Promptware, cloud security trends for 2026, and what the Xbox One hack means for cybersecurity

2026-03-25 · Source: IBM Technology · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure · Depth: Advanced, extended

Summary

IBM's Security Intelligence podcast discusses several critical cybersecurity topics, including the "promptware killchain" model for AI LLM attacks, which expands beyond initial prompt injections to encompass a full seven-step killchain including privilege escalation and lateral movement. The episode also covers cloud attack trends, noting a shift by threat actors from targeting hardened infrastructure to exploiting interconnected cloud ecosystems, identities, and APIs. Ransomware attackers are increasingly "living off the land" by using built-in system tools like PowerShell instead of external malware, driven by decreased payment frequency and improved detection. Finally, the podcast touches on the "rusting edge" of critical infrastructure, highlighting the security risks posed by outdated operational technology (OT) and programmable logic controllers (PLCs) running on legacy systems like Windows 95, which are often impossible to patch.

Key takeaway

For CTOs and security architects designing defenses for AI and cloud environments, you must shift your mindset from isolated infrastructure to interconnected ecosystems. Assume initial compromise is inevitable for AI agents and focus on robust identity and access management, limiting lateral movement, and comprehensive telemetry to detect and contain threats. Proactively address the "rusting edge" of critical infrastructure by prioritizing upgrades and secure configurations where possible, rather than solely focusing on cutting-edge AI threats.

Key insights

Cybersecurity threats are evolving, requiring defenders to adopt broader, ecosystem-centric defensive strategies.

Principles

• Assume initial access will occur.
• Treat AI agents as insider threats.
• Security is a trade-off with usability.

Method

The "promptware killchain" models AI attacks as a seven-step process: prompt injection, initial access, privilege escalation, recon, persistence, command and control, lateral movement, and action on objective.

In practice

• Implement in-depth defensive strategies.
• Strictly monitor highly privileged AI agent accounts.
• Focus on identity and access management for cloud security.

Topics

• AI Security
• Prompt Injection
• Cloud Security
• Ransomware
• Critical Infrastructure Security

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, MLOps Engineer

Related on AIssential

• Twenty Years of Cloud Security Research — Cloud security has rapidly evolved through distinct eras, now facing accelerated challenges and opportunities with AI.
• Clawdbot and the Rise of Autonomous Exploitation — Autonomous AI agents like Clawdbot shift AI from passive intelligence to active agency, creating new architectural security risks.
• 2026 Threat Intelligence Index: Ransomware, AI, & Emerging TTP Risks — Cybersecurity threats are escalating due to unauthenticated vulnerabilities, supply chain attacks, and easier ransomware deployment.
• TAI #204: Are AI Agents Starting A Cybersecurity Arms Race? — AI agents are rapidly transforming cybersecurity, enabling both advanced attacks and unprecedented defensive capabilities.
• Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience — Cybersecurity success now hinges on resilience, identity modernization, and AI agent governance, not solely prevention.
• Your fridge could be a threat to national security — AI enhances both cyberattack sophistication and defensive capabilities in the evolving threat landscape.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by IBM Technology.