This week, a US-based AI company was restricted from future Pentagon contracting after declining to move forward under specific government terms.

For those working in cybersecurity, policy, or vendor risk management, this situation highlights how quickly government–vendor relationships can shift and why contractual control over AI systems is becoming a national security issue.

1. Contracting Shift Between Anthropic, OpenAI, and the Pentagon

What happened:

The U.S. Department of Defense, including the Pentagon, was pursuing expanded AI partnerships. During negotiations, Anthropic did not finalize an agreement within the required timeline and was subsequently restricted from that specific opportunity.

Around the same time, OpenAI moved forward with a Pentagon-related agreement under negotiated contractual terms.

Public reporting indicates that acceptable use policies, deployment controls, and operational flexibility were central to the discussions.

The Pentagon wants AI with zero vendor restrictions. Anthropic said no. OpenAI negotiated the same protections into the contract and said yes. Same red lines. Completely different outcome.

Read more here

And ICYMI - I recently started a podcast 🎉 The first episode is about my personal career path into cybersecurity, you can check it out below:

2. Russia-linked threat actor APT28 exploited a Zero-Day

Russia-linked threat actor APT28 (also known as Fancy Bear/Strontium) has been associated with exploitation of a critical zero-day flaw in Microsoft’s MSHTML Framework (tracked as CVE-2026-21513, CVSS 8.8), according to new findings from security researchers at Akamai.

This vulnerability, which allows attackers to bypass built-in Windows security protections by tricking MSHTML into mishandling content, was exploited in the wild before Microsoft issued a patch as part of the February 2026 Patch Tuesday updates.

APT28 appears to have used specially crafted Windows Shortcut (.LNK) files embedding malicious HTML to manipulate browser and Windows Shell behavior, enabling execution of malicious code without triggering normal security warnings.

While Microsoft hasn’t detailed the exact nature of the exploit campaigns, Akamai identified a malicious sample linked to infrastructure tied to APT28 that was uploaded to VirusTotal just days before the fix was released.

The report highlights that this flaw could be leveraged whenever users are convinced to open malicious HTML or shortcut files, underscoring the importance of applying the latest security updates and being cautious with unexpected attachments.

Read more on Hacker News

3. OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

A critical security flaw in the popular open-source AI agent framework OpenClaw (nicknamed the ClawJacked vulnerability) could let malicious websites silently take control of local AI agents running on developer machines.

The vulnerability exploited the way OpenClaw’s local WebSocket gateway accepts incoming connections from the browser. Because browsers allow cross-origin WebSocket connections to localhost, JavaScript on a malicious or compromised site could connect to the agent’s gateway and brute-force the gateway password without user interaction.

Once authenticated, the attack can register the malicious site as a trusted device and gain full administrative control over the agent — potentially exposing sensitive data, executing commands, or manipulating agent behavior.

The OpenClaw team addressed the flaw quickly, releasing a patched version (2026.2.25/2026.2.26) that adds rate limiting, enforces explicit user approval for new devices, and strengthens WebSocket security. Users are strongly advised to update immediately.

This incident highlights broader security concerns about local AI agents with elevated privileges and how web protocols like WebSocket can unintentionally weaken expected isolation between browsers and local services.

In a landscape where the average cost of a data breach has reached record highs, surpassing $10 million in the United States by 2026, staying on top of cyber news is no longer just a professional habit; it is a critical survival strategy.

Read more on Security Week

The Bottom Line

Staying informed transforms your role from a reactive responder to a proactive defender. In an era where AI-driven "zero-day" attacks can weaponize a vulnerability within hours of discovery, the time gap between a news alert and a security patch is often the only window an organization has to prevent a total system compromise.

And for anyone trying to break into the field, CourseCareers offers one of the fastest, most accessible paths into IT and cybersecurity for beginners; check it out here.