The Lyceum: Cybersecurity Daily — Mar 13, 2026

Attackers are using AI to sort your stolen data like a paralegal prepping for trial — and a new study suggests ransomware payouts reversed two years of decline. Meanwhile, Iran-linked hackers disabled systems at a medical device giant, a Canadian outsourcer lost a petabyte of client data through a single reused credential, and researchers published what amounts to a threat model for the entire agentic AI surface. Friday the 13th is earning its reputation.

The "we don't pay ransoms" era just hit a wall. A new study from S-RM and FGS Global finds 24.3% of victim organizations paid ransoms in 2025 — up from 14.4% the year before, snapping a two-year decline. The relative increase is roughly 68% year-over-year in 2025. The report attributes the change not to better encryption but to more targeted extortion.

Ransomware crews are now feeding stolen files into AI systems that act as high-speed document reviewers, automatically ranking data by regulatory exposure, PR damage, and leverage value. Instead of a generic "we have your files," victims get messages like "we'll publish the board deck from your unannounced acquisition." Microsoft said in commentary on the report that AI didn't just make attacks cheaper — it made each stolen gigabyte dramatically more dangerous.

The implication for defenders is a painful pivot. "Do we have backups?" is no longer the right question. The right question is: "Do we know exactly what data they could leak, and can we model the blast radius before they do?" Expect insurers and boards to start asking exactly that.

Yesterday, Stryker reported a destructive intrusion. Today, the federal government showed up.

CISA formally launched an investigation after a pro-Tehran hacking group — Handala — sabotaged employee devices worldwide at Stryker, the $20B+ medical technology company. The group's logo appeared on employee login screens. CISA acting director Nick Andersen confirmed the agency is "working shoulder-to-shoulder" with public and private partners. In an SEC filing, Stryker called the incident "contained" but warned of ongoing "disruptions and limitations of access" to company systems.

A threat intelligence expert at Sublime Security called this "our first public example of Iranian cyber retaliation in the course of this conflict" — and added it's "unlikely to have been an isolated case." On the same day, Polish officials disclosed that Iran may have attempted to breach Poland's National Centre for Nuclear Research. The two incidents haven't been formally linked; the timing is notable, but officials have not attributed coordination.

One critical nuance for hospitals: Stryker has clarified that its Mako robotic-arm surgical system is not connected to the affected corporate network. That matters for regulators deciding whether elective procedures are safe to continue. Organizations with Israeli business ties, defense contracts, or dual-use technology should assume they could be of interest to Handala.

Here's the nightmare scenario for anyone who outsources customer support: the vendor you trusted just got comprehensively breached, and you might not know you're in the blast radius.

Telus Digital — the Canadian BPO giant that runs customer support, content moderation, and AI data services for companies worldwide — confirmed a breach after ShinyHunters claimed to have stolen nearly 1 petabyte (roughly a million gigabytes) of data. The attack chain is a masterclass in credential dominos: ShinyHunters found Google Cloud Platform credentials buried in data from the earlier Salesloft Drift breach, then used the open-source tool TruffleHog to scan that data for more credentials, pivoting deeper into Telus systems.

The alleged haul includes source code, FBI background checks, financial records, Salesforce data, and voice recordings of customer support calls for various companies. ShinyHunters demanded $65 million in February. Telus hasn't responded. The threat actor shared names of 28 well-known companies allegedly impacted, though BleepingComputer hasn't disclosed them pending verification.

If your company uses Telus Digital for anything — support, moderation, AI training data — assume your data may be in this trove until you hear otherwise.

If your organization is experimenting with AI agents — systems that can click buttons, call APIs, or move money — a new preprint from researchers including teams at Berkeley lays out just how exposed you are. The Attack and Defense Landscape of Agentic AI catalogs attacks that go far beyond prompt injection demos: agents tricked into exfiltrating secrets, manipulating financial workflows, escalating cloud permissions, and pivoting across APIs without touching a traditional exploit.

The key insight: agentic AI has an attack surface more like a small distributed system than a chatbot. The paper documents defenses — input sanitization, tool whitelisting, semantic firewalls, policy-aware planners — and argues most current deployments are missing multiple layers. Existing LLM alignment techniques don't reliably transfer to multi-agent contexts, where an attack can be split across agents so that no single one sees enough context to refuse.

This is a preprint, not peer-reviewed gospel. But the timing is urgent: multi-agent systems are being deployed into production faster than anyone is threat-modeling them.

An AI sorting your stolen board decks by embarrassment value like a sommelier pairing wines. An Iranian hacktivist logo staring back at you from your own login screen. A petabyte of customer support voice recordings floating somewhere between a $65 million ransom demand and a very quiet inbox.

A March 2026 DryRun Security report found 87% of AI-generated pull requests contained vulnerabilities, which means your fastest coder is also your most prolific vulnerability author — and it never takes a sick day.

Stay paranoid. It's Friday the 13th and it's earning it.

If someone you know is deploying AI agents without reading the threat model, forward this before they find out the hard way.