Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
Welcome to today’s cyber and AI risk update. I’m Michael Housch. Let’s get right into the major developments shaping the risk landscape as of April 6th, 2026.
The cyber and AI threat environment continues to evolve at a rapid pace. We’re seeing a convergence of advanced adversaries, new vulnerabilities, and the accelerating adoption of artificial intelligence across critical sectors. These trends are creating both operational and strategic challenges for risk leaders, especially as regulatory and workforce pressures mount.
Let’s start with one of the most pressing issues: the cybersecurity skills crisis. The latest SANS 2026 report paints a stark picture. The shortage of skilled cybersecurity professionals is deepening, with critical infrastructure and operational technology—often referred to as OT—bearing the brunt. Organizations in these sectors are struggling to fill essential security roles, and that’s translating directly into increased breach risk. The impact isn’t theoretical; it’s measurable and growing.
The implications here are significant. For leaders in risk, security, and operations, this isn’t just a staffing problem—it’s an operational risk that can undermine business continuity. The traditional approach of hiring more talent simply isn’t keeping up with demand. To address this, organizations are increasingly turning to automation, workforce development programs, and managed security services. The bottom line is clear: without a focused strategy to close the skills gap, critical systems remain exposed, and the risk of disruptive incidents climbs.
Now, let’s talk about technical vulnerabilities—and specifically, zero-day exploits. Fortinet, a key player in endpoint management and security, has just released emergency patches for actively exploited zero-day vulnerabilities in its FortiClient EMS product. These flaws have been targeted in the wild, putting organizations that rely on Fortinet solutions at immediate risk. If your organization uses Fortinet for endpoint management, patching should be at the top of your priority list. The prevalence of Fortinet in critical environments means that attackers see these platforms as high-value targets. Quick action is essential to prevent compromise.
This isn’t an isolated incident. We’re seeing a broader trend of supply chain attacks and zero-day exploits affecting major vendors and platforms. Just this past week, a supply chain attack targeted Guardarian users through malicious Strapi NPM packages. This highlights the persistent risk associated with third-party software dependencies—especially in cloud and identity services. The lesson here is that continuous monitoring of third-party components, strict controls on package sourcing, and robust integrity verification are no longer optional. They’re foundational to any modern security program.
On the regulatory front, the landscape is getting more complex, not less. The OECD is pushing for risk-based regulatory frameworks for software, with a particular focus on AI, energy, and supply chain vulnerabilities. This reflects a growing international consensus: not all risks are created equal, and controls should be tailored to the specific risk profile of each system or application. However, for multinational organizations, this means compliance is becoming more granular and sector-specific. Keeping up with evolving standards—like the new ISO/IEC 42001 for AI governance—will require dedicated resources and cross-functional alignment.
But regulatory fragmentation is a real and growing challenge, especially in the United States. Despite mounting pressure, Congress has yet to pass any comprehensive federal AI legislation. Meanwhile, 40 states are actively drafting their own rules. The result is a patchwork of requirem
