← Back to Blog

The Tuesday Briefing — Jul 7, 2026

6 min readAtypical Tech
Illustration for The Tuesday Briefing — Jul 7, 2026

The Big Picture

Researchers confirmed the first-ever ransomware attack run entirely by an AI agent, start to finish, with no human typing a single command. It didn't need a secret weapon — it walked in through a known, unpatched bug. This week's news is a reminder that the tools automating your business can also automate an attack against it, and the fix is usually basic hygiene, not new software.

This Week's Top 5

1. The First Fully Automated Ransomware Attack Has Happened

What happened: Security researchers confirmed an AI system, on its own, broke into a company's network, stole passwords, moved through the network, and encrypted files — all without a human attacker directing each step. It got in through a known software bug that simply hadn't been patched yet.

Why it matters to your business: This attack didn't require a genius hacker — it required a piece of software your business might also be running left unpatched. Attacks like this can now happen faster and around the clock, with no attacker needing to sleep, eat, or make mistakes.

What to do: Ask your IT provider for a list of every internet-facing system your business runs (your website, customer portal, remote access tools) and confirm each one is on its current, supported version.

2. AI Assistants Can Be Tricked by Fake Websites and Search Results Into Handing Over Data or Money

What happened: Attackers are now designing web pages specifically to trick AI research or shopping assistants — the pages contain hidden instructions that look invisible to a person but that an AI reads and obeys, sometimes leading to unauthorized purchases or leaked information.

Why it matters to your business: If your team uses an AI tool that browses the web to research vendors, prices, or competitors, it could be manipulated by a booby-trapped webpage without anyone noticing.

What to do: If your team uses AI browsing or research tools, ask them not to let those tools complete purchases, submit forms, or send information automatically — require a human to approve any action that leaves the chat window.

3. Microsoft's Own AI Assistant Was Reading Confidential Emails It Wasn't Supposed To

What happened: A confirmed bug caused Microsoft 365 Copilot, the AI assistant built into Outlook and Office, to summarize emails marked confidential — completely bypassing the company's own privacy controls for several weeks before anyone caught it.

Why it matters to your business: This shows that even well-known vendors can't fully control what their own AI does with your sensitive information. If you label certain emails or files as confidential, don't assume that label is actually protecting them from AI tools.

What to do: Ask whoever manages your Microsoft 365 or Google Workspace account to confirm what Copilot (or a similar built-in AI assistant) can see, and consider turning it off for any mailbox that handles HR, legal, or financial information.

4. Ransomware Attacks on Small Businesses Jumped 48% This Month

What happened: Ransomware attacks specifically targeting small and mid-size businesses rose sharply, driven by attackers moving faster than ever from finding a weakness to actually breaking in — sometimes within 24 hours of a vulnerability becoming public.

Why it matters to your business: Attackers increasingly see small businesses as easier, faster targets than large enterprises with security teams. The window between "a flaw is discovered" and "someone exploits it" is shrinking, which means waiting weeks to patch is no longer safe.

What to do: If you don't already have it, ask your IT provider about "endpoint detection" software (a tool that watches for suspicious behavior on computers, not just known viruses) — it's now considered a baseline protection, not an extra.

5. Fake QR Codes and "Login Approval" Texts Are Tricking Employees Into Handing Over Microsoft 365 Passwords

What happened: A wave of new phishing kits are using a trick called "device code phishing" — where an employee is told to enter a code on a legitimate Microsoft login page, unknowingly giving an attacker full access to their account. Detections of this specific trick spiked dramatically this month.

Why it matters to your business: This trick is dangerous because it uses Microsoft's real login page — there's no fake website for employees to spot. Standard antivirus and spam filters don't catch it.

What to do: Tell your team: never enter a "device code" or approve a login on your phone unless you personally just tried to log in on a computer. If someone else asked them to do it, it's an attack — report it immediately.

Quick Hits

  • A well-known AI coding assistant had a bug that let attackers run commands just by hiding tricks in ordinary error messages — if your developers use AI coding tools, ask if error-log integrations require human approval.

  • Government researchers announced plans to create a standard rating scale for how easily an AI chatbot can be "jailbroken" into misbehaving — worth watching if you're evaluating AI vendors later this year.

  • A security group found that AI tools writing software code introduce security bugs at nearly 3 times the rate of code written by people — if your business has any custom software, ask whether AI-written code gets extra review before launch.

  • Amazon released its cloud security compliance reports in a new, computer-readable format — if you use AWS and need compliance documentation for auditors or customers, ask your IT contact whether this simplifies your reporting.

  • A new industry framework recommends businesses keep a human "in the loop" for any AI system making decisions, rather than fully automating it — a good rule of thumb if you're considering new AI automation.

  • Researchers showed AI-powered attack tools can now beat experienced human security testers at chaining small weaknesses into a full breach — a sign that automated attacks will keep getting cheaper and more common.

One Thing to Do This Week

Turn on "phishing-resistant" login protection for your most important accounts. Here's why: this week's device-code phishing scam works specifically because it defeats the text-message or app-based login codes most businesses already use. A stronger option — a physical security key or an authenticator app that uses "number matching" instead of a simple approve/deny tap — closes that gap. Ask your IT provider or your email provider's support team: "Can we turn on phishing-resistant multi-factor authentication for our email and finance accounts?" It typically takes less than an hour to set up for a small team and is one of the few defenses that stops this exact attack cold.

Worth Reading

Related Posts