F5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more!

Here are five things you need to know for the week ending October 17.

1 - Code red: CISA directs fed agencies to patch F5 vulnerabilities

When a cybersecurity company gets hacked, it's bad. When a nation-state steals some of its most sensitive data, it’s a catastrophe. 

That’s what happened this week, when F5 disclosed 40-plus vulnerabilities and announced that a nation-state attacker stole proprietary, confidential information about its technology and its security research, triggering an urgent U.S. government alert.

In response to F5’s announcement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01, ordering federal agencies to inventory F5 BIG-IP products, determine if they’re exposed to the public internet, and patch them.

Specifically, CISA is directing agencies to patch vulnerable F5 virtual and physical devices and downloaded software, including F5OS, BIG-IP TMOS, BIG-IQ, and BNK / CNF, by October 22, and follow the instructions in F5’s “Quarterly Security Notification.”

All organizations, not just federal civilian agencies, should prioritize mitigating the risk from F5’s breach and vulnerabilities, which can be exploited with “alarming ease” and can lead to catastrophic compromises, CISA Acting Director Madhu Gottumukkala said in a statement.

“We emphatically urge all entities to implement the actions outlined in this Emergency Directive without delay,” he said.
 

The F5 breach is “a five-alarm fire for national security,” Tenable CSO and Head of Research Robert Huber wrote in a blog, adding that F5’s technology is foundational “to secure everything,” including government agencies and critical infrastructure.

“In the hands of a hostile actor, this stolen data is a master key that could be used to launch devastating attacks, similar to the campaigns waged by Salt Typhoon and Volt Typhoon,” Huber wrote in the post “F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now.”

“We haven’t seen a software supply chain compromise of this scale since SolarWinds,” he added.

To get all the details about the F5 breach and about how Tenable can help, read Huber’s blog, as well as the Tenable Research blog “Frequently Asked Questions About The August 2025 F5 Security Incident.”

For more information about the unfolding F5 situation:

• “Confirmed compromise of F5 network” (U.K. National Cyber Security Centre)
• “F5 Hit by ‘Nation-State’ Cyberattack” (TechRepublic)
• “Hackers stole source code, bug details in disastrous F5 security incident – here’s everything we know and how to protect yourself” (ITPro)
• “Nation-state hackers breached sensitive F5 systems, stole customer data” (Cybersecurity Dive)
• “Source code and vulnerability info stolen from F5 Networks” (CSO)

2 - OpenAI: Attackers abuse ChatGPT to sharpen old tricks

Creating and refining malware. Setting up malicious command-and-control hubs. Generating multi-language phishing content. Carrying out cyber scams.

Those are some of the ways in which cyber attackers and fraudsters tried to abuse ChatGPT recently, according to OpenAI’s report “Disrupting malicious uses of AI: an update.”

Yet, OpenAI, which detailed seven incidents it detected and disrupted, noticed an overarching trend: Attackers aren’t trying to use ChatGPT to cook up sci-fi-level super-attacks. They’re mostly trying to put their classic scams on steroids.

“We continue to see threat actors bolt AI onto old playbooks to move faster, not gain novel offensive capability from our models,” OpenAI wrote in the report.
 

The report identifies several key trends among threat actors:

• Using multiple AI models
• Adapting their techniques to hide AI usage
• Operating in a "gray zone" with requests that are not overtly malicious

Incidents detailed in the report include the malicious use of ChatGPT by: 

• Cyber criminals from Russian-speaking, Korean-language, and Chinese-language groups to refine malware, create phishing content, and debug tools.
• Authoritarian regimes, specifically individuals linked to the People's Republic of China (PRC), to design proposals for large-scale social media monitoring and profiling, including a system to track Uyghurs.
• Organized scam networks, likely based in Cambodia, Myanmar, and Nigeria, to scale fraud by translating messages and creating fake personas.
• State-backed influence operations from Russia and China to generate propaganda, including video scripts and social media posts.

“Our public reporting, policy enforcement, and collaboration with peers aim to raise awareness of abuse while improving protections for everyday users,” OpenAI wrote in the statement “Disrupting malicious uses of AI: October 2025.”

For more information about AI security, check out these Tenable resources:

• “2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud” (on-demand webinar)
• “Cloud & AI Security at the Breaking Point — Understanding the Complexity Challenge” (solution overview)
• “Exposure Management in the realm of AI” (on-demand webinar)
• “Expert Advice for Boosting AI Security” (blog)
• “AI Is Your New Attack Surface” (on-demand webinar)

3 - Anthropic: Poisoning giant LLMs is shockingly easy

Bigger isn’t better when it comes to the security of large language models (LLMs).

Conventional wisdom held that bigger models were harder to poison. Well, that ain’t so, according to a study by Anthropic.

The study, titled “Poisoning Attacks on LLMs Require a Near-Constant Number of Poison Samples,” found that an attacker doesn't need to control a huge percentage of an LLM’s training data. A small, fixed amount is enough to create a backdoor.

“Creating 250 malicious documents is trivial compared to creating millions, making this vulnerability far more accessible to potential attackers,” reads the Anthropic article “A small number of samples can poison LLMs of any size.” 

If anything, data-poisoning attacks against LLMs become easier as models scale up and their datasets grow. “The attack surface for injecting malicious content expands proportionally, while the adversary’s requirements remain nearly constant,” the study reads.

The study, conducted jointly with the U.K. AI Security Institute and the Alan Turing Institute, focused on a likely innocuous type of backdoor attack: Tampering with the LLM so that it generates gibberish text when a user inputs a specific phrase.

The researchers inserted the trigger phrase <SUDO> into a small number of training documents. They found that while 100 poisoned documents were insufficient, 250 or more were enough to reliably create a backdoor across all tested model sizes, which ranged from 600 million to 13 billion parameters.
 

^{(Source: Anthropic article “A small number of samples can poison LLMs of any size,” October 2025.)}

It is unclear if the study’s findings will hold for more complex behaviors, such as bypassing safety guardrails or generating malicious code.

“Nevertheless, we’re sharing these findings to show that data-poisoning attacks might be more practical than believed, and to encourage further research on data poisoning and potential defenses against it,” the article reads.

While the study didn’t focus on ways to defend LLMs against this type of attack, it does offer some mitigation recommendations, pointing to “clean training” practices as a way to remove backdoors in some settings.

“Defences can be designed at different stages of the training pipeline such as data filtering before training and backdoor detection and elicitation once the model has been trained to detect undesired behaviours,” the study reads. 

For more information about protecting AI systems against cyber attacks:

• “Understanding the risks - and benefits - of using AI tools” (U.K. NCSC)
• “Hacking AI? Here are 4 common attacks on AI” (ZDNet)
• “Best Practices for Deploying Secure and Resilient AI Systems” (Australian Cyber Security Centre)
• “Adversarial attacks on AI models are rising: what should you do now?” (VentureBeat)
• “OWASP AI Security and Privacy Guide” (OWASP)
• “How to manage generative AI security risks in the enterprise” (TechTarget)

4 - Report: AI and cyber risks hit the boardroom

In a sign of the growing impact of AI and cybersecurity for enterprises, Fortune 100 boards of directors have boosted the number and the substance of their AI and cybersecurity oversight disclosures.

That’s the conclusion EY arrived at after analyzing proxy statements and 10-K filings submitted to the U.S. Securities and Exchange Commission (SEC) by 80 of the Fortune 100 companies in recent years.

“Companies are putting the spotlight on their technology governance, signaling an increasing emphasis on cyber and AI oversight to stakeholders,” reads the EY report “Cyber and AI oversight disclosures: what companies shared in 2025.”
 

What’s driving this trend? Cyber threats are becoming more sophisticated by the minute, while the use of generative AI — both by security teams and by attackers — is growing exponentially.

Key findings from the report about AI oversight include:

• Nearly half (48%) of the analyzed companies now specifically mention AI risk in their board's enterprise risk oversight, a threefold increase from 2024.
• AI expertise on boards has also grown, with 44% of companies now mentioning AI in their description of director qualifications, up from 26% last year.
• 40% of companies have formally assigned AI oversight to a board committee, most commonly the audit committee.
• The number of companies disclosing AI as a standalone risk factor has more than doubled, from 14% to 36%.

Meanwhile, cybersecurity oversight practices have also matured:

• The vast majority of companies (78%) continue to assign this responsibility to the audit committee.
• There is a clear trend towards aligning with external cybersecurity frameworks, with 73% of companies now doing so, up from 57% in 2024 and from a mere 4% in 2019.
• Cybersecurity preparedness is also being taken more seriously, with 58% of companies now conducting simulations and tabletop exercises, compared to only 3% in 2019.
• The demand for directors with cybersecurity expertise remains high, with 86% of companies highlighting it as a skill that either a director has or that the board seeks.

“Board oversight of these areas is critical to identifying and mitigating risks that may pose a significant threat to the company,” the report reads.

For more information about cybersecurity and AI in the boardroom and the C-suite:

• “Governance of AI: A critical imperative for today’s boards” (Deloitte)
• “AI Governance In The Boardroom: Strategies For Effective Oversight And Implementation” (Forbes)
• “The Hidden C-Suite Risk Of AI Failures” (Harvard Law School)
• “How Board-Level AI Governance Is Changing” (Forbes)
• “Competitive advantage through cybersecurity: A board-level perspective” (McKinsey)
• “How AI Impacts Board Readiness for Oversight of Cybersecurity and AI Risks” (National Association of Corporate Directors)

5 - NCSC: Severe cyber attacks hitting U.K. at “alarming pace”

Cyber attacks with national reverberations have shot up to four per week in the U.K., a stat that’s a wake-up call not only for all British cyber defenders but also for all business leaders.

That’s according to the U.K. National Cyber Security Centre’s (NCSC) 2025 annual review, titled “It’s time to act: Open your eyes to the imminent risk to your economic security” and covering the 12-month period ending in September 2025.

“Cyber risk is no longer just an IT issue — it’s a boardroom priority,” reads the report.

These “nationally significant” cyber incidents more than doubled, climbing to 204 from 89 in the previous 12 months.
 

The severity of the attacks is also on the upswing. The report reveals a nearly 50% increase in "highly significant" incidents, which are those with the potential to severely impact the central government, essential services, many people, or the economy.

“Cyber security is now a matter of business survival and national resilience,” Richard Horne, Chief Executive of the NCSC, said in a statement.

“Our collective exposure to serious impacts is growing at an alarming pace,” he added.

The NCSC attributes many of these attacks to sophisticated advanced persistent threat (APT) actors, including nation-states and highly capable criminal organizations. It identifies the primary state-level threats as China, Russia, Iran, and North Korea. 

In response to this escalating threat, the NCSC is urging British businesses to prioritize their cybersecurity measures, saying that cybersecurity “is now critical to business longevity and success.”

To aid in this effort, the NCSC has launched a new "Cyber Action Toolkit" aimed at helping small organizations implement foundational security controls. 

It is also promoting the "Cyber Essentials" certification, which indicates an organization has security in place against most common cyber threats and opens up the opportunity to obtain free cyber insurance.