🚨Zero Day Exploit Windows Shrink to Hours: Is Your Security Stack Built for an AI Accelerated Threat Landscape?

Hello from the Cloud-verse!

This week’s Cloud Security Newsletter topic: Why AI May Finally Let CISOs Simplify Their Security Stack (continue reading) 

Incase, this is your 1st Cloud Security Newsletter! You are in good company!
You are reading this issue along with your friends and colleagues from companies like Netflix, Citi, JP Morgan, Linkedin, Reddit, Github, Gitlab, CapitalOne, Robinhood, HSBC, British Airways, Airbnb, Block, Booking Inc & more who subscribe to this newsletter, who like you want to learn what’s new with Cloud Security each week from their industry peers like many others who listen to Cloud Security Podcast & AI Security Podcast every week.

Welcome to this week’s Cloud Security Newsletter

The security landscape accelerated again this week, and the numbers tell the story bluntly: what once took five months from a public vulnerability disclosure to confirmed in  the  wild exploitation now closes in under two days in 2026. That compression isn't theoretical. It's documented at ZeroDayClock.com, and it showed up in real time this week when a Chrome renderer flaw and a new ransomware initial access chain both arrived simultaneously, demanding immediate enterprise response.

Against that backdrop, this week's newsletter brings together three breaking security stories and a frank, unfiltered conversation with Caleb Sima veteran CISO, investor, and co  host of the AI Security Podcast   recorded live ahead of RSAC 2026. Caleb and Ashish Rajan (Cloud Security Podcast) cut through the conference noise to address something most vendors won't talk about: the case for radical vendor consolidation powered by internal AI teams, and why the current wave of "AI agent security" products largely can't back up their claims. [Listen to the episode]

⚡ TL;DR for Busy Readers

• Google closes $32B Wiz acquisition
  Expect tighter CNAPP + threat intelligence integration and potential licensing shifts.

• Patch Chrome now CVE 2026 3909 and CVE  2026  3910 are actively exploited zero days in Skia and V8; CISA KEV deadline is March 27. All Chromium based enterprise browsers are in scope.

• LeakNet ditches broker access New ClickFix + Deno in memory loader chain leaves minimal forensic artifacts; flag Deno.exe in non developer endpoints and tune PsExec detection rules.

• Vendor consolidation thesis gains momentum episode where Ashish Rajan & Caleb Sima argue the AI era enables CISOs to go all  in on 2–3 platform vendors and use internal AI teams to close the capability gap.

📰 THIS WEEK'S TOP 4 SECURITY HEADLINES

Each story includes why it matters and what to do next — no vendor fluff.

1. 🛡️ March Patch Tuesday: Azure MCP Server SSRF, Copilot Zero-Click Exfiltration Bug, & Two Public Zero-Days

What Happened

Microsoft's March 2026 Patch Tuesday addresses 79 security vulnerabilities, including two publicly disclosed zero-days. The most urgent concern is CVE-2026-26144, a critical information disclosure vulnerability in Microsoft Excel that can cause Copilot Agent mode to silently exfiltrate data with no user interaction requiredSeparately, CVE-2026-26118 is an elevation of privilege vulnerability in Azure MCP Server Tools (CVSS 8.8). An attacker could exploit this by sending a crafted input to a vulnerable Azure MCP Server that accepts user-provided parameters. The MCP Server then sends an outbound request to an attacker-controlled URL, potentially including its managed identity token, allowing the attacker to capture that token and inherit the permissions associated with the MCP Server's managed identity. 

Why It Matters

Two distinct cloud-AI attack vectors are in play here. First, CVE-2026-26144 represents a new class of threat: an attacker can deliver a malicious Excel file and if Microsoft 365 Copilot is enabled, trigger automatic, zero-click data exfiltration through the AI agent itself. No macro, no user action. Second, CVE-2026-26118 strikes at the emerging MCP ecosystem directly. MCP was designed to give AI agents safe, structured access to tools and data. CVE-2026-26118 shows that the protocol infrastructure itself can become an attack vector and that AI agent infrastructure expands the privilege escalation surface. For M365 Copilot deployments: patch immediately and audit Copilot Agent mode permissions. For Azure MCP implementations: update Azure MCP Server Tools and review managed identity scopes to enforce least privilege.

Sources: Talos Intelligence · Tenable · The Hacker News · SecurityWeek Zecurit Awesome Agents

2. 🚨 Google Patches Two Actively Exploited Chrome Zero Days CISA Adds Both to KEV (CVE  2026  3909 & CVE  2026  3910)

What Happened

Google issued emergency out  of  band patches for two high  severity Chrome vulnerabilities confirmed as exploited in the wild: an out  of  bounds write in the Skia graphics library (CVE  2026  3909) and an inappropriate implementation flaw in the V8 JavaScript and WebAssembly engine (CVE  2026  3910). CISA added both to its Known Exploited Vulnerabilities catalogue with a federal remediation deadline of March 27, 2026. Chrome's third zero  day pair of 2026. Technical exploitation details are restricted pending broad patch deployment.

Why It Matters

This is a patch now CVE. Skia and V8 are core rendering and execution components present across all Chromium  based browsers Chrome, Edge, Brave, Opera, and any Electron based enterprise applications. The V8 flaw carries implicit RCE risk within the browser sandbox and is a historically favoured APT initial access surface. Key actions:

• Verify the patched version is deployed fleet  wide   enterprise Chrome auto  update is frequently delayed or disabled in managed environments.

• Flag Electron  based internal tooling (Slack, VS Code, internal apps) and track vendor patch timelines for each.

• Review browser isolation and RBI policies for high  risk user populations (finance, exec, privileged users).

• Treat the March 27 KEV deadline as your internal SLA if you operate in regulated sectors or hold federal contracts.

This story also illustrates the zero day clock compression that Caleb Sima references in this week's expert interview: browser  level disclosures are now exploited within days, not weeks. Detection and patch velocity must match that pace.

Sources: CISA KEV Catalogue | The Hacker News | ZeroDayClock.com

3. 🔍 📦 LeakNet Ransomware Adopts ClickFix Social Engineering and Deno InMemory Loader drops Reliance on Access Brokers

What Happened

ReliaQuest threat intelligence published on March 17 identifies LeakNet ransomware operators adopting a previously unreported initial access chain: ClickFix lures delivered through compromised legitimate websites, paired with a Deno JavaScript runtime loader that executes a Base64  encoded payload almost entirely in memory, fingerprints the victim machine, and establishes C2. This marks a deliberate departure from initial access brokers (IABs) giving LeakNet direct, lower  cost access at greater scale. Every confirmed LeakNet incident shares a deterministic post  exploitation chain: jli.dll sideloading into Java within the USOShared directory → PsExec lateral movement → S3 bucket payload staging and exfiltration.

Why It Matters

The Deno loader is the standout technical detail. Rather than deploying custom malware, attackers install the legitimate Deno executable and use it to run malicious code via VBS and PowerShell scripts named with Romeo/Juliet naming patterns. The activity presents as normal developer tooling. Minimal forensic artifacts remain. Three strategic implications:

• Dark web IAB monitoring is no longer sufficient: LeakNet's shift to self  directed ClickFix campaigns removes the IAB dependency that previously provided early  warning telemetry for threat intelligence teams.

• Detection engineering updates required: Flag Deno.exe executing in non  developer contexts. Create detection rules for VBS/PowerShell scripts with Romeo*/Juliet* naming. Alert on jli.dll sideloading events and anomalous PsExec usage at scale.

• Use the deterministic kill chain as a containment trigger: Automated host isolation on confirmed jli.dll sideloads and anomalous PsExec activity can compress mean  time  to  contain from hours to minutes.

Sources: ReliaQuest   LeakNet Threat Spotlight | The Hacker News | BleepingComputer

4. ⚠️ Google Closes $32B Wiz Acquisition — Biggest Deal in Cloud Security History

What Happened

On March 11, 2026, Google announced the completion of its acquisition of Wiz, a leading cloud and AI security platform headquartered in New York. The deal received antitrust approval from U.S. regulators in November 2025 and from the European Commission in February 2026. Wiz will maintain its brand and continue providing cybersecurity solutions for all major cloud platforms, including AWS, Azure, and Oracle Cloud.

Why It Matters

This is the defining consolidation event in cloud security for the decade. For enterprise teams, the immediate implication is not product disruption Wiz has been explicit about multi-cloud continuity but strategic positioning. By integrating Wiz's advanced cloud security capabilities with Google's security operations platform, the company aims to provide organizations with a comprehensive defense platform designed for modern cloud and AI-driven infrastructures. The long-term question for CISOs: does a Google-owned CNAPP still serve as a neutral arbiter across your AWS, Azure, and GCP estate, or does procurement pressure shift? Wiz's $1B+ ARR base means your peer organizations are paying close attention. Evaluate your CNAPP and multi-cloud security stack posture now before renewal cycles hit during integration.

Sources: Google Press Release · TechCrunch · SecurityWeek 

🎯 Cloud Security Topic of the Week:

The Vendor Consolidation Thesis:
Why AI May Finally Let CISOs Simplify Their Security Stack

At RSAC 2026, the vendor floor will be louder, more crowded, and harder to navigate than ever. Vibe coding and AI tooling have spawned what Caleb Sima estimates to be a thousand new cybersecurity startups   all with the same marketing, the same branding, and the same AI agent claims. But beneath the noise, a structural shift is underway that smart CISOs are already moving on: the possibility of radical stack consolidation, powered by internal AI capability teams.

This week's expert conversation with Caleb and Ashish tackles the question most vendors don't want practitioners asking: what if the best  of  breed era is ending, and good  enough  plus  AI is the winning architecture?

Featured Experts This Week 🎤

• Caleb Sima -  CSO | CEO | Founder WhiteRabbit Ventures | Co-Host AI Security Podcast 

• Ashish Rajan - CISO | Co-Host AI Security Podcast , Host of Cloud Security Podcast

Definitions and Core Concepts 📚

Before diving into our insights, let's clarify some key terms:

• MCP: (Model Context Protocol)   An emerging standard for exposing tool and data APIs to AI agents. Mentioned in the transcript as a potential interoperability layer for security vendor integration, though its implementation depth varies widely.

• Zero Day Clock:  A project tracking time  to  exploitation metrics across disclosed vulnerabilities. In 2026, the median window from public disclosure to confirmed exploitation has compressed to approximately 1.5 days.

• Vibe Coding: Colloquial term for AI assisted, low  friction software development using LLMs (e.g., Claude Code, GitHub Copilot). Referenced by Caleb Sima as a driver of rapid cybersecurity startup proliferation.

This week's issue is sponsored by Push Security

Learn how browser-based attacks have evolved — get the 2026 report

Most breaches today start with an attacker targeting cloud and SaaS apps directly over the internet. In most cases, there’s no malware or exploits. Attackers are abusing legitimate functionality, dumping sensitive data, and holding companies to ransom. This is now the standard playbook. 

The common thread? It's all happening in the browser. 

Get the latest report from Push Security to understand how browser-based attacks work, and where they’ve been used in the wild, breaking down AitM attacks, ClickFix, malicious extensions, OAuth consent attacks, and more. 

💡Our Insights from this Practitioner 🔍

1. The RSA Noise Problem Is Structural And It's Getting Worse

Caleb Sima doesn't sugarcoat the RSAC experience for practitioners. With AI tooling and vibe coding lowering the barrier to startup creation, this year's show floor may have genuinely doubled in density from 2025. The challenge isn't finding good vendors, it's that all the signal  to  noise filters have failed. "I cannot tell the difference, man. I personally, who have been in this industry since its inception, cannot tell the difference because all the marketing is the same, all the branding is the same. The only thing that stands out is what gorilla marketing tactic you have decided to use at RSA." Caleb Sima

For practitioners walking the floor this year, both speakers converge on a pragmatic filter: stop evaluating vendors on their marketing pitch and start evaluating their API surface. Ashish Rajan frames it cleanly. The minimum viable question for any vendor in 2026 is whether their product is API  accessible and AI  ready. Not whether they have an AI agent story, but whether your internal AI can query, orchestrate, and automate against their platform..

2. The AI Enabled Vendor Consolidation Thesis

The most provocative idea in this week's transcript is Caleb's consolidation hypothesis   and it has teeth. The traditional argument for best  of  breed security tooling is that attackers move faster than platform vendors, so you need specialised point solutions at each layer. But that argument breaks down when AI can close the capability gap between a mediocre platform native tool and a category leading specialist. "What if I were a CISO and said, I'm done with this. I'm done with the 500 vendors that I'm dealing with. I'm going to pick one or two that solve 95% of it. I'm gonna be all in on Palo Alto. I'm gonna clear everything out. And where I'll make up the difference, I'll use AI." Caleb Sima

The logic: consolidate onto two or three major platform vendors to gain deep hooks into your data plane, drive pricing leverage through committed spend, and reduce integration overhead. Then invest in an internal AI platform team  modelled on how cloud platform teams were built in the early 2010s to build vertical automation layers on top of that standardised infrastructure.

Ashish Rajan notes this isn't purely theoretical: publicly listed security companies are already acquiring toward this vision. The key CISO  level question Caleb poses is whether the gap between a platform vendor's mediocre native capability and a best  of  breed specialist is large enough that AI cannot close it. For a growing number of security functions, his answer is: no, it isn't.

Caleb's two  part test for any product pitch at RSAC:

• Is the API accessible and cost  reasonable at agent  scale usage? Security vendors price for human  triggered queries   not 24/7 AI automation loops. Probe for usage  based pricing cliffs.

• Does AI usage of their product give me personalisation and customisation that I couldn't achieve with the platform vendor's native tool? If not, consolidate.

3. Building the Internal AI Security Platform Team

Before there was a cloud team, every business unit bought its own infrastructure. The formation of centralised cloud platform teams with governance, standardisation, and cost management was the architectural move that made cloud scale possible. Caleb argues security is at exactly that inflection point with AI. "Everyone, at least so far, is similar to an enterprise company; they're all independently working on things that help them automate. Detection response has AI in the SOC, the vuln management team has AI in scanning, red teaming has AI. They're all separate. There needs to be a centralised function that looks across all of these and finds ways of pulling these things together."   Caleb Sima

The centralised AI security platform team's mandate would span: cross team AI abstraction and cost management; identification of capability gaps that no single vertical owns (executive reporting, cross  domain risk correlation); and providing the internal "glue" that connects enterprise search (Glean, Databricks, Atlassian), security tooling APIs, and AI orchestration layers.

Ashish adds an important accessibility dimension: this function doesn't require every team member to be a terminal  level engineer. Enterprise search APIs, MCP connectors, and AI coding agents can enable security professionals with moderate technical fluency to build meaningful automation without deep programming backgrounds.

4. AI Agent Security: Still an Open Book

For practitioners evaluating the wave of AI agent security vendors at RSAC, both speakers deliver a clear  eyed verdict: the category is real, the tooling is largely not ready, and the vendor claims rarely survive first contact with hard questions.

"I ask them first: can you define to me what an agent is? And I think 70% of the people can't answer that. So then clearly you can't track it if you don't even know what an agent is or how to define an agent."   Caleb Sima

The three specific capability gaps where no vendor has a credible answer today:

• Agent observability and intent: Distinguishing a security  relevant AI action from an operational or legitimate action requires organisational context that no third  party vendor currently holds. Continuous eval loops are the only current mechanism, and they don't scale.

• Identity chain  of  custody across agent hops: In multi  agent architectures, an identity traverses five or six system hops. No current tooling provides a reliable, tamper  evident audit trail for this traversal.

• Good decision vs. bad decision detection: Full end  to  end visibility of an agent's actions does not equate to knowing whether those actions are benign or malicious. Context  aware decision classification is still unsolved at production scale.

The actionable implication: when a vendor at RSAC claims full AI agent security coverage, ask them Caleb's questions. If they can't define what an agent is in your specific deployment context (workforce laptop vs. Kubernetes production vs. MCP  connected SaaS), they cannot protect it. Treat AI agent controls as incomplete and layer in: retrieval controls, output filtering, tool use restrictions, egress monitoring, and separation of sensitive data from model context.

4. The Zero Day Clock and Why Vendor Response Time Is Now Your Problem

One of the most operationally concrete data points in this week's conversation is Caleb's reference to ZeroDayClock.com  a project tracking time  to  exploitation metrics across disclosed vulnerabilities.

The trend line is unambiguous: in 2023, the median window from vulnerability disclosure to confirmed exploitation was approximately five months. In 2026, it is approximately 1.5 days. Caleb's own example from the week: a security researcher published a blog post about a prompt injection vulnerability in a GitHub AI triage bot. Within two days, an attacker had exploited the same company using the exact technique from that post   prompt injecting the bot via the GitHub issue title, downloading open  source tooling as a payload, and establishing C2 entirely through the publicly documented chain.

This timeline compression means that patch SLAs built around 30  day or even 7  day cycles are architecturally obsolete for high  severity vulnerabilities with public PoC. The practical response is building automated patch pipeline capabilities within the security team that can identify a disclosure, assess organisational exposure, and begin deployment or compensating control activation without waiting for weekly change windows.

🧠  MENTAL MODEL OF THE WEEK

The Trust Chain Model

Developer Workstation  →  SaaS Platform  →  CI/CD Pipeline  →  Cloud IAM Role

Cloud compromises rarely start with infrastructure exploitation. They begin by breaking the weakest trust relationship in the identity chain. The attacker only needs one weak link to inherit the privileges of the entire chain. Map every trust relationship in your developer ecosystem  not just your cloud environment.

📚 RELATED RESOURCES 🎧

• ZeroDayClock.com   Track real  time time  to  exploitation metrics across disclosed CVEs

• Microsoft Sentinel UEBA Behaviors Workbook   Official deployment guide and workbook

• CISA Known Exploited Vulnerabilities Catalogue   Current KEV list including CVE  2026  3909/3910

• ReliaQuest: LeakNet Threat Spotlight (ClickFix + Deno)   Full TTP breakdown with detection guidance

• OWASP Top 10 for LLM Applications   Framework for AI/LLM risk in enterprise deployments

• Unit 42: Prompt Guardrail Evasion Research   March 2026 research on prompt fuzzing evasion rates

Podcast Episode

• AI Security Podcast   RSAC 2026 Special  - Full Episode featuring Caleb Sima and Ashish Rajan

• Cloud Security Podcast   Weekly cloud security practitioner insights from Ashish Rajan

Question for you? (Reply to this email)

🤔 Does your security team have explicit ownership of browser-based identity threats  or is the browser still a gap between IT, SOC, and identity?

Next week, we'll explore another critical aspect of cloud security. Stay tuned!

📬 Want weekly expert takes on AI & Cloud Security? [Subscribe here]”

We would love to hear from you📢 for a feature or topic request or if you would like to sponsor an edition of Cloud Security Newsletter.

Thank you for continuing to subscribe and Welcome to the new members in tis newsletter community💙

Peace!

Shilpi Bhattacharjee

Was this forwarded to you? You can Sign up here, to join our growing readership.

Want to sponsor the next newsletter edition! Lets make it happen

Have you joined our FREE Monthly Cloud Security Bootcamp yet?

checkout our sister podcast AI Security Podcast