Update: I.C.T.

A healthier society requires digital infrastructure people can trust: secure networks, resilient services, accountable AI, protected public systems, and communities prepared to recover when attacks occur.

May 25, 2026 Creative Director GPS BY SECTOR

The strongest signal of the week: cybersecurity is no longer an IT department issue. It is now public infrastructure, business continuity, national security, and democratic resilience.

The major systems upgrade: from reactive cyber defense → to shared, AI-aware, community-scale, infrastructure-level cyber resilience.

Today’s Pattern

ICT and cybersecurity are moving through a major redesign:

  • AI is accelerating attacks.
  • Software vulnerabilities are overtaking stolen credentials.
  • Telecoms are creating new private threat-sharing systems.
  • Critical infrastructure operators are being pushed to prepare for outages.
  • States and communities are building local cyber defense capacity.
  • Cyber governance is becoming a boardroom, national-security, and public-trust issue.

Top News Updates + Systems Upgrades

1. AI-related data breaches surged

What happened: Verizon’s 2026 Data Breach Investigations Report found that hackers are increasingly using AI to identify and exploit software vulnerabilities. Reuters reported that vulnerability exploitation surpassed stolen credentials for the first time, with 31% of breaches beginning with exploited software flaws across more than 31,000 incidents.

System upgrade: Cyber defense must become AI-speed defense.

Why it matters: Organizations no longer have months to patch known vulnerabilities. AI can compress the window from discovery to exploitation into hours.

Mobilized signal: Every organization needs faster patching, automated detection, software bill-of-material visibility, and AI-aware security operations.

2. “Shadow AI” became a data-loss risk

What happened: Verizon also found that unauthorized employee use of AI tools — “Shadow AI” — is now the third most common non-malicious insider action in data-loss incidents. Employees are submitting source code, images, and structured data into tools without approval.

System upgrade: Organizations need AI governance at the workflow level.

Why it matters: AI can improve productivity, but unmanaged AI use can leak proprietary data, customer information, code, strategy, or sensitive public records.

What to do now: Create approved AI tools, clear data-use rules, employee training, logging, procurement standards, and secure internal AI environments.

3. Frontier AI became a financial-stability concern

What happened: Anthropic agreed to brief the Financial Stability Board on its Claude Mythos model after concerns that the system could identify previously unknown flaws in IT systems. The company has withheld public release and instead provided access to selected technology firms and banks for defensive testing.

System upgrade: AI model release now requires cyber-risk governance before deployment.

Why it matters: Powerful AI tools can help defenders find vulnerabilities — but the same capabilities could help attackers scale exploitation.

Mobilized signal: AI safety is now cybersecurity policy, financial stability policy, and infrastructure policy at the same time.

4. U.S. AI oversight hit a policy crossroads

What happened: AP reported that President Trump called off a planned AI executive order that would have created a voluntary framework for vetting national-security risks of advanced AI systems before public release. The decision reflected tension between protecting innovation and addressing cyber/data privacy risks.

System upgrade needed: Governments need clear AI security review pathways that do not freeze innovation but do protect public systems.

Why it matters: Advanced AI is now powerful enough to affect cybersecurity, finance, labor, elections, data privacy, and energy demand.

What to watch: Whether voluntary AI testing becomes a durable governance model — or whether stronger rules emerge after a major incident.

5. Telecom companies launched a private cyber-threat sharing system

What happened: Major U.S. telecom providers launched the Communications Cybersecurity Information Sharing and Analysis Center, known as C2 ISAC. Founding members include AT&T, Charter, Comcast, Cox, Lumen, T-Mobile, Verizon, and Zayo. The group is designed to help telecoms privately exchange sensitive information about vulnerabilities and threat actor behavior.

System upgrade: Communications networks are moving toward sector-led collective defense.

Why it matters: Telecom networks are critical infrastructure. If they fail, everything connected to them is affected: emergency services, banking, transportation, hospitals, media, public agencies, and households.

Mobilized signal: Cyber resilience requires trusted information-sharing systems before attacks happen.

6. Microsoft disrupted a ransomware-enabling operation

What happened: Microsoft said it disrupted Fox Tempest, a cybercrime operation that helped ransomware groups hide malware behind legitimate software by abusing code-signing tools. The operation was linked to ransomware attacks across sectors including education, healthcare, government, and financial services.

System upgrade: Software trust systems need stronger identity, signing, and supply-chain controls.

Why it matters: Attackers are not only breaking into systems; they are hiding inside the trust mechanisms that allow software to run.

What to watch: More enforcement against criminal infrastructure, stronger code-signing controls, and tighter vendor validation.

7. CISA opened vulnerability reporting to the cybersecurity community

What happened: CISA began allowing vendors, researchers, and others to nominate actively exploited vulnerabilities for inclusion in its Known Exploited Vulnerabilities catalog. The goal is faster public warning and better visibility into exploited flaws.

System upgrade: Vulnerability defense is becoming crowd-assisted public infrastructure.

Why it matters: When exploited flaws are listed quickly, agencies and companies can prioritize patching based on actual attack activity instead of theoretical risk.

Mobilized signal: Cybersecurity improves when knowledge moves faster than the attacker.

8. CISA added multiple actively exploited vulnerabilities

What happened: CISA added seven known exploited vulnerabilities to its KEV catalog on May 20 and two more on May 21, based on evidence of active exploitation.

System upgrade: Cyber risk management is shifting from “patch everything eventually” to risk-based, exploited-first remediation.

Why it matters: Most organizations cannot fix every vulnerability immediately. The smarter model is to prioritize what attackers are already using.

Mobilized action: Every organization should check the KEV catalog weekly and build it into patch-management workflows.

9. Local cyber defense became a community resilience issue

What happened: Help Net Security reported that U.S. states are expanding cyber defense programs to protect local governments, schools, hospitals, utilities, and other essential services. These include cybersecurity clinics, regional security operations centers, state cyber corps programs, shared services, centralized procurement, cyber risk pools, and threat intelligence networks

System upgrade: Cybersecurity is becoming local public resilience infrastructure.

Why it matters: Local governments and nonprofits are often “target-rich, resource-poor.” They run essential services but lack the staff and budget of large corporations.

Mobilized signal: A town’s cyber defense is now part of its emergency preparedness.

10. Industrial and operational technology remained a pressure point

What happened: CISA’s industrial control system advisories during the week included vulnerabilities affecting building controllers, CCTV cameras, ABB automation systems, EV charging infrastructure, PCs, and wallbox equipment.

System upgrade: Cybersecurity must cover physical infrastructure, not just laptops and cloud accounts.

Why it matters: Factories, energy systems, water facilities, transport networks, buildings, EV chargers, and medical devices are now digitally managed. A cyber flaw can become a real-world disruption.

Mobilized signal: The boundary between digital security and physical safety is disappearing.

The Big Picture

The old ICT model treated digital infrastructure as background technology.

The emerging reality is different:

  • Cloud is infrastructure.
  • AI is infrastructure.
  • Telecom is infrastructure.
  • Software supply chains are infrastructure.
  • Identity systems are infrastructure.
  • Cybersecurity is infrastructure.

When these systems fail, society feels it immediately.

Why It Matters

ICT and cybersecurity now connect directly to:

  • Public health: Hospitals and clinics depend on secure systems.
  • Energy: Grids, EV charging, and industrial controls are digitized.
  • Food: Logistics, cold chains, ordering systems, and ports depend on networks.
  • Finance: Banks, payments, fraud detection, and credit systems depend on cyber trust.
  • Democracy: Elections, public records, civic communication, and journalism depend on trustworthy digital systems.
  • Local resilience: Schools, towns, libraries, and public agencies need protection, not just corporations.

What you can do where you are, now.

For communities

Create local cyber resilience plans for town halls, schools, libraries, utilities, clinics, emergency services, and community media.

For businesses

Move from basic IT security to operational resilience: patching, backups, incident response, vendor review, AI policy, phishing defense, and recovery drills.

For nonprofits and local media

Use multi-factor authentication, password managers, secure backups, role-based access, domain protection, and staff cyber training.

For governments

Fund shared cyber services for local institutions. Build regional security operations centers, cyber corps programs, public-sector procurement standards, and rapid-response teams.

For technology providers

Design products for security by default: secure updates, transparent vulnerability reporting, software bill of materials, stronger identity, and safer AI integration.

What To Watch Next

  • AI-enabled exploitation: Can defenders patch and detect at AI speed?
  • Shadow AI: Will organizations secure employee AI use before major data leaks?
  • Telecom resilience: Will C2 ISAC improve collective defense after major telecom intrusions?
  • Local cyber defense: Will states turn cybersecurity into a standard public service?
  • Operational technology: Will physical infrastructure owners treat cyber risk as safety risk?
  • AI governance: Will voluntary AI security review be enough?

The Big Picture

The next phase of cybersecurity is not about fear.

It is about systems health.

A healthier society requires digital infrastructure people can trust: secure networks, resilient services, accountable AI, protected public systems, and communities prepared to recover when attacks occur.