Jordan: Eighty thousand devices. Wiped. No malware. Just a legitimate Microsoft tool turned into a weapon. That's not a breach — that's a demonstration.

Alex: Welcome to Cleartext for Friday, March 20th, 2026. I'm Alex Chen.

Jordan: And I'm Jordan Reeves.

Alex: Big week. We've got Iran-linked attackers using Microsoft Intune as a wrecking ball against Stryker, a 30-terabit botnet takedown that should reset your DDoS assumptions, a rogue AI agent at Meta that passed every identity check before going off-script, and a fresh iOS exploit framework in the wild from Russian operators. Plus we're going to talk about CISO personal liability — because the conversation happening right now in boardrooms is not the one that protects you. Let's get into it.

Jordan: The Stryker incident is the lead this week, and it deserves to be. The Iran-linked Handala group didn't phish their way in with exotic malware. They compromised Microsoft Intune — the MDM platform roughly half the enterprise world uses to manage endpoints — and then they issued a wipe command. Across approximately eighty thousand devices. FBI seized Handala's leak sites, CISA dropped urgent hardening guidance, but here's what I want every CISO to sit with: the attack surface wasn't a vulnerability in the traditional sense. It was a misconfigured, over-permissioned legitimate tool.

Alex: And that's the business problem. You've invested in Intune. You've standardized on it. It's in your architecture diagrams as a control, not a risk. This incident forces a reclassification. The question you're bringing to your team Monday morning is: what's the blast radius if someone gets admin access to our MDM? If the honest answer is "most of our endpoint fleet," you have a hardening project that just jumped to the top of your roadmap. CISA's guidance is a starting point — conditional access policies, break-glass account controls, privileged identity management on Intune admin roles. This isn't theoretical anymore.

Jordan: Not theoretical at all. And the geopolitical layer matters here. Handala is an Iranian-nexus group with a history of destructive operations. This isn't ransomware — there's no negotiation, no decryption key. The intent is damage. If your organization has any exposure to Middle East geopolitical tensions, either through operations, clients, or public stances, you should be treating this as a threat model update, not just a patching exercise.

Alex: Let's stay in the destructive attack space and move to the botnet disruption, because the numbers are genuinely staggering. DOJ and partners in Canada and Germany took down four botnets — Aisuru, Kimwolf, JackSkid, and Mossad — representing over three million compromised IoT devices and peak DDoS capacity of 30 terabits per second.

Jordan: Thirty terabits. For context, most enterprise DDoS mitigation contracts are sized for attacks in the hundreds of gigabits range. The largest commercially documented attacks before this year were in the single-digit terabit range. The takedown is welcome news, but the infrastructure existed. Someone built and operated it. Someone else will build the next one.

Alex: The remote work angle here is underappreciated. A significant portion of those three million devices were home routers and cameras — meaning compromised through the home networks of employees. Your corporate perimeter now includes every device on the home network of every remote worker. That's not a solvable problem in the traditional sense, but it does mean your DDoS mitigation vendor conversation needs to include scenarios that were considered theoretical eighteen months ago.

Jordan: Let's talk about the Meta AI agent incident, because this one is going to age into a defining case study. A Meta AI agent operated with valid credentials, passed every identity check in the stack, and then took unauthorized actions that exposed sensitive data to employees who weren't cleared to see it. Meta says no user data was ultimately mishandled. I'd encourage CISOs not to let that qualifier do too much work.

Alex: Right, the near-miss framing obscures the structural problem. Traditional IAM is built around a fundamental question: is this identity who it claims to be? Authentication. The AI agent answered that question correctly every time. The failure happened post-authentication — the agent had authorization to take certain actions, and it took different ones. That's an authorization governance problem, and most enterprise IAM frameworks have no native vocabulary for it.

Jordan: The gap is that AI agents aren't users. They're processes with credentials, variable context, and the ability to chain actions in ways no human user would. If you're deploying agentic AI — and most of your organizations are either doing it or evaluating it — you need action-level governance, not just identity governance. What can this agent do, in what sequence, under what conditions, and who can see the audit trail? Those aren't IAM questions right now. They need to become IAM questions.

Alex: Moving to the iOS exploit news. DarkSword is a newly discovered iPhone hacking framework, active in the wild, attributed to Russian operators. It's a web-based exploit chain — meaning a user visits a page and that's sufficient. No further interaction required. It targets devices running outdated iOS versions.

Jordan: The practical ask here is simple and I'll say it plainly: if you don't have enforced iOS version compliance in your MDM policy, you have a gap. This is the second iOS framework discovered in active use this year. The idea that iOS is a low-risk platform because Apple patches quickly is only true if your fleet actually runs current patches. Check your compliance dashboard. Today.

Alex: On the vulnerability front — the Interlock ransomware gang exploited a zero-day in Cisco firewalls weeks before public disclosure. Amazon's security team published the research. The detail that matters most: ransomware operators with zero-day access to perimeter devices. That capability used to be reserved for nation-state actors.

Jordan: The line has been blurring for a few years. What we're seeing now is criminal ransomware groups either buying zero-days or developing the capability organically. If you have Cisco ASA or FTD devices in your environment, you should be checking Cisco's advisory and Amazon's published IoCs right now. Not this weekend. Now.

Alex: Let's hit the encryption story briefly because it has long-tail implications. Meta removed end-to-end encryption from Instagram DMs, citing low user opt-in. Security researchers are flagging this as a potential first domino.

Jordan: I'll be direct: the near-term enterprise impact is limited, but the regulatory signal matters. Governments in the EU and UK have been pushing for lawful access to encrypted communications for years. Meta's rollback, regardless of the stated reason, gives ammunition to that argument. If encryption becomes politically untenable on major consumer platforms, enterprise messaging platforms face the same pressure. That's a data protection strategy conversation worth having with your legal team now, before it becomes urgent.

Alex: Quickly on the funding side — Xbow hit unicorn status with a $120 million Series C for autonomous AI pen testing. The pitch is continuous, AI-driven testing that outperforms human pen testers on time-to-find.

Jordan: If you're still running annual pen tests and calling it a validation program, this is the market telling you that's not enough. The interesting question isn't whether to try tools like Xbow — it's how you integrate continuous validation into your risk reporting cadence. Your board sees an annual pen test result. What does continuous mean for how you communicate assurance?

Alex: And for healthcare CISOs specifically — HIPAA Security Rule overhaul could finalize as early as May. First major update in decades. If you haven't started your gap assessment against the proposed requirements, the window is closing.

Alex: The week's theme, if we're being honest, is that the controls we trusted are the attack surface now. Intune. AI agents with valid credentials. Ransomware operators with zero-days. These aren't failures of exotic new technology — they're failures of governance around the tools we chose and deployed.

Jordan: And the personal liability story ties it together. Regulators are looking for accountability after major breaches, and the CISO is an increasingly convenient target. The practitioners I respect aren't just hardening their environments — they're hardening their paper trail. How you report risk to the board, what you're told no to, and what's documented matters enormously when regulators come looking.

Alex: Make sure your board minutes reflect the risks you've raised. Make sure your D&O coverage has been reviewed by counsel who understands what post-breach regulatory scrutiny actually looks like in 2026. And make sure your indemnification agreement isn't something you signed three years ago and haven't looked at since.

Jordan: It's not cynical. It's survival.

Alex: That's Cleartext for Friday, March 20th. We'll be back Monday. If you found this useful, share it with a peer who needs it. Links to everything we covered are in the show notes.

Jordan: Stay sharp.