================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Thursday, June 18, 2026 - 1:58 AM EDT ================================================================ The security industry and Washington both pivoted to AI agents in a single day, racing to govern the tools as Google shipped an agent-discovery standard and the Office of Management and Budget cataloged 3,611 federal AI deployments. CONTENTS: Emerging Trends and Key Updates | Security | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Vendors are scrambling to secure AI agents, with Google's Agentic Resource Discovery spec offering a way to publish, find, and verify agent tools across the web. see: Industry Races to Secure AI Agents * [TREND] Washington is embedding AI across government as the OMB cataloged 3,611 federal use cases, even as Bruce Schneier warns against handing sensitive functions to machines. see: Federal Government Embraces AI at Scale * [TREND] Package ecosystems keep taking supply-chain hits, pushing Homebrew to require tap trust before running outside Ruby code after the Mastra npm compromise. see: Homebrew Hardens Against Supply-Chain Attacks * [TREND] AI's economics and discourse dominate the Reading list, from OpenAI's losses ballooning toward $34 billion to debates over Anthropic's Fable model and whether knowledge work was already broken. see: Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion; The State of Fable, The Jailbreak Problem, SpaceX Acquires Cursor; AI Isn't Breaking Work. It's Already Broken. * [UPDATE (new)] The EU granted Ukraine access to its pool of pre-approved incident-response firms while Senator Mark Warner pressed acting CISA leadership on readiness. see: EU Backs Ukraine as Warner Warns on CISA * [UPDATE (new)] A French-speaking attacker breached a French automotive firm and installed OpenSSH and Tailscale for stealthy persistence after stealing banking and email credentials. see: Attacker Plants Tailscale and OpenSSH for Persistence SECURITY ---------------------------------------------------------------- 1. INDUSTRY RACES TO SECURE AI AGENTS AI Security · [ai, agents] Latest developments: Google released Agentic Resource Discovery, an open specification for publishing, finding, and verifying AI agent tools across the web, while University of Oxford and SaferAI researchers warned that agents now write frontier labs' own code with light human oversight, and 1Password bought access-governance firm Apono for a reported $250 million to $300 million as Tenet Security emerged from stealth with $6 million to police agent behavior in real time. Enterprises now run AI agents in live production at 32 percent of organizations, per Confluent, and vendors are scrambling to give those agents cryptographic identity, sandboxes, and runtime guardrails through control planes from Tigera Lynx and WitnessAI; teams deploying agents should govern tool and MCP-server access and audit every action. - Help Net Security: https://www.helpnetsecurity.com/2026/06/18/google-agentic-resource-discovery/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/18/research-ai-coding-agent-oversight/ - SecurityWeek: https://www.securityweek.com/1password-acquires-apono-in-reported-250m-300m-deal/ - SecurityWeek: https://www.securityweek.com/tenet-security-emerges-from-stealth-with-6-million-seed-funding/ 2. HOMEBREW HARDENS AGAINST SUPPLY-CHAIN ATTACKS Vulnerabilities and Exploits · [supply-chain, npm] Latest developments: Homebrew 6.0.0 now requires a user to trust a third-party tap before it evaluates or runs any Ruby code, closing a path that let outside code execute unsandboxed, while Microsoft published a teardown of the Mastra npm compromise that hid a postinstall payload across 140-plus projects. A relentless 2026 supply-chain wave—Megalodon backdooring 5,500 GitHub repositories in six hours, TrapDoor spreading across npm, PyPI, and Crates.io, and the Mastra namespace hijack via the ehindero account—has pushed package managers to disable untrusted code execution by default; developers should audit their taps, dependencies, and the secrets sitting on their own machines. - Help Net Security: https://www.helpnetsecurity.com/2026/06/18/homebrew-6-0-0-released/ - Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/18/gitguardian-developer-endpoint-protection/ 3. EU BACKS UKRAINE AS WARNER WARNS ON CISA Policy and Regulation · [policy, nation-state] Latest developments: The European Union granted Ukraine access to its pool of pre-approved cybersecurity incident-response firms as Kyiv moves toward formal accession, while Senator Mark Warner warned acting CISA leadership and DHS Secretary Markwayne Mullin that staffing cuts threaten the agency and MS-ISAC funding. Brussels is integrating Ukraine into the bloc's cybersecurity reserve so Kyiv can draw on vetted responders during major attacks, even as Warner argues Washington is hollowing out its own defenses; the contrast pits expanding allied capacity against shrinking U.S. capacity. - The Record: https://therecord.media/ukraine-access-eu-cybersecurity-reserve - The Record: https://therecord.media/warner-warns-of-cisa-cuts-staffing-shortages 4. FEDERAL GOVERNMENT EMBRACES AI AT SCALE Policy and Regulation · [ai, policy] Latest developments: The Office of Management and Budget disclosed 3,611 active or planned federal AI use cases, a 70 percent jump from the final Biden-administration tally, with security researcher Bruce Schneier flagging plans to hand sensitive governmental functions to AI. The Trump administration's April 14 disclosure shows AI spreading through federal operations faster than oversight can match, and Schneier counts many entries that automate consequential decisions; the breadth raises accountability and security questions for agencies and the public alike. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/ai-use-by-the-us-government.html 5. ATTACKER PLANTS TAILSCALE AND OPENSSH FOR PERSISTENCE Ransomware and Cybercrime · [cybercrime, persistence] Latest developments: The Hacker News detailed a French-speaking attacker who breached a small French automotive business, planted a keylogger, and stole banking and email credentials, then installed OpenSSH and Tailscale on a victim machine just before his Havoc command-and-control server went offline—building a backdoor that bypassed the C2 entirely. Legitimate remote-access tools give intruders durable, hard-to-spot footholds that survive the loss of their malware infrastructure; defenders should hunt for unsanctioned OpenSSH and Tailscale installations on endpoints. - The Hacker News: https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html PITTSBURGH ---------------------------------------------------------------- Weather: Overnight: Scattered Showers And Thunderstorms, low 68F. Thursday: Chance Showers And Thunderstorms then Mostly Sunny, high 84F. Thursday Night: Partly Cloudy, low 59F. Business: * Pitt Buys Hemingway's Cafe Site in Oakland Latest developments: Allegheny County property records show the University of Pittsburgh closed late last month on the former Hemingway's Cafe building along Forbes Avenue in Oakland for $1.36 million. The university, which called the deal thoughtful and strategic and said it watches for opportunities near campus, adds the longtime Forbes Avenue bar and restaurant property to its Oakland footprint. - KDKA: https://www.cbsnews.com/pittsburgh/news/university-of-pittsburgh-hemingways-oakland-1-36-million/ Around town: * Penn Township Bans E-Bikes in Its Park Latest developments: Penn Township commissioners passed an ordinance Wednesday barring e-bicycles and e-scooters from the township's Municipal Park Complex. Township secretary-manager Mary Perez said safety concerns for park visitors and for the riders drove the ban, which prohibits the electric bikes and scooters anywhere in the Penn Township park complex. - KDKA: https://www.cbsnews.com/pittsburgh/news/penn-township-votes-to-ban-e-bikes-e-scooters-in-municipal-park-complex/ * Rep. Dean Says ICE Barred Her From Detainees Latest developments: U.S. Rep. Madeleine Dean said staff blocked her from speaking with detainees Wednesday during an oversight visit to Pennsylvania's largest immigrant detention center. Dean, a Pennsylvania Democrat, made the trip three weeks after other members of Congress publicly shared concerns gathered inside the same facility, and she said officials kept her from interviewing the people held there. - TribLive: https://triblive.com/news/pennsylvania/rep-madeleine-dean-says-she-was-blocked-from-speaking-to-detainees-during-oversight-visit-to-pennsylvanias-largest-ice-detention-center/ * Belle Vernon Water Answers Still Pending Latest developments: Two weeks after Belle Vernon's boil-water advisory ended, residents told KDKA they still have no explanation for what caused it. Residents in the Mon Valley borough of Belle Vernon say no one has told them what triggered the advisory that forced them to boil tap water before use. - KDKA: https://www.cbsnews.com/pittsburgh/video/belle-vernon-residents-still-without-answers-after-lifted-boil-water-advisory/ Events: * Juneteenth Observances Across Pittsburgh Latest developments: Pittsburgh's Juneteenth festivals, film screenings, and gatherings reach the June 19 holiday Friday, now one day out. The Post-Gazette's roundup details Juneteenth events across the Pittsburgh region marking the June 19 holiday, spanning festivals, film screenings, and community gatherings. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/life/recreation/2026/06/16/juneteenth-events-pittsburgh-2026/stories/202606170002 SPORTS ---------------------------------------------------------------- Pirates (38-37) Wed Jun 17 · Pirates 12 · Athletics 4 · Final Ryan O'Hearn knocks in career-high 6 runs as Pirates roll to 12-4 victory over Athletics https://plaintextsports.com/mlb/2026-06-17/pit-ath Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM https://plaintextsports.com/mlb/2026-06-19/pit-col Around the Teams: * Dulac Fields Steelers Questions Latest developments: In his June 17 chat, Post-Gazette beat writer Gerry Dulac took reader questions on quarterback Brendan Sorsby, Aaron Rodgers, coach Mike McCarthy, and young passers Will Howard and Drew Allar. Dulac's weekly Steelers chat ranged across the supplemental-draft talk around Sorsby, the quarterback room, and Mike McCarthy's plans heading toward the season. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/17/nfl-news-steelers-sorsby-rodgers-mccarthy-howard-allar/stories/202606170024 * SNR Drive Builds All-Time Non-HOF Team Latest developments: On the June 17 SNR Drive, Matt Williamson and Wes Uhler assembled an all-time Steelers roster of players outside the Hall of Fame and broke down running back Jaylen Warren's game. The Steelers' team podcast picked offensive and defensive squads of franchise greats who never reached Canton, touched on Barry Foster, and assessed where Jaylen Warren stands. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=QcqN-zNm9c0 * Forging Steel Goes Inside the Draft Latest developments: The Steelers' channel released Forging Steel episode two, 'Pittsburgh is on the Clock,' an inside look at the team's 2026 NFL Draft. The documentary follows the Steelers through the draft, including first-round pick Max Iheanachor experiencing draft night and Coach Mike McCarthy addressing the team. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=TkV9_btUE3c READING ---------------------------------------------------------------- * Stratechery -- The State of Fable, The Jailbreak Problem, SpaceX Acquires Cursor Ben Thompson argues the Trump administration is very likely wrong about Anthropic's Fable model yet the burden still falls on Anthropic, and he weighs the jailbreak problem and SpaceX's purchase of Cursor. https://stratechery.com/2026/the-state-of-fable-the-jailbreak-problem-spacex-acquires-cursor/ * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron publishes financials showing OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, fuel for his case that the company has no path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Responding to a Financial Times interview with the Work AI Institute's Rebecca Hinds, Newport argues knowledge work was dysfunctional well before AI and that AI mainly exposes the existing mess. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 81.24 ▼ -10.4% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1% ================================================================ Generated 2026-06-18 01:58 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================