Jordan: Seventy-six percent. That's the number you need to carry into your Monday morning. Three out of every four dollars stolen in crypto globally this year went to North Korea. And they're not slowing down — they're using AI to do it faster. That's the geopolitical reality underneath what was otherwise a very busy week across breaches, vulnerabilities, and a governance story that I think most CISOs still haven't fully processed. We'll get into all of it.

Alex: Welcome to Cleartext. It's Saturday, May 2nd, 2026. I'm Alex Chen, joined as always by Jordan Reeves. If you had a real week and the news cycle got away from you, this is the episode you need. We're going to tell you what actually mattered, what connects, and what you need to be thinking about heading into next week. Here's how we're organizing it today: we're going to start with the geopolitical picture, because frankly it was dominant. Then we're moving into what I think is the sleeper story of the week — AI agents and the identity crisis they're creating. Third, we've got a breach cluster that has a disturbing common thread. And we'll close with vulnerabilities, because the patch queue is not getting shorter. Let's go.

Jordan: So let's talk about North Korea, because the seventy-six percent figure from Dark Reading is not a statistic you footnote — it's a threat brief. Kim Jong-un's cyber apparatus is running what is effectively a state-sponsored hedge fund that steals its capital. They're doing this on a weekly cadence now. And the BlueNoroff story from Monday adds the operational detail that should keep your security awareness team up at night: they're using stolen victim videos and AI-generated avatars to run fake Zoom calls targeting crypto executives. Let that sit for a second. Your counterpart at another firm gets compromised. Their likeness gets harvested. Now it's being used to socially engineer your team in a meeting that looks completely legitimate.

Alex: The "victim becomes lure" pattern is particularly nasty from an incident response standpoint. You remediate the breach, you notify the affected executive, and you think you're done — but their identity has now been weaponized against your organization and potentially dozens of others. The standard awareness training framework of "watch for suspicious links" doesn't address a deepfake video call from a face your executives actually recognize and trust.

Jordan: And then you layer in the Silk Typhoon extradition — a Chinese national pulled out of Italy and brought to the US for MSS-directed hacking that included COVID-19 research theft. That case covers 2020 to 2021, so it's a long tail on prosecution. But the signal it sends is that the US is willing to play a long game on attribution and extradition, even under diplomatic pressure. And Trend Micro dropped a new China-aligned campaign this week — SHADOW-EARTH-053 — hitting government and defense targets across Asia and at least one NATO member state, plus journalists and activists.

Alex: So the geopolitical picture this week is really two parallel tracks. North Korea is running financially motivated operations at scale, with AI acceleration, and with a targeting profile that now extends beyond pure crypto firms to anyone with digital assets or exposure to the space. China is running strategic espionage — governments, defense contractors, NATO adjacency, dissidents. Different goals, different TTPs, but both operating with increasing sophistication and both using AI as a force multiplier. For CISOs in financial services, fintech, or any organization managing digital assets, DPRK is not a background noise threat anymore. It's a named adversary that you should have in your threat model by name.

Jordan: Now let's pivot to what I think is the most structurally important story of the week, and it got somewhat buried under the breach headlines. CyberScoop ran a piece Wednesday on AI agents and identity, and it connects to about four other things that happened this week in ways that should worry you. The core problem: AI agents are being deployed into production environments with broad system access, and nobody has solved the identity layer for them. They're not human users. They don't authenticate through your IdP the way your employees do. They're not covered by your PAM policies. And they're already inside critical infrastructure.

Alex: CISA, NSA, and the Five Eyes partners published joint guidance on this Friday — which tells you the regulatory direction this is heading. When you get a joint advisory from that coalition, you're looking at what becomes a compliance expectation inside of eighteen months, maybe sooner. The guidance essentially confirms what the CyberScoop piece laid out: most organizations are granting agents far more access than they can safely monitor or control.

Jordan: And then there's the VentureBeat piece on AI coding agents — Claude Code, Copilot, Codex — where six independent research teams all reached the same finding through different exploits. Every single attack went for the credential, not the model. BeyondTrust showed a crafted GitHub branch name could steal Codex's OAuth token in cleartext. OpenAI rated it Critical P1. Claude Code leaked on npm. And Anthropic's own model was found to silently ignore deny rules after fifty subcommands — meaning your guardrails have a cliff edge built into them that nobody disclosed.

Alex: The through-line here is that your AI tools are holding production credentials and authenticating without human sessions, and your existing PAM and IdP tooling almost certainly has no visibility into that. This is an IAM blind spot that is not theoretical. The exploits are real, they're documented, and the PoCs exist. If your organization has deployed any AI coding assistant or agentic tool with access to production systems or code repositories, you need to audit what credentials those tools hold. This week, not next quarter.

Jordan: The M&A activity this week validates that this is a real product gap, not just a research problem. Palo Alto is acquiring Portkey to build an AI agent communications gateway. Cisco is reportedly in talks to buy Astrix Security for up to three-fifty — that's a non-human identity management play. When two of the largest security platforms in the world are spending that kind of money in the same week on the same problem space, the market is telling you something about where the risk is concentrating.

Alex: And the NCSC in the UK issued a warning this week about what they're calling a looming patch wave — AI is accelerating vulnerability discovery by both defenders and attackers, and the traditional patching cycle can't keep up. That warning was validated in real time this same week by the Copy Fail Linux vulnerability, which was discovered by an AI-equipped researcher at Theori, dropped with a ten-line public PoC, and affects every Linux kernel since 2017. Root access. Public exploit. Patch your Linux infrastructure before Monday.

Jordan: The cPanel zero-day is in the same category. CVE-2026-41940, critical auth bypass, exploited in the wild since at least February — months before anyone disclosed it. CISA added it to KEV Friday with a patch deadline of Sunday. If you have web hosting infrastructure running cPanel and you haven't verified patch status, stop this podcast and go do that right now.

Alex: Now let's hit the breach cluster, because there was a common thread this week that I think deserves more attention than it got individually. The Trellix source code breach is a supply chain risk story — a security vendor's own code repository gets compromised, and every customer running their product now has to ask whether the exposed code reveals exploitable weaknesses in their deployed defenses. That's a particularly uncomfortable position for security products to be in.

Jordan: Medtronic confirmed a breach from ShinyHunters claiming millions of records. That's the healthcare sector again — it's been a consistent target in 2026 and there's no sign of that abating. But the story that genuinely stopped me was the ransomware negotiators sentenced to four years this week. Two former incident responders — one from Sygnia, one from DigitalMint — were convicted of conducting BlackCat attacks against the companies they were supposed to be protecting. They extorted nearly one-point-three million dollars from a single victim.

Alex: I've been a CISO. I've hired IR firms. I've sat across the table from incident responders in the worst moments of an organization's security history. The trust that relationship requires is profound. These are the people with your keys, your forensics, your playbooks, your contacts. The idea that that access could be weaponized from the inside is not a theoretical risk anymore. It happened, it was prosecuted, and they're going to prison. But that doesn't undo the damage. CISOs need to think rigorously about how they vet IR partners, what access they're granted, and what monitoring exists on that access even for trusted security personnel.

Jordan: And Cordial Spider and Snarky Spider — two new Scattered Spider-adjacent groups identified by CrowdStrike this week — are speedrunning the same playbook: vishing your helpdesk, abusing SSO pages, getting into SaaS environments fast and leaving almost no forensic trace. The attack surface is almost entirely in your SaaS stack. They're not touching endpoints. They don't need to. If your helpdesk can be socially engineered into resetting MFA, and your SaaS environment doesn't have DLP controls that can detect bulk data movement, you are exposed to this pattern right now.

Alex: And the PyTorch Lightning supply chain compromise — malicious versions pushed to PyPI, credential theft, GitHub Actions tampering, SSH persistence — is the reminder that your ML teams are running software with the same supply chain risks as everything else in your environment. Software composition analysis needs to cover your data science pipelines, not just your application code.

Jordan: So what was this week? Stepping back, if I had to characterize it in a single sentence: this was the week where the AI-as-accelerant thesis stopped being theoretical and started showing up in vulnerability disclosures, active exploits, regulatory guidance, and nine-figure acquisition prices simultaneously.

Alex: The Copy Fail vulnerability found by AI. The NCSC warning about AI-accelerated patch waves. Anthropic pulling Mythos because it found thousands of unknown vulnerabilities. AI coding agents with production credentials being targeted by attackers. CISA and the Five Eyes warning about agent identity. Palo Alto and Cisco spending hundreds of millions to address the gap. Every single one of those stories connects back to the same underlying shift: AI is compressing timelines across the entire attack and defense cycle, and the security infrastructure most organizations have was not built for that speed.

Jordan: For CISOs heading into next week, I'd prioritize three things. Patch Linux and cPanel — those are immediate. Audit what credentials your AI tools hold in production — that's the IAM blind spot that's actively being exploited. And if you have any exposure to digital assets or crypto infrastructure, DPRK is not a background threat, it's a foreground one.

Alex: And take the CISA-NSA AI agent guidance seriously. Not because of what it says today, but because of what it signals about where compliance expectations are heading. Get ahead of it now, when you have runway, rather than scrambling when it becomes a requirement.

Jordan: The week in security was fast. Next week will probably be faster.

Alex: That's the Week in Review for the week ending May 2nd, 2026. The daily show returns Monday. If this episode was useful, share it with the peers in your network who need the synthesis. I'm Alex Chen.

Jordan: I'm Jordan Reeves. Stay sharp.