ClearSignal — May 13, 2026

Defense and federal agencies are navigating three converging pressures: massive AI adoption in operations driving both capability breakthroughs and security vulnerabilities, critical procurement reversals that signal Pentagon responsiveness to Congressional oversight, and escalating cyber threats exploiting AI/ML supply chains. These dynamics demand immediate attention to security architectures, budget transparency, and operational risk management as AI becomes embedded in mission-critical systems.

Top 3

‘Insatiable appetite’ for AI: Maven usage surged for strikes on Iran, Pentagon AI chief says — Pentagon AI consumption reached 20 billion tokens daily during Operation Epic Fury, coordinating 13,000 airstrikes and demonstrating unprecedented operational AI dependency. This massive scale reveals both the military’s ‘insatiable appetite’ for AI capabilities and the critical need for secure, resilient AI infrastructure to support high-tempo combat operations. — breaking-defense
Hegseth says E-7 Wedgetail ‘has a future,’ reversing planned cancellation — Defense Secretary Hegseth reversed the E-7 Wedgetail cancellation following lawmaker pressure, signaling the Pentagon’s willingness to reconsider budget decisions under Congressional scrutiny. This reversal, combined with reconsideration of Army aircraft cuts, suggests volatile near-term procurement planning that contractors must monitor closely for opportunity and risk. — breaking-defense
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack — The Mini Shai-Hulud malware compromised hundreds of open-source packages across major registries in a sophisticated supply-chain attack that weaponized software updates. With federal agencies and defense contractors heavily reliant on open-source ecosystems, this attack pattern represents a critical vulnerability to mission systems and demands immediate supply chain security review. — cyberscoop

Competitive Landscape

In Russian military parade meant to project power, analysts see ‘real vulnerability’ — Defense analysts observing Russia’s recent military parade identified signs of ‘real vulnerability’ rather than projected strength, with Chatham House’s Timothy Ash noting ‘nervousness in Moscow about the sustainability’ of Russia’s military operations. The assessment suggests weaknesses in Russian military capabilities and readiness. — breaking-defense

Policy & Regulatory

Major world economies spell out key elements of AI ‘ingredients list’ — The G7 released guidance on key elements for AI ‘ingredients lists’ (Software Bill of Materials for AI), with experts noting the guidance is helpful but could use improvements. — cyberscoop
From strategy to structure: How federal agencies can build the organizational engine for AI at scale — Federal agencies face the challenge of building organizational structures that can implement the AI Action Plan while maintaining operational stability and enabling transformation at scale. — federal-news-network
Price tag for Iran war ticks up to $29B, not including base damage — The cost of military operations related to a conflict with Iran has risen to $29 billion, though this figure excludes damage to military bases and future construction needs. Pentagon comptroller Jules Hurst stated that estimates for military construction are not yet available due to uncertainty about future force posture. — breaking-defense
Golden Dome-style missile shield could cost up to $1.2T over 20 years, CBO estimates — The Congressional Budget Office estimates that the proposed Golden Dome missile defense system could cost up to $1.2 trillion over 20 years. CBO noted it is ‘impossible’ to provide a precise cost estimate because DoD has not disclosed detailed architecture plans for the system. — breaking-defense
Congressman launches inquiry into how food retailers use surveillance pricing — A congressman has launched an inquiry into food retailers’ use of surveillance pricing and variable pricing based on consumer data. The investigation focuses on consumer awareness concerns, particularly regarding how online shoppers’ data is being used to set prices. — the-record

Agency & Mission Activity

Here’s how NIST is teeing up guidance for securing AI — NIST is developing AI security guidance by adapting its influential 800-53 and Cybersecurity Framework standards, which have established global IT security foundations, to address AI-specific risks. — federal-news-network
US, close allies creating joint ‘orbital warfare’ plan: SPACECOM chief — SPACECOM Commander Gen. Stephen Whiting announced the US and close allies are developing a joint orbital warfare plan, and SPACECOM will conduct quarterly table-top exercises with commercial industry throughout the year. The initiative aims to strengthen space domain awareness and coordination with allies and industry partners. — breaking-defense
Inside the Pentagon’s latest ‘alien’ files, plus driving a CV90 in northern Sweden — The Pentagon released a new tranche of declassified files on Unidentified Anomalous Phenomena (UAP), covered in a Breaking Defense podcast episode that also features a visit to a northern European training facility. The release continues DoD’s ongoing UAP transparency efforts. — breaking-defense

Technology Trends

‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack — The ‘Mini Shai-Hulud’ malware campaign compromised hundreds of open-source packages across major registries in a sophisticated supply-chain attack that weaponized the software update process by hiding behind legitimate-looking release signatures. — cyberscoop
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical — Microsoft’s May 2026 Patch Tuesday addressed 137 vulnerabilities including 13 critical ones, with the high volume reflecting AI models being deployed to discover previously undetected code defects. — cyberscoop
Google and Amnesty International teamed up to make it harder for spyware vendors to hide — Google partnered with Amnesty International to launch Intrusion Logging for Android, the first major device vendor feature designed to aid forensic detection of sophisticated spyware threats. — cyberscoop
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang — Foxconn confirmed a cyberattack claimed by the Nitrogen ransomware gang, with North American factories working to resume normal operations. — bleeping-computer
Webinar: Fixing the gaps in network incident response — An upcoming webinar discusses how automation and AI-assisted workflows can help IT teams improve network incident response coordination and reduce downtime across disparate systems. — bleeping-computer
Signal adds security warnings for social engineering, phishing attacks — Signal messaging app has rolled out new in-app security warnings and confirmations designed to protect users from phishing and social engineering attacks that could enable fraud. — bleeping-computer
When AI becomes the insider: Rethinking federal risk in 2026 — Federal insider risk programs must expand beyond human threats to secure AI systems and the broader technology ecosystem supporting government missions in 2026. — federal-news-network
Patch Tuesday, May 2026 Edition — Major software makers including Apple, Google, Microsoft, Mozilla, and Oracle are patching near-record volumes of security vulnerabilities in May 2026, many discovered using AI platforms. The increased use of AI for vulnerability detection is driving higher patch volumes and faster release cycles. — krebs-on-security
Why loyal wingman drones may be the future of global airpower — Breaking Defense launches new video series examining loyal wingman drones and manned-unmanned teaming as emerging capabilities in military aviation. The series focuses on how autonomous drones paired with manned aircraft may reshape global airpower. — breaking-defense
‘Insatiable appetite’ for AI: Maven usage surged for strikes on Iran, Pentagon AI chief says — Pentagon AI chief reports that DoD users consumed 20 billion tokens daily using Palantir’s Maven Smart System during Operation Epic Fury, which coordinated 13,000 airstrikes on Iran. The surge demonstrates what officials describe as an ‘insatiable appetite’ for AI in military operations. — breaking-defense
Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold — Microsoft has patched over 500 vulnerabilities in the first five months of 2026, putting the company on track to break its annual vulnerability record. The surge is attributed to an AI-driven patch wave, though exact counts vary based on whether Edge, Chromium, and mid-month fixes are included. — the-record
West Pharmaceutical warns of ransomware attack impacting business operations — West Pharmaceutical Services disclosed to the SEC that hackers breached its network on May 4, stole data, and encrypted systems in a ransomware attack. The incident is impacting the company’s business operations. — the-record
China’s ‘FamousSparrow’ APT Nests in South Caucasus Energy Firm — China-linked APT group ‘FamousSparrow’ has conducted repeated attacks against an Azerbaijani oil and gas firm, marking an expansion of targeting beyond the group’s typical focus on hospitality, telecom, and government sectors. The campaign represents escalating Chinese cyber operations in the South Caucasus energy sector. — dark-reading
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly — Threat actors in Latin America are using AI agents to automatically generate custom hacking tools during attacks targeting entities in Mexico and Brazil. This represents a significant evolution in automated cyberattack capabilities. — dark-reading
Hugging Face Packages Weaponized With a Single File Tweak — Security researchers discovered that Hugging Face AI model packages can be weaponized by manipulating a single tokenizer library file to hijack model outputs and exfiltrate data. This vulnerability affects widely-used AI/ML platforms. — dark-reading
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain — Hundreds of npm packages in the TanStack open source ecosystem have been infected by Mini Shai-Hulud, a self-propagating credential-stealing worm from threat group TeamPCP. This supply chain attack leverages the widely-used JavaScript package repository. — dark-reading
Risky Business #837 — GitHub Actions footgun claims TanStack — Risky Business podcast covers the TanStack compromise via GitHub Actions exploited by Mini Shai-Hulud worm, Linux privilege escalation zero-days, and CISA’s efforts to help critical infrastructure operators architect networks for offline operation. The episode also discusses Canvas elearning platform data breach extortion. — risky-business

Procurement & Opportunities

Trump-class Battleship will get same nuclear reactor as Ford aircraft carrier — The Trump-class battleship will use the same nuclear reactor as the Ford-class aircraft carrier, according to Chief of Naval Operations Adm. Daryl Caudle. The battleship will share several design features with the USS Ford. — breaking-defense
Hegseth: Pentagon is ‘taking another look’ at deep cuts to Army’s aircraft budget — Defense Secretary Hegseth stated the Pentagon is reconsidering proposed deep cuts to the Army’s aircraft budget following lawmaker concerns. The Army’s proposed budget included significant reductions to legacy helicopter procurement programs. — breaking-defense
Hegseth says E-7 Wedgetail ‘has a future,’ reversing planned cancellation — Defense Secretary Hegseth announced that the Boeing E-7 Wedgetail airborne early warning aircraft ‘has a future,’ reversing a previous cancellation decision by the Trump administration. The reversal came after pressure from lawmakers and what officials describe as a new mindset at the Pentagon. — breaking-defense
NCIS CYBER SECURITY REQUIREMENT — NAVSUP Fleet Logistics Center Norfolk has issued a sources sought notice for NCIS cybersecurity requirements under NAICS 541512 (Computer Systems Design Services) with responses due May 28, 2026. This represents potential upcoming Navy cybersecurity contracting opportunities. — sam-gov
Computer for Modeling, Simulation, and Artificial Intelligence in Additive Manufacturing — NIST is soliciting proposals for computer systems to support modeling, simulation, and artificial intelligence applications in additive manufacturing, with responses due May 27, 2026. — sam-gov
Cybersecurity and Privacy Support Services — USPTO issued a special notice for cybersecurity and privacy support services, with responses due May 28, 2026. — sam-gov

← Archive