Industry
Ilya Kabanov

5 stories this week that change your decisions (May 18-24, 2026)

TL;DR Verizon's 2026 DBIR puts vulnerability exploitation as the #1 breach vector at 31%, while full CISA KEV remediation fell to 26% from 38% last year. Separately, 8 GitHub repos with 172K combined stars resell unauthorized Claude, GPT, and Gemini access, and almost half of calls hit a different model than advertised while every prompt is logged on the operator's server. And an IEEE S&P 2026 paper from Columbia and USC showed an official deep-learning compiler silently flips predictions in 31 of the top 100 HuggingFace image classifiers, no attacker involved.

1. 1 in 4 KEVs patched, exploits now the #1 vector

Vulnerability exploitation is now the #1 breach vector at 31%, while only 26% of CISA KEV vulnerabilities get fully patched, down from 38% last year. AI is operationalizing well-known attacks at scale, widening the gap between the cybersecurity haves and have-nots.

2. The dark token economy: cheap Claude tokens, your prompts as the real product

Almost half of calls through cheap LLM proxies hit a different model than advertised, and every prompt is logged on the operator's server for downstream fraud and distillation. 8 public repos with ~172K GitHub stars actively resell unauthorized API access.

3. Your Compiler is Backdooring Your Model

An official, unmodified deep-learning compiler can flip predictions in a benign model after compilation. The trigger has no effect pre-compilation and evades four state-of-the-art backdoor detectors. The same gap exists in 31 of the top 100 HuggingFace image classifiers without anyone attacking them.

4. Classifier Context Rot: Monitor Performance Degrades with Context Length

LLM classifiers used to supervise AI agents lose 2-30x detection rate when long benign context precedes the attack, with non-thinking models dropping to 5% in the middle-of-transcript regime.

5. Same breach data, different LLM password resets

On identical breach data, LLMs swing between org-wide and targeted password resets, defaulting to whichever they generate first.

Sources:

  1. Verizon 2026 Data Breach Investigations Report
  2. Zilan Qian, How to Buy Cheap Claude Tokens in China (ChinaTalk, May 2026)
  3. Zhang et al., Real Money, Fake Models: Deceptive Model Claims in Shadow APIs (CISPA, arXiv 2603.01919, March 2026)
  4. Simin Chen, Jinjun Peng, Yixin He, Junfeng Yang, Baishakhi Ray. Your Compiler is Backdooring Your Model: Understanding and Exploiting Compilation Inconsistency Vulnerabilities in Deep Learning Compilers (arXiv 2509.11173, IEEE S&P 2026)
  5. Fabien Roger, Sam Martin. Classifier Context Rot: Monitor Performance Degrades with Context Length (LessWrong)
  6. Nate Pors. AI-Generated Reporting: Lessons from Cisco Talos Incident Response. Cisco Blog.