AI risk brief - edition 2026-07-05

AI risk brief: CVE-2026-45659: Microsoft SharePoint Server

A client-ready and operator-ready brief generated from PAI Watch. It turns the public record into exposure checks, source links, and calm language for internal notes, client updates, board packs, and weekly risk reviews.

Brief body

What serious operators should hear this week.

The brief is organised by operational use: exploited items first, incidents second, then policy and model signals that can change advice, approved-tool lists, or risk posture.

Known exploited items to check first

CVE-2026-45659: Microsoft SharePoint Server

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

1 July 2026CISA Known Exploited Vulnerabilities Catalogknown exploitedAI stack
Review any AI workload, notebook, model-serving, or developer-tool exposure before relying on the affected component.

CVE-2026-48558: SimpleHelp SimpleHelp

SimpleHelp Authentication Bypass Vulnerability

29 June 2026CISA Known Exploited Vulnerabilities Catalogknown exploitedAI stack
Review any AI workload, notebook, model-serving, or developer-tool exposure before relying on the affected component.

CVE-2026-12569: PTC Windchill and FlexPLM

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

25 June 2026CISA Known Exploited Vulnerabilities Catalogknown exploitedAI stack
Review any AI workload, notebook, model-serving, or developer-tool exposure before relying on the affected component.

CVE-2026-20230: Cisco Unified Communications Manager

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

25 June 2026CISA Known Exploited Vulnerabilities Catalogknown exploitedAI stack
Review any AI workload, notebook, model-serving, or developer-tool exposure before relying on the affected component.

CVE-2025-67038: Lantronix EDS5000

Lantronix EDS5000 Code Injection Vulnerability

23 June 2026CISA Known Exploited Vulnerabilities Catalogknown exploitedAI stack
Review any AI workload, notebook, model-serving, or developer-tool exposure before relying on the affected component.

AI service incidents and outages

FedRAMP workspace functionality degradation

Multiple features in FedRAMP workspaces are experiencing issues: Codex, workspace analytics, conversation search, custom GPT search, ChatGPT user invites, and Compliance Logs Platform download endpoint. Core functionality has been restored but known ongoing issues remain under investigation.

1 July 2026Production AI public recordincident95%
Check dependency exposure, fallback plans, customer commitments, and incident communications tied to this provider or service.

Project status change failures in multiple regions

Compute capacity degradation affecting project restart and resize operations across 16 regions since June 30. Error rates are trending down with improved availability for smaller compute sizes. Upgrading to Postgres 17.6.1.121 or higher provides access to additional machine types.

30 June 2026Production AI public recordincident95%
Check dependency exposure, fallback plans, customer commitments, and incident communications tied to this provider or service.

IDE plugin supply-chain key theft pattern

Malicious IDE plugins exfiltrating API keys highlight a toolchain gap in MSP and enterprise AI security reviews.

19 June 2026Production AI public recordincident84%
Check dependency exposure, fallback plans, customer commitments, and incident communications tied to this provider or service.

Autonomous agent bankruptcy — DN42 operator cost overrun

Forensic record of an autonomous agent deployment that exhausted operator funds when spend governance and circuit breakers were absent.

18 June 2026Production AI public recordincident84%
Check dependency exposure, fallback plans, customer commitments, and incident communications tied to this provider or service.

Vendor policy and data-use changes

July 2026 Policy Change Watch edition

Monthly AI Data Use Index review: Cursor agent permissions documentation and GitHub Copilot policy pages checked; no material training-use reversals; permissions.json schema now on the public record.

1 July 2026Production AI public recordpolicy change84%
Review client-facing disclosures, data-use settings, procurement notes, and any AI policy language that references this vendor.

TensorZero repository archived after seed funding

TensorZero archived its public GitHub repository days after announcing seed funding, surfacing vendor-supply-chain risk for teams that pinned production dependencies on the OSS stack.

16 June 2026Production AI public recordsource change84%
Inspect the source trail and decide whether this record changes a control, vendor, or operational assumption.

Adobe Firefly — AI data-use disclosure

No customer-content training. Adobe says Firefly does not train on customer data and that Firefly uses commercially safe datasets such as licensed content and public-domain material.

15 June 2026Production AI public recorddisclosure82%
Review client-facing disclosures, data-use settings, procurement notes, and any AI policy language that references this vendor.

Canva — AI data-use disclosure

Depends on privacy settings. Canva says privacy settings control whether general usage data and User Content can improve AI-powered features, and that Canva Education User Content is not used for AI training.

15 June 2026Production AI public recorddisclosure82%
Review client-facing disclosures, data-use settings, procurement notes, and any AI policy language that references this vendor.
Exposure questions

Use these before writing advice.

These prompts stop the brief from becoming noise. Each question is attached to a source-backed item in the current watch board.

Question 1

Do we or any important client environments run Microsoft SharePoint Server, and is remediation tracked?

Question 2

Do we or any important client environments run SimpleHelp SimpleHelp, and is remediation tracked?

Question 3

Do we or any important client environments run PTC Windchill and FlexPLM, and is remediation tracked?

Question 4

Do we or any important client environments run Cisco Unified Communications Manager, and is remediation tracked?

Question 5

Do we or any important client environments run Lantronix EDS5000, and is remediation tracked?

Question 6

Does this incident affect a provider, dependency, customer promise, or operating assumption we rely on?

Action discipline

How to send it without hype.

The point is to help people inspect exposure. Do not imply impact until an environment, vendor, or control is actually in scope.

Rule 1

Check exposure before forwarding urgency to anyone else.

Rule 2

Record the vendor, product, owner, and remediation status for any affected environment.

Rule 3

Update AI tool advice where a vendor policy, data-use record, or public incident changes the operating picture.

Rule 4

Preserve the PAI source trail when turning this into an internal note, client brief, board update, or advisory.

Source trail

Every claim keeps its record link.

You can repackage the wrapper. You cannot remove the evidence trail.

ItemDateSourceOpen
CVE-2026-45659: Microsoft SharePoint Server1 July 2026CISA Known Exploited Vulnerabilities CatalogSource trail
CVE-2026-48558: SimpleHelp SimpleHelp29 June 2026CISA Known Exploited Vulnerabilities CatalogSource trail
CVE-2026-12569: PTC Windchill and FlexPLM25 June 2026CISA Known Exploited Vulnerabilities CatalogSource trail
CVE-2026-20230: Cisco Unified Communications Manager25 June 2026CISA Known Exploited Vulnerabilities CatalogSource trail
CVE-2025-67038: Lantronix EDS500023 June 2026CISA Known Exploited Vulnerabilities CatalogSource trail
FedRAMP workspace functionality degradation1 July 2026Production AI public recordSource trail
Project status change failures in multiple regions30 June 2026Production AI public recordSource trail
IDE plugin supply-chain key theft pattern19 June 2026Production AI public recordSource trail
Autonomous agent bankruptcy — DN42 operator cost overrun18 June 2026Production AI public recordSource trail
July 2026 Policy Change Watch edition1 July 2026Production AI public recordSource trail
TensorZero repository archived after seed funding16 June 2026Production AI public recordSource trail
Adobe Firefly — AI data-use disclosure15 June 2026Production AI public recordSource trail
Canva — AI data-use disclosure15 June 2026Production AI public recordSource trail
Keep the brief current

Use the record, not a stale newsletter.

PAI Watch is the live source. The AI risk brief is the translation layer for operators, founders, security teams, consultants, service providers, and anyone who has to explain what changed without pretending exposure is proven.

Saved watches

Tell us what to keep current.

Save a watch for vendors, tools, controls, vulnerabilities, or operating questions. The public record stays open. The saved watch tells us what should become an alert, brief, or evidence workflow for you.