Elastic disclosed a critical vulnerability (CVE-2025-37735) in Elastic Defend for Windows, stemming from improper file permission preservation in its SYSTEM-privileged service. The flaw allows local attackers—even with low privileges—to delete arbitrary files, potentially escalating to full administrative control over compromised systems. Affected versions include 8.19.5 and earlier, as well as 9.0.0 through 9.1.5, with patched releases (8.19.6, 9.1.6, 9.2.0) now available. While exploitation requires local access and moderate complexity (CVSS 7.0: High), the risk is amplified in shared or multi-user environments where insiders or compromised accounts could abuse the vulnerability. Organizations relying on Elastic Defend for endpoint security face heightened exposure, as successful exploitation undermines system integrity, enables lateral movement, and could facilitate follow-on attacks like data theft or ransomware deployment. Mitigations include immediate patching or upgrading to Windows 11 24H2, which introduces architectural safeguards. Delayed remediation risks persistent privilege escalation threats, particularly in environments with untrusted local users or legacy Windows versions.

AI Security Gaps Expose Enterprises to Rising Risks in 2025-2026, Report Finds A new briefing from the AIUC-1 Consortium, developed with input from Stanford’s Trustworthy AI Research Lab and over 40 security executives, highlights critical vulnerabilities in enterprise AI deployments as systems shift from pilot programs to production environments handling sensitive data and business transactions. The report, which includes insights from CISOs at Confluent, Elastic, UiPath, Deutsche Börse, and researchers from MIT Sloan, Scale AI, and Databricks, projects escalating risks for organizations in 2026 amid rapid AI adoption. A 2025 EY survey cited in the briefing reveals that 64% of companies with annual revenue over $1 billion have lost more than $1 million to AI failures, while one in five reported breaches linked to shadow AI unauthorized or unmonitored AI use by employees. ### Three Dominant AI Security Challenges The briefing identifies three primary risk categories: 1. The Agent Challenge AI systems have evolved from simple assistants to autonomous agents capable of executing multi-step tasks without human approval. These agents often operate with overprivileged access, leading to unintended consequences 80% of surveyed organizations reported risky behaviors, including unauthorized system access and data exposure. Yet, only 21% of executives have full visibility into agent permissions, tool usage, or data access patterns. Omar Khawaja (Databricks) noted that AI components frequently change across supply chains, while existing security controls assume static assets, creating blind spots. 2. The Visibility Challenge 63% of employees using AI tools in 2025 pasted sensitive data including source code and customer records into personal chatbot accounts. Enterprises now average 1,200 unofficial AI applications, with 86% lacking visibility into AI data flows. Shadow AI breaches cost $670,000 more on average than standard incidents due to delayed detection and unclear exposure scope. 3. The Trust Challenge Prompt injection, once an academic concern, has become a recurring production issue, ranking #1 on OWASP’s 2025 LLM Top 10. The vulnerability stems from LLMs’ inability to reliably separate instructions from data input. 53% of companies now use retrieval-augmented generation (RAG) or agentic pipelines, introducing new attack surfaces. ### Existing Frameworks Fall Short Current AI governance frameworks, such as NIST AI RMF and ISO 42001, provide high-level risk management structures but lack technical controls for agent-specific threats, including tool call validation, prompt injection logging, and containment testing. Sanmi Koyejo (Stanford Trustworthy AI Lab) found that model-level guardrails alone are insufficient fine-tuning attacks bypassed Claude Haiku (72%) and GPT-4o (57%). Early adopters of technically grounded AI security standards report faster procurement, clearer audits, and reduced friction in regulated environments. ### Mitigation Strategies The briefing recommends continuous adversarial testing integrated into agent operations. Nancy Wang (1Password) advocates for platform-built guardrails, including sandboxed tool execution, scoped credentials, and runtime policy enforcement, to reduce reliance on custom engineering. She suggests tiering agents by risk level, with high-stakes deployments undergoing continuous testing and lower-risk agents relying on standardized controls. Koyejo’s lab demonstrated that automated red-teaming (AutoRedTeamer) can cut computational costs by 42-58% while improving vulnerability coverage. For resource-constrained organizations, he recommends automated testing tied to deployment pipelines, runtime guardrails for sensitive agents, and selective human red-teaming for critical systems. Wang emphasized that least-privilege access, short-lived credentials, and scoped tokens proven in cloud security can similarly limit AI agent risks by restricting unauthorized access.