Canary Trap’s Bi-Weekly Cyber Roundup
Welcome to Canary Trap’s Bi-Weekly Cyber Roundup. Our mission is to keep you informed with the most pressing developments in the world of cybersecurity. This digest serves as your gateway to critical updates and emerging threats across the industry.
This week’s headlines highlight the growing security blind spots introduced by rapid AI adoption, increased third-party access to sensitive data, and evolving attack techniques targeting critical infrastructure. From large-scale attacks on AI systems to real-world impacts on healthcare operations, these stories underscore the urgent need for improved visibility, governance, and resilience across today’s cyber landscape.
- Survey: Rapid AI Adoption Causes Major Cyber Risk Visibility Gaps
As software supply chains grow more complex, most organizations understand the importance of managing third-party cyber risk. However, the rapid adoption of AI chatbots and AI-enabled tools is introducing a new class of risk that many enterprises are not prepared to handle.
Employees are increasingly using AI services, often without formal approval or oversight, exposing organizations to unknown security and data privacy threats. According to Panorays’ latest CISO Survey on Third-Party Cyber Risk Management, 60% of CISOs consider AI vendors “uniquely risky,” largely due to their lack of transparency.
Despite this awareness, only 22% of CISOs have implemented formal processes to vet AI vendors. This gap creates scenarios where sensitive data can be unintentionally shared through prompts, with little understanding of how that data is stored, processed, or reused.
The survey, which included 200 U.S.-based CISOs, found that 62% believe AI vendors pose a different risk profile than traditional software providers. Many AI tools are closed-source, limiting visibility into how data is handled and making audits difficult or impossible.
At the same time, employees often lack guidance on safe AI usage. This increases the likelihood of confidential information, such as proprietary code or customer data, being entered into AI systems. High-profile incidents, including cases where employees shared sensitive internal data with public AI tools, highlight how easily this risk can materialize.
Traditional third-party risk assessment tools are not designed to capture these AI-specific threats, leaving organizations with significant blind spots.
While the risks are well understood, many organizations are still relying on standard third-party onboarding processes for AI tools. Over half of surveyed CISOs admitted they use the same vetting approach for AI as they do for conventional software, despite AI’s unpredictable behavior and data handling practices.
Only a small percentage of organizations report having full visibility into their third-party risk exposure, and 60% have seen an increase in security incidents tied to third parties over the past year. Larger enterprises appear to be further along, with AI-specific policies more common in organizations with over 10,000 employees.
AI tools offer clear productivity benefits, which explains their rapid adoption across enterprises. However, security governance is struggling to keep up. As Panorays notes, organizations are deploying AI faster than they can secure it, creating dangerous visibility gaps and increasing the risk of data leakage.
The good news is that CISOs recognize the problem. Many now see AI-specific onboarding and governance as a priority, an essential step toward balancing innovation with security and compliance in an AI-driven workplace.
- Hackers Launch Over 91,000 Attacks on AI Systems Using Fake Ollama Servers
Threat actors are increasingly shifting their attention to the systems that support artificial intelligence. New research shows that AI infrastructure is already being actively mapped and tested by cybercriminals.
Between October 2025 and January 2026, researchers observed more than 91,000 attack sessions targeting AI-related services. The activity was identified through a honeypot deployed by GreyNoise, which mimicked installations of the AI tool Ollama to attract malicious traffic.
The findings point to two distinct attack campaigns. The first relied on Server-Side Request Forgery (SSRF) techniques, where attackers attempted to trick AI servers into making outbound connections to attacker-controlled systems. These attempts specifically targeted Ollama and Twilio, using malicious registry URLs to force servers to “call back.” Notably, activity surged over the Christmas holiday period, suggesting attackers took advantage of reduced staffing.
The second campaign was far more systematic. Beginning in late December 2025, attackers from two IP addresses launched large-scale reconnaissance against more than 73 AI-related endpoints, generating over 80,000 sessions in just 11 days. Rather than exploiting vulnerabilities, the actors appeared to be identifying which AI models were accessible.
Researchers confirmed the probes covered nearly every major AI platform, including models from OpenAI, Anthropic, Meta, Google, DeepSeek, Mistral, Alibaba, and xAI. The attackers used simple prompts, such as basic factual questions, to confirm whether a model responded.
It is recommended to limit AI model downloads to trusted sources and monitoring for repetitive, automated queries that may indicate reconnaissance. The activity spanned 62 IPs across 27 countries, highlighting the scale and coordination involved.
Security leaders caution that while model probing is concerning, the larger risk lies ahead. As AI agents gain deeper access to enterprise and cloud environments, poor oversight could open the door to far more serious attacks.
Organizations that focus solely on securing AI models, Hughes warned, may miss the bigger picture, and end up reacting to threats they never anticipated.
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
New research examining 4,700 high-traffic websites shows a sharp rise in third-party web risk. Nearly 64% of third-party applications now access sensitive data without a clear business need, up from 51% last year. The problem is no longer confined to commercial sites, it’s accelerating into government and education infrastructure.
The government sector saw malicious activity jump from 2% to nearly 13%, while one in seven education websites shows signs of active compromise. At the same time, widely used tools like Google Tag Manager, Shopify, and Facebook Pixel continue to drive a significant share of unjustified data access due to over-permissioned deployments.
Despite growing exposure, organizations are struggling to respond. While 81% of security leaders rank web attacks as a top concern, fewer than 40% have implemented dedicated controls to manage third-party risk. Budget limitations, staffing shortages, and regulatory complexity, especially in public institutions, are slowing progress, even as exposure increases year over year.
Analysts point to a governance breakdown between security and marketing teams. Marketing and digital departments now account for over 40% of third-party risk, frequently deploying analytics and tracking tools into sensitive areas like login and payment pages. Many of these tools retain access long after they stop delivering value, or never needed that access in the first place.
This creates a dangerous scenario: a single compromised vendor or pixel with broad permissions could expose data at massive scale. Given the ubiquity of some trackers, the impact could exceed past high-profile supply chain attacks.
Third-party web exposure is no longer a theoretical risk, it’s measurable, growing, and increasingly concentrated in under-resourced sectors. Organizations that perform well share one trait: strong governance over what third-party code runs, where it runs, and what data it can touch.
Reducing risk doesn’t require removing functionality, it requires visibility, least-privilege access, and tighter collaboration between security and marketing teams.
- CrowdStrike to Buy Seraphic Security in Bid to Boost Browser Security
CrowdStrike has announced plans to acquire Seraphic Security, a browser security startup, as part of its continued expansion strategy. The move adds browser-level telemetry and protection to CrowdStrike’s Falcon platform, strengthening visibility into one of today’s most common attack surfaces.
Seraphic Security focuses on securing browser activity through capabilities such as secure web access, zero-trust connectivity, and protection for SaaS and private web applications. Its approach allows organizations to deliver a consistent, secure browsing experience across both managed and unmanaged devices, without relying on VPNs or virtual desktop infrastructure.
As browsers have become the primary workspace for employees, they’ve also emerged as a major entry point for threats. Despite this shift, browser activity has often remained outside traditional endpoint detection and response strategies. By integrating Seraphic’s real-time, in-session browser protection with Falcon’s endpoint telemetry and threat intelligence, CrowdStrike aims to close that gap.
CrowdStrike also plans to combine this browser visibility with identity and authorization capabilities from its recent SGNL acquisition. Together, these technologies are designed to improve detection of identity-based attacks such as credential misuse, session hijacking, and token abuse, often before malware ever reaches the endpoint.
The deal, reportedly valued at around $420 million in cash, is expected to close in the first quarter of CrowdStrike’s fiscal 2027. Alongside the SGNL acquisition announced earlier, it signals CrowdStrike’s continued investment in expanding Falcon’s telemetry and reinforcing its zero-trust security strategy.
- Cyber-Stricken Belgian Hospitals Refuse Ambulances, Transfer Critical Patients
A cyberattack has significantly disrupted operations at two hospitals in Belgium, forcing the cancellation of surgeries and the transfer of critically ill patients to nearby facilities.
AZ Monica, which operates hospitals in Antwerp and Deurne, confirmed that it shut down parts of its IT infrastructure as a precaution following the incident. As a result, seven critical care patients were relocated to other hospitals with support from the Red Cross, while non-critical patients continue to receive care on-site.
Hospital emergency departments were operating at reduced capacity, and local reports indicate that approximately 70 surgeries were cancelled in a single day. Disruptions were expected to continue into the following day, although no further official updates have been released.
Several emergency response services, including Mobile Urgency Groups (MUG) and Paraprofessional Intervention Teams (PIT), were temporarily unavailable. Patients were advised to anticipate delays during registration and to seek urgent care through general practitioners or alternative emergency services, as ambulance transfers to the affected hospitals were paused.
AZ Monica stated that patient safety and continuity of care remain its top priorities and that updates will be shared as more information becomes available.
References:
https://hackread.com/survey-rapid-ai-adoption-cyber-risk-visibility-gaps/
https://hackread.com/hackers-attack-ai-systems-fake-ollama-servers/
https://thehackernews.com/2026/01/new-research-64-of-3rd-party.html
https://www.theregister.com/2026/01/14/belgium_hospital_cyberattack/
