Weekly roundup covering America's Cyber Strategy decoded, the frontier lab AppSec race, breakthroughs from [un]prompted 2026, real-world prompt injection attacks on payment rails, and 90 zero-days exploited in 2025.

  1. America's Cyber Strategy decoded into 5 policy themes, where the money goes, and who wins

$2.1B in new DoD cyber spending, Google building the Booz Allen of cyberspace, and a rip-and-replace paradox that bites both sides. I mapped the strategy verbatims to money flows and named the winners.

  1. OpenAI releases Codex Security days after Anthropic announced Claude Code Security

The code security race among frontier labs to own your AppSec pipeline accelerates. Anthropic fired the starting gun, OpenAI responded within days.

  1. Top 10 Insights x2 from [un]prompted 2026: Day 1, Day 2

Speakers from Anthropic, Google, OpenAI, and Microsoft revealed that AI can now find zero-days autonomously, crack hardware that resisted weeks of brute-force in minutes, and break every major AI IDE on the market.

  1. Unit 42 found 22 prompt injection techniques targeting AI agents in the wild

Attackers are planting hidden instructions in webpages that hijack AI agents into initiating Stripe payments, deleting databases, and approving scam ads.

  1. Google tracked 90 0-days exploited in the wild in 2025; 48% targeted enterprise technologies

For the first time, commercial surveillance vendors outpaced state-sponsored espionage groups in 0-day exploitation, enterprise targeting hit an all-time high at 48%, and China doubled its 0-day usage while sharing exploits faster across groups.

Sources:

  1. America's Cyber Strategy
  2. OpenAI Codex Security announcement
  3. Claude Code Security announcement
  4. [un]prompted 2026
  5. Unit 42: Web-Based Indirect Prompt Injection in the Wild
  6. GTIG 2025 Zero-Days in Review