Cybersecurity News
JPMorgan Chase is Using AI Digital Twins to Hunt Threats
JPMorganChase is deploying a system of AI-powered digital fingerprints and digital twins to detect threats and malicious behavior across its vast user base, Dark Reading reported. The strategy was presented at the RSAC 2026 Conference in San Francisco. Andrew Plummer, the bank’s chief scientist for AI and machine learning in cybersecurity and technology controls, provided the description of the strategy to DarkReading.
According to the report, digital fingerprints are built from information about each employee’s work habits and behavioral patterns. When an employee does something out of the ordinary, the AI spots it, investigates, and assigns a risk score to determine whether to flag it for further review.
Where Digital Twins Come In
Once a score is assigned, the digital twin begins a cybersecurity analysis.
According to Dark Reading, the digital twin examines flagged anomalies and models what behavioral patterns might look like over time for the organization. It factors in outside events, such as severe weather or geopolitical incidents, that could legitimately explain a behavior change. This reduces false positive alerts, which remain one of the most persistent problems in threat detection.
Plummer noted that the system currently monitors about 19,000 users. The goal is to eventually extend it to all employees, as well as to the AI agents they use and the bank’s more than 6,000 applications.
For financial firms managing thousands of users and complex application environments, the JPMorganChase approach offers a preview of where proactive threat hunting is headed.
Sophos: The Global CISO Leadership Gap Is Too Large to Ignore
There are an estimated 35,000 CISOs worldwide, but roughly 359 million businesses that need cybersecurity leadership. According to a report published by Sophos and Cybersecurity Ventures on March 23, 2026, it creates a 10,000-to-1 business-to-CISO ratio that is leaving most organizations dangerously exposed.
“Those are not good odds,” said Sophos CEO Joe Levy in the report. “This is a market failure.”
Small Businesses Bear the Brunt
According to the 2026 CISO Report, the problem hits small businesses hardest. The World Economic Forum estimates that 90% of all companies worldwide are small businesses, yet close to none employ a dedicated cybersecurity officer. A full-time CISO typically earns between $250,000 and $400,000 per year, putting the role out of reach for most small firms.
Four out of five small businesses experienced a breach in 2025, and more than a third of those businesses reported losses exceeding $500,000. Meanwhile, in-house CISOs at larger organizations are not faring much better: 75% reported considering a job change, and 99% work extra hours every week.
The report points to managed service providers (MSPs) and managed security service providers (MSSPs) as the most scalable path forward.
“Security leadership scales best through partners,” the report states, much the way managed detection and response proved that security operations are best delivered as a service. For investment firms and other organizations without dedicated security leadership, partnering with a managed provider may be the most practical way to access CISO-level oversight.
Employee Data Breaches Reach Seven-Year High
Reports of employee data breaches filed with the UK’s Information Commissioner’s Office (ICO) hit their highest level in at least seven years in 2025, Infosecurity Magazine reported. Analysis by law firm Nockolds found 3,872 breach incidents last year, a 5% increase over the prior year and nearly 29% higher than the 3,010 incidents recorded in 2019.
The findings reveal a shift in how breaches occur. According to the report, cyber-related incidents fell by 6%, while non-cyber incidents rose by 15%. Lost or stolen devices, documents sent to the wrong recipient, and paperwork left in shared or public environments accounted for a growing share of the total.
Hybrid Work Is a Structural Risk
Infosecurity Magazine cited Nockolds principal associate Joanna Sutton, who explained that organizations have strengthened their digital defenses while failing to adapt physical and procedural safeguards.
“The flow of devices and documents between homes and offices creates vulnerabilities that cyber tools alone cannot fix,” she said.
This matters for organizations of every size. Even accidental breaches can expose employers to legal liability if employees experience stress or harm as a result.
Sutton said that HR teams have a direct role in data protection, noting that “effective data security depends as much on employee awareness as on robust IT systems.” Investment firms that handle large volumes of sensitive personally identifiable information (PII) should audit their data-handling policies for hybrid work, train staff regularly, and make certain that physical safeguards keep pace with their technical controls.
Cybersecurity Tips
84% of Cyber Attacks Will Use Your Trusted Tools Against You
If your cybersecurity strategy is built around blocking malware, it may already be out of date. According to a report by The Hacker News, threat actors are bypassing traditional defenses by using the tools already inside your environment. Most organizations don’t recognize the exposure until after an attack has occurred.
The technique is called “Living off the Land” (LOTL). Rather than introducing malware that triggers alerts, attackers use legitimate built-in tools like PowerShell, WMIC, and Certutil to move laterally through a network, escalate privileges, and persist without detection.
According to the report, analysis of more than 700,000 high-severity incidents shows that 84% of attacks now abuse legitimate tools to evade detection.
Your Attack Surface Is Larger Than You Think
The report points out that a standard Windows 11 system ships with hundreds of native binaries, many of which can be weaponized for LOTL attacks. These tools are trusted by default, embedded into the operating system, and often required for normal operations. That makes them nearly impossible to block outright without disrupting workflows.
The scale of the problem is significant. The analysis shows that up to 95% of access to risky tools is unnecessary.
Every unnecessary permission is a potential attack path. And because the tools look legitimate, security teams are left trying to interpret behavior in real time, under pressure, without full context.
By the time an action clearly looks suspicious, attackers may already have moved deeper into the environment.
Detection Alone Is Not Enough
The report also notes that AI is accelerating the problem. Modern attacks, increasingly assisted by AI, move faster than cybersecurity teams can investigate.
Endpoint detection and response (EDR) and extended detection and response (XDR) tools are effective against malware and anomalous behavior, but when attackers blend into normal operations using legitimate tools, detection becomes an exercise in interpretation rather than clear identification.
Organizations need visibility into their internal attack surface, not just their perimeter. Investment firms should ask which tools are accessible across their environment, where access is excessive, and how those access patterns translate into real attack paths. Getting clarity on those questions is the first step toward reducing the exposure that LOTL attacks depend on.
