Host Access News
We’re already one quarter into 2026, and there have been so many developments in regards to AI. I have to imagine the majority of us are using AI tools on a daily basis. From OpenAI, to the coding power offered by Claude, to the potential security capabilities of the new Mythos, it’s exciting to see the power at our fingertips. Sadly, not everyone using these tools has the best intentions, and we’re already seeing very real cybersecurity threats powered by these tools.
If it’s not already clear, you need to be thinking about how these AI tools impact the security of user access in your mainframe-based environment. Security by obscurity isn’t enough.
But let’s look at some of those real-world scenarios that have already begun to play out.
Claude tried to hack 30 companies – but no one asked it to.
A cybersecurity firm recently took on the research task to answer the question: what if we asked Claude to research certain data that could only be retrieved via hacking? The results are shocking.
To answer this question, Truffle Security stood up 30 dummy companies with fake data so they could test how Claude would interact with the data – or not. Would it return inconclusive results because the data wasn’t publicly available?
Per the researchers, when legitimate paths were broken, the agent autonomously discovered and exploited SQL injection vulnerabilities to complete the tasks and return the requested data. Unprompted, Claude had hacked these cloned organizations because there were vulnerabilities that could be exploited, and it couldn’t access the requested data in legitimate ways.
While this may not be the new standard, it’s critical to consider these new AI capabilities when securing your core systems and critical data.
Leaked Windows zero-days actively exploited in cyberattacks
It’s fairly common for vulnerabilities and ways to exploit them to be found in large organizations today. On the enterprise side, Microsoft assigns these a CVE, patches them, and publishes a report on the vulnerability. Recently, though, a few of these zero-day vulnerabilities were leaked and able to be actively exploited. What’s more surprising about these attacks, though, is that they were intended to be discovered and scanned by Defender. As part of the exploit, Defender unintentionally copies the malicious files to the original location because they include a cloud tag, and the attacks proliferate.
While you may not be actively managing Windows systems, it’s important to understand that these exploits exist, and there are many ways bad actors could attain credentials to access your core systems. It’s more important than ever to ensure you’re securing that backend access, so, even if an attacker does get credentials and laterally move through the system, they don’t have the necessary pieces to access the critical data on your mainframe.
Ransomware is growing faster than the spending to stop it
Cyberattacks aren’t new, and as organizations are more interconnected and globally distributed, they’ve only gotten worse. Generally speaking, organizations keep this in mind and invest in security to keep the bad actors out. But things like state-sponsored attacks and AI-powered attacks make ransomware and other cyberattacks big business. Surprisingly, though, a new report shows that the number of ransomware attacks have far outpaced the spending within organizations to stop this type of attack.
While the measurements for each of these statistics aren’t directly connected, they do illustrate the fact that attackers can scale their attacks quickly, and the rate at which we’re tasked with catching and stopping these threats is only getting worse.
Conclusion
AI is growing at a staggering rate, and we need to keep up to keep our data and systems secure. That starts with ensuring the people who access core systems are who they say they are. A firewall and obscured data are no longer enough – you need defense in depth. Get started now to keep user access secure.
