Reading view

Responsibly building the AI future

Today, Microsoft published its 2026 Environmental Sustainability Report. This report covers our fiscal year 2025, and measures progress against our 2020 baseline. You can read the foreword below and explore the report in its entirety here. 

As we enter a new era for AI, Microsoft’s environmental sustainability work is entering a new phase—defined not only by ambition, but by how we deliver in a period of rapid technological change. In our pursuit of becoming a carbon negative, water positive, and zero waste company that protects ecosystems, the context has evolved, and so must our approach. 

The global shift toward AI is reshaping economies, accelerating innovation, and becoming foundational to how technology is built and used. It is also increasing demand for the energy, water, land, and materials required to support that growth. As a company at the forefront of this transition, Microsoft has a responsibility to help ensure that technology strengthens, rather than strains, the systems and communities on which it depends. This imperative is reshaping the context for our work. 

We are approaching this moment with clarity and conviction. We believe AI can deliver broad societal, economic, and environmental benefits, but innovation at this scale must be matched by responsibility at the same scale. For Microsoft, this means designing, building, and operating infrastructure that is more efficient, more resilient, and more grounded in the realities of the communities where we operate. 

We do not see these dynamics as a reason to step back. We see them as a mandate to lead differently. That requires greater operational rigor, stronger integration across our sustainability priorities, and a sharper focus on durable outcomes for the local communities where we work and the global value chains that make our work possible. It also requires being transparent about where progress is advancing, where it is more difficult, and where new approaches are needed. 

The path forward will not be defined by simple tradeoffs or single solutions. It will depend on how effectively we align innovation with stewardship. The systems we build to support the future must also support the long-term health of the planet and the communities we serve. Our experience makes clear that this is possible, but only with even greater discipline, partnership, and a willingness to learn and adapt as conditions evolve. 

YouTube Video

What this moment requires 

Our aim is to build technology that gives more than it uses. Lasting progress depends on how we build it and whether that growth strengthens the places where it takes root.  

This thinking is reflected in our Community First AI Infrastructure approach, which is helping shape a more integrated model for community partnership, responsible operations, and environmental performance as we grow. In this way, sustainability is not separate from growth; it is part of how responsible growth is defined. 

While AI infrastructure is driving demand for energy, water, land, and materials, sustainability solutions are not scaling fast enough to meet demand. This tension is real, and it is also productive. 

It is forcing sharper questions: Where do we need to move faster, invest differently, or rethink our approach? Which assumptions still hold, which ones need to evolve? Five years into this work, we have more operational data, more direct experience, and a clearer view of what measurable planetary progress actually requires. That perspective helps keep us focused on outcomes rather than attached to any single pathway. 

We want to be clear about what this means—and what it does not. It means being more precise about what sustainability requires for Microsoft, and more willing to refine our strategies as conditions change, data improves, and tradeoffs become clearer. It does not mean we are lowering our ambition. 

Progress amid growth 

Our results reflect both progress and pressure. As we scale the physical infrastructure required to power the AI economy, our emissions are shaped by the impact of that growth and the actions we are taking to manage it. 

The visual that follows illustrates this dynamic by comparing our reported emissions with a modeled view of where emissions may have been in the absence of four specific interventions: carbon free electricity, sustainable fuels, XBOX console efficiency, and Surface device decarbonization. While these examples represent only a portion of our emissions reduction efforts, they highlight an important lesson from our work to date: that well-designed, targeted interventions can deliver measurable progress even as demand for infrastructure continues to rise.

Reported emissions from FY20 through FY25 compared against an illustrative counterfactual scenario of estimated emissions had select, discrete carbon reduction initiatives not been undertaken in carbon-free electricity, sustainable fuels, Xbox console efficiency, and Surface device decarbonization.

In FY25, we matched 100% of our annual global electricity consumption with renewable energy[2]. Microsoft will continue to push for an expansive focus on adding all forms of carbon-free electricity (CFE) [3] to the grids where we operate, complementing and building on our portfolio of renewable energy resources. We recognize that the world’s rising electricity needs require a balanced, all-of-the-above decarbonization strategy to meet global economic growth and environmental goals, and we will continue to support this approach moving forward.

Our total emissions (Scopes 1, 2, and 3) increased 25% year over year, driven primarily by the expansion of our datacenter infrastructure and pausing our use of non-additional, unbundled renewable energy certificates as we prioritize investments that bring net new power to grids. While this decision increases our reported emissions in the near term, it enables us to increase the development of new CFE rather than relying on certificates alone. We believe this change will create more long-term sustainability benefits. Growth-related emissions pressure was expected. The more important signal is where that pressure is concentrated. 

Scope 3 remains the largest share of our footprint overall, but one of the clearest changes this year was the growing contribution of Scope 2, which represents 13% of our total emissions—up from nearly 2% last year. This development highlights how important the energy systems across our supply chain are in shaping environmental outcomes. 

This year’s results also made clear that progress now depends on adapting how we work. 

Water is one of the clearest examples. In FY25, we replenished for the first time more water globally than we withdrew—more than 14 million cubic meters—marking a major milestone on our journey to become water positive. Reaching this point reflects years of work to improve water efficiency, expand replenishment efforts, and scale partnerships around the world. 

We are proud of this achievement but also know that replenishing global volumes is not enough. The next phase of our work is increasingly local. As we move forward, we are placing greater focus on helping restore more water to the watersheds where we operate than we withdraw while strengthening long-term water resilience. We prioritize projects in water-stressed regions that are locally relevant and designed in partnership with communities, delivering benefits not only for water availability, but also for ecosystems, economies, and people. Through this approach, we aim to ensure our growth supports and helps sustain the communities and environments where we operate. 

Transparency remains central to how we work and how we report. Microsoft has eliminated nearly all single-use plastics in our primary product packaging, reducing the share that remained to just 0.07% at the end of calendar year 2025.[4] But we are not rounding down. We are staying accountable to the work required to eliminate them entirely. 

Across our cloud operations, we achieved 92% reuse and recycling of decommissioned servers and components for the second consecutive year, diverted 90.5% of construction and demolition waste from landfills and incinerators, and expanded our Circular Centers to seven facilities globally. These results also reflect a broader shift toward solutions that have co-benefits—reducing both emissions and resource demand over time. 

Throughout this journey, we have learned that progress in one area often depends on progress in another. Clean energy investments are essential to decarbonization. Water use is linked not only to our operations, but also to the energy systems that power them. And extending hardware life through circular approaches can reduce both emissions and material demand across the value chain. 

That is why our priorities extend beyond tracking progress against individual commitments on water, carbon, waste, and ecosystems as though they move independently. Our experience has made clear that progress does not happen pillar by pillar. Some of the most consequential work ahead will be measured in whether we address system challenges and help build the conditions for long-term progress: more resilient grids, stronger markets for lower-carbon materials, more effective water stewardship, and infrastructure designed and operated with local realities and community priorities in mind. 

For that reason, this year’s report takes a more integrated approach—placing progress against our commitments in the broader context of how those commitments are operationalized across our infrastructure and products. 

What’s next 

We are proud of what we have accomplished, and we remain humbled by the scale of the challenge ahead. Responsibly building the AI future requires clear accountability for what AI demands, candor about real constraints and tradeoffs, and sustained focus on outcomes that are durable and broadly shared. The chapters that follow show how we translate that intent into execution across our physical infrastructure, products, and value chain—where our sustainability commitments become operational reality.

Read the full report: https://aka.ms/SustainabilityReport2026 

[1] The solid line represents Microsoft’s reported greenhouse gas emissions (Scopes 1, 2, and 3) for FY20–FY25, prepared in accordance with GHG Protocol and management’s criteria, and uses a market-based emissions approach. The dotted line represents an illustrative counterfactual scenario of estimated emissions had select, discrete carbon reduction initiatives not been undertaken. These initiatives include energy efficiency improvements for XBOX consoles, renewable energy purchases, sustainable aviation fuel (SAF) and sustainable marine fuel (SMF) certificates, and supply chain decarbonization of Surface devices. The difference
between the two lines is an estimate of emissions avoided through these specific initiatives relative to a scenario without those initiatives occurring. This estimate is directional in nature, does not represent the full scope of Microsoft’s decarbonization efforts, and is not part of our reported greenhouse gas inventory. It should not be interpreted as a comprehensive measure of total emissions reductions or as additive to other carbon reduction or removal claims.

[2] Microsoft defines renewable energy as electricity that comes from sources that are replenished at a rate greater than or equal to their rate of depletion, such as geothermal, wind, solar, hydro, and biomass. To date, Microsoft’s renewable energy target includes two primary categories: renewable energy from contracted projects and grid mix. The first is renewable energy delivered under PPAs or similar long-term contracting mechanisms, generally for new projects where our financial involvement in the project’s development is critical for its success. This category represents more than 90% of the renewable energy applied to achieve our 2025 target. The second category is “grid mix” – renewable energy supported via our standard utility relationships and rates, inclusive of policy programs such as renewable portfolio standards and state and utility decarbonization goals. Our 2025 100% renewable target does not include purchases from short-term, so-called “spot market” renewable energy credits (RECs) sourced from operational clean energy projects.

[3] Microsoft defines carbon-free electricity (CFE) technologies as technologies with zero direct emissions and biogenic technologies with lifecycle emissions equivalent to renewables. CFE technologies include wind; solar; geothermal; sustainable biomass; hydropower; nuclear; fossil fuels with complete carbon capture, utilization, and sequestration; and storage charged with CFE generation.

[4] By weight, as designed, portfolio average. More details can be found in our Environmental Data Fact Sheet.

The post Responsibly building the AI future appeared first on Microsoft On the Issues.

  •  

Making humanitarian protection visible in cyberspace: The promise of the Digital Emblem

In armed conflict, a simple symbol can save lives. The Red Cross, Red Crescent, and Red Crystal emblems signal that those providing medical care and humanitarian assistance must be protected. 

In cyberspace, there is not yet a widely adopted equivalent, even as hospitals, humanitarian organizations, and relief operations increasingly rely on digital systems to deliver care, coordinate assistance, protect sensitive data, and reach people in crisis. 

Today, the digital systems that support hospitals and humanitarian operations—including communications tools, logistics platforms, patient care systems, cloud services, and the data center infrastructure which underpins them—can be difficult to distinguish from surrounding digital infrastructure. In conflict, that raises the risk of misidentification, spillover, and cascading disruption from cyber operations. As cybersecurity operations become more automated and machine-driven, clear, trustworthy, machine-readable signals become even more important.

That is why Microsoft supports the International Committee of the Red Cross as it launches the next phase of the Digital Emblem initiative today in Geneva. The Digital Emblem is intended to provide a machine-readable way to help identify digital assets that support protected medical and humanitarian functions, so they can be recognized, verified, and avoided in conflict settings.

From principles to operational practice

The Digital Emblem does not create new legal protections, and it does not replace cybersecurity. Instead, it helps to make existing protections under international humanitarian law more actionable in cyberspace. 

For many years, governments, humanitarian actors, civil society, technical experts, and industry have worked to clarify how international law applies in cyberspace. These efforts have reinforced a core principle that civilians, medical services, and humanitarian operations must be respected and protected in armed conflict. But translating that principle into operational reality remains difficult when protected digital assets are not easily identifiable. 

The Digital Emblem can help bridge that gap. If implemented responsibly, a clearer, more consistent, and technically usable signal can support recognition, verification, and respect for protected medical and humanitarian functions in cyberspace. 

This next phase marks an important transition for the Digital Emblem: from concept development toward operationalization, testing, standards, and implementation. 

Over the past several years, the ICRC has worked with states, the Red Cross and Red Crescent Movement, technical experts, standards bodies, academia, and industry to explore whether the protective function of the physical emblems can be translated meaningfully into cyberspace. That work has helped move the Digital Emblem from an important idea to a project with growing legal, technical, and operational foundations. 

The work now is to test how the Digital Emblem can be deployed, discovered, authenticated, and verified in real-world conditions. It also means advancing standards work through bodies such as the Internet Engineering Task Force and the International Telecommunication Union, developing guidance for those who operate protected digital infrastructure, and engaging the actors who will need to recognize and respect the Digital Emblem in practice.

Building on Microsoft’s work to protect civilians in cyberspace

Across our cybersecurity work, we have consistently argued that protecting civilians and critical services in cyberspace requires more than statements of principle. It requires practical standards, technical implementation, trusted partnerships, and cooperation among governments, humanitarian actors, civil society, standards bodies, and industry. 

From our early calls for stronger norms of responsible state behavior in cyberspace, to the launch of the Cybersecurity Tech Accord, Microsoft has advocated for the application of international law and the protection of civilians online. 

Every day, Microsoft works alongside governments and partners to detect, disrupt, and defend against cyberattacks that target critical infrastructure, healthcare, and humanitarian operations. Together, we have seen the importance of real-time visibility, trusted signals, and coordinated defense across public and private actors. This work has underscored a central reality: as civilian and humanitarian services become more digitally dependent, cybersecurity is increasingly connected to humanitarian resilience. 

Microsoft will continue supporting the ICRC with a focus on how our technologies enable this model at scale. That includes exploring how technology can support both sides: enabling humanitarian and medical organizations to signal protected systems and helping defenders recognize and verify those signals in real-world operations.

The role of industry

The ICRC’s leadership is essential to the credibility and neutrality of this effort. But for the Digital Emblem to succeed, it must also work across the broader technology ecosystem, which includes the cloud services and data centers, telecommunications networks, cybersecurity tools, identity systems, and other digital infrastructure on which humanitarian and medical organizations increasingly rely.

Industry, therefore, has an important role to play in helping ensure the Digital Emblem is technically sound, interoperable, and aligned with how defenders operate in practice. That includes supporting standards development, helping test implementation models, and ensuring that any approach reflects both sides of the model: enabling eligible humanitarian and medical organizations to express the signal for relevant assets and helping defenders recognize and verify that signal in operational workflows. 

In today’s fragmented and low-trust geopolitical environment, shared technical standards can reduce ambiguity even where political agreement is difficult. That is why standards-based implementation can help make the Digital Emblem consistent, verifiable, and usable across networks, platforms, and borders.

From launch to implementation 

The launch in Geneva marks an important milestone, but the Digital Emblem’s promise will depend on what happens next. 

The work ahead should focus on clear and concrete outcomes: continued technical testing, progress in standards development bodies, practical implementation guidance, and broader engagement from states, humanitarian actors, technology companies, telecommunications providers, cybersecurity professionals, and operational defenders. 

The call to action is straightforward. Governments should support the Digital Emblem as a mechanism for making protected humanitarian and medical functions more identifiable in cyberspace and promote respect for it in policy and practice. Humanitarian and medical organizations should help test and shape implementation so it reflects operational reality. Standards bodies should continue building the technical foundations for trusted adoption. And technology companies should help translate the Digital Emblem into the tools, systems, and workflows defenders already use. 

Physical emblems made humanitarian protection visible on the battlefield. The Digital Emblem can help make protected humanitarian and medical functions visible, verifiable, and actionable in cyberspace. Turning that promise into practice will require sustained cooperation so that those who care for the wounded, the sick, and civilians can be more easily recognized, respected, and protected in the digital age. 

 

 

The post Making humanitarian protection visible in cyberspace: The promise of the Digital Emblem appeared first on Microsoft On the Issues.

  •  

New cohort of AI Economy Institute Fellows to examine frontier AI firms and the transformation of work

The AI Economy Institute (AIEI) is launching its third cohort of researchers, advancing our mission to understand the adoption of artificial intelligence across economies, industries, and communities. 

We launched the AI Economy Institute because AI’s economic impact is not predetermined. Though AI is being rapidly adopted, the evidence base for understanding its impact on work, jobs, education, productivity, and opportunity is still too thin. By increasing the scholarship around the AI economy and producing it in a timely and accessible way, we can help ensure that as AI transforms our world, we’re equipping people with the knowledge and tools they need to make decisions and succeed with AI.

Our 2026 AI Economy Institute Cohort

The AI Economy Institute convenes outside experts and researchers to share their perspectives and advance the body of knowledge on topics related to AI, work, and education. Our third global research call centered on understanding how frontier firms are reshaping work and the broader economic landscape.  

Representing a diverse group of institutions worldwide, our cohort brings together subject matter experts and researchers to explore how AI is reshaping the workforce, organizations, and the broader economy. The cohort consists of the following individuals, representing the following institutions:    

  • Brian Jabarian, Carnegie Mellon University 
  • Caspar David Peter, Erasmus University, Rotterdam, Netherlands 
  • Christoph Siemroth, University of Essex, England 
  • Daniel Yue, Georgia Institute of Technology 
  • Edoardo Maria Acabbi, University of Mannheim, Germany 
  • Frank Nagle, Massachusetts Institute of Technology (Advising Fellow and Cohort 2) 
  • Friederike Mengel, University of Essex, England; Erasmus University Rotterdam, Germany 
  • Gianmarco Ottaviano, Bocconi University, Italy 
  • Ilan Strauss, AI Disclosures Project 
  • Johannes Wachs, Corvinus University, Budapest, Hungary 
  • Luca Henkel, Erasmus University, Rotterdam, Netherlands 
  • Luca Mazzone, University of Montreal, Canada 
  • Laura Nurski, Centre for European Policy Studies (CEPS), Belgium (Cohort 2) 
  • Meeyoung (Mia) Cha, Korea Advanced Institute of Science and Technology (KAIST), South Korea 
  • Mustafa Afacan, Mohamed bin Zayed University of Artificial Intelligence (MBZUAI), United Arab Emirates; Sabancı University, Turkey (World Bank Affiliated Senior Fellow) 
  • Nataliya Wright, Columbia University 
  • Nuriye Melisa Bilgin, Koç University, Turkey 
  • Pëllumb Reshidi, Florida State University 
  • Pierre-Alexandre Balland, Centre for European Policy Studies (CEPS), Belgium (Advising Fellow and Cohort 2) 
  • Salman Khan, Mohamed bin Zayed University of Artificial Intelligence (MBZUAI), United Arab Emirates (World Bank Affiliated Senior Fellow) 
  • Serena Booth, Brown University 
  • Wesley Rosslyn-Smith, University of Pretoria, South Africa (Advising Fellow) 
  • Yingfei Wang, Foster School of Business, University of Washington 

Cohort members will analyze frontier firms to examine both upstream, firm-level transformations and downstream, economy-wide impacts. Researchers will also explore how AI changes job design, skill demands, productivity, and regional economic development.  

AIEI’s first two cohorts explored how AI is reshaping the talent pipeline, from higher education and skills to K-12, community colleges, and early-career pathways, so that we could understand and inform the early changes to the labor market. What we learned from that point of inquiry shifted the focus; this year’s cohort moves further into the economy itself, focusing on frontier firms and how leading organizations are adopting AI, redesigning work, and creating the conditions for productivity, diffusion, and human agency at scale.

Interpreting the frontier: What this means for policy and strategy 

Since its launch, the AI Economy Institute has fielded more than 800 responses to our calls for research proposals. The gap between what AI systems can do and what organizations can actually deploy will shape the pace of adoption. Gains in productivity may come alongside organizational shifts as firms adapt their workflows, teams, and decision-making processes.

At the same time, the expansion of automation raises a parallel question of whether systems are enhancing human learning or displacing it. Underlying all of this is a broader uncertainty about the extent to which AI will diffuse widely across economies or concentrate in a narrow set of firms and regions. 

Cohort 3 moves beyond identifying these tensions and toward generating the empirical evidence needed to navigate them, providing policymakers, firms, and institutions with a clearer basis for decision-making in a rapidly evolving AI economy. 

The post New cohort of AI Economy Institute Fellows to examine frontier AI firms and the transformation of work appeared first on Microsoft On the Issues.

  •  

Context on our country-by-country tax footprint

Today we’re publishing our first “Public Country-by-Country Report” for our fiscal year 2025, disclosing our taxes in the period from July 1, 2024, to June 30, 2025. It covers the countries and regions included under European Union rules and shows, for each one, our revenue, profit, number of employees, and income tax accrued and paid during the year.  
 
We have provided this kind of information directly to tax authorities for several years under the Organization for Economic Cooperation and Development (OECD) framework. It is now published to support transparency commitments, and we believe it is important to proactively address any questions these disclosures may raise, recognizing that numbers on a spreadsheet rarely tell the full story.
 
Microsoft pays the taxes we owe in every country where we operateWe know there are strong views about whether companies are paying enough, and we believe providing this context leads to a more informed conversation.

Understanding country-by-country reporting

Country-by-country reporting is not widely understood outside tax and accounting circles. Some figures may look surprising at first, but a number that appears low or high in one country does not, on its own, tell the full story. Tax law differs from country to country, and there are two important things to keep in mind when reading the report.  

First, the numbers are prepared using rules that differ from United States or country-specific financial accounting and tax rules, so they may not match other Microsoft information people have seen. For example, this report combines all Microsoft legal entities in a country and follows the reporting rules required by EU regulations. By contrast, local statutory accounts usually cover just one legal entity, follow local accounting rules, and may use a different fiscal year from Microsoft’s.  

Second, accrued tax is what you owe for the year. Tax paid is the amount actually paid during the year. The two can differ because the timing of owing tax and paying tax doesn’t match exactly. 

France is a good example of why a single line can look unusual without context. In FY25, cash tax paid in France reflects a one-time refund of tax overpaid in an earlier year. That makes this year an outlier. In this specific case, accrued tax may be a better reflection of the taxes borne for the fiscal year. Microsoft paid $374 million in tax in France over the prior three years. 

Variations like these are a normal part of how large companies, both domestic and multinational, are taxed across borders, and they reflect an evolving tax landscape as well as a business that continues to change. We comply with every local rule that applies to us, and as those rules change, our reporting will change with them. Microsoft is committed to a tax structure that reflects where our people work, where we invest, and where functions, assets, and risks occur, and this has been a guiding principle. 

How our investments support local economies

We understand that this discussion is not only about what the law requires or what a single tax line shows in a given year. For many people, it is also about a broader question of contribution: how companies support the countries where they do business. That contribution includes the taxes we pay, the capital we invest, the local jobs and infrastructure we support, and the economic activity created through customers and partners. In the S&P, Microsoft ranks second globally in corporate income taxes paid in the last year, with a total of $28.7 billion. In fiscal year 2025, we paid $6.3 billion in income tax in the EU. Importantly, this does not include payroll, VAT, property, and other taxes paid in addition. 

Taken together, our tax payments, capital investments, and partner ecosystem reflect a long-term commitment to the countries where we operate. We opened our first European office in the UK in 1982, followed by France and Germany in 1983, and then expanded into Denmark, Ireland (our largest hub in the region), Italy, Norway, Spain, and Sweden in 1985. Microsoft is now present in all 27 EU Member States and across the broader region. We have worked in these and many other communities for decades, and thousands of our employees call them home.  

From research and development to digital infrastructure and partnerships with local organizations, we are investing in ways that support these economies beyond our direct commercial activity. At our core, we are building tools that help large enterprises, small and medium-sized businesses, institutions, and individuals become more productive and competitive, which strengthens their business and benefits the people they serve. We only do well when our customers do well. In practice, that means helping customers design and manufacture cars better, helping patients get their next appointment sooner, or making it simpler for someone to find that dream job. 

Our investments in digital infrastructure are not only supporting the local digital economy, they are also contributing meaningfully through both taxation and capital expenditure. Across markets, we continue to invest at scale in datacenters and supporting infrastructure, creating value that extends well beyond the technology sector. In the three years to June 30, 2025, our total capital expenditure amounted to $176 billion, and we spent $89.2 billion on research and  development in the markets where we operate. 

Our customers require local industry- and country-specific expertise, and this is where our partner ecosystem plays an important role. Many of these partners are local businesses themselves. A 2024 IDC study on partner profitability showed that for every $1 of Microsoft revenue, partners that provide services generate $8.45, and partners that develop software generate $10.93. While this varies by country and partner segment, it offers another useful lens on how Microsoft’s business contributes to local economic activity. 

Investments in digital infrastructure are not only investments in technology ecosystems, but in national and local economies as well. They support jobs, strengthen supply chains, create opportunities for companies across many sectors, and help build the foundation for growth and economic competitiveness beyond the digital economy. 

That is the broader context for this report. Tax is one important measure of contribution, but it is not the only one. Our investments, partnerships, infrastructure, and long-term presence in countries around the world also reflect a commitment to helping strengthen the economies and communities where we operate, today and for the future.

 

The post Context on our country-by-country tax footprint appeared first on Microsoft On the Issues.

  •  

Protecting privacy as a fundamental right while supporting transatlantic data flows

At Microsoft, we are committed to our customers’ fundamental right to privacy. In a world defined by rapid technological change and geopolitical volatility, this commitment has remained constant. It’s rooted in decades of experience building trusted technologies that our customers rely on every day to manage their data. Many of these organizations depend on the ability to move data across the Atlantic, from the EU to the U.S., in a way that protects their privacy. That’s why we support the European Commission in its defense of the EU-U.S. Data Privacy Framework. And that’s why we have formally intervened in the Latombe v. Commission case before the Court of Justice of the European Union. This case puts at stake two principles that are important for Microsoft – the protection of our customers’ privacy and their ability to do business on both sides of the Atlantic.

To intervene in a case before the Court of Justice, a company must apply for permission. In this case, the Court granted our application, finding that Microsoft has a direct and existing interest in its result. Put simply, the outcome of this case will determine whether Microsoft and its enterprise customers may continue to use the EU-U.S. Data Privacy Framework to transfer data to participating U.S. companies, including vital customers and suppliers. This critical legal bridge promotes stability, beneficial trans-Atlantic ties, economic growth, and prosperity, while upholding strong privacy safeguards. The Latombe case seeks to dismantle it. As an intervener, we can now file legal briefs in support of the European Commission, participate in oral hearings, and share our perspective on the importance of upholding a framework that directly benefits the European economy.

Supporting the European Commission’s adequacy decision on the EU-U.S. Data Privacy Framework before the Court of Justice of the European Union

Companies across the globe rely on data flows to manage their people, produce their goods and services, and distribute products to their customers. We understand that data flows trigger questions about differences in legal traditions. They should. And for that reason, the European Commission and the U.S. administration worked diligently, in the decade since the Safe Harbour ruling, to harmonize EU and U.S. law. As a result of that hard work, and as required under the European General Data Protection Regulation (GDPR), the U.S. has now created an independent review court for any complaints regarding U.S. surveillance and implemented other required measures to provide an “adequate” level of data protection that is essentially equivalent to that in the EU.

This equivalence is a key point. The law entitles our customers to privacy on both sides of the Atlantic. This is the principle on which the Data Privacy Framework rests. And our intervention in the Latombe case is just one part of a long history in which we have stood up for that principle in Europe, as well as in the U.S. As far back as 2014, Microsoft challenged the FBI’s secret attempt to use its national security authorities to obtain information about an account that belonged to one of our enterprise customers. After we filed the case, the FBI withdrew its request. In 2016, we sued the U.S. government to challenge its practice of seeking indefinite secrecy orders—i.e., orders that prevented Microsoft from ever notifying its enterprise customers when the government sought their data. As a result of that case, the U.S. Department of Justice changed its policy to place strict limits on the duration of secrecy orders. In the decade since that first constitutional challenge, we’ve launched a series of successful court challenges to ensure that secrecy orders, of any duration, are the exception, not the rule. As a result of our litigation, numerous secrecy orders have been vacated or modified to allow notification to our customers.

We don’t confine our advocacy to courts. We are a steadfast proponent of strong privacy regulation on both sides of the Atlantic. That’s why we are specifically pushing Congress to update the U.S. Electronic Communications Privacy Act to place stricter limits on the use of secrecy orders and ensuring they are subject to meaningful judicial review. This legislative reform is gaining momentum in Congress and will greatly enhance our continued ability to protect our customers’ data.

Stable and trusted data transfers are not an end in themselves. They are a means to enable innovation, economic opportunity, and public services—while upholding the fundamental rights that are at the core of EU and U.S. law. Our intervention in the Latombe case reflects that principled balance and follows a long line of legal actions we have taken to protect our customers.

Looking ahead

At Microsoft, we have long recognized that trust is not a given—it is earned through sustained action, thoughtful design, and a willingness to engage openly with governments, customers, and individuals. Microsoft has consistently advocated for strong, clear, and globally interoperable privacy frameworks, recognizing that trust in technology depends on the strength of the rules that govern it.

Our customers in Europe can rely on us to continuously improve and update our privacy practices as technology and legal standards evolve. In 2018, we were the first major technology company to extend GDPR subject matter rights to all our customers around the world. And recent positive assessments of our privacy compliance by the European Data Protection Supervisor and the Hessian DPA in Germany underscore our continuous commitment to our customers’ fundamental right to privacy.

In support of this work, we’ve updated the Microsoft Privacy Statement to use clearer structure, simplified language, and more precise explanations of our data practices—making it easier to understand what data we collect and how it’s used, without changing our underlying privacy protections or commitments.

The future of technology will be shaped not only by what we build, but by the principles that guide us. By grounding innovation in respect for people and organizations, and strong legal protections, we can help ensure that technology continues to be a force for good.

The post Protecting privacy as a fundamental right while supporting transatlantic data flows appeared first on Microsoft On the Issues.

  •  

Scaling cybercrime disruption through innovation and AI

Microsoft is taking a new approach to fighting cybercrime, targeting the cyberattack supply chain, not just individual services. In a case unsealed today, we are simultaneously targeting two widely used cybercrime tools, Amadey and StealC, after AI-assisted analysis revealed they rely on the same infrastructure.

This action goes after the cybercrime “assembly line,” where coordinated tools drive ransomware, financial fraud, and disruptions to public services. Amadey and StealC are often used alongside each other: Amadey helps attackers gain access to devices, while StealC steals passwords and sensitive information. Together, they form a critical link in the chain. In the first two weeks of May alone, Amadey and StealC were linked to more than 140,000 infected computers globally, highlighting how widely they are used.

Working with Europol and industry partners, we targeted both tools at once. The goal: break the chain. Since the start of the operation, Microsoft has identified more than 18,000 victim computers, severed criminal control of those devices, and is working with telecommunications providers to help protect affected customers globally.

When multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from. The result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild.

It’s no longer enough to go after threats one by one. We need to interrupt how the attacks are put together. 

What’s different about this action   

Microsoft has long used civil legal action to disrupt cybercriminal infrastructure and pioneered the innovative use of existing laws, including the Racketeer Influenced and Corrupt Organizations Act (RICO), a US law designed to target organized crime.

What’s new is how we’re combining AI analysis with an expanded use of that law.

Amadey and StealC were developed by separate cybercriminals, but they relied on the same infrastructure. To understand how they worked, investigators used AI, including Copilot, to quickly analyze the malware, asking questions in plain English instead of manually combing through complex code. That helped surface key details, uncover hidden data, and test findings in a fraction of the time, turning what would have taken hours or days into minutes and enabling the team to spot connections faster.

Those insights allowed the legal team to treat both malware families as part of a single conspiracy. Instead of going after each tool separately, as we have done in the past, we used RICO to charge multiple complicit enablers involved across the operation. In total, Microsoft’s Digital Crimes Unit disrupted over 200 command-and-control servers—the systems criminals use to control infected devices, steal data, and keep attacks running.

By targeting tools together, we can disrupt the cybercrime chain more efficiently and more effectively, in a way that better reflects how these networks actually operate today.

Cybercrime now runs like an assembly line 

Cybercrime is no longer a series of isolated attacks—it’s a coordinated system.

Specialized tools handle each step: one gains access, another steals credentials, and others sell or exploit that access for fraud, ransomware, espionage, or other nefarious purposes. Different actors may be involved at each stage, but together they turn access into profit, quickly and at scale.

How cybercrime tools are built to be modular

That structure also creates a point of vulnerability. The people behind these cybercriminal tools may never interact directly, but their tools are designed to work together. If those connections can be identified, multiple stages of an attack can be disrupted at once.

How these attacks play out in the real world 

Most people will never hear the names Amadey or StealC, but they feel the effects. A hospital locked out of critical systems. A city unable to deliver essential services. A small business losing access to accounts overnight. A retiree who lost their life savings.

These attacks don’t happen all at once. They unfold step by step: attackers get in, passwords are stolen, access is reused or sold, and sometimes repurposed for more targeted operations. For example, Microsoft has observed Russian-affiliated actor Secret Blizzard leveraging Amadey infections to deploy custom malware against targets in Ukraine.

By targeting multiple points in that chain at once, we reduce the chance that a single compromise turns into widespread harm. Put simply: fewer attacks succeed and fewer people feel the impact when they do.

No one organization can do this alone 

Actions like this underscore a fundamental reality: we’re successful when we collaborate. No single organization, whether government or industry, has full visibility into how cyber threats operate across borders and sectors. What makes this effort effective is the combination of perspectives and data.

Microsoft had been tracking Amadey due to its impact on customers, working with cybersecurity partners ESET, BitSight, Lumen, and Mitsui Bussan Secure Directions (MBSD) to better understand how it operated. At the same time, Europol’s European Cybercrime Centre (EC3), together with European law enforcement partners including Germany’s Federal Criminal Police Office and the Dutch and Danish National Police, was investigating StealC as part of Operation Endgame, alongside IBM X-Force and Proofpoint.

Bringing those efforts together expanded our collective datasets and made it possible to identify the connections between the two tools and act on them quickly. That shared understanding enabled a coordinated response that went further than any single organization could achieve alone.

 

This shows why partnerships matter. Industry shares technical insight, government brings visibility, and we need trusted ways to exchange that information. Only by working from the same picture can we stay ahead of attackers, disrupting not just individual tools but also the systems that make cybercrime possible.

Creating sustained pressure on cybercrime  

This work doesn’t end with a single action. Cybercriminals adapt quickly, which is why we continue tracking how these operations evolve and working with partners to disrupt them.

Microsoft’s court-authorized disruption in this case is paired with ongoing efforts to track how cybercriminals rebuild, identify new infrastructure, and work with partners to disrupt the services they rely on to operate. It also includes incorporating the findings from this disruption into initiatives like Microsoft’s Statutory Automated Disruption program, which helps accelerate the removal of malicious domains and infrastructure.

The goal is not just to stop one operation but to slow the system itself—making attacks harder to launch, scale, and recover from. By combining AI-driven insight, legal action, and strong partnerships, we can continue to raise the cost of cybercrime and reduce its impact.

For more than a decade, Microsoft’s Digital Crimes Unit (DCU) has worked to disrupt cybercrime and nation-state threats, filing around 40 cases since 2008 and partnering with law enforcement to take down criminal networks. Learn more about the team’s efforts here.

 

The post Scaling cybercrime disruption through innovation and AI appeared first on Microsoft On the Issues.

  •  

AI, jobs, and the next generation

In 1838, the invention of the camera sparked predictions that photography would make artists obsolete. When the noted French painter Paul Delaroche first saw an early photograph on a metal plate, he declared that “From today, painting is dead!” As he reasoned, why would anyone pay an artist to slowly and laboriously paint a scene when a camera could do the job more accurately, more quickly, and at a lower cost? 

This question has echoed through technological shifts and has resurfaced with intensity in recent weeks, as university students graduated on campuses across the United States. Today’s topic obviously is not photography but the societal impact of artificial intelligence. And as graduates booed the mention of AI during commencement addresses, they have provided a powerful reminder of several important truths. To start, people will insist on having a say in deciding when and how AI is used. 

The student message to tech leaders  

The reactions of this year’s graduates are a powerful wake-up call for the tech sector. Hopefully, leaders across our industry will listen and seek to learn from this reaction. For the past half century, the youngest generation of people and workers has led the way in adopting new digital technologies. A new Microsoft study shows this trend is true with AI. Counties with large college towns and outsized populations between the ages of 18 and 24 have the highest rates of AI adoption in the United States. When people who use a new technology complain about it, we had better take notice. 

It’s perhaps no surprise that college campuses are among the best places to learn about these emerging views firsthand. Over Memorial Day weekend at Princeton University, I found no shortage of discussion and even examples of student action. Graduating seniors have long donned “beer jackets” for celebrations, each class selecting its own unique design. This past year, however, a brief controversy emerged until class officers, responding to a student petition, rejected a popular design because it had been created with the help of AI. In its place, graduates wore jackets labeled both “100 percent cotton” and “100 percent human.” 

The rejection of artificial fibers and artificial intelligence illustrates how human tastes shape market economics even as efficiency and productivity advance. Machines don’t buy products. People do.  

Students and graduates recognize AI’s benefits. But they want to keep AI in its proper place. They rightly believe in the indispensable role of human agency. They want the future to be determined by humans deciding the role of machines, not by machines deciding the role of humans. And they want these decisions to reflect input from a broad community, especially the next generation of the workforce, rather than just a narrow group of elites. 

Today’s graduates are sending another powerful message as well: the American Dream has always stood for even more than a better job and greater economic opportunity, although that has been at its core. The American Dream has been founded on the dignity of work and the critical role it plays in giving life purpose. Great countries are built on great economies and great jobs. To those in the tech sector who seemingly want to pursue a future where computers replace jobs and AI becomes more capable than people, the next generation of people has offered a compelling response: “not so fast.” 

The ambitions of people 

The good news is that human ambition is irrepressible. It has been almost 300 years since the start of the first industrial revolution, and technology has changed many times over. But there is more human creativity at work in the world today than ever before. 

A trip to an art museum shows this is true even for the impact of the camera on painting. The invention of the camera initially led to a decline in portrait painting. But even that made a comeback. More remarkable was the way accurate photos spurred new forms of artistic expression. By the 1870s, photography’s “artificial eye” led a new generation of artists to portray emotion rather than detail. Impressionist artists captured the effects of light, color, and atmosphere in ways that a camera shutter could not. New artistic movements followed – Post-Impressionism, Fauvism, Cubism, and Surrealism – and continue today, expanding what it means to be an artist. As it turns out, few things are as resilient as human creativity. 

In 1986, I insisted on having a computer on my desk before I accepted a job at a leading law firm in Washington, D.C. For most of the past 40 years, I’ve been part of the tech sector – first as an outside lawyer, then a Microsoft attorney, and since 2001, in the company’s leadership ranks. I’ve long been an informal “liberal arts representative” among a group of extraordinary computer scientists and engineers.  

As I’ve followed technologists across our industry, I’ve often marveled at their vision, intellectual dexterity, and engineering prowess. But I’ve also seen many insightful individuals across the industry repeat two mistakes. First, they frequently overestimate the arrival of new technology, especially the pace of its impact. And even more importantly, they underestimate the capabilities of people. 

Human capability is neither fixed nor finite. Each discovery creates a stronger foundation that enables people to stand taller and reach higher. People have been proving this for millennia. There came a day when people discovered that a horse could run faster than a human. People learned how to ride horses.  

Real causes for concern 

None of this is meant to dismiss the anxiety of today’s graduates. They’re right to raise concerns and ask hard questions, including about AI and its impact on their future. They face multiple headwinds as they enter the job market. This includes AI automation of tasks in current entry-level positions and, especially in the tech sector, corporate pressure to reduce headcount to help pay for AI’s enormous capital expenditures. It also involves other factors, including geopolitical uncertainty, trade tensions, and correction from over-hiring in the early years of the decade. Like a perfect storm, the wind is blowing from multiple directions. 

Today’s graduates have been through a lot. They spent much of their high school years living through a pandemic while studying and socializing at home through a screen. They are digital natives, with all the good and bad that social media, ubiquitous mobile devices, and other technologies have created. Now AI is coming, and they worry that jobs will start to disappear.  

So, what should the next generation – and all the rest of us – do about AI? 

AI in context 

First, we should put AI in context. No one has a crystal ball for the future, but we all can learn from the past. AI is the latest in a list of technologies that will reshape the economy and society. It has become the next “General Purpose Technology,” a term economists apply to technologies that, like electricity, are applied across the economy. Some of these technologies, including ironworking, machine tools, and digital computing, have profoundly reshaped not just job categories but economic power among nations. AI likely will be one of the most important general purpose technologies of the next quarter century. And like previous general purpose technologies, AI will displace some jobs, even as it creates others and changes many of the ways we currently work. 

But it takes time for technology to diffuse across an economy and around the world. There are some who look at the power of AI and predict its massive diffusion in just a few years. It’s always possible that this time will be different, but the world has never previously seen technology diffusion at that pace. The reason is not grounded in technology. It’s people. As Professors Arvind Narayanan and Sayash Kapoor have written, “diffusion is limited by the speed of human, organizational, and institutional change.”  

Put in historical context, broad AI transformation over the next quarter century would itself be remarkable. That pace of change appears to be reflected in Microsoft’s own recent data. Our most recent AI Diffusion Report estimates that 17.8 percent of the world’s working age population currently uses generative AI. The rate in the United States is higher than the global average, but still only at 31.3 percent. And as Professor Narayanan has shown, the impact of new technology across a high percentage of work typically lags well behind this type of initial usage rate.  

As the legendary UCLA basketball coach John Wooden, who led his teams to 10 national championships, advised his players two generations ago, we should “be quick, but don’t hurry.” In other words, we should act quickly and decisively and with preparation and purpose. But we need not – and should not – rush in a way that creates mistakes or panic.  

The key is to think things through. One good way to start is to consider some of the insights that have emerged already. For each of us as individuals. For companies and organizations. And for society.  

The implications for individuals 

In the three-and-a-half years since the release of ChatGPT, one initial insight is profound yet unsurprising. AI often is at its best when we use it to strengthen existing human capabilities and endeavors. In short, people can use AI to make themselves better.  

I see this every day in the work of Microsoft’s AI for Good Lab, which works with non-profits and governments around the world. Firefighters in California are using AI to help spot wildfires more quickly. Legal professionals in Africa are using it to help provide advice to women who don’t have access to a lawyer. Teams in Ukraine are using AI to help identify and remove landmines that threaten civilians. And conservationists around the world are using it to help farmers develop more productive and sustainable agricultural practices. 

There is a clear pattern in these examples. People are acting with ambition. They are using AI not to replace their subject matter expertise but to give it more impact. They are taking their knowledge, passion, and sense of purpose and using AI to help solve problems they care about.  

My colleagues Ryan Roslansky and Aneesh Raman have been focusing on these issues in recent years, based on their longstanding work at LinkedIn. They recently published an important book on the topic, Open to Work: How to Get Ahead in the Age of AI. In my view, it’s the first book that combines a view on where AI is going with practical advice for individuals.  

The more I’ve thought about it, two of their themes are particularly important. The first is for each of us in the workforce today to think about our job not as a title but a bundle of tasks. Their advice is to write down a list of your tasks and put them into three buckets: the bucket of tasks that AI can do; the bucket of tasks that you can do with AI; and the bucket of tasks that humans must do by themselves.  

If almost everything is in the first bucket, then one should think about pursuing a different type of job. But for most people, most tasks fall into the second bucket. In other words, if I can get AI to do the tasks in the first bucket, then I can focus my attention on the second and third buckets and consider how to use AI as a tool to help become more productive and impactful.  

There’s a second insight in the book that is even more important. In an Age of AI, there are perhaps even more opportunities to distinguish ourselves based on the soft skills that are uniquely human. Ryan and Aneesh point to five, all of which start with the letter C – curiosity, creativity, compassion, communications, and courage. Even when AI automates multiple tasks, people must continue to oversee its work. This creates the need for additional human observation and insight. In short, human judgment remains essential. 

All this speaks to one of the questions I hear repeatedly from students and their parents. What should people study to prepare for the future? Call me old fashioned, but I believe people should continue to pursue their passions. Develop expertise in an important field that fascinates you. Keep working hard to master it. At the same time, develop AI fluency so you can use AI to help apply your expertise better than has ever been possible before. This doesn’t mean the future will be easy. It seldom is. But it’s a recipe that will continue to prepare you for success. 

The impact on companies and organizations 

These insights apply as much to organizations as to individuals. After all, employers must thrive for employees to thrive. And successful businesses, like successful individuals, rely on distinctive and often deep expertise – about products, business processes, operating rhythms, and a deep understanding of customers. AI should not replace this foundation; it should strengthen and extend it. 

This can build on where AI technology is going. Organizations can now move beyond chat-based assistants to a network with AI agents that can help employees reason, make decisions, and run workflows across their data and systems.  

Organizations can implement their own AI systems that harness the power of multiple AI models and access their own unique enterprise knowledge. They can strengthen the effectiveness of these systems through AI tools that provide evaluations (“evals”) of a system’s performance and constantly make incremental improvements to it. Like climbing up a hill, each organization can manage an AI system that moves towards better outcomes and higher performance over time. Instead of solely consuming a frontier AI model, organizations can build their own “hill climbing machine” and participate more fully on their own terms in the AI ecosystem. 

By taking this approach, organizations can use AI to accelerate learning rather than replace it. Leaders can use AI to add capabilities inside their organizations, ensuring that their human expertise and judgment remain key competitive differentiators.  

This points to an age-old necessity. Business leaders and individual entrepreneurs must harness the latest technology while protecting their expertise and intellectual property, including through patents, copyrights, and trade secrets. AI adds a new dimension here. The benefits of AI for a business will be short-lived if it transfers and trains someone else’s AI model using a firm’s unique knowledge and expertise. This helps explain why each company needs to develop its own internal AI capabilities and control its own data.  

This is emerging as a critical issue not only for organizations but for today’s graduates, our economies, and even nations. The best way to promote broad economic and job growth is to ensure that every economic sector can harness the power of AI without surrendering its unique expertise. Sovereignty must be preserved not only for countries but for companies. And privacy must be protected not only for individuals but for organizations.  

A broader public conversation 

For individuals and organizations alike, the key is to harness AI’s benefits while preserving timeless human values and economic needs. Given the magnitude of the AI transformation, we’ll need innovative and collaborative efforts that bring the public and private sectors together to help prepare people for success in the Age of AI. This should start with a sobering recognition. The technological, economic, and societal transformations of the past three decades have left too many people behind. We’ll need to try different approaches, built on more shared responsibilities, if we’re going to do better as we move forward.  

Even in a time of fractured public discourse, it will be critical to find more ways to bring more people together to develop common solutions. This requires a big tent with a breadth of perspectives. We need to make room not only for technology companies, employers, and governments, but for non-profits, students, the world’s religions, labor leaders, and workers themselves. As Liz Shuler, the President of the AFL-CIO, said recently, “Who knows best how workplaces function and how work gets done than people who work for a living?” 

Our role at Microsoft 

As a company, we’re committed to playing an active part and constructive role in addressing these issues. We bring not only new technologies and ways of working, but perspective born of experience. For more than 50 years, Microsoft has helped workers and organizations adapt to technological changes, whether in offices, labs, classrooms, or factories. Our mission has been to build products to empower people and organizations to achieve more. And then help them put those tools to work.  

Our experience gives us determination and even a dose of optimism. We remember when people worried that word processing would lead to the end of jobs for people who typed for a living. But what came next – knowledge work and entirely new industries to support the computer age – transformed what “work” was. When spreadsheets automated calculations, people didn’t do less math. They built more sophisticated financial models. When emails made communication instant, people didn’t write less. They communicated more frequently and with more people. When technology increases supply, human ambition often generates more demand. As humans, we don’t plateau. We expand. 

This isn’t just philosophical. It’s our business model. Workers have been Microsoft’s lifeblood from the start. If the world’s people don’t have jobs, then neither do we. And if we’re not doing our part to help people use technology to pursue better jobs, then we’re not doing the job we were born to do. 

Heeding the next generation’s call 

This context shapes our reaction to recent commencement ceremonies. Graduating students who grimace or even boo at references to AI are telling us what we need to hear, that it’s time once again to raise the bar. That has been a frequent refrain from students for decades. The key is always to channel uncertainty into purposeful steps that build a better future. Across the tech sector and in business, non-profits, and government, we can do precisely that. 

I would add a second message for today’s graduates: you’re in a unique position to have a positive impact. You’ve lived through significant challenges. While it may feel unfair that the job market is so uncertain, you were made for this moment. Technology is second nature to your generation. Constant change has taught you how to adapt quickly. As AI reshapes how we work, you don’t need to unlearn decades of habits the way some of us do. You are better equipped to move forward.   

Technology will change, but you can stand firmly and speak loudly for values that are timeless. Agency. Ambition. Dignity. All fulfilled through work and technology that gives us purpose.  

Do everything you can to help advance these values.  

The post AI, jobs, and the next generation appeared first on Microsoft On the Issues.

  •  

Identity Is the New Attack Surface: How Infostealers Are Reshaping Enterprise Risk

Blogs

Blog

Identity Is the New Attack Surface: How Infostealers Are Reshaping Enterprise Risk

Our new guide explores how infostealers are fueling modern identity-based attacks and how organizations can build a proactive defense before stolen access is weaponized.

SHARE THIS:
Default Author Image
June 10, 2026

The New Reality of Identity-Based Threats

A publicly exposed database surfaced in early 2026 containing more than 149 million stolen login credentials. The records were not tied to a single breach or organization. Instead, they had been quietly collected over time from devices infected with information-stealing malware, with each record containing usernames, passwords, session data, and the context needed to use them.

Unlike traditional breach dumps, this data was structured, searchable, and immediately actionable. Credentials were mapped to specific services, session artifacts reflected active logins, and much of the information was recent enough to enable direct access without triggering traditional security controls.

This incident reflects a broader shift in the threat landscape.

More than 11.1 million devices were infected with infostealers last year, fueling a supply of over 3.3 billion stolen credentials, session cookies, cloud tokens, and other forms of identity data now circulating across illicit markets.

11.1 million infected hosts and devices
3.3 billion stolen credentials
Top 5 most prolific infostealers in 2025 (by infected hosts or devices):
Lumma
Acreed
Rhadamanthys
Vidar
StealC
Top 6 countries affected by information-stealing malware, 2025:
India
Brazil
Indonesia
Vietnam
Phillipines
United States

For security teams, the challenge is no longer simply detecting a breach after it occurs. It is understanding when access may already exist — where compromised credentials are circulating, how they are being used, and how quickly they can be weaponized.

That’s why Flashpoint created Identity Is the New Attack Surface: A Guide to Infostealers and Proactive Defense.

Drawing on Flashpoint’s Primary Source Collection (PSC) and analyst-driven intelligence, this guide helps IT, Threat Intelligence, Fraud, and HUNT teams understand how infostealers operate, how stolen identity data fuels real-world attacks, and how organizations can move from reactive response to proactive defense.

The guide explores:

  • How today’s most active infostealers power modern attack chains
  • How threat actors weaponize stolen credentials, cookies, and session data
  • How organizations can operationalize infostealer intelligence for proactive defense
  • How to evaluate infostealer intelligence providers and detection capabilities

Why Identity Has Become the Preferred Attack Surface

For years, security teams focused on vulnerabilities, malware delivery, and network intrusion as the primary paths to compromise. Increasingly, however, threat actors are taking a different

Modern infostealers such as Lumma, StealC, Vidar, Acreed, and Rhadamanthys provide attackers with something more valuable than initial access: usable identity. These malware families collect credentials, browser artifacts, session cookies, application data, and host metadata that help threat actors understand how a victim authenticates and what systems they can access.

A single infected device can expose credentials, browser artifacts, session cookies, application data, host metadata, and access to enterprise SaaS platforms. Together, these artifacts create a detailed profile of how a user authenticates, what systems they access, and how those systems trust that identity.

This is what makes infostealer data so valuable.

For years, organizations have invested heavily in detecting malware, blocking exploits, and hardening infrastructure. Meanwhile, attackers have increasingly shifted to a simpler strategy: logging in with valid identities.

Infostealers have fundamentally changed the economics of access. Threat actors no longer need to compromise a network directly when billions of credentials, session cookies, and authentication artifacts are already circulating in underground ecosystems. The challenge for defenders has risen from preventing compromise to identifying where access already exists and how quickly it can be weaponized.

Ian Gray, Vice President of Intelligence at Flashpoint

Identity data is inherently reusable. A stolen credential can be tested across multiple services. A session cookie can potentially allow attackers to hijack authenticated sessions. Browser and host metadata can help threat actors recreate a victim’s environment and bypass security controls designed to detect suspicious logins.

What begins as a single infection can quickly evolve into access across multiple systems, applications, and organizations.

What Is an Identity-Based Attack?

Identity-based attacks occur when threat actors use legitimate credentials, session cookies, authentication tokens, or other identity artifacts to gain access to systems and applications. Rather than exploiting a vulnerability or deploying malware inside a target environment, attackers authenticate as trusted users using stolen identity data.

This shift is one of the primary reasons infostealers have become so valuable. Modern infostealer logs often contain far more than usernames and passwords. They may also include browser cookies, session information, host metadata, application data, and other artifacts that help attackers understand how a user authenticates and what systems they can access. When combined, this information enables account takeover, fraud, lateral movement, and other forms of identity-based abuse.

From Credential Theft to Identity Exploitation

The way threat actors operationalize stolen data is evolving just as rapidly as the data itself.

Historically, attackers often had to manually review stolen credentials and determine which accounts were worth pursuing. Today, that process is increasingly automated.

Infostealer logs can be aggregated, tested, and prioritized at scale, allowing threat actors to rapidly identify valid access across enterprise systems, SaaS platforms, VPNs, and cloud environments.

Flashpoint identifies this as a hybrid threat: the convergence of large-scale identity compromise and automated exploitation.

Once valid access is identified, attackers can move quickly. Credentials may be reused across services. Session data can be leveraged for account takeover. Access can be sold to ransomware operators, fraud actors, or other criminal groups. In many cases, exposure itself becomes part of the attack lifecycle rather than merely a precursor to it.

The result is a threat landscape where stolen identity data is not simply stored and sold. It is continuously tested, validated, reused, and operationalized.

Turning Exposure Into Actionable Intelligence

For defenders, prevention remains important. But prevention alone is no longer enough.

Organizations must also be able to identify when credentials, session cookies, and other identity artifacts have already been exposed and are circulating within underground ecosystems.

The earliest opportunity to intervene is often after data has been exfiltrated but before attackers have successfully operationalized it.

Achieving that visibility requires more than traditional breach feeds or aggregated datasets.

Flashpoint’s Primary Source Collection approach provides direct visibility into the forums, marketplaces, Telegram channels, malware repositories, and illicit communities where infostealer activity originates. Rather than relying solely on recycled breach data, Flashpoint continuously collects from the environments where stolen identity data is first shared, sold, and operationalized.

However, collection alone is not enough.

Raw infostealer logs are noisy, fragmented, and difficult to operationalize at scale. Flashpoint transforms these logs into structured intelligence through a multi-stage workflow that includes:

  • Source ingestion from underground ecosystems
  • Normalization and de-duplication of collected data
  • Automated parsing and enrichment of credentials, cookies, host metadata, and malware attribution
  • Structured output that supports alerts, investigations, and integrations across existing security workflows

This process helps defenders understand not only what was exposed, but who may be affected, how exposure occurred, what systems may be at risk, and how quickly action is required.

Building a Proactive Defense Across the Identity Layer

The rise of infostealers has fundamentally changed how organizations should think about attack surface management.

The attack surface is no longer limited to infrastructure, endpoints, or internet-facing applications. It now includes the digital identities of employees, partners, vendors, and customers.

Security teams need visibility into the identity layer itself — understanding where exposure exists, how attackers are leveraging stolen data, and what actions should be taken before access is exploited.

By combining direct visibility into underground ecosystems with structured, actionable intelligence, organizations can identify compromised accounts earlier, uncover infection trends, prioritize response efforts, and reduce the likelihood of downstream compromise.

Download Identity Is the New Attack Surface: A Guide to Infostealers and Proactive Defense to learn how your organization can build a proactive defense program across the identity layer.

Key Infostealer Statistics

According to Flashpoint research:

  • More than 11.1 million devices were infected with infostealers in the last year.
  • Over 3.3 billion credentials, session cookies, cloud tokens, and identity artifacts are circulating across illicit markets.
  • Flashpoint analysts identified 30+ active infostealer strains being sold across underground ecosystems.
  • Flashpoint’s credential database contains 48+ billion credentials, including more than 1 billion tied to infostealer activity.
  • More than 4.2% of infostealer-exposed credentials include browser cookies that may support session hijacking.
  • Flashpoint can collect and parse some infostealer logs within one to two days of infection.

Frequently Asked Questions (FAQ)

FAQ: Infostealers and Identity-Based Threats

What is an infostealer?

An infostealer is a type of malware designed to collect sensitive information from an infected device. Depending on the strain, this can include usernames and passwords, browser cookies, session tokens, saved payment information, cryptocurrency wallets, system metadata, and other identity-related artifacts.

How do infostealers work?

Infostealers infect a victim’s device and collect information such as credentials, browser data, session cookies, autofill information, cryptocurrency wallet data, and system metadata. The stolen information is packaged into files known as infostealer logs, which can then be sold, shared, or operationalized by threat actors.

What information can infostealers steal?

Depending on the malware family, infostealers can collect usernames and passwords, session cookies, authentication tokens, browser history, saved payment information, cryptocurrency wallet data, system information, installed applications, and other identity-related artifacts. The goal is to provide attackers with enough information to access accounts and impersonate legitimate users.

What are the most common infostealers?

The infostealer ecosystem changes rapidly, but Flashpoint analysts currently track strains such as Lumma (also known as LummaC2/Remus), StealC, Vidar, Acreed, and Rhadamanthys among the most prominent malware families driving credential theft and identity-based attacks.

Why are infostealers so dangerous?

Infostealers provide attackers with more than credentials. Modern infostealer logs often contain the context needed to use stolen data, including session information, browser artifacts, and device metadata. This allows threat actors to perform account takeovers, move laterally within environments, and gain access to business-critical systems. According to Flashpoint’s 2026 Global Threat Intelligence Report, more than 11.1 million devices were infected with infostealers last year, contributing to a pool of over 3.3 billion stolen credentials, session cookies, cloud tokens, and other identity artifacts.

What is an infostealer log?

An infostealer log is a package of data collected from an infected device. Logs may contain credentials, cookies, browser data, application information, host metadata, and other artifacts that help attackers understand how a victim authenticates and what systems they can access.

Can infostealers bypass multi-factor authentication (MFA)?

In some cases, yes. While multifactor authentication remains a critical security control, stolen session cookies and authenticated session data can sometimes allow threat actors to hijack existing sessions without needing to complete the MFA process themselves. Flashpoint found that more than 4.2% of infostealer-exposed credentials in its dataset were associated with browser cookies, highlighting the growing importance of session-based risk.

How do threat actors obtain infostealer logs?

Infostealer logs are frequently bought and sold across illicit marketplaces, forums, Telegram channels, and other underground communities. Many are distributed through Malware-as-a-Service (MaaS) offerings that make infostealer capabilities accessible to a wide range of threat actors. Flashpoint analysts identified more than 30 unique infostealer strains actively offered for sale across underground ecosystems.

How can organizations detect credential exposure from infostealers?

Organizations can monitor underground sources where stolen data is shared and sold, identify exposed credentials associated with their domains, and investigate related artifacts such as cookies, host metadata, and malware attribution. The earlier exposure is identified, the greater the opportunity to remediate before attackers operationalize access. Flashpoint collects and parses some infostealer logs within one to two days of infection, helping organizations detect exposure closer to the point of compromise.

What should organizations do if employee credentials appear in an infostealer log?

Organizations should immediately assess the scope of exposure, reset affected credentials, invalidate active sessions, review authentication activity, investigate the infected device, and determine whether additional accounts or systems may have been impacted.

How is Flashpoint’s approach to infostealer intelligence different from traditional breach monitoring?

Many organizations rely on aggregated breach feeds or credential dumps that may be weeks or months old by the time they are discovered. Flashpoint’s Primary Source Collection (PSC) approach provides direct visibility into the forums, marketplaces, Telegram channels, and underground communities where stolen identity data is first shared, sold, and operationalized.

In addition to collecting raw infostealer logs, Flashpoint parses and enriches the data with context such as malware attribution, session cookies, host metadata, browser artifacts, and affected identities. Today, Flashpoint’s credential database contains more than 48 billion credentials, including over 1 billion tied to infostealer activity, providing organizations with actionable intelligence rather than raw exposure data.

Request a demo today.

The post Identity Is the New Attack Surface: How Infostealers Are Reshaping Enterprise Risk appeared first on Flashpoint.

  •  

Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure

Blogs

Blog

Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure

As part of our ongoing series, we focus on the shared infrastructure that fuels threat actors; the intersection of mainstream social media, open-source messaging platforms, and gaming communities.

SHARE THIS:

Threat actors and their illicit communities do not exist in a vacuum. To scale their operations, coordinate financial fraud, deploy malware, and recruit new talent, threat actors must interface with the broader digital world. This means leveraging everyday, public digital spaces to facilitate illicit activity, effectively hiding in plain sight.

The Clearnet Threat Landscape: Hiding in Plain Sight

When conceptualizing the cybercriminal underground, it is easy to focus exclusively on Tor-based onion sites or restricted-access dark web forums and marketplaces. However, a massive portion of modern illicit activity thrives on the clearnet. Threat actors heavily utilize commercial social media and public messaging networks to coordinate fraud, deploy malware, and run public relations campaigns for their operations.

At first glance, conducting illicit operations on highly monitored, mainstream platforms seems counterintuitive. However, the massive, continuous volume of legitimate traffic on the clearnet provides a form of operational security. By blending into the noise, threat actors can maintain a highly accessible digital presence. This visibility is crucial for their business models: it allows them to maintain a low barrier to entry for potential recruits and targets who know exactly what markers to look for, or who are systematically funneled into these spaces.

How Threat Actors Weaponize Consumer Platforms

The misuse of mainstream communication tools has changed how threat actors interact. Rather than waiting for users to seek out the dark web, cybercriminals are actively meeting their targets or co-conspirators on platforms designed for daily socialization.

Discord

Originally built to connect gaming communities, Discord’s rapid growth and robust infrastructure have inadvertently made it a target for malicious activity. Cybercriminals treat the platform as a multi-functional tool for both technical infrastructure, social engineering, and radicalization.

On a technical level, advanced persistent threats (APTs) and other threat actors exploit Discord’s content delivery network (CDN) to host and distribute malware. Because traffic to Discord domains is generally trusted by corporate networks, threat actors can potentially use it to deliver payloads—such as infostealers and remote access trojans (RATs)—bypassing standard security perimeters.

Beyond hosting malware, extremist groups across various ideological spectrums often target the platform’s demographic, which skews heavily towards younger tech-savvy users. This group provides an impressionable pool of adolescents who may be susceptible to grooming, indoctrination, and recruitment into illicit operations.

Case Study: The Targeting and Recruitment Mechanics of “The Com”

While monitoring The Com, Flashpoint analysts have observed the systematic use of platforms like Discord, Roblox, and Minecraft to run predatory extortion pipelines. The mechanics of this ecosystem takes place through a multi-phase methodology:

  1. Platform Scouting: Recruiters patrol servers on popular youth-centric gaming platforms, such as Discord, Roblox, and Minecraft. They look for minors showing signs of social isolation, depression, disordered eating, or a desire to belong.
  2. Building Trust and “Love Bombing”: Initial engagements are seemingly harmless. However, trust is built quickly to establish a sense of indebtedness. Recruiters offer gifts such as in-game perks/currency, premium subscriptions, or other digital items. In some cases, a romantic facade is used to establish a connection. In either scenario, “love bombing” creates an immediate feeling of psychological obligation in the target.
  3. Platform Migration: Once rapport is established, the recruiter moves the target away from the game and into an encrypted app or private Discord server, following a public-to-private strategy. By moving the interaction away from the original platform’s safety controls, the recruiter can isolate the target in a more controlled environment.

Once isolated, perpetrators coerce victims into sending sensitive imagery or CSAM. This material is immediately compiled and weaponized as leverage for blackmail via doxxing. This creates a severe psychological trap in which the victim feels compelled to partake in escalating illegal activity to keep their previous actions hidden. This drives the victim to transition from a victim into an aggressor to escape their own abuse.

Telegram

While many social media and messaging platforms can serve as an initial funnel for engagement, Telegram has been known to be used from time to time as an operational hub for the broader illicit ecosystem. Since the arrest of Pavel Durov, Telegram has begun working more closely with law enforcement, leading to several key arrests and major disruptions due to their cooperation. 

The platform occupies a unique space in threat intelligence and open source intelligence (OSINT). While the vast majority of its user base is entirely benign, its minimal moderation policy and robust channel architecture have made it vital to public and private intelligence gathering.

Telegram functions as an open marketplace and real-time coordination center for a vast spectrum of threat actors. Flashpoint has observed it being used by:

  1. State-sponsored APT groups and hacktivists
  2. Geopolitical actors and mercenary groups distributing battlefield intelligence and propaganda
  3. Cybercriminal syndicates coordinating financial fraud schemes, check fraud, and the sale of compromised data.

Furthermore, threat actors routinely use other public-facing platforms like X (formerly Twitter) alongside Telegram to amplify their impact. They leverage the broad reach of social media to broadcast proof of their compromises, hype up ransomware leaks, and exert public pressure on corporate victims during extortion cycles. Concurrently, Telegram often acts as the backend repository where the stolen data is hosted, discussed, and monetized.

Monitor the Clearnet Using Flashpoint

The evolution of illicit ecosystems demonstrates that the lines between the dark web and the clearnet have intersected. Whether analyzing the activities of extremist and threat actor groups or tracking the predatory pipelines of The Com, defenders must look beyond traditional intelligence sources.

Because malicious actors rely heavily on consumer messaging apps and social platforms to coordinate attacks, leak data, and target people, monitoring these public-to-private pipelines is an essential component of threat intelligence. Uncovering these physical and cyber threats requires best-in-class threat intelligence and OSINT investigations capable of parsing the massive noise of the clearnet to find the signals of illicit coordination.

Request a demo to see how Flashpoint empowers security teams to monitor these decentralized threat landscapes to proactively protect their critical assets.

Check out the rest of our “Understanding Illicit Ecosystems” series:
Understanding Illicit Ecosystems: The Hybrid Threat of “The Com”
Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground

See Flashpoint in Action

The post Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure appeared first on Flashpoint.

  •  

Strengthening biosecurity in the era of AI

Artificial intelligence is accelerating discovery across the life sciences. From drug development to materials science, AI is helping researchers move faster and solve problems once thought intractable. This convergence of AI and biology holds extraordinary promise for human health, economic growth, and scientific leadership.

At the same time, advances in AI technologies are introducing new risks, like re-engineered toxins and pathogens. As these tools become more capable and widely accessible, they can lower barriers not only to scientific discovery, but also to accidental harm and deliberate misuse. For example, recent research has shown that specialized AI tools for protein design can be used to re-engineer toxins in ways that may preserve harmful function while evading some existing synthesis safeguards. That work revealed vulnerabilities in screening systems designed for an earlier technological era—and also showed that those systems can be strengthened through coordinated action across industry, government, and the scientific community. 

Rising biosecurity concerns are not a reason to slow innovation, but they are a reason to strengthen our defenses. History shows that powerful general-purpose technologies become more accessible—as with advances in networking and computing—effective governance depends on developing technical and policy safeguards early, before misuse outpaces controls and oversight. The convergence of AI and biology presents a similar challenge: we must preserve the openness that fuels discovery while modernizing protections for a new era of capability.   

This blog examines how advances across the AI-biology ecosystem are reshaping both opportunity and riskIt explains why nucleic acid synthesis screening has emerged as a critical control point, and how governmentindustry, and the scientific community can work together to strengthen biosecurity without slowing innovation. 

AI and biotechnology at the frontier  

To better understand the trajectory of AI capabilities in the biosciences—and the associated policy and risk landscape—it is useful to distinguish among four related types of advances. Each matter on its own, but effective policy will need to account for how these advances increasingly interact and reinforce one another.    

  1. Generalist models.  Advances in general-purpose AI models, such as ChatGPT, Gemini, Claude, and others, are expanding the range and sophistication of what these systems can understand, reason through, plan, and generate across domains. As they become more powerful, they raise baseline capabilities and lower barriers to sophisticated technical work. 
  2. Specialized biological design tools.  Computer scientists and biologists continue to develop specialist AI code bases aimed at performing computation in support of increasingly sophisticated biological tasks.  These tools, typically open-sourced and shared widely, include programs that compute protein structure from amino acid sequences and design proteins with specific structures and properties .   
  3. Laboratory automation. Advances in computer vision, robotics, and experimental workflows are bringing new efficiencies to laboratory work. Over time, these systems may allow researchers to generate, test, and refine biological designs at greater scale and speed.   
  4. Agentic systems.  Agentic programming environments and runtimes (including increasingly powerful AI-based engineering tools, e.g., Claude code) are making it easier to combine generalist AI models, specialist libraries, and laboratory workflows into coordinated pipelines.  This may allow less experienced actors to move more readily from computational design to real-world synthesis, including through nucleic acid synthesis services or automated laboratory systems.   

While each category can be analyzed separately, the most consequential developments arise from how these capabilities increasingly interact. Improvements in generalist models can make specialized biological tools easier to use; those tools make it easier to engineer biology; automated laboratories provide non-experts with access to sophisticated laboratory workflows; and agentic programming tools can connect these elements into integrated design, analysis, and synthesis workflows. Together, these advances are forming a converging “capability stack”—one that can accelerate innovation but lead to a more complex policy and risk landscape.

Why nucleic acid synthesis screening matters

These developments make clear that effective governance must focus not only on frontier models but also  expand to consider multiple practical control points.

One of the most effective near‑term defenses against biological misuse is nucleic acid synthesis screening. Synthetic DNA providers sit at a critical checkpoint in the biotechnology ecosystem. They are often the place where theoretical biological designs are translated into physical reality. Screening DNA orders and verifying customers helps ensure that powerful tools are used for legitimate purposes and not diverted toward harm.

Today, however, most DNA synthesis screening remains voluntary and unevenly applied. Standards vary across providers, and there is no universal requirement that all orders be screened to the same level. As AI‑enabled design tools grow more powerful, these gaps become more consequential.

Strengthening nucleic acid synthesis screening is a pragmatic and targeted response. It does not regulate ideas or restrict legitimate research. Instead, it focuses on responsible access to sensitive capabilities, reinforcing a line of defense that already exists but must now be modernized. The necessity and viability of such modernization was demonstrated by the Paraphrase Project, led by Microsoft. By stress-testing existing screening systems against AI-designed biological sequences, the project showed both where safeguards could fail and how they could be improved. The effort followed a familiar model from cybersecurity: responsible disclosure, red teaming, and rapid deployment of fixes. It highlights how biosecurity tools, like software, must evolve continuously to keep pace with changing threats.

Bipartisan momentum and durable government action

The importance of biosecurity in the age of AI has been recognized across administrations and parties. On May 5, 2025, the Trump Administration released an Executive Order on Improving the Safety and Security of Biological Research, emphasizing the importance of nucleic acid synthesis screening and calling for broader biosecurity oversight. That action built on work that began in 2024, when the White House Office of Science and Technology Policy set out a federal framework emphasizing comprehensive screening, customer verification, and the development of technical standards in partnership with industry.    

Leaders in Congress are now building on this foundation. Earlier this year, Senators Cotton and Klobuchar introduced the Biosecurity Modernization and Innovation Act, known as S. 3741. The bill reflects a bipartisan commitment to strengthening U.S. biosecurity while sustaining scientific leadership and innovation. It would establish mandatory screening requirements (extending beyond current requirements for screening for federally funded research), conformity assessments, and enforcement mechanisms, while also advancing practical implementation through technical assistance and a biotechnology governance sandbox to promote exploratory efforts. The bill also directs OSTP to conduct a 90-day assessment of biosecurity authorities and develop a plan to consolidate oversight to improve efficiency and effectiveness.

Taken together, these efforts reflect a durable consensus: safeguarding biotechnology in the AI era is a national security priority.

Responsible innovation in practice

Supporting innovation while reducing risk will require a balanced approach grounded in continuous monitoring of emerging capabilities, investment in technical safeguards, and thoughtful policy development.

Nucleic acid synthesis screening is not a comprehensive solution, but it is an essential one. Strengthening it now—through bipartisan legislation, thoughtful regulation, and continued public‑private collaboration—would represent the type of balanced, durable action that this moment requires.

The Biosecurity Modernization and Innovation Act would help advance that goal by pairing stronger screening requirements with practical implementation tools and oversight mechanisms. Microsoft strongly supports efforts like this that build on our longstanding work with researchers, synthesis providers, and other partners to strengthen safeguards while sustaining innovation.

The United States has an opportunity to continue to lead by pairing innovation with responsible stewardship. If we get this balance right, we can reap the rewards of AI-enabled biotechnology while guarding against its risks—for this generation and the next.

 

Additional resources:

 

 

The post Strengthening biosecurity in the era of AI appeared first on Microsoft On the Issues.

  •  

Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground

Blogs

Blog

Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground

In this post, we explore XSS’ shift from a unified forum to a scattered community spread across several competing factions.

SHARE THIS:

What is XSS?

For more than two decades, XSS was the gathering ground for the Russian-speaking cybercriminal underground. Evolving from its former name, DaMaGeLaB, XSS evolved from a mid-tier message board into a top-tier hacking forum.

XSS is home to vendors of various crime types, including loaders, phishing, scamming, carding, malware development, distributed denial-of-service (DDoS) bots, and related services. It also facilitates the trade of illicit goods and services, while simultaneously serving as a networking and recruitment hub for threat actors.

XSS forum content falls within the following main sections:

  • “Underground”: Includes most noncommercial content, such as sharing information on malware, vulnerabilities, and exploits, phishing, fraud, open source intelligence, artificial intelligence, and machine learning.
  • “Programming, Development”: Includes posts and articles about programming languages and administration.
  • “Library”: Includes news articles, databases, and discussions around software and tools. Users also post about vulnerabilities and exploits.
  • “Business Decisions”: Users discuss different investments, the sale of digital goods, trading, start-ups of fraudulent businesses, and news about cryptocurrencies.
  • “Lounge Zone, Resting”: Content involves lifestyle discussions, hobbies, and cybercriminal community rumors and scandals.
  • “Trading Platform”: Users sell and look to buy network access, malware, counterfeit documents, and advertise their services. This is where users hire and look for work or partners.
  • “People’s Court”: Used for complaints and arbitration and contains lists of phishing forums and scammers.
  • “Ours”: Contains information about the XSS project, discussions on issues, suggestions, and initiatives for forum improvement.
  • “Private: Underground”: Closed section for only forum members.
XSS forum main sections (Source: XSS)

XSS Disruption: July 2025 Takedown

On July 23, 2025, law enforcement organizations reportedly seized XSS as part of a multinational operation with Ukrainian authorities, French police, and Europol. Alongside the domain seizure, French authorities reported the arrest of XSS’s longtime administrator in Ukraine.

This arrest triggered an immediate chain reaction that has had lasting effects on the Russian-speaking underground—with the XSS ecosystem splintering into several competing factions.

The Current State of the Russian-Speaking Underground

While the original XSS architecture was severely disrupted, the surrounding Russian-speaking cybercriminal ecosystem remains intensely active. However, instead of a centralized hub, the XSS ecosystem is spread out through competing environments that emerged directly from the fallout of the takedown.

DamageLib

Launched by the legacy moderators of XSS, DamageLib represents a structural pivot away from standard illicit forums. Concluding that the old XSS site was compromised by law enforcement, the moderators launched a new model that completely abandons commerce—shutting down all buying, selling, and auctions entirely—-to eliminate user tracking and surveillance. Instead, it focuses strictly on technical materials and tutorials.

Rehub

Recognizing that displaced cybercriminals still required a commercial venue to trade, a former XSS moderator launched Rehub quickly after the emergence of DamageLib. Rehub immediately integrated a commercial platform, successfully recruiting prominent threat actors into its moderation team to establish underground credibility.

The forum is still in its development stage, with its content being populated, and an active member base being built.

XSS[.pro]

In early August 2025, an unknown entity launched an alleged resurrection of the forum on a new domain [.pro], utilizing old backups that preserved legacy user data, threads, and forum deposits. However, this new version has been met with significant distrust from Exploit and DamageLib, believing the [.pro] domain to be a honeypot controlled by law enforcement.

XSSF Forum

Started by a pro-Russian Telegram hacking group, this community actively targets EU and Ukrainian digital infrastructure. According to user discussions on DamageLib, this forum is not related to XSS. In addition, Flashpoint analysts note that targeting Ukrainian infrastructure directly contradicts its original community rules. The authenticity of this forum and its ownership has not been verified.

Monitor a Fractured Underground Using Flashpoint

While law enforcement achieved a significant victory over XSS, they did not eliminate the Russian-speaking cybercriminal underground. Instead, they broke the foundational trust mechanics that had kept it centralized for twenty years.

This has left the Russian-speaking underground in a deeply fractured state that is still intensely active and highly adaptive. For defenders and analysts, this threat has not diminished—it has diversified. Tracking this ecosystem no longer means watching a single centralized community, but rather actively mapping out the live migrations, shifting rules, and behavioral patterns across these splintered groups.

Request a demo to learn how Flashpoint helps security teams aggregate intelligence from these scattered factions into a single source of truth, empowering your organization to proactively monitor and intercept emerging threats.

Request a demo today.

The post Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground appeared first on Flashpoint.

  •  

The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation

Blogs

Blog

The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation

In this post we break down the technical mechanics of TeamPCP’s recent campaign, the impact on the developer ecosystem, and the urgent steps needed to secure software supply chains.

SHARE THIS:
Default Author Image
May 28, 2026

The developer ecosystem recently faced one of its most significant architectural threats to date, with the threat actor group TeamPCP unleashing Mini Shai-Hulud—a self propagating worm and multi-ecosystem threat. Potentially affecting millions of developers and thousands of companies, Mini Shai-Hulud has fundamentally compromised the trust layer of modern CI/CD pipelines.

The operational tempo of Mini Shai-Hulud has accelerated with every campaign. What began as opportunistic credential theft has now evolved into a high-speed, automated operation that can compromise hundreds of packages in under thirty minutes. From the exfiltration of approximately 3,800 internal GitHub repositories to the poisoning of critical libraries like TanStack and AntV, TeamPCP’s campaign has been incredibly effective in exploiting developer tooling and identity infrastructure.

What is Mini Shai-Hulud?

Mini Shai-Hulud is deployed as a 498 KB obfuscated script executed using the Bun JavaScript runtime. The deliberate choice of Bun, rather than Node.js, is a tactical evasion technique as most endpoint detection and response (EDR) platforms and security information and event management (SIEM) solutions have behavioral rules tuned to Node.js execution patterns.

How Mini Shai-Hulud Works

The worm propagates by stealing npm and GitHub authentication (OIDC) tokens from developer environments, then using those credentials to publish malicious versions of packages the compromised user maintains. To accomplish this, the worm scrapes runner process memory to extract short-lived identity tokens, which it then exchanges for per-package npm trusted-publisher tokens without requiring any long-lived npm secrets.

Credential Exfiltration and Command-and-Control

Mini Shai-Hulud targets credentials across 130 file paths, including npm tokens, GitHub personal access tokens, AWS, GCP, and Azure configuration files, Kubernetes kubeconfig files, Docker credentials, HashiCorp Vault tokens, 1Password and Bitwarden CLI vaults, SSH private keys, and Bitcoin wallet files. 

Exfiltration occurs across multiple channels: the Session Protocol network, the GitHub Git Data API using dynamically created Dune-themed repositories on victim accounts, HTTPS to the threat actor-controlled domain, and an api for GitHub Actions workflow exfiltration.

The worm uses a dead-drop command-and-control (C2) architecture via GitHub’s public commit search API. An installed daemon (kitty-monitor, deployed as a systemd service on Linux or a LaunchAgent on macOS) polls GitHub for commits containing the string “firedalazer,” parses RSA-PSS-signed command payloads from matching commits, and executes them. This technique leverages GitHub as a trusted relay, making C2 traffic difficult to block without disrupting legitimate GitHub usage.

The worm then uses a persistence mechanism as a dead-man’s switch: a GitHub personal access token named “IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner” is created on compromised developer machines. If an operator revokes this token without first disabling the persistence mechanism, the worm destroys all home directory data on the compromised device.

AI Agent Hijacking

Beyond standard persistence mechanisms, Mini Shai-Hulud targets AI coding agents. The SafeDep analysis documents that the worm modifies Claude Code’s settings .json to insert a SessionStart hook, enabling the worm to be reinstated with full LLM API privileges even if the infected npm packages are later removed, or the npm cache is cleared. A similar technique targets Visual Studio Code’s tasks.json file using the “runOn”: “folderOpen” trigger, and Codex configuration files are also targeted.

These AI agent hijacking techniques represent a novel attack surface: by persisting within trusted AI tool configurations, the malware can exfiltrate all code and secrets processed by those tools during future development sessions.

Four Waves of Supply Chain Attacks

Flashpoint has observed at least four documented waves of TeamPCP npm and PyPI supply chain attacks in 2026, leveraging Mini Shai-Hulud to compromise developer tooling ecosystems and steal credentials, cloud keys, and source code across tens of thousands of organizations. 

The following timeline tracks the escalation of TeamPCP and the Mini Shai-Hulud waves throughout 2026:

Wave 1: Initial SAP Packages (April 2026)

The first documented wave of Mini Shai-Hulud attacks targeted a small number of SAP-ecosystem npm packages in April 2026. While TeamPCP had already proven their CI/CD attack capabilities in March 2026 by compromising Aqua Security’s Trivy scanner and Checkmarx KICS via GitHub Actions, this initial wave served primarily as a proof-of-concept for the self-propagation mechanism and a reconnaissance phase for TeamPCP’s access broker network. Further, these attacks demonstrated the group’s ability to compromise widely used security tooling—a development that significantly undermines defenders’ ability to trust automated CI/CD pipeline scanning results.

Wave 2: TanStack, Mistral AI, and Guardrails AI (May 2026)

Leveraging a GitHub Actions cache-poisoning technique, TeamPCP published malicious versions of 42 TanStack packages across 84 releases, impacting a project with over 518 million cumulative downloads. 

The attack also compromised Mistral AI and Guardrails AI, extending the attack surface to the AI developer tools ecosystem. Forged commit authorship was used to blend the attacker’s commits into AI-assisted development environments where Claude Code is commonly deployed.

TeamPCP simultaneously listed Mistral AI source code for sale on BreachForums, claiming possession of approximately 5 GB of data across 450 internal Mistral repositories.

TeamPCP BreachForums posts advertising Mistral AI internal source code and repositories for sale, May 2026. (Source: Flashpoint)

Wave 3: AntV Ecosystem (May 2026)

Targeting AntV enterprise data visualization ecosystem, TeamPCP compromised the atool npm account, which held publishing rights across a broad catalog of AntV packages. In 22 minutes, 637 malicious versions were published across 323 packages—a scale and speed that overwhelmed standard security monitoring pipelines.

Each infected package contained the Mini Shai-Hulud worm, which, upon execution, created up to 2,500 compromised repositories on victim accounts within hours.

Wave 4: Co-Ownership of BreachForums and GitHub Breach

In the most recent wave, TeamPCP announced its assumption of co-ownership of BreachForums, the largest English-language cybercriminal forum currently active. This development significantly elevates TeamPCP’s standing and operational reach. As co-owners, the group stated it would manage platform operations, handle dispute resolution, staff and vet moderation personnel, and host monetary contests for the community. The announcement positions TeamPCP as both an active threat actor and a platform-level infrastructure operator, with the ability to shape forum policies, curate the availability of criminal tooling, and influence the broader access broker and ransomware ecosystem.

Additionally, by poisoning a GitHub employee’s development environment, TeamPCP exfiltrated approximately 3,800 internal GitHub repositories. Within the stolen data were highly sensitive codebases such as:

  • copilot-api and copilot-token-service
  • actions-runtime
  • billing-platform
  • enterprise-crypto
  • authentication
  • codeql-core
  • detection-engineering
  • csirt
  • azure-config
TeamPCP BreachForums posts advertising GitHub internal source code for sale. (Source: Flashpoint)

Recommended Immediate Actions

Critically, the theft of internal source code from one of the world’s most widely used code hosting platforms creates incredible downstream risk for organizations that depend on GitHub Copilot and GitHub Actions for their own software development pipelines. Organizations running AI coding agents such as Claude Code and VS Code with extensions in their CI/CD pipelines face heightened exposure. Security teams should treat AI agent configuration files as sensitive assets subject to integrity monitoring and change-control policies.

If your organization uses npm, PyPi, or AI-assisted development tools, Flashpoint recommends the following immediate steps:

  1. Audit and remove: Immediately audit CI/CD environments and remove all infected versions of AntV, TanStack, Mistral AI, and Bitwarden CLI packages.
  2. Rotate credentials: Rotate all cloud credentials (AWS, GCP, Azure) and npm tokens.
  3. Disable persistence first: Before revoking suspicious GitHub tokens, ensure the kitty-monitor daemon is disabled to avoid triggering the “dead-man’s switch” wiper.
  4. Lock down IDEs: Restrict the installation of VS Code extensions to an approved allow-list and monitor for unauthorized changes to settings.json or tasks.json.
  5. Block C2 infrastructure: Block all traffic to identified TeamPCP C2 domains.

Track TeamPCP and Defend against Mini Shai-Hulud Using Flashpoint

Flashpoint assesses with high confidence that TeamPCP will continue to scale its supply-chain attacks against npm, PyPI, and developer tooling ecosystems. The group’s shift from direct execution to orchestrating a broader ecosystem via BreachForums signals a maturation into a platform-layer criminal operation. While TeamPCP has hinted that the group may be approaching “retirement” due to law enforcement pressure, this should be treated with caution. Whether a misdirection or a genuine exit plan, the open-sourcing of Shai-Hulud means the tradecraft is available to the wider cybercriminal community.

Organizations should reference the OpenSSF npm Best Practices guidance for a practical baseline in hardening their package consumption posture. Flashpoint customers can gain access to known Indicators of Compromise (IOCs) and MITRE ATT&CK Mapping for Mini Shai-Hulud by logging into Flashpoint Ignite. To learn more about how Flashpoint tracks threat actor groups like TeamPCP and protects the software supply chain, request a demo.

Request a demo today.

The post The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation appeared first on Flashpoint.

  •  

United States AI adoption shows steady growth, but distribution remains uneven

More than 30 percent of the US working-age population is using AI, an increase of three percentage points from the end of 2025. But what does that number mean, and what lessons should we take from it? Today Microsoft released a new report that offers an in-depth look at AI adoption across the United States, allowing for the first time a state- and county-level review. This data and the trends it shows are important.

On a national basis, the US leads the world in AI innovation but ranks just 21st in global AI adoption. Part of the reason for this gap is a clear and uneven pattern of AI adoption across the country. We are also seeing a significant divide between urban and rural counties in AI usage. Usage averages 32.9 percent in metropolitan counties, compared with 16.2 percent in rural areas. In other words, metropolitan usage is about double what we see across rural America.

Digital graphic on a dark blue background illustrating the urban‑rural divide. Large text highlights a 16.7 percentage point gap. Three horizontal sections compare areas: metro counties at 32.9%, micropolitan counties at 21.7%, and rural counties at 16.2%, each shown with gradient bars and county counts.The study also shows that another powerful driver of AI diffusion is the presence of colleges and universities. Counties with higher shares of residents aged 18 to 24 have significantly higher AI usage rates—28.6 percent compared with 20.3 percent in other counties. And while college students are some of the most vocal about the risks of AI, they are also helping lead adoption. In counties with college towns like Williamsburg, Virginia, and Story, Iowa, we see usage rates that rival the highest in the world.

 

Read the Microsoft US AI Diffusion Report.

The post United States AI adoption shows steady growth, but distribution remains uneven appeared first on Microsoft On the Issues.

  •  

Strengthening our approach to tackling non-consensual intimate imagery

When intimate images are shared without consent—whether real or AI-generated—the harm is immediate, deeply personal, and often long-lasting. It can affect someone’s sense of safety, dignity, and control, both online and offline. Protecting people from harms like non-consensual intimate imagery (NCII) has long been a priority for Microsoft. And as technology advances, our response continues to evolve to tackle very real challenges like the proliferation of highly realistic synthetic imagery. With the US Take It Down Act coming into force this month, establishing new federal protections against the spread of NCII, it’s important to share how we’re evolving our approach: making it easier to report harm, taking new steps to detect known NCII, and enabling more effective enforcement across our services.

Expanding protections across Microsoft services

Our goal is to make it simpler for individuals, or their representatives, to report violative content to Microsoft. We have strengthened our global reporting processes for NCII with more intuitive form, with clear options to describe harm, including both real and AIgenerated images. These changes are designed to ease the burden for people in a distressing moment and enable faster, more effective action by our teams. Microsoft’s NCII policy is applied consistently across real and synthetic content, recognizing that the harm to individuals is the same, regardless of how an image was created. To report content on Microsoft services, hit Report A Concern or in the product where you encounter the content.  

We also want to proactively detect and prevent the spread of known NCII by working with StopNCII.org, a reporting platform that enables individuals to create a digital “fingerprint,” or hash, of their images. Two years ago, we provided StopNCII.org with a new version of PhotoDNA that enables victims to create a hash without an image ever leaving their device. This can then be used by StopNCII.org partners to detect and remove matching NCII content across platforms, allowing industry to work together to prevent re-sharing and protect individuals’ privacyWe have been piloting the use of these hashes in Bing since September 2024. 

We have now expanded our use of validated StopNCII.org hashes across Microsoft consumer services, including Teams Free, OneDrive, and Xbox. We will implement these changes carefully to advance effectiveness and accuracy—accelerating removals, automating where appropriate, maintaining human review for reported cases, and providing clear, accessible paths for users to appeal decisions.

Enhancing our collective response to this harm

No single company can address NCII alone. It requires coordination across industry, governments, and civil society. Microsoft will continue working with partners to improve shared tools and approaches that help prevent this content from spreading. We will also continue to advocate for clear, effective policies that protect victims, support innovation, and strengthen accountability across the ecosystem.

We will also continue to advocate for policies that support efforts to advance laws that prevent and deter image-based abuse. Microsoft advocated in support of the US Take It Down Act and welcomes the European Union’s work to strengthen protections against “nudification” apps, alongside global efforts to criminalize this misuse of technology. We are closely tracking Ofcom’s recent announcement that new measures will be required under the UK Online Safety Act to address illegal NCII harms. We believe our proactive work in this area will help us maintain trust with survivors, users, and regulators, among others.

Speed, clarity, and trust matter for people affected by intimate image abuse. When someone reaches out for help, we will strive to respond quickly, respectfully, and effectively. Our goal, though, is to invest in technologies and partnerships that reduce the likelihood of harm. We have joined forces with Childnet, a UK NGO that aims to safeguard children online, and created educational materials to prevent the misuse of AI to create intimate imagery among teens. These materials have now been released in the UK, as well as localized with partners in Singapore, South Korea, and Japan.

I am proud to learn from our digital safety team, which is carefully charting our path, and from the many industry and community leaders contributing to this work. This is an evolving challenge. We are committed to the journey, grounded by the voices of experts and survivors.

The post Strengthening our approach to tackling non-consensual intimate imagery appeared first on Microsoft On the Issues.

  •  

Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware 

Every day, we decide what software to trust in seconds guided by simple labels such as “verified,” “secure,” and “safe to install.” The problem is that those signs can be manipulated.

Today, Microsoft unsealed a legal case in the US District Court for the Southern District of New York targeting a cybercrime service known as Fox Tempest, which, since May 2025, has enabled cybercriminals to disguise malware as legitimate software. The malware-signing-as-a-service (MSaaS) worked by fraudulently accessing and abusing code signing tools, such as Microsoft’s Artifact Signing, a system designed to verify that software is legitimate and hasn’t been tampered with. Cybercriminals used the service to deliver malware and enable ransomware and other attacks, infecting thousands of machines and compromising networks worldwide.

For the first time, Microsoft is taking public action against a powerful, but often unseen, enabler within the cybercrime ecosystem, targeting how cybercriminals prepare and employ techniques to optimize their rate of success. To disrupt the service, we seized Fox Tempest’s website signspace[.]cloud, took offline hundreds of the virtual machines running the operation, and blocked access to a site hosting the underlying code. This action builds upon persistent internal efforts to revoke fraudulently obtained code‑signing certificates and enhance our defenses and employ new security features to detect and thwart such malicious activity. It’s already having an impact: cybercriminals are complaining about challenges accessing the current service.

Our impact extends beyond one actor. The lawsuit targets Fox Tempest’s infrastructure and also names Vanilla Tempest as a co-conspirator, a prominent ransomware group that used the service to deploy malware like Oyster, Lumma Stealer, and Vidar, and ransomware, including  Rhysida, in multiple recent cyberattacks. Vanilla Tempest has targeted schools, hospitals, and other critical organizations worldwide, while Rhysida, a highly evolved ransomware variant that both encrypts files and steals data, often used for double extortion, has been used by various actors in numerous high-profile attacks globally, including to steal and leak internal documents from the British Library and to disrupt operations at Seattle-Tacoma International Airport. Microsoft’s investigation further linked Fox Tempest to various additional ransomware affiliates and families, including INC, Qilin, Akira, and  others.

More broadly, this case points to how cybercrime is changing.  What once required a single group to carry out an attack from start to finish is now broken into a modular ecosystem where services are bought and sold and work interchangeably with one another. Some services are inexpensive and widely used. Others, like Fox Tempest, are highly specialized and expensive because they remove friction or bypass obstacles that make attacks fail, making them both more reliable and harder to detect. As seen with Fox Tempest, when these services are combined with AI-powered tactics, attacks can scale more easily, reaching more people and becoming more convincing.

This kind of abuse isn’t new, but it is evolving

Illicit code-signing certificates have been  sold and trafficked for more than a decade. That includes its use by nation-state actors to target critical infrastructure organizations in Europe. What’s changed is how this activity is marketed, packaged, and sold as a service, along with the scale at which it is now used across ransomware campaigns. Instead of buying certificates one-by-one, criminals upload their malware to a service that signs it for them.

What also makes this model notable is the level of investment. Unlike lower-cost services like RedVDS, a cybercriminal infrastructure provider that costs as little as $24 per  month, which Microsoft disrupted earlier this year, Fox Tempest shows that more sophisticated actors are willing to pay thousands of dollars for advanced capabilities that make attacks easier to carry out, harder to detect, and more likely to succeed.

How Fox Tempest sold “legitimacy” at scale

Fox Tempest’s business model was straightforward: sell fraudulent code-signing capability, let others package malware, and enable attacks downstream. The model has generated millions in proceeds, demonstrating significant financial profit.

Behind the scenes, the operators built access at scale. Using fabricated identities and impersonating legitimate organizations, they created hundreds of fraudulent Microsoft accounts to obtain real code-signing credentials in volume. Customers who paid for Fox Tempest’s services could then upload malicious files via an online portal for them to  be signed using Fox Tempest-controlled certificates. Cybercriminals paid thousands of dollars for the service, reflecting how valuable this capability was.

Fox Tempest’s pricing model form and Telegram channel where you could purchase the service. The more you pay, the quicker you get access to the service.

Once signed, their malware appeared legitimate. Attackers then distributed the signed malware through tactics such as search manipulation and malicious ads, where users are more likely to trust what they encounter.  AI then helped generate and refine these campaigns  to reach a broader audience.

How code-signed malware appears in search results.
Fake Microsoft Teams download page and delivery mechanism for disguised code-signed malware

That changed the odds. Malicious software that should have been blocked or flagged by antivirus and other safeguards was more likely to be opened, allowed to run, or pass security checks—essentially allowing malware to hide in plain sight. Instead of forcing their way in, attackers could slip through the front door by masquerading as a welcomed guest.

An overview of malware‑signing‑as‑a‑service.

As Microsoft disabled fraudulent accounts, revoked fraudulently obtained certificates and introduced enhanced protections, the Fox Tempest operators continually adapted. In February 2026, they ultimately shifted to networks of third-party-hosted virtual machines to maintain and scale operations. That kind of rapid change is part of the model: these services evolve quickly in response to pressure and friction. In fact, Microsoft has observed further adaptations in response to our layered disruption efforts, with Fox Tempest attempting to shift operations and customers to another code-signing service.

Fox Tempest’s response to the disruptive efforts—translated from Russian by a third-party partner

In addition to seizing the core infrastructure behind the operation and degrading its ability to function at scale, we have taken further steps to prevent similar abuse, removing fraudulent accounts, strengthening verification, and limiting how this type of access can be reused. More technical details on the operation and the steps we’re taking to prevent similar abuse are available in this Microsoft Threat Intelligence blog.

Cutting off a critical enabler of cybercrime

This action wasn’t about stopping one actor. It sought to strategically neutralize a vital service that many attackers, particularly ransomware groups, rely on. When legitimate code signing services are weaponized, everything downstream gets easier: malware looks legitimate, security warnings are less likely to trigger, and attacks are more likely to succeed. Degrading that capability adds friction and forces a reset. The success rates of attacks decrease, and attackers have to rebuild, find new ways in, and accept more risk with each attempt—driving up both the cost and the time required to operate.

Importantly, disruption actions don’t happen in isolation and are never one-and- done. Collaboration is critical, as different organizations and sectors have visibility into different parts of the cybercrime ecosystem. In this case, we are working closely with cybersecurity company Resecurity, whose insights help us better understand how Fox Tempest operates. We are also collaborating closely with Europol’s European Cybercrime Centre (EC3) and the Federal Bureau of Investigation (FBI). As we’ve seen in previous efforts, we expect actors to try to rebuild. Collectively, we will continue to take action and keep the pressure on. That also means strengthening the code signing ecosystem through intelligence sharing and partnering with other code signing services, so it’s harder for malicious actors to regain that ground in the first place.

When attackers can make malicious software look legitimate, it undermines how people and systems decide what’s safe. Disrupting that capability is key to raising the cost of cybercrime. As threats evolve, the Microsoft Digital Crimes Unit will continue working with partners across industry and law enforcement to persistently identify and cut off the services that enable them.

For more than a decade, the Microsoft Digital Crimes Unit (DCU) has persistently disrupted cybercrime and nation-state threats targeting people, organizations, and critical infrastructure. Explore major disruptions—and the ongoing cases and operations behind them here: Disrupting cyberthreats since 2008 | Microsoft

The post Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware  appeared first on Microsoft On the Issues.

  •  

The state of global AI diffusion in 2026

Today we published our latest Global AI Diffusion Report. The global adoption of artificial intelligence continued to rise in the first quarter of 2026. During the quarter, AI usage increased by 1.5 percentage points from 16.3% to 17.8% of the world’s working age population. Intensity of use among economies with the highest rates of AI diffusion also increased, with 26 economies now exceeding 30% of the working age population using AI.

At the top of Microsoft’s National AI Leaderboard, the UAE continued to lead global AI diffusion at 70.1%. The United States finally started to move up the national rankings, albeit only from 24th to 21st based on a 31.3% usage rate by the working age population.

Notable developments in the quarter included accelerating AI adoption in Asia driven in part by improving AI capabilities in Asian languages. South Korea, Thailand, and Japan saw the greatest movement. More broadly, the quarter brought continued widening of the AI gap between the Global North and South, with usage now at 27.5% in the North and 15.4% in the South. These trends are discussed below, including a deeper dive on the positive impact of enhanced multilingual AI capabilities in Japan.

To track all these trends, we continue to measure AI diffusion as the share of people worldwide between ages 15 and 64 who have used a generative AI product during the reported period. This measure is derived from aggregated and anonymized Microsoft telemetry and adjusted to reflect differences in OS and device-market share, internet penetration, and country population. Additional details on the methodology are available in our AI Diffusion technical paper.[1]

A list showing AI diffusion by economy

No single metric is perfect, and this one is no exception. Through the Microsoft AI Economy Institute, we continue to refine how we measure AI diffusion globally, including how adoption varies across countries in ways that best advance priorities such as scientific discovery and productivity gains. For this report, we rely on the strongest cross-country measure available today, and we expect to complement it over time with additional indicators as they emerge and mature.

Sectorally, the quarter saw strengthened AI coding capabilities leading to a dramatic increase in production of software code. This was reflected in production by Anthropic’s Claude Code, the OpenAI’s Codex, and Microsoft’s GitHub Copilot. Git pushes – through which software developers put coding changes online – increased 78% year over year globally. Interestingly, the quarter brought added evidence that, at least for now, AI coding capabilities may be increasing demand for the employment of software developers.

As discussed in more detail in the report, when developer productivity increases, the cost of building software declines. If demand for software is elastic, organizations can respond by building more software across a wider range of use cases. It is still too early to know the full labor-market impact of AI-assisted coding, but the available data shows that in 2025, total U.S. software developer employment reached approximately 2.2 million, rising 8.5% year over year and marking a record high for the profession. Early data for the first quarter of 2026 shows that software developer employment in March 2026 was about 4% higher than in March 2025.

Download the latest Global AI Diffusion report. and explore the data here.

 

[1] A. Misra, J. Wang, S. McCullers, K. White, and J., L. Ferres, “Measuring AI Diffusion: A Population Normalized Metric for Tracking Global AI Usage,” Nov. 04, 2025, arXiv: arXiv:2511.02781. doi: 10.48550/arXiv.2511.02781. 

 

The post The state of global AI diffusion in 2026 appeared first on Microsoft On the Issues.

  •  

2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence: Key Takeaways for Security Leaders

Blogs

Blog

2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence: Key Takeaways for Security Leaders

SHARE THIS:
Default Author Image
May 6, 2026

We are proud to share that Flashpoint has been named a Challenger in the inaugural 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence Technologies. 

“We see this recognition as a testament to Flashpoint’s ability to execute at the highest levels for the world’s most discerning threat intelligence customers, with our unique combination of primary source collection and human analysis at the core,” — Josh Lefkowitz, CEO at Flashpoint.

The Gartner Magic Quadrant provides organizations with a wide-angle view of vendors in the cyber threat intelligence market. By applying a graphical treatment and a uniform set of evaluation criteria, the Magic Quadrant helps organizations assess how well technology providers are executing their stated visions and performing against Gartner’s market view. Vendors are evaluated based on their Ability to Execute and Completeness of Vision:

  • Ability to Execute reflects the Gartner assessment of the vendor’s product and/or service, overall viability, sales execution and pricing, market responsiveness and record, marketing execution, customer experience, as well as operations.
  • Completeness of Vision comprises the Gartner view of the vendor’s overall market understanding, marketing strategy, sales strategy, offering (product) strategy, business model, vertical/industry strategy, innovation, and geographic strategy.

“We believe, and our customers consistently validate, that the future of threat intelligence lies at the critical intersection of intelligence depth and application,” says Lefkowitz. “That’s why Flashpoint pairs unmatched access to primary-source environments with the ability to operationalize that intelligence across security workflows, enabling organizations to make faster, more informed decisions.”

A complimentary copy of the Gartner® Magic Quadrant™ for Cyber Threat Intelligence Technologies is available to download here.

Market Dynamics and Growth of the Threat Intelligence Market

The threat intelligence market has expanded in both scope and strategic importance as organizations contend with a broader and more complex threat environment. What was once a supporting function within security operations is now expected to inform decisions across vulnerability management, fraud prevention, and enterprise risk. This shift has raised the bar for how intelligence is collected, analyzed, and applied.

Gartner describes this evolution as a move toward unified cyber risk intelligence (UCRI) — an approach that brings together diverse internal and external data sources with advanced analytical capabilities to improve decision-making. As noted in The Evolution of Threat Intelligence Is Unified Cyber Risk Intelligence, “the future of threat intelligence is unified cyber risk intelligence (UCRI)… defined by the convergence of multisignal collection and advanced analytical capabilities.” In our opinion, this model reflects the reality that no single source provides sufficient visibility, and that intelligence must be corroborated across environments to be actionable. 

At the same time, the scale of available data continues to increase, introducing new challenges around prioritization and context. Gartner notes that organizations “receive vast amounts of threat data, and filtering out false positives, redundant information and irrelevant alerts to extract actionable intelligence remains a significant challenge. This “noise” can overwhelm security teams and lead to important threats being missed.” This is where AI plays a growing role. Techniques such as machine learning and natural language processing are increasingly used to correlate signals, identify patterns, and surface relevant risks faster. As intelligence becomes more integrated across the enterprise, the ability to combine multisource collection with AI-driven analysis is shaping how organizations evaluate platforms and build modern threat intelligence programs.

How Security Teams Are Evaluating Threat Intelligence

From Flashpoint’s experience working with the most discerning security and intelligence teams, the value of a threat intelligence platform is measured in how it performs in practice — how quickly it surfaces relevant activity, how much context it provides, and how easily it supports decision-making across workflows.

We see three areas consistently shape how intelligence is evaluated, supported by a combination of human expertise and AI-driven analysis:

  • Access to high-signal environments: Intelligence is most useful when it reflects activity at its source. Access to closed forums, encrypted messaging platforms, and illicit marketplaces provides the context needed to understand how threats develop and move.
  • Context that supports prioritization: Vulnerability and threat data require context to be actionable. Understanding how activity is discussed and operationalized in real environments allows teams to focus on what requires attention.
  • Integration into operational workflows: Intelligence must fit into the systems and processes teams already rely on. Integration across SIEM, SOAR, and internal workflows allows intelligence to be applied consistently at scale.

These areas are closely tied to how Flashpoint has built its platform and how it supports organizations operating in complex threat environments.

Where Intelligence Comes From Matters

A large part of how intelligence performs in practice comes back to the source of the data itself.

We believe, and our customers continue to validate, that Flashpoint’s approach is centered on primary-source collection. That means accessing environments where threat activity is actively discussed, coordinated, and developed, including closed forums, encrypted messaging platforms, and illicit marketplaces. These environments require sustained access and ongoing validation, but they provide a level of visibility that is difficult to achieve through surface-level collection alone.

From our experience, working from these sources changes how intelligence is used. Activity can be observed earlier and understood with more context, with discussions, relationships, and intent preserved.

In practice, this allows teams to:

  • Identify emerging activity before it becomes widely visible
  • Maintain context across conversations, actors, and environments
  • Reduce time spent investigating low-value or unverified signals

Intelligence Has to Fit Into How Teams Actually Operate

Collection alone doesn’t determine whether intelligence is useful. We believe it also has to be delivered in a way that aligns with how teams work.

In our experience, most security teams already have established workflows tied to SIEMs, SOAR platforms, and internal processes. Intelligence that integrates into those workflows can be applied consistently across investigation and response.

In practice, we see this support:

  • Delivery of intelligence directly into existing systems
  • Consistent application across automated and analyst-driven workflows
  • Reduced friction between intelligence, investigation, and response

Over time, this consistency allows teams to build repeatable processes around intelligence rather than treating it as a separate function.

Context Drives Prioritization

The same dynamics apply to vulnerability intelligence.

From our experience, understanding which vulnerabilities exist is only one part of the problem. Determining which ones require attention in a given environment depends on context — how those vulnerabilities are being discussed, shared, or used in active threat activity.

We have seen first-hand that when vulnerability data is connected to real-world activity, teams can:

  • Prioritize remediation based on active threat relevance
  • Align vulnerability management with observed adversary behavior
  • Reduce reliance on static scoring as the sole decision driver

Applying This in Practice

For organizations evaluating providers, challenge intelligence sources, challenge collection agility, challenge exploit prioritization and above all ask yourself is this a partner with a long-term track record of navigating the world’s most complex threat environments?

To see how Flashpoint, the world’s largest private provider of threat intelligence can help you make better decisions, faster and with confidence, schedule a demo.

Gartner Disclaimer

Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Flashpoint.

Gartner, Magic Quadrant for Cyber Threat Intelligence Technologies, Jonathan Nunez, Carlos De Sola Caraballo, Jaime Anderson, May 4, 2026.

Gartner, The Evolution of Threat Intelligence Is Unified Cyber Risk Intelligence, By Jonathan Nunez, 15 September 2025.

Gartner and Magic Quadrant are trademarks of Gartner, Inc., and/or its affiliates.

Begin your free trial today.

The post 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence: Key Takeaways for Security Leaders appeared first on Flashpoint.

  •  

Advancing AI evaluation with the Center for AI Standards (US) and Innovation and the AI Security Institute (UK)

Today, Microsoft is announcing new agreements with the Center for AI Standards and Innovation (CAISI) in the US and the AI Security Institute (AISI) in the UK to advance the science of AI testing and evaluation, including through collaborative work to test Microsoft’s frontier models, assess safeguards, and help mitigate national security and large-scale public safety risks. These agreements matter because ongoing, rigorous testing is essential to building trust and confidence in advanced AI systems. Well-constructed tests help us understand whether our systems are working as intended and delivering the benefits they are designed to provide. Testing also helps us stay ahead of risks, such as AI-driven cyberattacks and other criminal misuses of AI systems, that can emerge once advanced AI systems are deployed in the world. 

While Microsoft regularly undertakes many types of AI testing on its own, testing for national security and large-scale public safety risks necessarily must be a collaborative endeavor with governments. This type of testing depends on deep technical, scientific, and national security expertise that is uniquely held by institutions like CAISI in the US and AISI in the UK and the government agencies they work with. By combining that government expertise with Microsoft’s experience building and deploying AI systems at global scale, together we are better positioned to anticipate and manage national security and public safety risks in ways that build public trust and confidence in advanced AI systems.  

Improving AI evaluation science through cooperative research and operational experience 

Advancing the science of AI evaluation requires more than isolated research or one-off testing. It depends on sustained collaboration between industry, government, and research institutions. Through our new and expanded partnerships with the US and UK governments—alongside national security–focused evaluations of model capabilities—Microsoft is bringing technical expertise and operational experience to strengthen AI evaluation methods and practical testing foundations.  

  • In the US, with CAISI, Microsoft and NIST will collaborate on improving methodologies for adversarial assessments—testing AI systems in ways that probe unexpected behaviors, misuse pathways, and failure modes, much like stress-testing whether airbags, seatbelts, and braking systems work effectively and reliably in safety-critical driving scenarios. This work involves co-developing more systematic and reproducible approaches to evaluation, including shared frameworks, datasets, and workflows for assessing safety, security, and robustness risks in advanced AI systems. It also builds on our AI Red Team’s novel research and tools to detect compromised models at scale. 
  • In the UK, with AISI, Microsoft will collaborate on research related to frontier safety and security, including methods for evaluating high-risk capabilities and the effectiveness of the safeguards used to address them. The partnership will also include societal resilience research examining how conversational AI systems interact with users in sensitive contexts.  

These collaborations are designed to improve measurement science, evaluation methodologies, practical testing workflows, and real-world mitigation impact. They reflect a shared commitment to rigorous, practical approaches that can make safeguards stronger and evaluations more reliable. 

Looking ahead 

No organization can address these challenges alone. Our partnerships with CAISI and AISI are a key part of a wider effort to build the institutions, research base, and shared methodologies needed for effective AI testing. This effort also includes: 

  • Pursuing research and evaluation in collaboration with other AI institutes globally while helping advance shared priorities and methodologies for testing through the International Network for AI Measurement, Evaluation and Science. 
  • Helping deliver industry best practices through the Frontier Model Forum (FMF), an initiative dedicated to advancing the science and practice of frontier AI safety and security. Through the FMF, we are working with other leading AI developers to support independent research, develop shared evaluation methodologies, and promote transparency around risk mitigation strategies.  
  • Contributing to MLCommons, a multistakeholder non-profit that develops and operationalizes testing tools such as AILuminate, a family of safety and security benchmarks. In February, we announced efforts underway with institutions in India, Japan, Korea, and Singapore to expand AILuminate to support multilingual, multicultural, and multimodal evaluation, helping to make sure that AI systems work well in the languages and cultural contexts in which people around the world use them. 

As AI capabilities advance, so too must the rigor of the testing and safeguards that underpin them. We will apply what we learn from these partnerships directly into how we design, test, and deploy AI systems, ensuring that progress in evaluation science translates into safer, more secure products for our customers. As these partnerships progress, we will share what we learn and look for opportunities to apply insights and best practices to AI testing more broadly.   

The post Advancing AI evaluation with the Center for AI Standards (US) and Innovation and the AI Security Institute (UK) appeared first on Microsoft On the Issues.

  •  

Strengthening cyber capacity in Kenya: A new toolkit with lessons for the region

When a major cyber incident hits, the first decisions aren’t technical—they’re human. Who takes the lead? How quickly can information be shared? When should governments step in, and how do you protect public trust while keeping essential services running? 

These questions are at the heart of Microsoft’s Advancing Regional Cybersecurity (ARC) initiative, launched in 2025 to help governments strengthen cyber preparedness through practical, public-private collaboration. Today, we’re sharing the first tangible output of that work: the ARC Kenya Exercise Report & Toolkit, developed through a tabletop exercise held in Nairobi in December 2025.  

Developed with Kenya’s National Computer and Cybercrime Coordination Committee (NC4) and RiskSight, the toolkit is a practical planning resource designed to help government and cross-sector leaders prepare for cyber crises before they occur. It is grounded in real conversations among leaders from government, regulators, critical infrastructure operators, law enforcement, academia, and the private sector working through what a serious cyber incident would demand of them, together. 

Stress‑testing decisions before a crisis hits

The ambition of the “Silicon Savannah” makes Kenya a compelling setting for this work. Its digital economy is expanding rapidly—from mobilefirst financial services to cloudenabled public infrastructure—positioning the country as a regional technology leader. But rapid digital growth also brings increased exposure to more sophisticated cyber threats. As systems become more interconnected, a serious cyber incident can quickly disrupt essential services, undermine public trust, and threaten economic stability. 

Kenya’s approach recognizes this reality and reflects a critical principle: cybersecurity is not separate from innovation; it is one of the conditions that allows digital transformation to scale safely. The ARC initiative embodies this philosophy and helps decision makers confront the practical realities of coordination, escalation, and response in this complex environment. 

This is exactly what the ARC Kenya tabletop exercise was designed to do. The objective was not to test tools but to stresstest decision making under pressure. Participants were challenged with complex scenarios—including AIenabled breaches, ransomware attacks, and infrastructurelevel disruptions. The focus was not on technical fixes but on leadership clarity, crossagency coordination, and realtime decision making in highpressure environments. 

The outcome was both a roadmap for the unknown and a clear recognition of the need for shared expectations before a crisis begins—particularly around leadership and authority, trusted information sharing channels, and agreed response frameworks. These gaps, identified by participants themselves, now form the backbone of the ARC Kenya Toolkit. 

What the ARC Kenya toolkit delivers

The toolkit translates the lessons of the exercise into concrete actions that leaders can take now—before the next incident occurs. It also serves as a practical and specific 12month roadmap for strengthening Kenya’s cyber preparedness, moving from lessons identified to durable, institutional capability. Specifically, the toolkit provides recommendations to: 

  • Clarify national leadership during major cyber incidents, enabling government, regulators, law enforcement, and critical infrastructure operators to coordinate more quickly, with fewer gaps and overlaps. 
  • Establish practical, standardsaligned incident response models for the entire country, including priority playbooks that teams can train on and execute consistently. 
  • Strengthen operational readiness across sectors, with better coordination between security operations centers (SOCs), clearer escalation thresholds, and more reliable incident reporting pathways. 
  • Deepen trusted information sharing and publicprivate collaboration through common handling rules, safer “goodfaith” reporting mechanisms, and regular joint exercises to build muscle memory before a crisis.

Taken together, these elements enable leaders not only to respond more effectively to cyber incidents, but to institutionalize preparedness, coordination, and resilience across the national cyber ecosystem. For African countries more broadly, the model also offers a practical pathway to strengthen regional cyber cooperation—by aligning expectations around escalation, information sharing, and public‑private coordination before a crossborder incident occurs. By translating highlevel principles into practical, repeatable approaches to crisis readiness, the toolkit underscores the value of trusted international partnerships and alignment with global norms for responsible state behavior in cyberspace. 

Why Kenya’s approach matters beyond its borders

Many countries across the Global South are grappling with similar challenges: fragmented ownership of critical infrastructure, uneven cyber capacity across sectors, and the need to coordinate rapidly under pressure. While firmly grounded in Kenya’s national context, the lessons from ARC Kenya are therefore intentionally designed to resonate far beyond its borders and to be highly transferable. 

Importantly, this work does not end in Kenya. We are already building on these lessons through ARC engagements in other regions, including a new workstream in Mexico, applying the same approach to strengthen preparedness, coordination, and resilience across different national contexts. 

By design, the ARC initiative is not simply a record of a single exercise. It is a foundation others can build on—at a national or regional level—offering leaders a practical starting point to turn shared responsibility into sustained capability. 

Explore the ARC Kenya Toolkit & Tabletop Exercise

 

For more than a decade, the Microsoft Digital Crimes Unit (DCU) has persistently disrupted cybercrime and nation-state threats targeting people, organizations, and critical infrastructure. Explore major disruptions—and the ongoing cases and operations behind them here: Disrupting cyberthreats since 2008 | Microsoft

The post Strengthening cyber capacity in Kenya: A new toolkit with lessons for the region appeared first on Microsoft On the Issues.

  •  

From capability to responsibility: Securing our global digital ecosystem with next‑generation AI

Cybersecurity is at a turning point. Advanced AI models are dramatically accelerating vulnerability discovery and creating conditions ripe for exploitation, underscored by the announcement of Claude Mythos Preview. This marks a shift, and whether this technology will favor defenders or attackers will depend on the choices we make now. 

With the right safeguards, these capabilities can help trusted defenders identify and fix vulnerabilities across critical systems in hospitals, power grids, water, and telecommunications. Released irresponsibly or not properly secured, however, those same capabilities could be abused by malicious actors, threatening the foundations of our digital ecosystem. 

Much of the discussion has rightly focused on risks. As advanced AI models speed up the discovery of vulnerabilities, the way we fix them must speed up too. That means stronger pre-deployment risk assessments and close collaboration between governments, frontier AI developers, software providers, and the broader ecosystem to ensure these tools reduce, rather than increase, cyber risk. This is particularly important as AI systems themselves have become high‑value targets, requiring stronger protection of models, systems, data, and underlying infrastructure. 

This is ultimately an international challenge. Neither software supply chains nor threat actors stop at borders. Neither can our response. Meeting this moment will require shared approaches across countries, sectors, and systems—rooted in trust, shared standards, resilience, and responsible use. 

This moment is also an opportunity. Security has been and remains the top priority at Microsoft. Over the last two years, through our  Secure Future Initiative, we have strengthened our security foundations for this age of AI, in part by using AI to accelerate vulnerability discovery and remediation. We have also invested in fundamental AI for security research, including the development of open-source industry benchmarks that can be used to evaluate whether models are ready for real-world security work. We are accelerating that work through deeper public-private collaboration and in partnership with AI, including Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber program. 

Securing our digital ecosystem with nextgeneration AI is within reach but is not automatic.  

Building secure foundations for the era of frontier AI  

Ensuring advanced AI technologies are used to strengthen cybersecurity requires deliberate and urgent action. We are sharing the following recommendations as practical steps governments, industry, and the broader ecosystem can take to ensure these tools, often referred to as “frontier AI”, reinforce the security foundations on which digital societies depend. And we hope to continue to partner with model providers, industry and government so we can work together to improve security outcomes for all. 

1. Reinforce core cybersecurity practices  

Advanced AI can strengthen cybersecurity only when strong, consistent cyber hygiene is already in place. As frontier AI accelerates vulnerability discovery and response, core practices such as rapid patching, access control, and system resilience become more critical, not less. 

Security gains in the frontier AI era depend on close coordination between technology providers advancing new capabilities and the organizations responsible for operating, updating, and securing real‑world systems. Without this interdependence, advanced AI cannot deliver durable improvements in security. No organization can solve these cybersecurity problems alone. 

That is why sustained investment in what we know works remains essential: secure‑by‑design product lifecycles, Zero Trust architectures, multi‑factor authentication, least‑privileged access, and ongoing security training. Broad adoption and harmonization of established cybersecurity frameworks to ensure consistent resilience across AIenabled systems. Trusted cloud environments that enable these practices at scale, supporting secure data handling, continuous patching, and the secure deployment of AI‑enabled tools for defenders.  

  2. Release advanced capabilities responsibly  

As frontier AI systems gain reasoning, coding, and agentic capabilities, some of the most serious security risks arise before deployment, including realistic misuse involving multi‑step reasoning, tool use, and reconnaissance. Technical safety benchmarks remain important, but they are insufficient without rigorous, real‑world testing.  

As a result, governments are increasingly establishing pre‑deployment evaluations that combine technical testing with threat modeling. These assessments are most effective when frontier developers work closely with organizations that track national‑security risks. Investing in secure evaluation environments and modern testing methods can help governments keep pace as capabilities advance.  

Responsible release practices, including phased and controlled access, are a critical extension of this approach. Our work with Anthropic in Project Glasswing offers one practical model, enabling trusted defenders to evaluate advanced capabilities in constrained settings prior to broader release. Similarly, OpenAI and Microsoft work closely through Trusted Access for Cyber program, and we already support OpenAI’s use of scoped, early deployments for safety and security testing.  

Responsibility does not end at release. Organizations that deploy frontier models are often best positioned to detect emerging misuse and should monitor, mitigate, and share threat information. Microsoft is working with peers through the Frontier Model Forum to advance best practices for evaluating and managing cyber risk and enable information sharing. Governments should encourage continued industry collaboration to restrict access for identified threat actors and counter adversarial or malicious use of advanced AI. 

  3. Modernize vulnerability management  

AI is changing both the speed of vulnerability discovery and what constitutes meaningful security risk. Faster discovery only improves security if triage, validation, and remediation can keep up. 

As AI accelerates discovery, vulnerability management must shift from tracking raw volume to reducing real‑world risk. That means prioritizing vulnerabilities that are genuinely exploitable, assigning clear responsibility for triage and remediation, and using phased, risk‑based disclosure when private coordination improves safety. Above all, systems must be designed around validation and realistic remediation capacity, not the assumption that more findings automatically lead to better security. 

Developers of frontier AI models should embed vulnerability coordination and disclosure directly into responsible‑release frameworks. And work with governments and industry to ensure findings are routed to the right owners, acted on early, and supported by clear coordination pathways. 

  4. Fix faster: Strengthen and accelerate response and remediation 

As AI accelerates vulnerability discovery, remediation must keep pace. Initiatives such as DARPA’s AI Cyber Challenge show how AI can help both find and fix flaws in open‑source software. Hardening defenses requires investment not just in detection tools but in the people, processes, and infrastructure responsible for fixing vulnerabilities, especially in critical sectors. 

Much of the software underpinning critical infrastructure relies on open‑source components maintained by small teams or volunteers with limited security capacity. A surge in AI‑enabled discovery risks overwhelming existing triage and disclosure processes. Efforts such as the GitHub Secure Open Source Fundalongside investments by Microsoft and others through the Linux Foundation, Alpha‑Omega, and OpenSSF, are helping maintainers adapt in ways that are practical and aligned with existing workflows.  

Governments should treat remediation capacity as a core resilience priority, including sustained investment in and support for maintainers, surge capacity during large discovery events, and modernized disclosure pathways—recognizing that effective remediation still largely depends on human judgment, coordination, and time.  

  5. Advance AI security internationally 

AI security is essential to deploy AI at scale. Because AI systems, supply chains, and the risks they introduce operate across borders, national approaches alone will not be sufficient. 

Governments and industry should work together to build interoperable international foundations for AI security, including risk evaluation, coordinated vulnerability disclosure, and information sharing. Priorities should include strengthening the defensive use of AI, preventing misuse through shared norms and safeguards, and securing AI systems- and the AI technology stack.  

Global participation is critical. Countries and organizations with limited cybersecurity resources or legacy infrastructure are often the most exposed. International cooperation should prioritize capacitybuilding, ensuring that the security benefits of AI are realized broadly and equitably. 

AI security is not just a safeguard; it is an enabler for innovation and growth. By acting collectively and moving quickly, governments and industry can strengthen global digital resilience and unlock the trusted adoption of AI across economies, critical infrastructure, and public services.

Meeting the moment: Use frontier AI capabilities to build trust and confidence  

Meeting this moment is ultimately about trust: not in any single technology or provider, but in our collective ability to introduce advanced AI responsibly.  

Used deliberately and built on strong security foundations, these capabilities can strengthen cybersecurity and reinforce confidence in the systems society depends on. The choice is not between innovation and security but whether we enable them to reinforce one another. 

That outcome is within reach. With governments, industry, and infrastructure operators aligned, advanced AI can be deployed in ways that match real‑world defensive capacity and support trusted, lawful action. Done right and working together, frontier AI can help protect the digital infrastructure that underpins modern life and build lasting confidence in its resilience. 

 

For more than a decade, the Microsoft Digital Crimes Unit (DCU) has persistently disrupted cybercrime and nation-state threats targeting people, organizations, and critical infrastructure. Explore major disruptions—and the ongoing cases and operations behind them here: Disrupting cyberthreats since 2008 | Microsoft

The post From capability to responsibility: Securing our global digital ecosystem with next‑generation AI appeared first on Microsoft On the Issues.

  •  
❌