CISO Intelligence — 2 February 2026

Executive threat briefing (inverted pyramid). 3 key developments + one “patch-or-die” addendum.

---

The lead: CISA leadership just demonstrated the AI governance failure you’re trying to prevent

Madhu Gottumukkala, Acting Director of CISA — the US agency tasked with protecting federal civilian networks — uploaded “For Official Use Only” contracting documents into public ChatGPT last summer. The incident surfaced this week after it triggered internal DHS security warnings and a review.

If you’re a CISO, don’t file this under “political embarrassment” or “someone else’s problem.” This is the failure mode you should assume is already present in your organisation: senior leaders using consumer AI tools because they are fast, familiar, and frictionless — and the organisation discovering it only after an automated signal fires (DLP, proxy logs, CASB alerts, legal escalation, or the inevitable “why is this document in ChatGPT?” moment).

Why it matters (practically): AI governance is not a policy document; it’s an enforced set of behaviours. In most enterprises, the most dangerous users are not junior staff — it’s executives and senior specialists with broad access, high confidence, and a habit of bypassing process when deadlines bite. If the top cyber leader in the US federal system can make this mistake, assume your own C‑suite will do it unless you make safe behaviour the path of least resistance.

The uncomfortable CISO lesson Most organisations are trying to manage AI risk with awareness training and a PDF. That won’t work. AI data loss is “low ceremony” — a paste, a file upload, a browser extension — which means it will happen at scale unless you have controls that are observable, enforceable, and consequence‑bearing.

What you should do this week (CISO actions)

1) Audit executive AI usage in reality, not in theory

Identify who has access to public GenAI services (browser access, mobile access, corporate SSO exceptions) and what they’re using them for.

Compare that to your official policy; treat the delta as your real risk surface.

Don’t accept “I only use it for harmless stuff” as evidence. Measure behaviour.

2) Instrument for “AI exfiltration” like you instrument for cloud exfiltration

Implement DLP / CASB detection for uploads of sensitive content to consumer AI endpoints.

If you can’t block, at least log + alert, and route those alerts to someone who will act.

Decide what constitutes “sensitive” in an AI context: contracting docs, customer data, M&A, source code, security configs, vulnerability reports, internal incident notes.

3) Create a sanctioned alternative that is easier than the risky one

If you only say “don’t use public ChatGPT,” you’ve guaranteed shadow usage.

Provide an approved workflow (enterprise GenAI tenant, private model, redaction layer, restricted prompts) with a clear escalation path.

4) Remove the “special exception” culture

The fastest way to break governance is to let senior people opt out.

Create one exception path with explicit sign‑off and periodic review; otherwise, no exceptions.

5) Treat AI misuse as an executive performance issue

If a senior leader repeatedly violates AI data-handling rules, that’s not “training required.” It’s governance failure.

Make the expectation explicit: security policy applies to the most senior people first.

Context (brief) After 33 years in this business, what stands out isn’t the technology — it’s judgement and process. We’re watching security leadership itself demonstrate the gap between “AI policy” and actual behaviour. CISOs who only publish guidelines will lose. CISOs who implement controls and accountability will win.

---

Microsoft Office zero-day: patch now, assume phishing delivery

Microsoft issued an emergency out‑of‑band patch for CVE‑2026‑21509, an Office zero‑day under active exploitation. The issue is a bypass of OLE security mitigations — in plain terms, a legacy compatibility surface becomes the entry point.

Why this matters to a CISO: Office remains the single most reliable initial‑access channel in most enterprises because it’s a business necessity, widely deployed, and constantly exposed to external content. A bypass of built‑in mitigations means your “safe defaults” are no longer safe.

Operational reality: this is the classic delivery pattern (crafted Office docs + social engineering) with modern tradecraft (bypassing built‑in controls). Treat it as “likely in your environment unless proven otherwise,” particularly if you have high‑value users who receive external documents as part of their job.

Immediate actions (prioritised)

1) Patch Office across endpoints and VDI

Confirm coverage for Office 2016 → Microsoft 365.

Verify patch success (don’t rely on “assigned” status in your tooling).

Don’t forget non‑standard fleets: kiosk machines, contractor laptops, labs, golden images.

2) Harden email and collaboration attachment handling for 7–10 days

Tighten attachment policies temporarily (block risky file types, enforce Protected View, increase sandboxing).

Apply the same posture to Teams/SharePoint “file shares” if your environment allows external documents through those paths.

Increase scrutiny of newly‑registered domains and reply‑chain attacks.

3) Hunt for likely exploitation signals

Focus on initial access: attachment open events, unusual child processes, persistence attempts.

Review any recent “user reported suspicious document” tickets and correlate.

If you have EDR, ensure the Office exploit detections are current and that alert routing is functioning.

4) Assume follow‑on actions

Office exploitation typically leads to credential access, token theft, lateral movement, and mailbox collection.

If you can, increase monitoring for abnormal authentication and mailbox rules creation.

Strategic takeaway Compatibility layers are becoming the battleground. Every “legacy feature we need for the business” is also a surface threat actors will target precisely because it’s hard to remove. Your job is to make patching and containment faster than their exploitation cycle.

---

FBI takedown of RAMP: a real disruption window, but don’t over‑celebrate

The FBI seized RAMP (Russian Anonymous Marketplace) on 28 January, disrupting one of the key forums used by ransomware groups to recruit affiliates and trade access. This is meaningful: it creates friction and forces threat actors into less stable coordination channels.

Why it matters: markets and forums like RAMP are where ransomware ecosystems coordinate the mundane work that makes them effective — affiliate recruitment, initial access brokerage, tooling exchange, reputation building, and “who pays” intelligence. When you take down that plumbing, you don’t stop the adversary, but you do slow their operational tempo.

But: the right CISO posture isn’t “great, ransomware is solved.” It’s “we have a short window where adversary operations are less efficient — use it.” History suggests these communities re‑form, often with improved operational security. The advantage window is real but short.

Defensive actions to take during disruption

Accelerate hardening work you’ve been postponing: privileged access review, MFA enforcement, backup immutability tests, disable legacy protocols.

Validate ransomware readiness: tabletop the first 6 hours, confirm containment roles, confirm restore paths, validate who can actually approve shutdown decisions.

Watch for compensating behaviour: some actors will increase targeting pressure to recover lost infrastructure.

Use intelligence pragmatically: track where the community migrates (Telegram, smaller forums), but don’t over‑invest in forum drama; invest in controls.

---

Addendum: VMware vCenter (CVE‑2024‑37079) — patch‑or‑die category

CVE‑2024‑37079 in VMware vCenter Server is now in the KEV catalog with active exploitation reported. There are no credible workarounds.

Why it’s dangerous: vCenter is control‑plane infrastructure. If an attacker gets code execution there, they don’t just get “a server” — they get leverage over your virtual estate: inventory, networking, snapshots, and potentially a path to mass impact.

If you run vCenter: treat this as “external attackers will try it,” and ensure patching is verified, not assumed.

Actions - Confirm exposed management interfaces are not internet‑reachable. - Patch and then validate version/build, not ticket completion. - Increase monitoring for anomalous admin actions and unexpected service restarts.

---

Bottom line

This week’s pattern is consistent: governance failure at the top, exploitation of legacy surfaces, and ecosystem disruption that creates a short defensive advantage. The winning move is not commentary — it’s fast, verified execution of controls.

---

Jonathan Care — Lead Analyst, KuppingerCole*

33 years cybersecurity experience | Former Gartner Senior Director Analyst*