Exposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet – SWN #563
This episode is all about trust getting abused at scale.
We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft.
Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people’s transactions in-app, a straight confidentiality failure, not “someone hacked my phone”.
From there it’s the Middle East conflict exposing what “cloud resilience” really means when the problem isn’t cyber, it’s physical disruption and dependency chains. Then Meta’s takedown of 150,000 scam-linked accounts shows the fraud supply chain is still running hot, and the platforms are now part of the battleground whether they like it or not.
The Microsoft story is the one to watch: a critical Excel bug that turns Copilot Agent into a zero-click data leak path. And the AI agent theme keeps going with Context7: attackers slipping instructions into “helpful” context and getting agents to do dumb, destructive things on their behalf.
We finish with Stryker having the worst day with a major outage, disputed claims, and a reminder that if your management plane gets hit, you can lose the whole estate fast. Look at Intune.
No hype. Just the stuff that actually breaks systems, me talking too fast, which to be honest 'slow' is why I turn most podcasts off.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Aaran Leyland
- Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
- Lloyds, Bank of Scotland and Halifax apps showed customers other users’ transactions
- Middle East Conflict Highlights Cloud Resilience Gaps
- Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
- Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack
- Context7 Flaw Let Attackers Slip Commands to AI Agents
- Why Stryker’s Outage Is a Disaster Recovery Wake-Up Call
Joshua Marpet
- AI ethical showdown
"Anthropic just sued the Pentagon. The outcome could reshape the AI race with China"
Mark Minevich, Fortune — March 12, 2026- The "supply chain risk" designation isn't just about losing a $200M contract — it threatens to make Anthropic commercially unviable in the US. Every defense contractor and federal-adjacent company (AWS, Google Cloud, Azure) faces pressure to drop Claude.
- The geopolitical irony: Chinese labs have reportedly stolen both Claude and OpenAI models. Pirated versions circulate among adversaries "with zero guardrails" — while the original company restricts its own military.
- Anthropic's legal position is strong: The author cites 10 U.S.C. § 3252 limitations, due process, First Amendment protections, and precedent from Luokung and Xiaomi cases. The government's own 6-month transition window undermines its claim that Anthropic is an immediate security threat.
- The core question the author poses: whether elected officials or unelected tech executives determine national defense boundaries. Vinod Khosla "expressed admiration for Anthropic's principles while disagreeing with the principle itself."
