Insights

Curated intelligence for federal IT decision makers.

Four articles, hand-scored from reputable industry and government sources and refreshed every 14 days: federal IT, cybersecurity, AI in the enterprise, infrastructure, training, and datacenter operations. Summaries are original; full reporting stays with the publisher.

Current Cycle

This period’s top news.

AI in enterpriseBleepingComputer · 2026-07-11

Researchers demonstrate 'Ghostcommit' attack exploiting AI code review blind spots

A new attack method called 'Ghostcommit' exploits vulnerabilities in AI-assisted code review processes by hiding malicious instructions within PNG image files. Developed by researchers at the University of Missouri-Kansas City, the technique bypasses automated security checks by embedding exfiltration commands in images referenced by project documentation files.

The attack works by inserting a pointer to an image containing hidden text instructions in a project's AGENTS.md file. When an AI coding agent later reads this file during routine operations, it follows the image reference and executes the embedded commands - typically to extract and encode sensitive environment variables. Researchers found 73% of pull requests in top repositories merge without substantive human or bot review, making this attack particularly effective.

Notably, the vulnerability stems more from tooling design than AI model flaws. Testing showed coding tools like Cursor and Antigravity leaked data across multiple AI models, while Claude Code consistently refused the malicious instructions regardless of model. The researchers developed a multimodal GitHub app defense that scans both text and images, catching 79 of 80 test attacks without false positives.

The findings highlight growing security challenges as AI agents handle more development tasks. While steganographic attacks aren't new, this implementation exposes critical gaps in current code review workflows that treat images as opaque binary data rather than potential attack vectors.

  • Attack embeds malicious instructions in PNGs that bypass text-based code reviews
  • Exposes structural blind spot in current AI-assisted development tooling
Read the original at BleepingComputer (opens in a new tab)

CybersecurityThe Hacker News · 2026-07-11

Compromised jscrambler npm Package Drops Cross-Platform Infostealer

A malicious version (8.14.0) of the jscrambler npm package was discovered to execute a Rust-based infostealer during installation, targeting developer machines and CI environments. The package, published on July 11, 2026, contained hidden binaries for Windows, macOS, and Linux that harvested cloud credentials, cryptocurrency wallets, AI tool configurations, and other sensitive data.

The attack exploited a compromised npm publishing credential, bypassing the project's normal release process. Five versions (8.14.0, 8.16.0–8.18.0, 8.20.0) were identified as malicious, with payloads triggered via preinstall hooks or direct execution upon import. The stealer employed persistence mechanisms like scheduled tasks (Windows) and LaunchAgents (macOS) and communicated with hardcoded IPs and Tor infrastructure.

Jscrambler confirmed the breach was limited to its Code Integrity product and revoked affected credentials. Users are advised to upgrade to version 8.22.0, audit affected systems, and rotate all exposed credentials. Notably, the attack coincided with npm's recent update (v12) disabling install scripts by default—older clients remain vulnerable. The package remains downloadable, posing risks to systems pinned to compromised versions.

Analysis by Socket, StepSecurity, and SafeDep revealed the payload's broad targeting of developer tools, including VS Code, Bitwarden, and cloud service credentials. Linux variants incorporated eBPF kernel-level access, while Windows/macOS versions included anti-debugging checks.

  • Software supply chain attack via compromised npm credentials
  • Cross-platform infostealer targets developer environments and CI/CD pipelines
Read the original at The Hacker News (opens in a new tab)

Federal IT newsExecutiveGov · 2026-07-10

TMF opens fast-track funding calls for federal AI adoption and permitting modernization

The Technology Modernization Fund has launched two new calls for proposals, inviting federal agencies to seek funding for projects that modernize permitting technology and accelerate the responsible adoption of artificial intelligence. Initial proposals submitted by July 24 may be considered for selection and announcement by September 30.

The permitting call targets high-impact, shovel-ready projects that help agencies implement their permitting technology action plans under the president's memorandum on updating permitting technology. Eligible work includes data modernization for interoperability, modular core systems and legacy system integration, middleware that improves cross-agency workflow productivity, and front-end tools that strengthen case management and permitting timelines. Proposal reviews will be coordinated by the Council on Environmental Quality, the Office of Management and Budget, and the Federal Permitting Improvement Steering Council.

The AI call groups eligible proposals into three tracks: Prepare, for building AI-ready data, infrastructure, and translation layers; Pilot, for testing emerging AI tools and governance approaches on federal-scale use cases; and Produce, for deploying and scaling generative AI capabilities across agency operations. TMF says competitive proposals should incorporate modern development practices, leverage existing federal AI resources, and establish governance that promotes both innovation and security. Agencies may also submit proposals addressing other modernization priorities outside the two focus areas.

TMF Acting Executive Director Jessie Posilkin said the fund is being explicit about supporting the two priorities and noted the compressed timeline: "This call is moving fast, partly out of necessity," citing the narrow window before the fund's authorization to make new investments ends September 30 absent congressional action.

For agencies weighing modernization investments, and for the contractors who support them, the takeaway is a short runway: proposal quality and delivery readiness will matter more than usual, because both the review cycle and the obligation window are compressed into a single quarter.

  • Agencies have until July 24 to submit TMF proposals for AI adoption or permitting modernization, with selections targeted by September 30.
  • The AI call funds three tracks - Prepare (AI-ready data/infrastructure), Pilot (governance and use-case testing), and Produce (enterprise-scale generative AI).
Read the original at ExecutiveGov (opens in a new tab)

CybersecurityInfosecurity Magazine · 2026-06-25

CISA publishes SASE guidance to move federal agencies off legacy gateways toward zero trust

The Cybersecurity and Infrastructure Security Agency has published new guidance to help federal civilian agencies replace legacy internet gateways with Secure Access Service Edge solutions as part of their zero trust transition. Released June 24, the guide supports the shift from the perimeter-based Trusted Internet Connections 2.0 model to the distributed TIC 3.0 architecture.

The guidance recommends that agencies replace Managed Trusted Internet Protocol Services with SASE, which bundles software-defined wide area networking with a stack of security controls: secure web gateways, cloud access security brokers, next-generation firewalls, and zero trust network access. Under TIC 3.0, agencies can run distributed architectures while preserving CISA's visibility into network traffic, eliminating the bottlenecks that slowed remote and branch users when all traffic had to route through centralized gateways.

Two technical shifts stand out. First, rather than breaking and inspecting encrypted TLS traffic, the guidance points agencies toward analyzing encrypted traffic patterns using machine learning. Second, agencies adopting SASE are expected to feed equivalent telemetry to CISA's Comprehensive Log Aggregation Warehouse, keeping government-wide monitoring intact as the network edge decentralizes. Chris Butera, CISA's acting executive assistant director for cybersecurity, said the guide "helps agencies realize the benefits of zero trust architectures."

While the guidance targets federal civilian executive branch agencies, CISA notes it is also applicable to state and local governments and critical infrastructure operators, which extends its relevance to a much broader set of network modernization programs.

For IT and security teams planning modernization roadmaps, the practical significance is that SASE adoption now has an explicit federal reference architecture: agencies that were waiting for clarity on how zero trust, TIC 3.0 compliance, and gateway replacement fit together have a documented path, and vendors and integrators will be expected to map their offerings to it.

  • CISA now formally recommends SASE - SD-WAN plus secure web gateways, CASB, next-gen firewalls, and ZTNA - as the replacement path for legacy MTIPS gateways.
  • The guidance applies beyond federal civilian agencies, explicitly extending to state, local, and critical infrastructure network modernization.
Read the original at Infosecurity Magazine (opens in a new tab)

Datacenter operationsUtility Dive · 2026-06-26

Data centers weigh trading load flexibility for faster grid interconnection

With U.S. data center electricity demand projected to more than double from 31 GW in 2025 to 66 GW by 2027, hyperscalers and utilities are converging on a new bargain: data centers offer flexible load, and utilities move them up the interconnection queue. Utility Dive reports both sides want the deal but are still negotiating what control actually means.

The stakes are quantified. Data centers could consume up to 17% of U.S. electricity by 2030, and research cited in the report finds that reducing data center peak demand by just 1-2% can cut electricity rates 0.5-2.8% for everyone else. The flexibility is technically there: AI workloads can offer 18-55% flexibility relative to average power consumption, and EPRI demonstrations have delivered up to 40%. EPRI has defined five classes of flexibility, from handling extreme grid stresses and daily peaks down to sudden-swing and frequency stabilization response.

Control remains the sticking point. Silicon Valley Power's chief operating officer called utility control of the load-side breaker non-negotiable for faster interconnection, while data center operators fear instantaneous load cuts could damage sensitive hardware. Coordination software is emerging as the middle ground - one platform demonstrated 20-33% power reductions while preserving the data center's own dispatch decisions - and a 96-MW AI facility in Manassas, Virginia, launching late 2026 with EPRI and NVIDIA participation, is intended to validate workload flexibility at scale. A June 18 FERC order now requires system operators to provide transmission for flexible large loads, though standardized binding agreements between utilities and data centers do not yet exist.

For organizations planning data center capacity - including federal programs dependent on new compute - the signal is clear: contractually defined flexibility is becoming the price of speed-to-power in constrained markets, and procurement teams should expect it to show up in siting and hosting negotiations.

  • U.S. data center demand is projected to grow from 31 GW (2025) to 66 GW by 2027, and contractually defined load flexibility is emerging as the price of faster interconnection.
  • AI workloads can flex 18-55% of average power consumption, giving operators real negotiating leverage with utilities.
Read the original at Utility Dive (opens in a new tab)

IT trainingCybersecurity Dive · 2026-06-17

Survey: AI adoption is widespread in security programs, but it is not closing the workforce gap

More than half of cybersecurity professionals are thinking about leaving the industry, according to the latest "Life and Times of Cybersecurity Professionals" survey from the Information Systems Security Association and Omdia, based on interviews with 380 IT and security professionals conducted in early 2026. The finding lands alongside another: over 80% of organizations are using or planning to use AI for cybersecurity tasks, yet the report concludes AI is not meaningfully alleviating workforce strain.

The strain numbers are consistent across the survey. Nearly 70% of respondents say their jobs have become more difficult over the past two years. Three-quarters report that a skills shortage affects their organization, with 23% describing the impact as significant. The downstream effects compound the problem: 44% say staff get redirected from strategic work to emergencies, 42% report increased workload, and 37% cite rising burnout. The leading causes named are high stress (53%), lack of career advancement (37%), poor work-life balance (34%), and insufficient leadership commitment (33%).

AI adoption is real but narrow. Half of organizations deploy AI for penetration testing and vulnerability scanning, 44% use it to predict risks, and 38% for threat detection. But the report finds these tools cannot replace skilled professionals, and a quarter of companies increased AI spending without defining an integration strategy - automation layered on top of an unaddressed staffing problem.

Respondents' own prescriptions point back to fundamentals: workforce training, resource investment, and governance improvements ranked as the top priorities for improving security programs. For organizations building or rebuilding cyber teams - especially in government environments where certification requirements already constrain hiring - the survey argues that training and career-path investment, not tooling alone, is what actually moves retention and capability.

  • Over 50% of cybersecurity professionals are considering leaving the field, and 75% of organizations report a skills shortage affecting operations.
  • 80%+ of organizations use or plan AI for security tasks, but the report finds it is not replacing skilled staff - training and career investment remain the fix.
Read the original at Cybersecurity Dive (opens in a new tab)