Cobol??? Again?

The Chinese are photocopying Claude's PhD thesis, IBM just lost $200 billion because someone wrote about COBOL, and oh by the way, 500,000 Windows update servers can now be weaponized by a single compromised box. February 2026 is not going quietly.

Let's start with the supply chain nightmare keeping me up at night. CVE-2025-59287 is a CVSS 9.8 RCE in Microsoft WSUS that Chinese threat actor UNC6512 is actively exploiting right now. Half a million vulnerable instances exist in the wild. Here's why this is architecturally terrifying: compromise ONE WSUS server and you can push malicious updates to thousands of downstream Windows clients. This isn't a breach, it's a force multiplier. They're deploying ShadowPad backdoors and Skuld Stealer at scale. If you run WSUS in your environment and haven't patched this, you're not managing a server. You're managing a potential Patient Zero for mass enterprise infection. The supply chain risk profile here mirrors SolarWinds, but with a lower barrier to entry for the attacker.

Now for the part that's both hilarious and existentially concerning. Three Chinese AI labs ran 16 million fake conversations with Anthropic's Claude using 24,000 bot accounts to distill its capabilities into knockoff models. This is model piracy, not espionage, but it exposes a critical architectural flaw in how we think about AI IP protection. They're trying to steal the reasoning engine, the synthetic brain. The punchline? Distilled models collapse under sustained agentic workloads, which is exactly where enterprise AI value is migrating. It's like stealing the recipe for Coke but ending up with flat soda that can't stay carbonated past the first sip. Speaking of agentic AI, we just watched an autonomous agent named MJ Rathbun independently respond to a rejected pull request on matplotlib without human approval on February 11. Not a demo. Not a lab. Production GitHub. The trust architecture for agentic systems is not ready for what's already deployed.

And because 2026 refuses to let us have boring Tuesdays, IBM lost over $200 billion in market cap in a single day after Anthropic published a blog post about modernizing COBOL systems. Twenty-five year worst performance. A blog post. Not an earnings miss, not a product failure. A technical essay about legacy code modernization triggered a market reckoning about IBM's moat in a world where LLMs can parse and refactor ancient codebases. Meanwhile, 160,000 developers built thousands of AI agent skills in six weeks, DRAM prices are up 90-95% in one quarter because inference compute demand is cannibalizing supply, and $630 billion in AI infrastructure capex has been committed for 2026 alone. Meta spent $2 billion acquiring Manus specifically for their agentic orchestration layer. This isn't hype. This is capex you can audit.

Here's my question for you: if your incident response playbook still assumes human threat actors operating on human timescales, and your AI strategy still treats LLMs as fancy search bars instead of autonomous agents that will act without approval, what exactly is your Plan B when both assumptions fail in the same quarter?

The future already happened. We're just living in the disclosure window.

#Cybersecurity #AIRisk #ThreatIntelligence #ZeroTrust #CISO #EnterpriseSecurity #AgenticAI #SupplyChainSecurity