Now, cybersecurity experts and lawmakers are warning that those cuts and earlier staff departures have hindered the ability of the Cybersecurity and Infrastructure Security Agency (CISA) to work with the private sector and opened the door to threats.

During a House subcommittee hearing on Wednesday (April 29), lawmakers warned that CISA is facing a crisis of capacity, Federal News Network reported.

Rep. Delia Ramirez (D-Ill.) revealed that the agency has lost approximately one-third of its total workforce over the past year The Stakeholder Engagement Division, which manages private-sector coordination, suffered the biggest hit, losing 96 of its 189 staff members since early last year.

“It’s ironic to talk about modernizing DHS… when Trump has been on a vindictive campaign to dismantle CISA,” Ramirez stated, highlighting a fiscal 2027 budget request that would further slash the Stakeholder Engagement Division to just 62 positions.

The impact of these cuts is being felt acutely across the industry, the report added. Scott Algeier, executive director of the IT-ISAC, testified that the dissolution of the Critical Infrastructure Partnership Advisory Council (CIPAC) last year removed the essential legal framework for strategic engagement.

“As a result, most of the work with CISA is at a standstill,” Algeier warned, noting that adversaries continue to attack with impunity while a promised replacement for the council has failed to materialize.

PYMNTS reported earlier this month that the White House’s budget for 2027 calls for a $707 million cut to CISA, bringing its funding to $2.2 billion.

The Office of Management and Budget (OMB) said in the budget that the new allocation reverts CISA to its original mission, removes programs that duplicate others at the state and federal levels, and does away with programs focused on so-called misinformation and propaganda.

“The Budget refocuses CISA on its core mission — Federal network defense and enhancing the security and resilience of critical infrastructure — while eliminating weaponization and waste,” OMB said in the budget. “CISA was more focused on censorship than on protecting the Nation’s critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion.”

PYMNTS reported last year that CISA was facing scrutiny amid the cuts being undertaken by the Department of Government Efficiency (DOGE).

“We will work with the entire ecosystem and the government to figure out trusted access for cyber; we want to rapidly help secure companies/infrastructure,” Altman wrote.

OpenAI announced in a Wednesday blog post that the company released an Action Plan that describes how it will build the infrastructure needed to support cybersecurity defenders and will provide trusted actors across society with access to defensive tools.

The company’s plan includes democratizing cyber defense, coordinating across government and industry, strengthening security around frontier cyber capabilities, preserving visibility and control in deployment, and enabling users to protect themselves.

OpenAI said in its post that as AI reshapes cybersecurity, criminals are deploying the same capabilities as defenders.

“Building resilience in the Intelligence Age will require both working through democratic institutions and processes, and broadening access to the technologies that can help protect communities, critical systems and our national security,” OpenAI said in the post.

It was reported April 21 that OpenAI has begun briefing state and federal government officials on the capabilities of its cybersecurity product. The AI startup held an event in Washington, D.C., where it demonstrated a new model to officials from throughout the government and from various national security agencies.

The company is taking a dual-track approach, making one version of its model more widely available with robust safeguards, and another more permissive version for cyber defenders through its Trusted Access program. This tactic will let more companies, like local water utilities, access advanced AI tools.

OpenAI said April 14 that it plans to expand access to the Trusted Access for Cyber (TAC) program, which it introduced in February, to give cybersecurity professionals access to frontier models.

The company said it is scaling up TAC to thousands of verified individuals and hundreds of teams responsible for defending critical software.

“In preparation for increasingly more capable models from OpenAI over the next few months, we are fine-tuning our models specifically to enable defensive cybersecurity use cases, starting today with a variant of GPT-5.4 trained to be cyber-permissive: GPT-5.4-Cyber,” OpenAI said in an April 14 blog post.

Increasingly, this means the weakest link isn’t one that’s found inside the organization at all but instead resides across the long tail of third-party software that keeps operations running. That may be old news to some in the C-suite, but what’s new news is how fast latent vulnerabilities across a corporate supply chain can be surfaced, thanks in large part to emerging frontier AI models, like both Anthropic’s Mythos and OpenAI’s GPT 5.4 cyber model, and their user-agnostic capabilities for cyber exploitation.

In response to today’s dynamic and evolving threat landscape, Microsoft recently (April 14) patched over 167 existing security vulnerabilities in its Windows operating systems and related software with new updates.

Vulnerabilities that might once have lingered undetected for months are now surfaced in days, sometimes hours. In parallel, attackers are becoming more opportunistic, scanning not just primary targets but their extended ecosystems for entry points.

But in a world of interconnected systems, patch discipline is only as strong as the weakest vendor.

See also: What AI-Driven Attack Chains Mean for CFOs and CISOs 

Race to Protect Soft Spots AI Unearths

Cybersecurity has always been described as a moving target. What distinguishes the current moment is how quickly yesterday’s best practices are becoming today’s minimum requirements. Patch discipline, vendor audits, and incident response planning are no longer differentiators; they are table stakes.

PYMNTS covered Monday (April 27) how hackers have reportedly begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware. These attacks are part of a larger trend PYMNTS covered last week, one that sees hackers “logging in” rather than breaking in.

The result is a paradox: even as internal defenses improve, overall risk can increase because the attack surface has expanded beyond direct control. A vendor’s delayed patch cycle or misconfigured system can become the enterprise’s problem overnight.

For CFOs, this introduces a category of risk that is both material and difficult to quantify. Unlike traditional operational risks, third-party vulnerabilities are often opaque, buried in contractual relationships that may have been primarily negotiated for cost efficiency or speed rather than cyber resilience.

The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that hackers are increasingly going after middle market firms, which depend on third-party cloud providers, software-as-a-service platforms, managed service and logistics providers, which can leave them vulnerable to attack.

As a result, the predictable rhythms of enterprise IT maintenance are increasingly misaligned with the pace of modern threats. Vulnerabilities disclosed today can be weaponized tomorrow. If a vendor takes weeks to deploy a fix, that lag becomes a window of exposure not just for them, but for every client connected to their systems.

See also: FBI Warns: Internal Risk May Outpace Cyber Threats 

New Cybersecurity Table Stakes

Third-party risk is no longer a niche compliance concern. It is becoming the frontline of defense.

As cybersecurity becomes more intertwined with enterprise value, the CFO’s role is expanding. This does not mean becoming a technical expert. It does mean asking sharper questions. How quickly do our critical vendors patch known vulnerabilities? What visibility do we have into their security practices? How are we prioritizing investments in vendor risk management relative to other initiatives?

Data, in this environment, is becoming critical to powering real-time visibility. CFOs can embrace strategies such as automated scanning, continuous monitoring, and predictive analytics to provide a more dynamic view of a partner’s security posture.

“The lagging organizations treat the data as a storage problem while the leading organizations actually treat it as a decisioning system,” Max Spivakovsky, senior director of global payments risk management at Galileo, told PYMNTS in an interview posted this month for the “What’s Next in Payments” series.

See also: Cybersecurity’s Hottest New Job Is Negotiating With Hackers

But perhaps the most profound shift is a conceptual one. Third-party risk management is moving from a periodic, compliance-driven exercise to a continuous process. Annual audits and questionnaires are no longer sufficient in a landscape where vulnerabilities can emerge and evolve rapidly.

After all, AI isn’t the only vulnerability high-value enterprise firms and institutions are facing. In other cybersecurity news, PYMNTS wrote earlier about the way Quantum Day — the moment when commercially available quantum computers can crack widely used cryptographic systems — has ceased being a distant hypothetical.

“As a result of the shrinking strategic horizon, what was once a theoretical, deep-tech risk is instead now being operationalized into present-day procurement decisions, product roadmaps and compliance mandates,” that report said.

“We have been managing an incident involving data extracted from a third party vendor,” Citizens Bank said in a statement Tuesday (April 21).

“For Citizens, most of this was masked test data, although a limited set of information for a small number of customers was involved.”

The bank said there is no evidence of unauthorized access to its network, and operations would continue as usual, with enhanced monitoring in place.

Meanwhile, a report from the website Cyber News says that Texas-based lender Frost Bank had learned from one of its vendors that hackers had gained access to its system, which may have compromised Frost customer data.

“We have engaged external cybersecurity experts to assist in our investigation, and early findings indicate that the incident may be related to recent claims made by cybercriminals,” a spokesperson for the bank told Cyber News, adding there is “no evidence of unauthorized access to the Frost network.”

That report notes that both banks had appeared on the dark web site of the Everest ransomware gang, with attackers giving the lenders six days before releasing the stolen data.

“Ransomware has become a structured, global industry,” PYMNTS wrote earlier this month. “Organized cybercriminal groups now operate with business-like efficiency. Attacks are no longer limited to encrypting files; they often involve ‘double extortion, where attackers threaten to leak stolen data if payment is not made.”

It has led to the rise of the ransomware negotiator, people whose skills lie not so much in technical expertise and more about human interaction, albeit via virtual channels. Negotiators need to quickly assess the attacker’s credibility, figure out whether stolen data will actually be released and consider how flexible the ransom demand might be.

The emergence of ransomware negotiators, PYMNTS added, is a sign of a broader shift in how organizations view cyber risk.

“It is no longer solely a technical problem; it is a business risk that requires strategic management,” the report continued. “In this sense, negotiators function as a form of corporate diplomat, engaging with adversaries to protect organizational interests.”

Meanwhile, research by PYMNTS Intelligence has found that third-party vulnerabilities are at the heart of many contemporary cyberattacks.

Findings from PYMNTS Intelligence in the August edition of the 2025 Certainty Project report, “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms,” show that attackers often compromise a vendor first, then exploit the trust relationship to infiltrate their target firm.

The research found that 38% of invoice fraud cases and 43% of phishing attacks originated with compromised vendors.

The latest concerns come from the Asia-Pacific region, Reuters reported Monday (April 20), where regulators said they were tracking the development and potential implications of Mythos.

Anthropic said earlier this month that Mythos had uncovered thousands of high-severity vulnerabilities, including flaws in major operating systems and web browsers. Initially, the startup limited access to about 40 companies, including Amazon, Apple and J.P. Morgan Chase, so they can experiment with the model and address weaknesses in their systems.

As Reuters noted, the model’s capabilities for high-level coding could grant it a potentially unprecedented ability to spot cybersecurity vulnerabilities.

A spokesperson for the Australian Securities and Investments Commission (ASIC) told Reuters that it was closely monitoring the use of Mythos along with other regulators to determine possible implications for the Australian market.

“ASIC engages closely with other regulators, government agencies and the financial sector to understand and respond to changing technologies,” the spokesperson said.

The commission added that it expects financial services licensees to “be on the front foot” to protect customers and clients.

The Australian Prudential Regulation Authority (APRA), which regulates the country’s banks, said it would “continue to assess the implications of these technological advancements to ensure the ongoing safety and resilience of the financial system.”

Meanwhile, South Korea’s Financial Supervisory Service (FSS) said it met with information security officials from financial companies last week to discuss Mythos-related risks.

Elsewhere in Asia, Singapore’s central bank, the Monetary Authority of Singapore (MAS), said advances in AI could accelerate the discovery and exploitation of software vulnerabilities in information technology systems.

“Financial institutions need to redouble efforts to strengthen their security defences, proactively identify and close vulnerabilities, and raise vigilance on cyber hygiene, including timely security patching,” it said.

MAS added that it was coordinating with the Cyber Security Agency of Singapore to protect critical infrastructure operators.

These statements follow similar warnings in Europe, Great Britain and the U.S., where the Treasury Department has sought access to Mythos.

As PYMNTS wrote last week, statements such as these show the “split-screen reality” around Anthropic in the wake of Mythos’ release.

“The company is gaining traction fast in the enterprise market even as regulators and banks scramble to understand the risks that come with more powerful AI tools,” that report said.

The center of gravity in enterprise cybersecurity is no longer the corporate laptop or even the data center. It is the software-as-a-service (SaaS) layer that sits between employees and the systems that matter most. These vulnerabilities, spanning identity systems, cloud middleware, telecom providers, open-source packages, AI vendors and SaaS connectors, are no longer side channels. They are the main terrain.

That shift is especially visible in the most consequential criminal operations from just the first four months of 2026, which have produced a density of cyber incidents that, in an earlier era of the internet, would each have dominated the global business agenda on their own.

Consider the run to date: a reported 10-petabyte breach of a Chinese state supercomputing center; an attack on Stryker that disrupted operations across 79 countries; a claimed 375-terabyte compromise at Lockheed Martin; the exposure of the FBI director’s personal inbox; a supply-chain intrusion that hit the Axios npm package; a Cisco source-code theft; an Oracle legacy-cloud compromise still generating fallout; a breach at Mercor, a crucial AI data vendor to OpenAI, Anthropic, and Meta; and a sprawling Salesforce-centered extortion wave linked to the combined capabilities of several hacking groups. And that’s just scratching the surface.

Taken together, these are not just breaches. They are signals. And the signal is clear: the architecture of digital risk has fundamentally changed.

See also: What AI-Driven Attack Chains Mean for CFOs and CISOs

The Collapse of the Perimeter

For much of its operational history, enterprise cybersecurity strategies have been anchored in a relatively stable assumption that organizations could meaningfully define and defend a perimeter. Firewalls, network segmentation and endpoint protection were all designed around this core idea that there was an “inside” worth protecting and an “outside” to keep at bay.

But the modern enterprise is a distributed system composed of SaaS platforms, cloud providers, APIs, contractors and open-source dependencies. Identity, not infrastructure, has become the primary control plane. In such an environment, a single compromised credential or third-party vendor can function as a master key, bypassing traditional defenses entirely.

The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that hackers are increasingly going after middle-market firms, which depend on third-party cloud providers, software-as-a-service platforms, managed service and logistics providers, which can leave them vulnerable to attack.

Organizations no longer control the full extent of their own attack surface. They inherit risk from every partner, platform, and dependency they rely on. And that inherited risk is often opaque, difficult to quantify, and nearly impossible to fully mitigate.

The weak point is often not a core platform but an integration, a support workflow, a contractor system or a developer package maintained far upstream.

Consider the nature of modern digital infrastructure. A single SaaS provider may serve thousands of companies. A compromised code repository can be cloned and redistributed instantly. A breached identity system can grant access across multiple environments simultaneously. Data, once exfiltrated, can be replicated infinitely at near-zero cost.

See also: Cybersecurity’s Hottest New Job Is Negotiating With Hackers

The Industrialization of Cyber Adversaries

Compounding these structural shifts is the increasing sophistication and coordination of hackers. Groups like ShinyHunters, Scattered Spider, and LAPSUS$ are not operating as isolated entities. They are part of an evolving ecosystem of cyber adversaries that share tools, techniques and, increasingly, objectives.

The convergence of dissolved perimeters, global blast radii, industrialized adversaries, and continuous exposure is reshaping the cyber landscape in fundamental ways. It is compressing timelines, amplifying impacts and challenging long-held assumptions about what it means to be secure.

If the last hundred days have revealed anything, it is that the pace of change in cybersecurity is accelerating. The next hundred days are unlikely to be any less consequential.

After all, while few of the year’s headline incidents to-date can be cleanly reduced to “AI attacks,” it is equally difficult to overlook the parallel surge in AI-enabled offensive capability. Anthropic’s Claude Mythos Preview, for example, has reportedly demonstrated the ability to autonomously discover and exploit vulnerabilities across major operating systems and web browsers, including decades-old bugs in widely trusted systems.

In other cybersecurity news, PYMNTS wrote earlier about the way Quantum Day — the moment when commercially available quantum computers can crack widely used cryptographic systems — has ceased being a distant hypothetical.

“As a result of the shrinking strategic horizon, what was once a theoretical, deep-tech risk is instead now being operationalized into present-day procurement decisions, product roadmaps and compliance mandates,” that report said.

As the Financial Times (FT) reported Monday (April 20), banks including JPMorgan Chase, Lloyds and Santander are taking steps to protect their systems against these threats.

“More is changing now and faster than we have seen in a long time, the time to find and exploit vulnerabilities is drastically decreasing,” Patrick Opet, chief information security officer at JPMorgan, told the FT.

The report cites the IBM X-Force 2025 Threat Intelligence Index, which showed that the finance and insurance industries made up 27% of cyberattacks last year, the second largest share among all sectors.

As the FT notes, the role of financial institutions at the core of modern economies has made them an obvious target for cybercriminals who hope to take advantage of both their financial reserves and large stores of customer data.

“It is the ability to get paid in a ransomware scenario [which motivates hackers],” said Katherine Kearns, head of proactive cyber services at cyber security consultancy S-RM, adding that this has turned financial services firms into attractive targets.

It’s why banks are often early adopters of new cybersecurity technology such as multi-factor authentication and increased supply chain safeguards, the FT added.

Still, experts have begun to caution that rapid AI adoption has provided cybercriminals with new methods of attack. The FT cites research commissioned by financial and risk advisory company Kroll that show 76% of companies have experienced a security incident involving AI applications or models in the last two years.

And as covered here last week, the newest models from artificial intelligence giants like OpenAI and Anthropic could mark a critical inflection point in the cybersecurity space.

“AI is no longer just a tool in the hands of an attacker; it is beginning to replicate aspects of the attacker itself,” that report said.

For both finance chiefs and information security executives, the implication is increasingly stark, the report continued, with cyber risk shifting from a targeted phenomenon to something more akin to ambient exposure.

“Organizations are not just selected; they are continuously scanned, probed and tested by systems operating at scale,” PYMNTS added.

“The median enterprise, the one with uneven patching, over-permissioned accounts, and inconsistent configuration management, is now more accessible to multistep intrusion attempts that can be executed, or at least orchestrated, by AI systems.”

It is not known how much detail Anthropic is sharing about the unreleased AI model with people outside the U.S., according to the report.

One American leader of a European bank told Bloomberg that they had been promised a briefing on Mythos.

Canada’s Finance Minister Francois-Philippe Champagne told Bloomberg Wednesday (April 15) that he wants to raise the issue of Mythos with his counterparts and that: “We have a common interest to ensure the resiliency of our financial system.”

Two unnamed sources told Bloomberg that at a Wednesday meeting of Group of Seven (G7) finance chiefs, officials discussed the need for an international institutional framework for the governance of AI, though the next steps are unclear.

Several European officials said they are encouraging their U.S. peers to share information, per the report.

Sweden’s Finance Minister Elisabeth Svantesson told Bloomberg that AI will be a topic at an “early-warning meeting” that is bringing together center bankers and ministers Thursday.

European Central Bank President Christine Lagarde told Bloomberg Television Tuesday (April 14), speaking of Mythos: “If it falls in the wrong hands, it could be really bad.”

It was reported April 7 that Anthropic unveiled a program called Project Glasswing that will allow select partners to gain early access to “Claude Mythos Preview” so that they can identify vulnerabilities and strengthen systems before threats can be exploited.

When announcing the initiative, the company said it has also been in discussions with U.S. government officials about the AI model and its cyber capabilities.

“We are hopeful the Project Glasswing can seed a larger effort across industry and the private sector, with all parties helping to address the biggest questions around the impact of powerful models on security,” Anthropic said in the announcement.

It was reported Thursday that Anthropic is ready to expand Project Glasswing by beginning to offer Mythos to British banks so that they can test the AI model ahead of its release.

Anthropic introduced Claude Mythos last week through Project Glasswing, a restricted program capped at roughly 40 organizations, including Amazon, Apple, Microsoft and JPMorgan Chase.

OpenAI followed on Tuesday (April 14) with GPT-5.4-Cyber, deploying its system to thousands of verified defenders through its Trusted Access for Cyber program. Both models can find and exploit software vulnerabilities at a scale no human team can match. What divides them is a fundamental disagreement about what to do with that power.

A Model Built to Work Without Supervision

Anthropic’s Mythos doesn’t assist security teams. It works independently. Given a target and a prompt asking it to find a vulnerability, the model reads code, forms hypotheses, tests them against a running environment and produces a complete exploit without further human input.

Anthropic confirmed that these capabilities weren’t explicitly trained into the model. They emerged as a downstream consequence of general improvements in code, reasoning and autonomy. The same improvements that make the model more effective at patching vulnerabilities also make it more effective at exploiting them.

Mythos was able to find serious security weaknesses that had been hiding in widely used software for years. Some of these flaws had gone unnoticed for over a decade, despite being reviewed many times by experts and existing tools. What stands out is that the AI model found them on its own after a simple prompt, without any ongoing human help.

VentureBeat noted that Anthropic engineers with no formal security training asked Mythos to find remote code execution vulnerabilities overnight and woke up to a complete working exploit by morning.

On a standardized security test built around real vulnerabilities in Mozilla Firefox, Mythos successfully turned known weaknesses into working exploits 181 times, compared to just two successful attempts by the earlier model. That’s a dramatic leap in its ability to both find and act on software flaws. According to Anthropic, that gap drove Anthropic’s decision to keep the model out of general circulation.

Reuters found that the model’s coding ability has given it a potentially unprecedented capacity to identify vulnerabilities and devise ways to exploit them, with the timeline for finding and fixing flaws collapsing from months to seconds.

PYMNTS reported that Project Glasswing’s partners include cybersecurity firms and infrastructure players, giving them a head start to rewrite insecure legacy code before criminals can act.

Where OpenAI’s Design Differs

GPT-5.4-Cyber is built around a different premise. Rather than autonomous operation, it’s designed to remove the friction that security professionals hit when using standard AI tools.

Axios reported that OpenAI designed the model after some cyber partners said earlier GPT models sometimes refused dual-use security queries outright. The model lets analysts examine compiled software for weaknesses without access to the underlying source code, work that previously required specialized researchers.

It’s a bet on a different theory of control. SiliconAngle noted that OpenAI shifted away from restricting what models can do and toward verifying who gets access to the most sensitive capabilities. The Trusted Access for Cyber program launched in February alongside a $10 million cybersecurity grant program and now carries tiered verification levels, with higher tiers unlocking more capable tools.

The Hacker News detailed that OpenAI expanded access to thousands of authenticated individual defenders and hundreds of teams responsible for securing critical software. Its Codex Security product contributed to fixes on more than 3,000 critical and high-severity vulnerabilities since launch.

AI Arms Race

The two positions reflect a strategic disagreement. Anthropic concluded Mythos was too capable to distribute widely, regardless of who was asking. OpenAI concluded that wider access to properly verified defenders produces better outcomes than scarcity.

Financial institutions face a real test. Reuters found that banks are particularly exposed because they run technology stacks spanning both new and decades-old systems, house undiscovered vulnerabilities and are closely interconnected.

Costin Raiu, co-founder of cybersecurity firm TLPBLACK, told Reuters that a model like Mythos would have “a field day” finding exploits in certain IBM systems, pointing to legacy technologies powering the financial industry as a prime example.

For all PYMNTS AI and digital transformation coverage, subscribe to the daily AI and Digital Transformation Newsletters.

The company made the denial in a reply to a Cybernews post on X that invited readers to “Learn what sensitive documents are leaked.”

In the article to which its post linked, Cybernews reported that an anonymous security researcher with the alias “morpheuskafka” said in a post on Hacker News that a publicly exposed instance of storage service Cloudinary that likely belonged to Fiverr was leaking Fiverr users’ invoices, tax return forms, driver’s licenses, credentials and other sensitive documents.

The Cloudinary platform, which is used for uploading and storing files, has support for signed/expiring URLs, but Fiverr uses public URLs for communication between clients and workers, according to the report.

Cybernews reported that it confirmed that many of the documents had been indexed by Google and that search results from affected web servers returned sensitive information with personally identifiable information (PII). The report added that users on the Hacker News forum shared links to such documents.

“This is a major security lapse by Fiverr, due to the links being publicly accessible and indexable, a lot of resources are already being indexed by Google,” Aras Nazarovas, information security researcher at Cybernews, said in the report. “Essentially all files that were shared between service buyers and sellers, including personal identity documents, sensitive contracts, passwords, and API keys shared with contractors, finished and work-in-progress deliverables.”

While individual files are exposed and publicly accessible, listing them requires the account’s API key, so the impact of the incident is limited to what the search engines have indexed, per the report.

In its reply to Cybernews’ post on X, Fiverr said: “To be clear, this is not a cyber incident. Fiverr does not proactively expose users’ private information. The content in question was shared by users in the normal course of marketplace activity to showcase work samples, under agreements and approvals between buyers and sellers. This type of content requires the buyer’s consent before it can be uploaded. As always, any request to remove content is handled promptly by our team.”

Cloudinary did not immediately reply to PYMNTS’ request for comment.