Prime Cyber Insights: Google AI Secrets Theft Conviction and a SmarterMail RCE Under Active Exploitation

[00:00] Aaron Cole: I'm Aaron Cole, and this is Prime Cyber Insights, fast-focused updates on the risks shaping [00:07] Aaron Cole: security decisions right now. [00:09] Lauren Mitchell: I'm Lauren Mitchell. [00:11] Lauren Mitchell: Coming up today, a major insider risk conviction tied to AI infrastructure trade secrets and [00:18] Lauren Mitchell: some urgent smarter male vulnerabilities, including an unauthenticated RCE and another [00:25] Lauren Mitchell: flaw that's already being exploited in the wild. [00:27] Aaron Cole: First story, the Department of Justice says a former Google engineer, Lin Wei Ding, also known as Leon Ding, was convicted on multiple counts of economic espionage and theft of trade secrets after taking more than 2,000 confidential AI-related documents. [00:45] Lauren Mitchell: And the details here really matter. Prosecutors say the stolen material covered Google's AI [00:53] Lauren Mitchell: supercomputing data center infrastructure, cluster management software, systems that support [00:59] Lauren Mitchell: model training and operations, and specifics around custom TPU architecture, GPU systems, [01:06] Lauren Mitchell: orchestration software, and even smart NIC networking components. [01:10] Aaron Cole: This is the insider risk scenario a lot of AI heavy companies lose sleep over. [01:17] Aaron Cole: A trusted engineer with legitimate access, pulling high-value engineering docs, then linking that work to outside affiliations. [01:25] Aaron Cole: In this case, the DOJ points to connections to China-based entities and a startup reportedly founded while still employed. [01:34] Lauren Mitchell: Operationally, the takeaway is pretty blunt. [01:38] Lauren Mitchell: Classic prevent exfiltration controls struggle when the person is authorized. [01:43] Lauren Mitchell: So you need layered signals like unusual bulk access in sensitive repos, [01:49] Lauren Mitchell: anomalous document syncing to personal cloud storage, [01:53] Lauren Mitchell: and patterns like converting internal content into alternate formats to slip past controls. [01:59] Aaron Cole: Exactly. And it's also a reminder that insider risk isn't just HR policy. [02:05] Aaron Cole: It's engineering reality. Who can access what, how often, from where, and what normal looks like when someone is working on Crown Jewel systems. [02:16] Lauren Mitchell: Yeah, and if you're building or running large-scale AI infrastructure, you're talking about strategic IP. [02:24] Lauren Mitchell: Losing design docs for orchestration, networking, or accelerators can translate into years of advantage disappearing overnight. [02:33] Lauren Mitchell: Right. [02:33] Aaron Cole: All right, switching to the immediate fix-it item, SmarterMail. [02:38] Aaron Cole: SmarterTools patched a critical, unauthenticated remote code execution bug, CVE-2026-24423, [02:47] Aaron Cole: with a CVSS of 9.3. [02:50] Aaron Cole: The issue is in the connect-to-hub API method and can lead to OS command execution if it's [02:56] Aaron Cole: pointed at a malicious HTTP server. [02:59] Lauren Mitchell: And this isn't just theoretical. [03:02] Lauren Mitchell: Build 9511 also patches CVE-2026-3760, another 9.3, and that one is already under active exploitation. [03:15] Lauren Mitchell: If you run SmarterMail on-prem, treat this as Patch Now, Verify Exposure, and Review Logs. [03:23] Aaron Cole: There's a third angle too. [03:25] Aaron Cole: CVE-2026-25067 is a path coercion issue that can trigger outbound SMB authentication, [03:34] Aaron Cole: which opens the door to credential coercion and NTLM relay attacks. [03:38] Aaron Cole: That's patched in build 9,518 and it matters a lot if the server can reach attacker-controlled hosts. [03:46] Lauren Mitchell: So, the playbook is straightforward. [03:49] Lauren Mitchell: Update to the latest Smarter Mail build, make sure internet-facing endpoints are minimized, [03:55] Lauren Mitchell: and add egress controls, especially blocking unnecessary outbound SMB from server subnets. [04:02] Lauren Mitchell: then go hunting, suspicious connect to hub calls, odd outbound SMB attempts, and unexpected child processes. [04:12] Aaron Cole: For sure. And when a bug is unauthenticated and you've got active exploitation on a related issue, the clock moves fast. [04:20] Aaron Cole: If SmarterMail sits anywhere near your core mail flow or identity systems, treat it like a high-impact incident until you've patched and checked for signs of compromise. [04:30] Lauren Mitchell: One more practical note. After patching, don't stop at we're updated. Validate what was exposed. [04:38] Lauren Mitchell: Confirm what was reachable from the internet and make sure your logs are actually retained long enough to answer the question, [04:47] Lauren Mitchell: did anything happen before we got the fix in place? [04:51] Aaron Cole: To close the loop, the Google case is a reminder that AI infrastructure is strategic IP, [04:58] Aaron Cole: and insider risk needs real investment. [05:01] Aaron Cole: SmarterMail is the reminder that classic perimeter services still get hit hard and exploitation [05:07] Aaron Cole: windows keep shrinking. [05:09] Lauren Mitchell: That's Prime Cyber Insights. [05:12] Lauren Mitchell: For the latest episodes and notes, head to pci.neuralnewscast.com. [05:18] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed. [05:22] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com.