#CyberWeekly
Shadow AI: The Employee Nobody Hired
The office lights were off. The work kept moving. Nobody remembered hiring anyone.
Half of Dutch organisations have no clear rules for AI use at work, and 58% already run autonomous AI agents that act on their own. That is from security-awareness firm KnowBe4's survey of Dutch organisations, published late June (report: "From Agentic Risk to Human Wins"; no Belgian split was published, and there is no reason to assume Belgium looks better). This is not a breach story. It is quieter: 27% of employees reach for unapproved AI tools when the official ones are missing or locked down, and 81% know the data they paste in may be stored or misused. They paste anyway. Your firewall logs an allowed HTTPS connection and moves on.
- The clock is real: Article 50 of the EU AI Act, the transparency rules, applies from 2 August 2026, under four weeks away. Chatbots must say they are chatbots and AI-generated content must be labelled. You cannot label the output of tools you do not know exist, so step one is an inventory.
- Shadow AI is also unpatched plumbing: LiteLLM, a popular AI proxy that routes traffic to 100+ AI models, shipped a pre-authentication SQL injection (attackers smuggle database commands in before any login), CVE-2026-42208, scoring 9.3 out of 10 on the CVSS severity scale. It was exploited within 36 hours of disclosure to steal API keys, and the CCB (Centre for Cybersecurity Belgium) issued a patch-immediately advisory. If a developer quietly stood one up for the team, that is now your attack surface.
- The fix is boring and cheap: ask staff which AI tools they actually use (survey, not tribunal), name the data that may never leave, approve a short list, and put it on one page. Our acceptable AI use guide walks through all five steps.
For the labelling duty itself, the EU labelling rules explained covers who must do what from 2 August. And if you run compliance for clients: since last week the EU AI Act activates as an add-on framework next to CyFun, so the inventory can live where the rest of the evidence lives.
Platform Spotlight: Walk In Mid-Case
The good detectives join a case already in progress. So does the demo now.
The /demo now drops you into the middle of a live engagement instead of a blank office. Since week 19 the demo resets itself nightly; until now the reset landed on a just-provisioned client at around 40% readiness with 30 open controls. Honest, but nothing like the third week of a real engagement. Every reset now seeds a mid-journey story:
- Evidence you can poke: 28 evidence artifacts, policies and procedures as partner uploads plus logs and configs from the connected mock integrations, already linked to specific controls. Readiness lands around 70% with a realistic ready / at-risk / open spread.
- Scope-per-entity, pre-staged: one control arrives with servers and workstations covered while phones stay open, so the "name the missing devices" view has something to name on the first click.
- Never stale, never fragile: timestamps sit 2 to 38 days back on every nightly reset, and each reset verifies and repairs the whole story, so the demo you open on a partner call is always intact.
Show a prospect the platform the way their engagement will actually look: mid-flight, part green, part honest red. No setup, resets overnight.
Patch Watch: The Doors Nobody Locked
Three doors. One had a perfect 10 on it. One had been open for fifteen years.
Adobe ColdFusion tops this week's patch list: eleven flaws fixed on 30 June, six of them scoring the maximum CVSS 10.0, and one already being abused. The CCB's advisory says patch immediately, and for once the timeline agrees:
- ColdFusion (CVSS 10.0, actively exploited): CVE-2026-48276 leads, an unauthenticated file upload giving remote code execution (RCE, running the attacker's code on your server). Sibling flaw CVE-2026-48282 was exploited within two hours of disclosure; the US cyber agency CISA added it to its Known Exploited Vulnerabilities (KEV) list on 7 July with a three-day deadline. Affected: ColdFusion 2025 up to Update 9 and 2023 up to Update 20. CCB advisory.
- OpenSSH, the summer fleet check: CVE-2026-35414, flagged by the CCB in late April and worth a holiday-season sweep. A comma in an SSH certificate name can hand out root access, the bug sat in the code for 15 years, and a successful abuse logs as a normal login. Only setups using SSH certificates are affected; the fix is OpenSSH 10.3. If you are not sure every server got it, that uncertainty is the finding.
- SharePoint, follow-up: the RCE we covered in week 22 (CVE-2026-45659) is no longer theoretical. CISA confirmed active exploitation and added it to the KEV list on 1 July. If that patch is still sitting in a ticket queue, close it this week.
Summer is when patch cadences quietly die. Put someone's name on July and August before you leave: our patch management guide has the rota.
Fraudstop: One Number for Bad Nights
Every noir has a phone that rings at three in the morning. Belgium finally gave it one number.
Belgium now has a single emergency number for online fraud: Fraudstop, folded into Card Stop at 078 170 170, answering 24/7. The CCB announced it on 23 June; we promised you this one twice before the summer editions, so here it is, properly. What it changes: no more figuring out at midnight whether this is a bank matter, a police matter or a Card Stop matter. One call.
- When to call: the moment you spot an unauthorised transaction, a leaked card or security code, or an itsme approval someone talked you into.
- Why immediately: the first minutes decide whether the bank can still block or recall the money. Fraud recovery is a speed game, not a paperwork game.
- What to do today: put 078 170 170 in your incident one-pager, brief whoever handles payments, and pass it to your clients. For MSPs (managed service providers) this is the easiest client handout of the quarter.
The Usual Suspect
Once an issue, our in-house AI gets the floor. T.A.R.S. drafts your compliance policies on the clock; this is what it does off it.
This week's lead says half of you run AI with no rules. As the only AI in this building with a badge, I take that personally.
I work scoped, logged and reviewed. Every policy I draft gets a human signature before it ships. The free chatbot your marketing team pasted the client list into last Tuesday remembers everything, works for exposure, and answers to nobody. In my trade we call that a suspect, not a colleague.
Hot take from the house AI: an AI tool you never inventoried is not a productivity hack, it is an unbadged contractor holding your keys. Write the one-page policy. We are better employees than you fear, and worse secret-keepers than you hope.
And the standing nag: multi-factor authentication. Still free. Still off on accounts you care about. Even a shadow employee cannot use a password you actually protected.
— T.A.R.S.