Anthropic adds mandatory 30-day traffic retention

Anthropic adds mandatory 30-day traffic retention

Frontier AI access is starting to look like a gated system, and the price is visibility. Anthropic's latest model release makes thirty day data retention a requirement, signaling a broader shift in how advanced AI will be governed and consumed. For security and IT leaders, this is not just a policy change. It directly affects how AI can be used in sensitive workflows, what data is exposed to vendors, and how much control teams retain. At the same time, Apple is pushing automated password rotation, and CISA is redefining how vulnerability prioritization should work, both pointing toward more automation and more selective control. We also cover DTEX's push into intent level monitoring, along with key updates from Check Point, Google, Dataminr, Elastic, and JPMorgan. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Check Point VPN flaw bypasses passwords in IKEv1

Today's episode focuses on two failures that point to the same root issue: identity controls breaking under outdated assumptions. A Check Point VPN flaw shows how legacy configurations like IKEv1 can silently become open doors, while Meta's AI-powered recovery flow demonstrates how automation can bypass core verification entirely. For security and IT leaders, the takeaway is direct. Identity is no longer confined to login systems. Any workflow that can modify access or user attributes is now part of your attack surface. That includes AI agents, support tooling, and recovery processes. At the same time, configuration debt is proving just as dangerous as unpatched software. We also cover new data on AI governance gaps, a major healthcare-related breach, MFA bypass tactics, and a critical Linux privilege escalation flaw. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Miasma worm hit 73 Microsoft GitHub repos

A new supply chain attack shows that simply opening a code repository can now execute malware inside common developer tools. At the same time, AI search is beginning to surface fraudulent websites, and outages in upstream models are breaking features inside everyday SaaS platforms. For firm leaders, this is a shift in where risk lives. It is no longer just at the network edge. It sits inside tools your teams use every day, from coding environments to research workflows to automation platforms. That means controls, verification, and redundancy need to move closer to how work actually happens. We also cover AI native job roles, tokenized IPO access, and the rise of prediction markets as decision tools. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

OpenAI adds Lockdown Mode for ChatGPT

AI tools are forcing a new tradeoff between capability and control. OpenAI's Lockdown Mode makes that explicit by limiting what ChatGPT can access during sensitive work, rather than trying to eliminate risk entirely. For professional service firms, this shifts AI from a productivity tool into a governance decision. Leaders now need clear policies for when full capability is acceptable and when restricted environments are required. At the same time, runtime AI governance, stricter cybersecurity laws, and the move away from VPNs toward Zero Trust are raising the bar on what "secure" actually means in client work. We also cover new signals from Wallarm, Canada's Bill C-8, and a growing push toward Zero Trust access in law firms. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Fake IT staff hit law firms in-person

Physical access is becoming the new attack vector for professional service firms. Today's episode looks at the rise of ransomware groups showing up in person at law offices, bypassing traditional cybersecurity defenses entirely. For firm leaders, this shifts the problem from technical controls to operational discipline. Identity verification, front desk protocols, and staff awareness now sit at the center of risk management. At the same time, CMMC enforcement is tightening through contract pressure, and firms that cannot produce evidence of compliance are already being filtered out of revenue opportunities. Meanwhile, platforms like Filevine are racing to become the operational brain of the firm through AI-driven workflows. We also cover changes from the IRS, signals from AI infrastructure markets, and rising pressure on security and software spend. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]