No idea why this didn’t send when scheduled last week, so here’s a late take on last week’s AI and cybersecurity news and events.

Another week where AI security stopped being hypothetical. CISA issued an emergency directive over a nation-state breach at F5. The International AI Safety Report team released a Key Update that raises the bar for evidence-based risk thinking. The EU’s Joint Research Centre added material to help implement the AI Act’s general-purpose AI obligations. Microsoft’s annual threat report underscored how nation-states are operationalizing AI. The UK’s NCSC annual review and MI5’s Director General both highlighted the practical implications. And yes, Windows 10 support finally ended, with Microsoft pushing Windows 11 AI features at the same time.

1) CISA Emergency Directive 26-01 on F5 BIG-IP

Summary
CISA ordered federal civilian agencies to inventory, lock down, and patch F5 BIG-IP devices by October 22, with status reports due by October 29, after F5 disclosed that a nation-state actor had stolen portions of BIG-IP source code and undisclosed vulnerability information. The directive spells out immediate mitigation, inventory, and reporting steps. This is a supply-chain security moment for the AI era, because many AI stacks sit behind the very application delivery and access control gear now at risk. (CISA)

Why It Matters

• The attacker has a technical advantage from stolen code and bug intel that could translate into high-impact exploits at scale.

• Agencies and enterprises that expose management interfaces are at elevated risk.

• AI workloads often rely on these gateways; compromise here cascades into model data, keys, and pipelines.

What To Do About It

• Treat this as a board-level incident. Inventory every F5 device, confirm interface exposure, and patch on the CISA clock.

• Rotate embedded credentials, API keys, and session cookies for apps behind affected devices; validate downstream secrets hygiene.

• Add BIG-IP-specific detections and look-backs. Hunt for anomalous config pulls and admin access patterns since August 9.

Rock’s Musings
The lesson isn’t just “patch faster.” It’s that supply-chain reach into AI ops is non-optional. If your AI gateways, reverse proxies, and identity edges are brittle, your model security is a rounding error. I’d put a named owner on “edge-to-AI” dependencies, with weekly proof of control.

I’d also ask one simple question… “Can we rotate every secret that touches production in 24 hours without breaking critical flows?” If the answer is no, we’ve got an operations problem masquerading as a security problem. You can’t govern AI seriously if your plumbing can’t take a punch.

2) International AI Safety Report: First Key Update

Summary
The International AI Safety Report team published its first Key Update on October 14. It documents capability jumps driven by new training techniques and flags implications for cyber and bio risks, controllability, and monitoring. This adds fresh, consensus-oriented evidence for policymakers and security leaders beyond the January 2025 baseline. (International AI Safety Report; PR Newswire) (International AI Safety Report)

Why It Matters

• It gives executives a synthesized view of risk domains that actually maps to current capabilities.

• It’s government-backed and expert-led, which makes it a credible reference in audits and board decks. (UK GOV background) (GOV.UK)

• The focus on monitoring and controllability speaks to real-world model operations, not sci-fi.

What To Do About It

• Map your AI risk register to the report’s capability and risk threads; update likelihoods and controls accordingly.

• Align AI red-team scope to the update’s cyber-relevant capabilities, then track mitigations to closure.

• Brief your audit committee using the Key Update as an external benchmark for your risk posture.

Rock’s Musings
I love seeing a living, evidence-based report. Executives don’t need another think piece; they need a scoreboard that updates with the game. If you can’t point to where your controls intersect with these capability shifts, you’re winging it. Use this update to pressure-test your assumptions and safeguards. Then prove it with artifacts.

3) EU JRC: New External Reports to Implement AI Act GPAI Obligations

Summary
On October 14, the European Commission’s Joint Research Centre published a new collection of external scientific reports to inform how the EU AI Act will apply to providers of general-purpose AI, including models with systemic risk. These materials support Chapter V obligations that began applying on August 2, 2025. (European Commission JRC; European approach milestones) (AI Watch)

Why It Matters

• GPAI obligations touch transparency, risk management, and security measures that most enterprises haven’t operationalized.

• The collection provides concrete reference points your counsel and engineering teams can use now.

• It clarifies scope questions that bog down programs and stall vendor assessments.

What To Do About It

• Assign legal, AI engineering, and security to extract control requirements and map them to your existing frameworks.

• Update supplier due-diligence templates to include GPAI-specific attestations and artifacts.

• Establish a quarterly compliance cadence that generates evidence that your competent authority would accept.

Rock’s Musings
If your team still talks about the AI Act like it’s far away, that’s a governance smell. Use this JRC material to convert debates into checklists and proofs. If you're looking for a practical sprint plan, I've laid one out here that aligns with the Article timelines: EU AI Act compliance sprint. The only thing worse than non-compliance is pretend compliance.

4) Microsoft Digital Defense Report 2025: Nation-States Are Using AI

Summary
Microsoft’s latest Digital Defense Report highlights a surge in AI-assisted nation-state activity, including disinformation and influence operations from Russia, China, Iran, and North Korea, as well as AI-supported tradecraft for intrusion and fraud. In July 2025, more than 200 instances of AI-generated propaganda were identified in a single month. (AP; Microsoft) (AP News)

Why It Matters

• The report confirms what many teams feel: AI is accelerating attacker workflows.

• It’s a defensible external signal to justify investment in detection, provenance, and user education.

• It normalizes threat-intel collaboration between providers and enterprises.

What To Do About It

• Expand threat-hunting to include AI-crafted lure detection and staged influence assets.

• Implement provenance checks and brand monitoring for high-risk executives and campaigns.

• Add scenario-based training for help desks and finance teams on deepfake and voice clone patterns.

Rock’s Musings
I’m not impressed by breathless headlines about “AI super attackers.” I’m impressed by evidence that the boring parts of attacks get faster and cheaper. That’s the risk. If your defenses take days to adapt, AI-accelerated attackers will lap you. Speed up your patch cycles, enrich detections with content provenance, and kill single-factor approvals dead.

5) NIST “Zero Drafts” Pilot: Comments Due October 17 on Dataset and Model Documentation

Summary
NIST’s AI Standards “Zero Drafts” pilot is collecting input to accelerate the development of standards for AI testing and model and dataset documentation. For the documentation topic, NIST will consider input received by October 17 for its initial public draft. This is a rare chance to shape practical, cross-industry documentation fields you can implement and audit. (NIST; NIST update) (NIST)

Why It Matters

• Documentation standards serve as the backbone for third-party audits, supplier reviews, and regulatory compliance evidence.

• Clear fields reduce debate and expedite risk reviews throughout the AI lifecycle.

• Early input from security leaders helps ensure that provenance, security controls, and incident processes are first-class.

What To Do About It

• Submit concrete field lists for model, data lineage, and security attestations your org can generate at scale.

• Align your internal AI documentation templates to NIST’s proposed scopes to reduce rework later.

• Start an internal doc-a-thon: backfill artifacts for your top three AI systems and measure time-to-complete.

Rock’s Musings
Standards aren’t paperwork. They’re how we stop arguing about basics. If you want fewer meetings and faster approvals, help NIST define the fields now. Then wire those fields into your SDLC so they fall out of normal work, not heroics.

6) UK NCSC Annual Review 2025: AI, PQC, and an Accelerating Threat Pace

Summary
The NCSC’s 2025 review reports a higher incident tempo, highlights AI’s role in enhancing attacker capability, and underscores the UK’s contributions to standards for AI and post-quantum cryptography. The review is frank about ransomware and state activity, and it documents tools and guidance to help organizations prepare. (NCSC; The Guardian) (NCSC)

Why It Matters

• It’s a credible, government view that you can cite in risk narratives to leadership.

• The AI sections anchor practical readiness, not just policy.

• It supports cross-sector alignment on resilience expectations.

What To Do About It

• Adopt NCSC guidance where it closes gaps you’ve logged in tabletop exercises.

• Update your AI red-team scope with NCSC-aligned scenarios around misuse, jailbreaks, and agent abuse.

• Prioritize PQC migration pilots for systems with long cryptographic agility timelines.

Rock’s Musings
I appreciate how the NCSC avoids drama and focuses on what organizations can do. That’s the model. Your security plan should look the same: blunt about risk, boring about execution, relentless on measurement. If a control doesn’t produce proof, it’s a wish.

7) Windows 10 Support Ends; Microsoft Pushes New Copilot Features in Windows 11

Summary
Windows 10 reached the end of support on October 14. Microsoft announced new Windows 11 AI features, including a “Hey, Copilot” voice mode and expanded Copilot Vision, encouraging upgrades as extended security updates move to a paid track through 2026. This is a classic risk-reduction and change-management moment with AI in the middle. (Microsoft Support; Reuters) (Microsoft Support)

Why It Matters

• Unsupported OS sprawl is a measurable cyber exposure and audit finding.

• New AI features introduce fresh permissions and telemetry surfaces you need to govern.

• The transition drags device refresh, budget, and training with it.

What To Do About It

• Lock a 90-day plan to retire or isolate remaining Windows 10 endpoints; enroll ESU where strictly necessary. (Microsoft) (Microsoft)

• Gate Copilot features behind role-based access, DLP, and logging. Review Vision’s screen access policies.

• Train users on new voice features and publish an approved-use guide with clear “don’ts.”

Rock’s Musings
Two truths: staying on Windows 10 poses a risk; moving to voice-driven AI without guardrails also poses a risk. Good governance isn’t saying yes or no. It’s saying “yes, with controls,” then proving the controls hold under pressure.

8) California Emerges as De Facto U.S. AI Regulator with Frontier Model Law

Summary
Legal analysis this week highlighted how California’s new transparency law for frontier model developers positions the state as the country’s leading AI regulator at present (so sorry, Colorado). It requires pre- and post-deployment risk reviews, incident reporting, and safeguards for model-weight security. Expect spillover into vendor diligence and enterprise disclosures. (Latham & Watkins; Wilson Sonsini) (Latham & Watkins)

Why It Matters

• Even if you’re not a “frontier lab,” customers will expect California-aligned attestations.

• Disclosures and incident reporting will ripple into your contracts and PR planning.

• It pressures internal policies to keep pace with external expectations.

What To Do About It

• Build an “AI framework” doc that mirrors the law’s structure: security, testing, incident criteria, and public transparency.

• Add model-weight protection controls to your crown-jewel list with regular assurance testing.

• Pre-write your “critical safety incident” workflow with legal and comms.

Rock’s Musings
Whether you love or hate California leading here, the message is simple: your AI governance story needs receipts. If your program can’t produce a clear framework, testing evidence, and a crisp incident trigger, you’re not ready.

9) MI5 Chief: Treat Autonomous AI Risk Soberly, Not Cinematically

Summary
In his annual threat update, MI5’s Ken McCallum warned that non-human, autonomous AI systems may pose future risks that evade human control, while also highlighting the real-world uses by terrorists and state actors for propaganda, reconnaissance, and cyberattacks today. He rejected doom talk but urged preparation. (Reuters; AP) (Reuters)

Why It Matters

• It’s a calibrated signal that blends near-term tradecraft with medium-term systemic risk.

• It helps executives frame investment across defense now and controllability later.

• It validates AI red-teaming that targets manipulation and evasion, not only jailbreaks.

What To Do About It

• Expand misuse testing to include target recon and social engineering patterns.

• Define decision points for pausing or constraining autonomy if metrics cross thresholds.

• Build an “AI ops” review board that can say no when safeguards slip.

Rock’s Musings
I like the adult tone. No panic. No hand-waving. Just a reminder that real attackers use AI today and that tomorrow’s autonomy needs real control theory, not vibes. Write your stop rules now, before the adrenaline of a launch pushes them aside.

10) ISO/IEC 42001 Adoption Expands: First Certification in Korea’s MSP Sector

Summary
MegazoneCloud announced ISO/IEC 42001 certification for its AI management system, marking a first in Korea’s MSP industry. Adoption continues to spread as ANAB and other bodies accredit certification providers. For enterprises, this is the governance scaffolding customers will look for. (PR Newswire; ANAB) (PR Newswire)

Why It Matters

• ISO 42001 provides an auditable and repeatable management system for AI risk and operations.

• It shortens customer security reviews and aligns with EU and U.S. expectations.

• It forces discipline around lifecycle controls, monitoring, and continual improvement.

What To Do About It

• Map your current AI program to 42001 and set a 6-month gap plan.

• Pick two high-value AI systems and pilot 42001 artifacts end-to-end to learn the muscle memory.

• Align your vendor schedule to require a 42001 roadmap or equivalent.

Rock’s Musings
ISO 42001 is the governance framework that enables AI to move quickly without falling apart. If you want a practical way to implement it, I've outlined a fast-track approach here: ISO 42001 vs. CARE. Make governance a habit, not a project.

The One Thing You Won’t Hear About But You Need To

Google’s SynthID-Image: Watermarking AI Media at Internet Scale

Summary
Google researchers published a paper on October 10 describing deployment-grade, invisible watermarking for AI-generated imagery across more than ten billion images and frames. It documents threat models, robustness testing, and a verification service in use with trusted testers. Coupled with Google’s broader SynthID program, this points to a maturing provenance stack that enterprises can finally build around. (arXiv; Google DeepMind) (arXiv)

Why It Matters

• Content provenance underpins fraud response, brand protection, and regulatory disclosures.

• An at-scale implementation, along with a detector portal, moves the conversation from theory to architecture. (Google Blog) (blog.google)

• It complements C2PA content credentials and gives you building blocks for your media pipeline.

What To Do About It

• Set up a media provenance pilot: ingest SynthID signals and C2PA credentials into your SOC and brand monitoring systems.

• Update data loss and fraud playbooks to include watermark detection steps.

• Request that vendors disclose their support for watermark generation and verification in RFPs.

Rock’s Musings
Provenance isn’t a silver bullet, but it’s finally getting operational. Don’t wait for a regulation to force it. If your brand can be cloned in minutes, your defense should be able to verify in seconds. Build it into your marketing and fraud stack now.

👉 What do you think? Ping me with the story that keeps you up at night, or the one you think I overrated.

👉 The Wrap-Up drops every Friday. Stay safe, stay skeptical.

👉 For deeper dives, visit RockCyber.

Citations

Associated Press. (2025, October 16). Microsoft pushes AI updates in Windows 11 as it ends support for Windows 10. https://apnews.com/article/8fbfc66b59c1ee9d15e0af856d29f52d

Associated Press. (2025, October 16). Microsoft: Russia, China increasingly using AI to escalate cyberattacks on the US. https://apnews.com/article/ad678e5192dd747834edf4de03ac84ee

Associated Press via Washington Post. (2025, October 16). MI5 chief says China is a daily threat to UK security amid row over collapse of spying case. https://www.washingtonpost.com/world/2025/10/16/britain-mi5-threats-china-spying-russia-iran/0db9b888-aa8d-11f0-a2bc-82cf6840599d_story.html

BleepingComputer. (2025, October 15). F5 says hackers stole undisclosed BIG-IP flaws, source code. https://www.bleepingcomputer.com/news/security/f5-says-hackers-stole-undisclosed-big-ip-flaws-source-code/

CISA. (2025, October 15). Emergency Directives: ED 26-01 Mitigate vulnerabilities in F5 devices. https://www.cisa.gov/news-events/directives

CISA. (2025, October 15). CISA adds one Known Exploited Vulnerability to Catalog. https://www.cisa.gov/news-events/alerts/2025/10/15/cisa-adds-one-known-exploited-vulnerability-catalog

European Commission Joint Research Centre. (2025, October 14). New JRC collection of external scientific reports to inform implementation of EU AI Act GPAI obligations. https://ai-watch.ec.europa.eu/news/new-jrc-collection-external-scientific-reports-inform-implementation-eu-ai-act-general-purpose-ai-2025-10-14_en

European Commission. (2025, October 13–16). European approach to artificial intelligence: Important milestones. https://digital-strategy.ec.europa.eu/en/policies/european-approach-artificial-intelligence

Federal News Network. (2025, October 16). CISA directs agencies to address ‘significant cyber threat’. https://federalnewsnetwork.com/cybersecurity/2025/10/cisa-directs-agencies-to-address-significant-cyber-threat/

FedRAMP. (2025, October 15). Responding to CISA Emergency Directive 26-01. https://www.fedramp.gov/2025-10-15-responding-to-cisa-emergency-directive-26-01/

Google DeepMind. (2025, May 20). SynthID Detector — a new portal to help identify AI-generated content. https://blog.google/technology/ai/google-synthid-ai-content-detector/

International AI Safety Report. (2025, October 14). First Key Update: Capabilities and Risk Implications.

https://internationalaisafetyreport.org/

Latham & Watkins. (2025, October 13). California assumes role as lead U.S. regulator of AI. https://www.lw.com/en/insights/california-assumes-role-as-lead-us-regulator-of-ai

Microsoft. (2025, October). Threat landscape hub: Microsoft Digital Defense Report 2025. https://www.microsoft.com/en-us/security/security-insider/threat-landscape

Microsoft Support. (2025, October 14). Windows 10 support has ended on October 14, 2025. https://support.microsoft.com/en-us/windows/windows-10-support-has-ended-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281

Microsoft. (2025, 2025). Windows 10 Consumer Extended Security Updates (ESU). https://www.microsoft.com/en-us/windows/extended-security-updates

NCSC. (2025, October). Annual Review 2025: Keeping pace with evolving technology — Artificial intelligence. https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025/chapter-03-keeping-pace-with-evolving-technology

NIST. (2025, September 12). AI Standards “Zero Drafts” pilot project to accelerate standardization. https://www.nist.gov/artificial-intelligence/ai-research/nists-ai-standards-zero-drafts-pilot-project-accelerate

PR Newswire. (2025, October 15). First Key Update of the International AI Safety Report released. https://www.prnewswire.com/news-releases/first-key-update-of-the-international-ai-safety-report-released-302584012.html

PR Newswire. (2025, October 15). MegazoneCloud’s AIR Studio earns Korea’s first ISO/IEC 42001 certification for AI management systems. https://www.prnewswire.com/news-releases/megazoneclouds-air-studio-earns-koreas-first-isoiec-42001-certification-for-ai-management-systems-302584233.html

Reuters. (2025, October 16). Microsoft launches new AI upgrades to Windows 11, boosting Copilot. https://www.reuters.com/business/microsoft-launches-new-ai-upgrades-windows-11-boosting-copilot-2025-10-16/

Reuters. (2025, October 16). UK spy chief warns of AI danger, though not disaster-movie doom. https://www.reuters.com/world/uk/uk-spy-chief-warns-ai-danger-though-not-disaster-movie-doom-2025-10-16/

The Guardian. (2025, October 14). Cyber-attacks rise by 50% in past year, UK security agency says. https://www.theguardian.com/technology/2025/oct/14/cyber-attacks-rise-in-past-year-uk-security-agency-says

The Verge. (2025, October 16). Microsoft wants you to talk to your PC and let AI control it. https://www.theverge.com/news/799768/microsoft-windows-ai-copilot-voice-vision-launch

Wilson Sonsini Goodrich & Rosati. (2025, October 2). California enacts major AI safety legislation for frontier AI developers. https://www.wsgr.com/en/insights/california-enacts-major-ai-safety-legislation-for-frontier-ai-developers.html

ANAB. (n.d.). ISO/IEC 42001 Artificial Intelligence Management Systems Accreditation. https://anab.ansi.org/accreditation/iso-iec-42001-artificial-intelligence-management-systems/

Gowal, S., Bunel, R., Stimberg, F., et al. (2025, October 10). SynthID-Image: Image watermarking at internet scale. arXiv. https://arxiv.org/abs/2510.09263

Google DeepMind. (n.d.). SynthID overview. https://deepmind.google/science/synthid/

Nextgov. (2025, October 16). CISA orders government to patch F5 products after nation-state intrusion. https://www.nextgov.com/cybersecurity/2025/10/cisa-orders-government-patch-f5-products-after-nation-state-cyber-intrusion/408824/

Helpful RockCyber links mentioned

• Weekly feed: https://rockcybermusings.com/feed

• EU AI Act sprint plan: https://www.rockcybermusings.com/p/eu-ai-act-compliance-enterprise-sprint

• ISO 42001 fast-track with CARE: https://www.rockcybermusings.com/p/iso-42001-vs-care-fast-tracking-ai