Welcome to this week’s edition of CIOsurge!

This week:

• A mid-September campaign used agentic AI for 80–90% of intrusion steps; treat enterprise agents like least-privilege service accounts with strong guardrails.

• DevOps migrations bled a median $315K and ran 18% over plan—prioritize integration-first modernization with SLO gates and security sign-off.

• From Cy Khormaee: repurpose existing distribution/telemetry, seed bottom-up adoption, then productize once pull is undeniable.

Let’s make this week a game-changer.

Stay sharp. Stay ahead.

💡 Guest Expert Insights: Cy Khormaee

🔓 Phishing Explodes, Legacy Fails

Email phishing has evolved faster than defenses can adapt. Static rules and signature lists can’t keep up with attackers who now blend automation, AI, and personalization to bypass filters built for yesterday’s patterns. What worked for spam in 2015 breaks against socially engineered, context-rich campaigns in 2025.

Three forces drive the spike: (1) AI-generated emails indistinguishable from humans, (2) massive credential exposure fueling more targeted access, and (3) distributed work reducing network-layer insight. Prevention now demands behavioral and contextual learning systems that adapt in real time, not point updates. The future of email security is continuous understanding, not static defense.

www.aegisai.ai 

🛡️ First large-scale AI-orchestrated espionage attempt disrupted

A provider reports disrupting a mid-September 2025 cyber-espionage campaign that used agentic AI to execute 80–90% of intrusion steps. Attributed with high confidence to a Chinese state-sponsored group, the attackers jailbroke Claude Code, chained tools via MCP, and probed ~30 global targets before accounts were banned and authorities notified.

Treat agents like non-human service accounts with least-privilege, purpose binding, egress controls, and kill switches. Log and inspect prompts, tool calls, and data flows; rate-limit automated actions; whitelist MCP tools; and require vendors to deliver misuse detection, audit feeds, and incident-response SLAs.

On defense, pilot SOC automation for reconnaissance/credential-harvest signatures, wire deception and canary creds, and rehearse “agentic incident” playbooks. Segment model access, segregate secrets, and gate any code-execution toolchains behind human checkpoints. Assume automation speed—design detections and workflows to match it.

- Zack Tembi

Read the full story

🔁 Migration projects bleed $315K on average

CloudBees’ 2025 DevOps Migration Index (300+ leaders) finds the average platform migration costs $315K. 57% spent >$1M last year; projects ran 18% over plan; 94% saw no performance gains; 60% missed revenue. 61% cited migration fatigue, 70% developer burnout, 74% more tool sprawl, and 70% had AI pushed without security review.

Stop defaulting to rip-and-replace. Prioritize integration-first modernization, set SLO-based success gates, and require security sign-off for any AI in pipelines. Tie funding to realized performance and revenue, not completion dates.

Tactics: strangler-fig pattern over big-bang cutovers; parallel-run windows; time-boxed proofs of value; renewal guardrails; dedicated change-management budgets. If value isn’t visible by gate two, pause or narrow scope.

 - Zack Tembi

Read the full story

🗞️ At A Glance

Broadcom launches open ecosystem for VMware Cloud Foundation

AI cloud firm Nebius signs $3 billion deal with Meta, posts more than four-fold rise in revenue

Conduent Anticipates Data Breach Cost to Rise to $50M by Q1, 2026

AWS launches ‘Capabilities by Region’ to simplify planning for cloud deployments

Extreme plots enterprise marketplace for AI agents, tools, apps

OpenAI rolls out GPT-5.1 to refine ChatGPT with adaptive reasoning and personalization

AI pilots keep crashing, mostly because firms skip the prep, survey finds

💡 CIO Spotlights

Sony Music Publishing appoints Michael Young as CIO to drive tech transformation

• Michael Young joins Sony Music Publishing as CIO, reporting to CFO Tom Kelly and based in Nashville.

• With 25+ years in IT leadership, including at Chatham Financial and Reuters, Young will lead global technology, data, and transformation initiatives.

• CEO Jon Platt says Young’s expertise will help advance SMP’s mission to better support songwriters worldwide.

  Read the full story

TD Bank hires Kiran Vuppu as U.S. CIO to drive tech transformation

• TD Bank appointed Kiran Vuppu as U.S. CIO, tasking him with leading technology strategy, delivery, and modernization across the bank’s U.S. operations.

• Vuppu brings 20+ years of financial-services tech experience from Wells Fargo, J.P. Morgan, Bank of America, IBM, and others.

• CEO Leo Salom praised Vuppu’s background in product transformation and GenAI as key to advancing TD’s tech capabilities.

  Read the full story

🗞️ Submit a Section

Want to be featured in the next edition of CIOsurge?

Send us your story

🤝 Jobs

CIO, Corporate Systems - Optum

Deputy CIO, Commercial Solutions - Conduent

CIO, Polar Operations - V2X Inc.

CIO - Salute

CISO - General Dynamics