SANS: 100 vuln shock is coming

SANS president Ed Skoudis warned that organizations are "completely unprepared for 100 critical vulnerabilities in a week" while describing an AI-driven surge in vulnerability discovery at the RSAC 2026 keynote. (bankinfosecurity.com) SANS expanded those RSAC findings into an e‑book listing five emerging attack techniques—AI-driven vulnerability discovery, supply‑chain compromise, rising OT complexity, overreliance on AI in forensics, and compressed attack life cycles—each backed by case studies and actionable countermeasures. (rsaconference.com) SpyCloud’s 2026 Identity Exposure Report recorded a 23% year‑over‑year increase in its recaptured identity datalake to 65.7 billion distinct identity records and recaptured 18.1 million exposed API keys and tokens in 2025. (securityboulevard.com) SpyCloud also disclosed 6.2 million credentials or authentication cookies tied to AI tools and reported that modern phishing datasets increasingly include session cookies and MFA workflow data that enable session takeover without password theft. (securityboulevard.com) Anetac’s ISPM survey found 75% of organizations mix service accounts and human accounts (hybrid account misuse), while 76% of security pros said some service accounts have direct access to their organization’s “crown jewels.” (businesswire.com) SANS’ 2026 Identity Threat & Defenses findings show 68% of organizations detect identity attacks within 24 hours but only 55% contain them in that same window, and SANS recommends controls such as micro‑segmentation, token/session protections, passkeys/adaptive authentication, and maturing Identity Threat Detection & Response (ITDR). (sans.org) SANS and incident‑response research both note AI is shortening the attack timeline — SANS cited lateral movement as fast as eight minutes after initial breach, and Unit 42 reported exfiltration speeds for the fastest attacks quadrupled in 2025. (bankinfosecurity.com)