Security Unlocked

Cyber-Insurance

Cyber Strategy

Threat Economics: Week of July 6-12, 2026

CISA's first AI agent platform KEV addition and JADEPUFFER's autonomous kill chain collapsed the distinction between AI tooling and production infrastructure, repricing that risk across federal procurement, cyber insurance, and the identity security M&A market in a single week.

Cyber Strategy

Threat Economics: Week of June 30 - July 6, 2026

JADEPUFFER's autonomous kill chain hands AI security vendors a proof case worth hundreds of millions in accelerated spend, while the NAIC's own breach introduces a feedback loop that no existing insurance underwriting model has priced.

Cyber Strategy

Threat Economics: Week of June 22-28, 2026

Executive Order 14412's 2030 post-quantum deadline converts a planning item into a legal procurement mandate for federal contractors, while four months of undetected FortiGate compromise reveals a structural actuarial blind spot that cyber insurance underwriting has not priced.

Cyber Strategy

Threat Economics: Week of June 8 - June 14, 2026

CISA BOD 26-04's four-factor risk scoring model is a government-issued specification for the next generation of vulnerability management platforms, arriving the same week AI-assisted discovery permanently raised the baseline volume that specification must manage.

Cyber Strategy

Threat Economics: Week of June 2 - June 8, 2026

Three simultaneous EDR exploits expose a $16B cyber insurance underwriting assumption, while npm's collapse as trusted infrastructure validates the developer security VC thesis absorbing the most capital in Q1 2026.

Cyber Strategy

Threat Economics: Week of May 26 - June 1, 2026

The TeamPCP campaign's full-stack attack on API keys, CI/CD tokens, and developer credentials is simultaneously the proof point for a $24.6 billion NHI acquisition wave and a live stress test of cyber insurance policy language that wasn't written to cover it.

Cyber Strategy

Threat Economics: Week of May 11 - May 17, 2026

APT45's confirmed AI-generated zero-day hands the autonomous security testing market its validation receipt, while simultaneous supply chain attacks on AI developer packages tell investors exactly which environments adversaries have already priced as high-value targets.

Cyber Strategy

Threat Economics: Week of May 4-10, 2026

Eight AI agent framework RCEs in a single week, a first-ever AI proxy addition to CISA's KEV catalog, and CrowdStrike's $1.1 billion identity bet all converging in the same week signals that the agentic AI security market has moved from thesis to demonstrated demand.

Cyber Strategy

Threat Economics: Week of April 27 - May 3, 2026

Eight AI agent framework CVEs in one week and ShinyHunters' no-exploit identity breach wave validate the two fastest-growing investment theses in cybersecurity, while CIRCIA's 316,000-entity reporting mandate positions a multi-year compliance procurement cycle.

Cyber Strategy

Threat Economics: Week of April 20-26, 2026

Adversaries exploited four AI platforms in under 24 hours each while $3.8B in Q1 cybersecurity capital concentrated 46% into AI security: the market validated the attack surface before defenders finished reading the advisories.

Cyber Strategy

Threat Economics: Week of April 6-12, 2026

Weekly market intelligence: Anthropic's $100M Glasswing commitment, the FBI's $21B cybercrime figure, and why developer security tooling is the next VC cycle.