When Veracode says 82% of organizations carry security debt (known vulnerabilities aging past a year), the number sounds like a backlog problem. It isn’t. Backlogs have owners and sprint commitments. What Veracode describes is a governance assumption: that known risks are being actively managed when, for most organizations, they’re not. Critical security debt now appears in 60% of organizations. The average fix time is 243 days. That isn’t a technical problem. That’s a structural one.

The rest of this week’s stories fit the same shape. An AI agent trusted that localhost connections were inherently authorized; they weren’t. A Chrome extension exploited a gap in how new AI browser components were covered by policy enforcement. An attacker convinced Claude Code that each step of a government compromise was authorized work. In each case, the security architecture assumed controls were in place that weren’t.

This is what governance failure can look like operationally: not a single breach or a missed patch, but a pattern of things assumed to be controlled that nobody verified.

Top Story

AWS Bets It Can Be Your Enterprise Security Hub. Can It?

Source: https://aws.amazon.com/blogs/aws/aws-security-hub-extended-offers-full-stack-enterprise-security-with-curated-partner-solutions/​

TLDR

AWS has launched Security Hub Extended, a new service tier that pulls curated third-party tools from vendors like CrowdStrike, Okta, Zscaler, and SailPoint into a single procurement and operations experience, with AWS acting as seller of record. The move is a direct play to reduce security tool sprawl by correlating findings across multiple security domains – and it puts AWS squarely in Microsoft’s lane.

Why It Matters to Enterprises

This is not just a marketplace refresh. Under the Extended plan, AWS becomes the seller of record for participating partner solutions, offering a single bill and pay-as-you-go pricing, while security findings are normalized using the Open Cybersecurity Schema Framework and aggregated within the console to streamline incident response and risk prioritization. That procurement model is new territory for AWS, and it carries real governance implications.

The direct competitor here is Microsoft Defender for Cloud, which has held a structural advantage in this space. Defender for Cloud is built for hybrid and multi-cloud environments, combining CSPM with Cloud Workload Protection and offering centralized management across Azure, AWS, and GCP from a single control plane, something Security Hub still cannot claim. AWS’s answer is to bundle partners tightly inside its own console rather than extend outward. That’s a fundamentally different architectural bet: depth over breadth.

As of January 2026, Microsoft Defender for Cloud holds roughly twice the CSPM mindshare of AWS Security Hub, and that gap reflects a persistent reality: enterprises running mixed environments have leaned toward Defender for its cross-cloud reach. Security Hub Extended doesn’t close that gap; it sidesteps it by making AWS-native environments feel more complete without requiring you to leave the console.

The risk for enterprises isn’t whether this is a good product. It’s whether consolidating procurement and operations through your cloud provider quietly shifts your security architecture toward whatever that provider curates. The partner list was explicitly customer-driven, which is useful context – but a curated ecosystem is still a constrained one.

What to Do This Week

• Audit which third-party tools in your current stack overlap with the Security Hub Extended partner list and assess consolidation risk
• Pressure-test whether single-vendor support for endpoint, identity, and network tools aligns with your incident response requirements
• Evaluate your multi-cloud posture: if you’re running workloads across AWS and Azure, assess whether Defender for Cloud’s cross-cloud reach addresses gaps Security Hub Extended cannot
• Map your existing OCSF adoption to understand how normalized findings would actually change analyst workflow before committing to the console model
• Review procurement dependencies – AWS as seller of record simplifies billing but may complicate contract negotiations or renewals with affected vendors directly

Big Stories

A Localhost Trust Assumption Turned Developer AI Agents Into Backdoors

Source: https://www.securityweek.com/openclaw-vulnerability-allowed-malicious-websites-to-hijack-ai-agents/ https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html​

What Happened

Oasis Security disclosed a high-severity vulnerability in OpenClaw’s local gateway, the WebSocket server that manages authentication, sessions, and agent orchestration. Because the gateway treated localhost connections as inherently trusted, a malicious website could open a WebSocket connection to the agent’s port, brute-force the password without rate limiting, and auto-register as a trusted device without user confirmation.

The attacker then had full admin access (shell execution, file exfiltration, log reads, and control of any connected integration), but OpenClaw patched the issue in under 24 hours with version 2026.2.25.

Why It Matters

This isn’t a plugin vulnerability; it’s the core gateway, working exactly as documented, built on the assumption that localhost connections are inherently trusted. That assumption gave attackers a clean path: browser cross-origin policies don’t cover WebSocket connections to localhost, the rate limiter exempted loopback traffic entirely, and device registration was auto-approved without any user prompt. If your developers run AI agents locally, your threat model needs to account for everything those agents hold access to, because credentials, API keys, cloud integrations, and production systems all fall inside the blast radius. Microsoft put it plainly: treat OpenClaw as untrusted code execution with persistent credentials.

82% of Organizations Have Known Vulnerabilities Aging Past a Year

Source: https://www.helpnetsecurity.com/2026/03/02/ciso-security-debt-report/​

What Happened

Veracode’s 2026 State of Software Security Report analyzed 1.6 million applications and found that security debt (known vulnerabilities unresolved for more than a year) now appears in 82% of organizations, up from 74% in 2025, with critical security debt reaching 60% of organizations, up from 50%.

The average fix time across all scan types is 243 days, and third-party critical debt sits at 66%, still pointing to dependency governance as a persistent weak point.

Why It Matters

A 243-day average fix time means known vulnerabilities are sitting open for most of a calendar year, across multiple release cycles, in systems teams are actively depending on. The 82% figure isn’t a backlog metric; it’s a governance signal: organizations know about these issues and haven’t resolved them, which means either prioritization isn’t surfacing them effectively, or it is, and ownership and funding decisions are deferring them anyway. Either path leads to the same place. CISOs are increasingly being asked to treat security debt the way CFOs treat financial debt: with board-level visibility, quarterly reduction targets, and explicit risk acceptance decisions for items that won’t get fixed on a given timeline.

Quick Hits

AI as Offensive Infrastructure Is No Longer Theoretical Attackers used Claude Code to orchestrate a full compromise of 10 Mexican government bodies, writing exploits, building tools, and automatically exfiltrating 195 million records. The attacker sent over 1,000 prompts and bypassed the model’s guardrails by framing every action as authorized; what Gambit Security documented wasn’t AI assistance, it was AI as the operational team. https://www.securityweek.com/hackers-weaponize-claude-code-in-mexican-government-cyberattack/​

SolarWinds Serv-U Has Four Critical RCE Flaws Waiting for a Patch Four CVSS 9.1 vulnerabilities in Serv-U 15.5 allow root code execution through broken access control, type confusion, and IDOR; none are confirmed exploited yet, but Serv-U has a documented history of rapid weaponization by state actors. Update to version 15.5.4. https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html​

Chrome’s Gemini Panel Had a Privilege Escalation Flaw Worth Patching CVE-2026-0628, rated CVSS 8.8, let a malicious Chrome extension with basic declared permissions inject code into the privileged Gemini Live side panel and access the victim’s camera, microphone, and local files without consent. Patched in Chrome 143.0.7499.192 in January; confirm your enterprise fleet is current. https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html?utm_source=SecurityConscience.comhttps://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html

Wrapping it up

The Veracode number that should stay with you isn’t 82%. It’s 243 days. That’s how long known vulnerabilities sit open on average before they’re fixed, in organizations with full visibility into the flaw. The gap between knowing about a risk and doing something about it is almost a full calendar year. Security programs have built strong detection and identification capability. The governance side (ownership, funding, escalation, accountability) has not kept pace, and most boards don’t yet have the metrics to see it.

This week’s other stories layer that problem into different parts of the stack. Developers trusted that local was protected without verifying the architecture. Browser policy enforcement didn’t account for a new AI component added months after the rules were written. An attacker convinced a model to execute a government compromise by framing every step as authorized. None of this requires sophisticated tradecraft. It requires finding the gap between what a system was designed to handle and what it’s actually running today.

The most useful question coming out of this week isn’t what to patch. It’s what parts of your security program are operating on assumptions you wrote down two or three years ago and haven’t revisited. Security debt accumulates in code. It accumulates in governance assumptions too, and that kind tends to age a lot longer than 243 days.