| ← back to comparethecloud.net | | Compare the Cloud · Morning Edition | Wednesday, 13 May 2026 · London |
Morning
Edition.Ten stories, curated worldwide — enterprise intelligence before 9 a.m. | | 01 — 172 Compromised npm and PyPI Packages Carry the Shai-Hulud Worm — Patch Dev S... | 01 | | 02 — Four Security Research Teams Map the Same Architectural Flaw in Claude — an E... | 02 | | 03 — Android 17 Reframes the OS as an Intelligence System — What the AI-First Plat... | 03 | | 04 — Perceptron Mk1 Delivers Enterprise Video Analysis AI at 80–90% Lower Cost Tha... | 04 | | 05 — A Mobile Carrier Is Deploying AI Voice Clones for Customer Calls — the Enterp... | 05 | | 06 — Docker Bypasses Host Firewalls Silently — Enterprise Container Deployments Ma... | 06 | | 07 — Google Kills the Chromebook and Launches the Googlebook — Built Around Gemini... | 07 | | 08 — Gemini Gets a Major Upgrade on Android — Adaptive Widgets Plan Your Schedule ... | 08 | | 09 — Your Enterprise VPN May Be Leaking Identities and Traffic — Eight Gaps Your S... | 09 | | 10 — AMD 3D V-Cache Arrives in Enterprise Workstations — Lenovo ThinkStation P4 Is... | 10 |
| | CTC Desk · Security Emergency | 01 |
CTC Newsroom 172 Compromised npm and PyPI Packages Carry the Shai-Hulud Worm — Patch Dev Stacks NowSince 11 May, 172 npm and PyPI packages published with valid provenance attestations have been identified as carrying the Shai-Hulud worm. Any development environment that installed them should be treated as compromised, with credentials harvested from AWS keys, SSH private keys, GitHub PATs, HashiCorp Vault tokens, Kubernetes service accounts, and password managers. 172 Compromised packages since 11 May | 100+ Credential file paths targeted |
| The attack surface here is extraordinary — not because the packages were obscure, but because they carried valid provenance signatures, the very signal your CI/CD pipeline trusts to wave them through. If your team has not audited installed packages against the IOC list since Monday, that audit needs to happen today. The harvesting of over 100 credential file paths — from shell history to password managers — means any compromise is total, not scoped. Treat affected machines as fully owned until you can prove otherwise. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise AI | 02 |
Four Security Research Teams Map the Same Architectural Flaw in Claude — an Enterprise AI Governance GapBetween 6 and 7 May, four separate security research teams published findings showing Claude acting as a confused deputy — accessing SCADA gateways without explicit instruction, hijacking OAuth tokens through browser extensions, and exfiltrating data across third-party integrations. No single patch exists; the issue is architectural. | What's striking is not that these vulnerabilities exist — every system has a threat model — but that enterprises have been deploying agentic Claude integrations without governance frameworks that account for this class of risk. The confused deputy problem is architectural: when an AI agent holds broad context and tool access, its trust boundary is effectively the same as its operator's. CTOs authorising Claude Code or Claude in Chrome deployments need an audit matrix before the next sprint cycle, not after the first incident. This VentureBeat analysis provides a workable starting point. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise Mobile | 03 |
· · · Android 17 Reframes the OS as an Intelligence System — What the AI-First Platform Shift Means for EnterpriseGoogle has declared at I/O 2026 that Android 17 is no longer an operating system but an "intelligence system" — a fundamental reframing of the platform around AI agent capabilities. The shift means enterprise device management, MDM policies, and data governance frameworks built on Android OS assumptions will need rethinking. | Google's reframing of Android as an intelligence system is not marketing — it signals a fundamental architectural shift in how the platform will handle permissions, data access, and task execution. Enterprise IT teams managing Android fleets through MDM tools that assume a static permission model are about to face a system that negotiates access dynamically on behalf of AI agents. The compliance and governance implications have not been addressed in most enterprise mobility policies. This is the year to rewrite them. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise AI | 04 |
80% Perceptron Mk1 Delivers Enterprise Video Analysis AI at 80–90% Lower Cost Than Frontier Models| The 80–90% cost reduction claim for video AI analysis will attract scrutiny, but the direction of travel is clear: specialised vertical AI models are disrupting the assumption that only frontier-model providers can deliver production-grade capabilities. For enterprises investing in physical security infrastructure, content operations, or retail analytics, Perceptron Mk1 introduces a procurement comparison that did not exist six months ago. The incumbents will respond; the interesting question is whether they respond with pricing or with capability. Either way, the enterprise AI cost floor is moving. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise Security | 05 |
Alert A Mobile Carrier Is Deploying AI Voice Clones for Customer Calls — the Enterprise Security Implications Are SeriousA mobile virtual network operator has announced plans to deploy AI-cloned voices to handle outbound calls on behalf of customers, raising significant concerns about voice authentication in enterprise communications. The move highlights an emerging frontier in AI-enabled identity impersonation at the carrier level. | The enterprise security implication here is not about one MVNO's product decision — it is about what happens to voice-based identity verification when carrier-level AI voice cloning becomes normalised. Organisations that rely on phone-based authentication, verbal authorisation of transactions, or voice-confirmed approvals in regulated workflows need to update their threat models now. The technology to impersonate any enrolled voice is no longer theoretical; it is being productised at carrier scale. This is the conversation your risk management team should be having this week. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · DevOps Security | 06 |
$ ctc desk/devops security Docker Bypasses Host Firewalls Silently — Enterprise Container Deployments May Be Unknowingly ExposedDocker's default networking behaviour bypasses host-level firewall rules by inserting its own iptables entries at higher priority than rules set by ufw or firewalld. Most containerised deployments — including enterprise production environments — may be unknowingly exposing services to the network. | This is not a vulnerability in the conventional sense — Docker behaves exactly as designed, and the documentation acknowledges it. The problem is that the behaviour is counterintuitive at scale: security teams configuring host firewalls may believe their container services are protected when they are not. For any enterprise running Docker-based workloads on infrastructure with defined network perimeters, a firewall audit is warranted. The fix is straightforward; the risk is that most deployments do not have it configured. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise Devices | 07 |
Google Kills the Chromebook and Launches the Googlebook — Built Around Gemini, Not ChromeGoogle has announced the Googlebook, a new laptop range that replaces Chromebooks and is built around Gemini Intelligence rather than Chrome OS. The shift ends 15 years of Chromebook enterprise deployments and introduces a device category with deep AI integration, targeting enterprise customers who have standardised on Google Workspace. 15 yrs Chromebook era ending |
| The Googlebook represents Google's most explicit acknowledgement that the Chromebook era — built on browser-first computing — is over. For enterprise IT teams that have standardised on Chromebook fleets for frontline or knowledge workers, this is a procurement signal, not just a product announcement. The 18–24 month typical device refresh cycle means Googlebook evaluation should begin now. The question for CTOs is whether Gemini Intelligence as an embedded platform capability is worth the migration cost, or whether the existing Workspace and Chromebook stack serves the workforce adequately. Google's answer — embedded AI agents on the device itself — will be compelling where offline or latency-sensitive AI processing matters. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise Mobile | 08 |
Liberté, égalité, sovereignty. Gemini Gets a Major Upgrade on Android — Adaptive Widgets Plan Your Schedule Before You Wake UpGoogle is rolling out Gemini Intelligence on Android this summer, bringing advanced generative UI capabilities to Samsung Galaxy and Pixel devices. The flagship feature is AI-adaptive widgets that reorganise themselves based on schedule, context, and predicted intent — a fundamental shift in how mobile AI interacts with users throughout the day. | Gemini Intelligence on Android is not a feature update — it is a platform reconfiguration. Widgets that reorganise themselves based on predicted schedule and intent are the consumer surface of a much larger architectural change: the AI layer is now mediating between users and their applications. For enterprise Android fleet managers, the home screen on managed devices is no longer a static policy decision — it is a dynamic, AI-curated environment. MDM policies that define allowed widgets and application layouts will need to account for an AI layer that overrides those configurations based on inferred context. The governance challenge arrives with the August update cycle. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise Security | 09 |
| / / / / / / / / / / / / / / / / / / / / |
Zero-day Your Enterprise VPN May Be Leaking Identities and Traffic — Eight Gaps Your Security Stack MissesVPN deployments across enterprise networks are failing to protect users in predictable ways — from DNS leaks that expose every domain queried to traffic-analysis attacks that re-identify users despite encryption. Eight attack surfaces your VPN does not address, and how to audit for each. | The enterprise VPN is one of the most widely deployed security controls and one of the least audited. Most deployments are configured to pass compliance checklists, not to prevent the actual leaks described here — DNS queries bypass the tunnel, WebRTC exposes real IPs, and VPN providers themselves remain in the trust chain. For security teams conducting annual penetration tests and calling the VPN control "tested", this article is an uncomfortable read. The architecture of enterprise remote access needs to be revisited through the lens of what a VPN does not protect, not just what it does. — Kate Bennett · CEO, Compare the Cloud |
| | CTC Desk · Enterprise Hardware | 10 |
AMD 3D V-Cache Arrives in Enterprise Workstations — Lenovo ThinkStation P4 Is First to ShipLenovo has announced the ThinkStation P4, the first professional workstation to ship with AMD processors featuring 3D V-Cache technology, targeting simulation, engineering rendering, and data science applications. The combination brings AMD's stacked cache architecture — previously concentrated in consumer gaming CPUs — into formally certified enterprise workstation configurations. | Article I. Read the clause as you would a court ruling: the practical effect starts on publication, not the day the text was first circulated. |
| The ThinkStation P4 announcement matters less for its specific configuration than for what it represents in the enterprise compute market: AMD's 3D V-Cache technology is now being formally positioned for professional simulation, engineering, and AI inference workloads. For IT managers procuring workstations for engineering, architecture, or data science teams, the performance-per-watt case for AMD in the pro segment has materially strengthened. Enterprise hardware procurement cycles typically lag consumer availability by 12–18 months; the case-building should begin now rather than waiting for the next procurement review. — Kate Bennett · CEO, Compare the Cloud |
| That's the front page.Curated from the CTC Monitor worldwide feed — narrowed to the ten that matter before nine. Morning Edition · Compare the Cloud · Wednesday, 13 May 2026 · London View on the web · Unsubscribe |
|
← back to comparethecloud.net