changing.
"We've been doing email security the same way for like 30 years," Rajan explains. "We've always thought about pre-breach. With email, we have never really addressed post-breach. You have to protect the data that's at rest in that mailbox."
This observation is particularly relevant given this week's developments around AI security acquisitions and advanced threats. Traditional email security focuses on preventing malicious content from entering mailboxes, but modern threats like the OAuth-based attacks bypass these controls entirely.
The Interconnected Threat Landscape
The convergence of modern productivity tools creates new attack vectors that traditional security models don't address. Rajan's analysis reveals why the industry's $260M+ investment in AI security makes strategic sense:
"With the copilots, they're going to go and look at all the data your employees have access to and answer questions based on that data. So if someone in the HR department incorrectly shared payroll data... the co-pilot's gonna see that, see that you have access to it and bring it back for you."
This echoes perfectly in why recent news like CrowdStrike's Pangea acquisition highlights the shifting focuses on AI agent safeguards. As AI systems gain broader access to organizational data, the blast radius of security failures expands exponentially.
From Email Security to Workspace Security
Rajan's team has evolved their approach from email-specific controls to comprehensive workspace protection:
"That's why we've moved from calling it email security to just workspace security. If you just focus on email security, you're looking at half the problem, not the full problem. You're leaving out what's in drive, what's happening with your accounts."
This evolution reflects the reality that modern attacks don't respect application boundaries. The Chaos Mesh vulnerabilities from the news section demonstrate this principle at the infrastructure level; attackers with minimal cluster access can compromise entire Kubernetes environments.
API-Based Security: Regaining Visibility
One of Rajan's most compelling insights addresses a fundamental challenge in cloud security:
"When we moved to SaaS as a security industry, we lost control of the infrastructure... we lost access to the data at rest and we're finally getting access back to that data at rest through APIs."
This API-based approach enables security teams to:
Inspect data classification within cloud applications
Monitor sharing permissions and access patterns
Detect suspicious OAuth applications and account activities
Implement post-breach controls that limit data exfiltration
Practical Implementation Strategy
For security leaders evaluating their current approach, Rajan recommends moving beyond traditional detection-focused tools:
"Don't just replace your email gateway with another email gateway. Start to think about post-breach protection. Start to think about if you're thinking about browsers, think about DLP in the browser itself, and controlling data in and out of that browser."
This advice aligns with Microsoft's new real-time protection features for Copilot Studio from this week’s news section on how the industry is recognizing that static, perimeter-based controls are insufficient for dynamic, AI-enhanced environments.
The Collaboration Challenge
Rajan also addresses a critical organizational challenge that many CISOs face:
"You have multiple teams, multiple tools. It's gonna be a bad time. How do we reduce the friction between these two teams working together? The way you do that is reducing the complexity, reducing the number of tools, and reducing the manual work that you're doing to get your coverage."
This insight is particularly relevant as organizations deploy more AI-powered security tools. The goal should be consolidation and automation, not additional complexity.
Material Security Workspace Protection Guide - Comprehensive approach to post-breach workspace security
CISA Kubernetes Security Guidance - Official guidance on container security best practices
OWASP AI Security Project - Framework for AI application security controls
Microsoft Copilot Security Documentation - Real-time protection implementation guidance
Question for you? (Reply to this email)
Should Organization’s Security strategy include modern productivity applications, as an important part?
Next week, we'll explore another critical aspect of cloud security. Stay tuned!
📬 Want weekly expert takes on AI & Cloud Security? [Subscribe here]”
We would love to hear from you📢 for a feature or topic request or if you would like to sponsor an edition of Cloud Security Newsletter.
Thank you for continuing to subscribe and Welcome to the new members in tis newsletter communityđź’™
Peace!
Was this forwarded to you? You can Sign up here, to join our growing readership.
Want to sponsor the next newsletter edition! Lets make it happen
Have you joined our FREE Monthly Cloud Security Bootcamp yet?
checkout our sister podcast AI Security Podcast