CyberWire Daily – "Cyberattack in the fast lane."

Date: January 7, 2026
Host: Dave Bittner (N2K Networks)
Guest: Deepen Desai, Chief Security Officer, Zscaler
Main Theme: The far-reaching impacts of recent cyberattacks, vulnerabilities and breaches in critical sectors, and a deep dive into how enterprise AI is evolving and what organizations must do to secure their AI infrastructure in 2026.

Episode Overview

This episode delivers a comprehensive briefing on major cybersecurity events from around the globe, including the business fallout of major cyberattacks, government and corporate responses, and evolving risks in both consumer and enterprise technology. A core highlight is the guest interview with Deepen Desai, CSO at Zscaler, on “what’s powering enterprise AI in 2026,” shadow AI risks, and actionable strategies for defense.

Key Discussion Points & Insights

1. Impact of Major Cyberattacks on Global Businesses

Jaguar Land Rover:
- Reported weak Q3 results due to a major cyberattack in September (03:00).
- Wholesale vehicle volumes dropped by 43.3% year-on-year, retail sales fell 25.1%.
- Attack forced weeks-long production stoppages and delayed global distribution until mid-November.
- Ripple effects included a need for £1.5B UK government support, and Tata Motors estimates direct costs at around £1.8B.
- Attack attributed to scattered Lapsus$-type group; prompted concerns of long-term economic impact.
Gulshan Management Services (Texas gas station chain):
- Data breach affected over 377,000 individuals; involved names, SSNs, IDs, and financial data (06:30).
- Disclosure delayed by more than three months, now facing lawsuits and regulatory scrutiny.

2. Geopolitical Cyber Risks

Surge in Attacks on Taiwan’s Energy Sector:
- Taiwan’s National Security Bureau: cyberattacks from China on energy sector up 1,000% in 2025 (08:00).
- Tactics include vulnerabilities exploitation, DDoS, malware during software upgrades.
- Main competitors: BlackTech, APT41.

3. Critical Vulnerabilities & Industry Alerts

Google Chrome Update: Patch for high-severity flaw in WebView—users urged to update now (10:00).
Veeam Backup Software: Multiple high-severity vulnerabilities fixed—no evidence of exploitation, but organizations warned to patch quickly.
D-Link Routers: End-of-life routers exposed to an active command-injection exploit—users strongly urged to replace unsupported routers.

4. U.S. Cyber Trust Mark Uncertainty

Consumer IoT Security Program:
- UL Solutions, main administrator, has withdrawn, creating program uncertainty (13:00).
- Follows security review for potential foreign influence, now lacking clear leadership.

5. Google’s AI Search Reliability Push

Google signals intent to improve AI-generated answers, posts jobs for “AI Answers Quality” (14:15).
Media and public scrutiny over misleading or fabricated AI-generated content.

Featured Interview: Deepen Desai (Zscaler) on Enterprise AI in 2026

The Reality of AI in Enterprises

“AI usage in enterprises is no longer a speculation, it's a reality. It's grown significantly. And then the cyber risks that comes with it are also real because we're starting to see more and more reports of things that are happening in the wild.”
— Deepen Desai (15:55)

- Annual AI Security Report

Analysis based on Zscaler’s vast cloud security data.
Organizations no longer merely testing AI—it’s now integral to operations.

Concentration Risk in AI Supply Chains

“The vendor concentration risk is a real problem because if you're relying only on one vendor for all your needs, you will have issues if that vendor has a bad day, both from security risk perspective as well as from business continuity perspective.”
— Deepen Desai (17:07)

Most enterprises rely on a handful of large LLM vendors (OpenAI, Google, Anthropic, etc.).
Real risk of “hidden” dependencies via supply chain partners employing the same AI vendors.
Outages or compromises affect both direct and indirect (embedded) use cases.

Departmental AI Usage Breakdown

Engineering: 47% of observed enterprise AI traffic is from engineering—mostly due to AI-powered coding assist tools (copilots, testing automation) (19:06).
IT, Marketing, Customer Support: Follow as leading consumers of AI apps.
AI usage is pervasive, but most transactions are code- or data-related tasks.

The Challenge of Shadow AI

Ongoing struggle for CISOs: unsanctioned (“shadow”) AI apps are proliferating, extending data risk (21:05).
Recent example: compromised NPM packages affecting code agents using open-source libraries.
Visibility and policy enforcement are paramount:

“It is absolutely prevalent… the biggest investment a lot of the CXOs are doing right now is to have a proper observability tooling and then the policy enforcement tooling.”
— Deepen Desai (21:20)

The Velocity Problem: AI vs. Human Adversaries

AI-driven threats act with speed, scale, and persistence beyond human attack capability (23:53).
Key contrasts:
- Humans: “Periodic bursty activity... limited parallel workloads... minutes to hours reaction.”
- AI agents: "Constant, tireless, adaptive... millisecond feedback loops... massive parallelism... no cognitive limits.”
AI can orchestrate sophisticated, multi-stage attacks without human weaknesses.

Practical Defensive Steps for Enterprises

“You need to know... have that observability [and] policy enforcement. Just like a zero trust exchange for all your AI needs, you need a good handle on having a governance in place and that starts with the observability piece…” — Deepen Desai (26:32)

Visibility and observability: Know all AI usage (sanctioned and unsanctioned) in your environment.
Zero trust everywhere: Can’t meet AI-speed risks reactively—must proactively shut down attack vectors via least-privilege and strong authentication.
Governance and Policy Enforcement: Rapidly identify, manage, and restrict unauthorized or risky AI applications.

Memorable Quotes & Insights

“The biggest investment a lot of the CXOs are doing right now is to have a proper observability tooling and then the policy enforcement tooling.”—Deepen Desai (21:20)
“When an AI agent is involved in the attack and acting in an almost autonomous fashion, it will be constant, tireless... well beyond human capacity.”—Deepen Desai (23:53)
“Prioritizing a zero trust strategy everywhere is critical. Because you essentially cannot fight AI driven attacks in a reactive manner because of how fast and how scaled these attacks will be.”—Deepen Desai (26:32)

Timestamps for Key Segments

| Time | Segment Description | |----------|-----------------------------------------------------------| | 03:00 | Jaguar Land Rover cyberattack fallout | | 06:30 | Gulshan Management Services data breach | | 08:00 | Taiwan’s NSB: Surge in Chinese energy sector attacks | | 10:00 | Critical vulnerability: Google Chrome | | 11:30 | Veeam and D-Link vulnerability updates | | 13:00 | U.S. Cyber Trust Mark program uncertainty | | 14:15 | Google’s AI reliability/quality hiring push | | 15:55 | Interview: Is enterprise AI here to stay? | | 17:07 | Concentration risk in enterprise AI supply chains | | 19:06 | Departmental use: Engineering's dominance in AI traffic | | 21:05 | Shadow AI: The unsanctioned AI risk | | 23:53 | The velocity problem: Human vs AI-driven cyber threats | | 26:32 | Actionable defense: Observability, governance, zero trust |

Brief Note: Creative AI in Weather Forecasting

National Weather Service’s experiment with AI-generated graphics produced imaginary towns—(“Orange Tilled,” “Waterboard”)—prompting official clarifications and caution about AI’s place in authoritative public-facing content.

“AI can help fill gaps, but inventing towns is probably not the kind of innovation anyone had in mind.” (28:33)

For more details, reference links, and daily coverage visit the CyberWire Daily Briefing.

Transcript

A (0:02)

You're listening to the Cyberwire Network powered by N2K. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effort, transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. Jaguar Land Rover reveals the fiscal results of last year's cyber attack A Texas gas station chain suffers a data spill Taiwan tracks China's energy sector attacks Google and Veeam push patches Threat actors target obsolete D link routers Sedgwick Government Solutions confirms a data breach the US Cyber Trust mark faces an uncertain future Google looks to hire humans to improve AI Search Responses Our guest is Deepin Desai, Chief security Officer at Zscaler, discussing what's powering Enterprise AI in 2025 and AI brings creative cartography to the weather forecast. It's Wednesday, 1-7-20. Dave I'm dave buettner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great to have you with us. Jaguar Land Rover has reported sharply weaker preliminary results for its fiscal third quarter ending December 31, underscoring the far reaching impact of a major cyber attack. Wholesale volumes fell 43.3% year on year to 59,200 vehicles, while retail sales declined 25.1% to 79,600, the company said. A September cyber incident forced weeks long production stoppages and delayed global distribution, with manufacturing only returning to normal levels by mid November. The disruption compounded other pressures, including the planned wind down of legacy Jaguar models and newly imposed US Tariffs. The impact was global, with wholesale volumes down More than 60% in North America and steep declines across Europe and China. Even the UK saw a modest drop. The attack, claimed by scattered lapsis hunters, prompted 1.5 billion pounds in UK government support and contributed to slower UK economic growth, according to the bank of England. Tata Motors estimates the incident cost around 1.8 billion pounds, while the cyber monitoring center warned of wider economic damage. Gulshan Management Services, a Texas based operator of roughly 150 gas stations and convenience stores, has disclosed a major data breach affecting more than 377,000 people. The incident was revealed through filings with the Maine Attorney General and the Texas Attorney General. Attackers accessed an external system between September 17 and September 27 of last year, with the breach discovered on the final day. Initial disclosures cited exposure of names and personal identifiers, while later filings indicated the compromised data may also include Social Security numbers, driver's license or government ID details and financial information. Affected individuals were not notified until January 5th of this year, more than three months after the breach period. The company now faces class action lawsuits and investigations alleging inadequate security controls and delayed notification, highlighting ongoing risks in highly interconnected retail fuel operations. Taiwan's National Security Bureau reports that cyberattacks linked to China against Taiwan's energy sector surged tenfold in 2025 compared to the previous year. Overall, incidents attributed to China rose 6%, targeting nine critical sectors. Energy infrastructure saw the most dramatic increase, with attacks up 1,000%, while emergency services and hospitals rose 54% and communications increased 6.7%. Other sectors, including finance and water resources, declined. The NSB says many attacks coincided with military activity and sensitive political events. The most common techniques exploited hardware and software vulnerabilities alongside distributed denial of service attacks, social engineering and supply chain compromises. Energy sector attacks focused on industrial control systems and malware insertion during software upgrades. The activity was attributed to Chinese linked groups, including BlackTech, APT41 and others. Google has released an urgent security update for its Chrome browser to fix a high severity flaw. The issue affects Chrome's WebView component, which lets apps display web content inside native interfaces. Insufficient policy enforcement could allow attackers to bypass security controls. Google has pushed patched versions to all desktop platforms and Android through the Stable Channel. Users are urged to update promptly as Google is limiting technical details until most systems are patched elsewhere. Veeam has released an update for its backup and replication software to fix multiple vulnerabilities that could enable remote code execution. The issues require highly privileged roles such as backup or tape operator, which led Veeam to rate them high severity rather than critical. The company says the bugs were found internally and have not been exploited. Still, organizations are urged to patch promptly as Veeam products are frequent targets in ransomware attacks and past vulnerabilities have appeared in CISA's known exploited vulnerabilities Catalog threat actors are actively exploiting a newly disclosed command injection flaw affecting several end of life D Link DSL routers. The vulnerability stems from improper input sanitization, allowing unauthenticated attackers to execute remote commands via DNS configuration parameters. The issue was reported by Volnchek after exploitation attempts were observed by the Shadow Server Foundation. D Link confirmed that multiple DSL router models are affected, all of which have been unsupported since 2020 and will not receive patches while exploitation details remain unclear. D Link and Vulnchek warn that identifying all impacted devices is complex due to firmware variations. Users are strongly advised to retire and replace affected routers as end of life devices no longer receive security updates and pose ongoing risk. Sedgwick has confirmed a security breach affecting its federal contracting subsidiary Sedgwick Government Solutions, which provides services to more than 20 government agencies. The parent company Sedgwick says the incident was limited to an isolated file transfer system and did not impact its broader corporate network or claims management servers. Sedgwick has notified law enforcement and engaged external cybersecurity experts to investigate. Clients of the subsidiary include major US Agencies such as CISA and the Department of Homeland Security. While Sedgwick did not publicly attribute the attack, the Trident Locker Ransomware Group has claimed responsibility, alleging the theft of 3.39 gigabytes of data and publishing samples online. The investigation is ongoing and Sedgwick says services remain operational. The US Cyber Trust Mark is a voluntary consumer labeling program designed to help Americans identify smart devices that meet baseline cybersecurity stand. Launched by the Federal Communications Commission during the Biden Administration, the initiative was created to address long standing concerns that consumer Internet of Things products often ship with weak security and limited accountability after vulnerabilities emerge. That program now faces uncertainty after UL Solutions formally withdrew as its lead administrator and UL notified the FCC in late December that it was stepping down effective immediately, saying it had completed foundational work such as convening stakeholders and helping develop technical and governance recommendations. The departure leaves no clear entity overseeing day to day operations of the program. While UL described the move as a natural transition, the timing follows an internal national security review ordered last summer by FCC Chairman Brendan Carr, which examined potential foreign influence in program management. It remains unclear whether the FCC plans to appoint a replacement administrator. Google is signaling a renewed push to improve the reliability of its AI generated search responses as it expands AI overviews across Google Search. A new job listing shows the company is hiring engineers for an AI Answers quality role, focusing on verifying and improving the accuracy of AI overviews and AI mode responses. In the listing, Google acknowledges the need to solve complex challenges while reimagining how users search for information. The move is notable as Google continues to push AI generated answers more aggressively, including into its Discover feed, sometimes rewriting news headlines. Despite recent improvements, AI overviews still produce contradictory or fabricated answers, even when citing sources that do not support the claims. Media scrutiny has intensified with the Guardian reporting misleading health advice generated by AI overviews. The hiring effort appears to be Google's first indirect admission that answer quality remains a serious issue. Coming up after the break, my conversation with Deepen Desai from Zscaler. We're discussing what's empowering enterprise AI in 2026, and AI brings creative cartography to the weather forecast. Stick around. What's your 2am Security worry? Is it do I have the right controls in place? Maybe Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started at vanta.com cyber that's V-A-N-T A.com cyber. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With Ring Fencing, you control how trusted applications behave, and with Threat Locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. Deepen Desai is chief security officer at Zscaler, and in today's Sponsored Industry Voices conversation. We discuss what's powering enterprise AI in 2026. Well, Deepin, welcome back. And you and your colleagues there at Zscaler's Threat Labs have put out some interesting research when it comes to enterprises and AI. I would love to start off with some high level stuff here. I mean, can we start with the obvious? That is safe to say that AI is here to stay when it comes to these enterprise security operations?

CyberWire Daily – "Cyberattack in the fast lane."

Episode Overview

Key Discussion Points & Insights

1. Impact of Major Cyberattacks on Global Businesses

Jaguar Land Rover:
- Reported weak Q3 results due to a major cyberattack in September (03:00).
- Wholesale vehicle volumes dropped by 43.3% year-on-year, retail sales fell 25.1%.
- Attack forced weeks-long production stoppages and delayed global distribution until mid-November.
- Ripple effects included a need for £1.5B UK government support, and Tata Motors estimates direct costs at around £1.8B.
- Attack attributed to scattered Lapsus$-type group; prompted concerns of long-term economic impact.
Gulshan Management Services (Texas gas station chain):
- Data breach affected over 377,000 individuals; involved names, SSNs, IDs, and financial data (06:30).
- Disclosure delayed by more than three months, now facing lawsuits and regulatory scrutiny.

2. Geopolitical Cyber Risks

Surge in Attacks on Taiwan’s Energy Sector:
- Taiwan’s National Security Bureau: cyberattacks from China on energy sector up 1,000% in 2025 (08:00).
- Tactics include vulnerabilities exploitation, DDoS, malware during software upgrades.
- Main competitors: BlackTech, APT41.

3. Critical Vulnerabilities & Industry Alerts

Google Chrome Update: Patch for high-severity flaw in WebView—users urged to update now (10:00).
Veeam Backup Software: Multiple high-severity vulnerabilities fixed—no evidence of exploitation, but organizations warned to patch quickly.
D-Link Routers: End-of-life routers exposed to an active command-injection exploit—users strongly urged to replace unsupported routers.

4. U.S. Cyber Trust Mark Uncertainty

Consumer IoT Security Program:
- UL Solutions, main administrator, has withdrawn, creating program uncertainty (13:00).
- Follows security review for potential foreign influence, now lacking clear leadership.

5. Google’s AI Search Reliability Push

Google signals intent to improve AI-generated answers, posts jobs for “AI Answers Quality” (14:15).
Media and public scrutiny over misleading or fabricated AI-generated content.

Featured Interview: Deepen Desai (Zscaler) on Enterprise AI in 2026

The Reality of AI in Enterprises

“AI usage in enterprises is no longer a speculation, it's a reality. It's grown significantly. And then the cyber risks that comes with it are also real because we're starting to see more and more reports of things that are happening in the wild.”
— Deepen Desai (15:55)

- Annual AI Security Report

Analysis based on Zscaler’s vast cloud security data.
Organizations no longer merely testing AI—it’s now integral to operations.

Concentration Risk in AI Supply Chains

“The vendor concentration risk is a real problem because if you're relying only on one vendor for all your needs, you will have issues if that vendor has a bad day, both from security risk perspective as well as from business continuity perspective.”
— Deepen Desai (17:07)

Most enterprises rely on a handful of large LLM vendors (OpenAI, Google, Anthropic, etc.).
Real risk of “hidden” dependencies via supply chain partners employing the same AI vendors.
Outages or compromises affect both direct and indirect (embedded) use cases.

Departmental AI Usage Breakdown

Engineering: 47% of observed enterprise AI traffic is from engineering—mostly due to AI-powered coding assist tools (copilots, testing automation) (19:06).
IT, Marketing, Customer Support: Follow as leading consumers of AI apps.
AI usage is pervasive, but most transactions are code- or data-related tasks.

The Challenge of Shadow AI

Ongoing struggle for CISOs: unsanctioned (“shadow”) AI apps are proliferating, extending data risk (21:05).
Recent example: compromised NPM packages affecting code agents using open-source libraries.
Visibility and policy enforcement are paramount:

“It is absolutely prevalent… the biggest investment a lot of the CXOs are doing right now is to have a proper observability tooling and then the policy enforcement tooling.”
— Deepen Desai (21:20)

The Velocity Problem: AI vs. Human Adversaries

AI-driven threats act with speed, scale, and persistence beyond human attack capability (23:53).
Key contrasts:
- Humans: “Periodic bursty activity... limited parallel workloads... minutes to hours reaction.”
- AI agents: "Constant, tireless, adaptive... millisecond feedback loops... massive parallelism... no cognitive limits.”
AI can orchestrate sophisticated, multi-stage attacks without human weaknesses.

Practical Defensive Steps for Enterprises

“You need to know... have that observability [and] policy enforcement. Just like a zero trust exchange for all your AI needs, you need a good handle on having a governance in place and that starts with the observability piece…” — Deepen Desai (26:32)

Visibility and observability: Know all AI usage (sanctioned and unsanctioned) in your environment.
Zero trust everywhere: Can’t meet AI-speed risks reactively—must proactively shut down attack vectors via least-privilege and strong authentication.
Governance and Policy Enforcement: Rapidly identify, manage, and restrict unauthorized or risky AI applications.

Memorable Quotes & Insights

“The biggest investment a lot of the CXOs are doing right now is to have a proper observability tooling and then the policy enforcement tooling.”—Deepen Desai (21:20)
“When an AI agent is involved in the attack and acting in an almost autonomous fashion, it will be constant, tireless... well beyond human capacity.”—Deepen Desai (23:53)
“Prioritizing a zero trust strategy everywhere is critical. Because you essentially cannot fight AI driven attacks in a reactive manner because of how fast and how scaled these attacks will be.”—Deepen Desai (26:32)

Timestamps for Key Segments

Brief Note: Creative AI in Weather Forecasting

National Weather Service’s experiment with AI-generated graphics produced imaginary towns—(“Orange Tilled,” “Waterboard”)—prompting official clarifications and caution about AI’s place in authoritative public-facing content.

“AI can help fill gaps, but inventing towns is probably not the kind of innovation anyone had in mind.” (28:33)

For more details, reference links, and daily coverage visit the CyberWire Daily Briefing.

Cyberattack in the fast lane.

Summary

CyberWire Daily – "Cyberattack in the fast lane."

Episode Overview

Key Discussion Points & Insights

1. Impact of Major Cyberattacks on Global Businesses

2. Geopolitical Cyber Risks

3. Critical Vulnerabilities & Industry Alerts

4. U.S. Cyber Trust Mark Uncertainty

5. Google’s AI Search Reliability Push

Featured Interview: Deepen Desai (Zscaler) on Enterprise AI in 2026

The Reality of AI in Enterprises

- Annual AI Security Report

Concentration Risk in AI Supply Chains

Departmental AI Usage Breakdown

The Challenge of Shadow AI

The Velocity Problem: AI vs. Human Adversaries

Practical Defensive Steps for Enterprises

Memorable Quotes & Insights

Timestamps for Key Segments

Brief Note: Creative AI in Weather Forecasting

Transcript

Summary

CyberWire Daily – "Cyberattack in the fast lane."

Episode Overview

Key Discussion Points & Insights

1. Impact of Major Cyberattacks on Global Businesses

2. Geopolitical Cyber Risks

3. Critical Vulnerabilities & Industry Alerts

4. U.S. Cyber Trust Mark Uncertainty

5. Google’s AI Search Reliability Push

Featured Interview: Deepen Desai (Zscaler) on Enterprise AI in 2026

The Reality of AI in Enterprises

- Annual AI Security Report

Concentration Risk in AI Supply Chains

Departmental AI Usage Breakdown

The Challenge of Shadow AI

The Velocity Problem: AI vs. Human Adversaries

Practical Defensive Steps for Enterprises

Memorable Quotes & Insights

Timestamps for Key Segments

Brief Note: Creative AI in Weather Forecasting