Briefings Threat landscape Offerings AI governance Assurance Cloud Contact →
Cybersecurity risk and governance advisory · July 2026

Strategic
cybersecurity.
Trusted impact.

TeraType works with boards and executive teams navigating complex threat environments, regulatory change, and the governance demands of AI at scale.

Read the briefings Threat landscape
Governance depth
Programs built for how organizations actually operate
Regulatory clarity
EU AI Act, DORA, NIS2, CPPA — translated into action
AI security
Controls for models, agents, and inference infrastructure
Board reporting
Risk and control health without noise

Signals we track — July 2026

EU AI Act enforcement now active
Memory poisoning in LLM deployments
Critical
Agentic AI lateral movement
Critical
Model side-channel exfiltration
High
ISO 42001 procurement requirements
Rising
FTC AI deception enforcement
High
NHI credential sprawl
Critical
Aug 2
EU AI Act enforcement active
91%
Orgs with uncontrolled AI agent permissions
4.5h
Zero-day to active exploit median
9
EU frameworks requiring ISO 42001
July 2026 threat landscape

What changed this month

Patterns drawn from confirmed incidents, regulatory filings, and adversary intelligence published in July 2026.

Memory poisoning

Long-context LLMs are being poisoned through injected memory

Google DeepMind confirmed July 2026: attackers are injecting persistent false memories into long-context models. The poisoned context survives session boundaries and influences subsequent decisions without visible indicators.

EU AI Act live

Enforcement is active. The AI Office has opened its first investigations.

August 2 passed. The EU AI Office has opened formal investigations into three high-risk AI deployments. Organizations without Article 11 documentation, Article 14 oversight, and Article 72 monitoring are immediately exposed.

Side-channel exfiltration

Model weights are leaking through timing analysis in shared inference

Three enterprise AI deployments confirmed model weight extraction via timing side-channel attacks on shared inference infrastructure. An attacker with repeated API access can reconstruct proprietary model architecture without triggering standard security controls.

Q3 2026 threat index

Relative incident frequency — composite public intelligence

July 2026
Memory poisoning — 42 Agentic compromise — 38 NHI credential abuse — 31 Side-channel exfiltration — 22 Supply chain — 18
Q3 2026 threat index.
Executive intelligence

Briefings for boards and leadership

Written to inform. July 2026 edition.

AI securityJuly 2026
Memory poisoning in long-context LLMs: persistent attack across session boundaries

Google DeepMind's July 2026 research confirms that long-context language model deployments are vulnerable to persistent memory poisoning. Injected false context survives across sessions and influences model outputs invisibly — no anomaly fires in standard monitoring.

Why it matters. Applications relying on conversation history, retrieved documents, or persistent user context are all exposed. A single poisoned interaction can corrupt all subsequent outputs without the user or operator knowing.
Act. Implement context validation at ingestion. Treat retrieved memory and prior conversation history as untrusted input requiring sanitization before processing.
Ask your team. Which AI applications retain conversation history or user context across sessions? How is that context validated before it influences model outputs?
RegulationJuly 2026
EU AI Act enforcement began August 2. The AI Office has opened its first investigations.

Enforcement is no longer a future risk. The EU AI Office has opened formal investigations into three organizations with deployed high-risk AI systems lacking Article 11 technical documentation. Fines up to €35M or 7% of global turnover are in scope.

What the AI Office is checking. Investigators are requesting Article 11 technical files, evidence of Article 14 human oversight mechanisms, and Article 72 post-market monitoring records. All must be current and dated — not historical design documents.
Act. If you have not completed Article 11 documentation for high-risk systems, start immediately. Priority order: hiring, credit decisioning, biometrics, healthcare, law enforcement.
Ask your team. Which high-risk AI systems have complete, dated Article 11 technical files? Who is the named owner for each system's regulatory compliance?
AI securityJuly 2026
Timing side-channel attacks extract model weights from shared inference infrastructure

Three confirmed enterprise cases in July 2026 demonstrate model weight extraction through timing analysis on shared cloud inference endpoints. An attacker with sustained API access can reconstruct proprietary model architecture without triggering any standard security alert.

Why it matters. Proprietary fine-tuned models represent significant intellectual property investment. Side-channel extraction bypasses all logical access controls because the attack operates at the hardware timing layer, not the application layer.
Act. For high-value model deployments, evaluate dedicated inference endpoints or private cloud deployment. Request timing isolation guarantees from inference providers — not general security terms, but specific contractual commitments.
Ask your team. Which proprietary models run on shared inference infrastructure? What contractual protections cover model architecture confidentiality?
IdentityJuly 2026
CISA classifies agentic AI systems as critical infrastructure risk — NHI controls are mandatory

CISA's July 2026 advisory formally classifies AI agent deployments with access to critical systems as critical infrastructure risk components. Non-human identity controls are now a compliance expectation, not an optional hardening measure.

Why it matters. Organizations in critical infrastructure sectors now face regulatory expectations for agent identity governance. CISA's classification signals that regulators will scrutinize NHI controls the same way they scrutinize human identity controls.
Act. Build a complete non-human identity inventory. Classify every agent, service account, and API credential by privilege level and business owner. Apply just-in-time access and usage baselines with anomaly alerting.
Ask your team. How many machine identities exist across your cloud environments? What percentage have anomaly detection active? When was the last privilege review?
GovernanceJuly 2026
NIST SP 800-226 finalizes AI red-teaming guidance — what it requires in practice

NIST's final AI red-teaming guidance published July 2026 establishes expectations for adversarial testing of AI systems before deployment. It requires structured attack scenarios, documented findings, remediation tracking, and retesting — not one-time assessments.

Why it matters. NIST guidance shapes federal contracting requirements within 12 to 24 months. Organizations selling AI systems to government or regulated industries should treat SP 800-226 as an incoming procurement requirement.
Act. Establish an AI red-teaming function with documented methodology, defined attack scenarios covering prompt injection, model extraction, and behavioral manipulation, and a formal finding-to-remediation workflow.
Ask your team. Has any AI system been red-teamed with documented findings and verified remediation? Who owns AI red-teaming across the organization?
RegulationJuly 2026
FTC AI deception rule enforcement confirmed — material misrepresentation now actionable

The FTC confirmed enforcement authority under its AI deception rule on July 15, 2026. Material misrepresentation about AI system capabilities, human involvement in AI-driven decisions, and AI-generated content now exposes organizations to FTC action — not just reputational risk.

Why it matters. The rule applies to any representation about AI in consumer-facing products, marketing, and service delivery. Claims about AI accuracy, personalization, or human review that are inaccurate or misleading are now enforcement targets.
Act. Audit all consumer-facing claims about AI capabilities. Review marketing copy, product descriptions, and terms of service for accuracy. Establish disclosure standards for AI-generated content and AI-influenced decisions.
Ask your team. Are all public claims about AI system capabilities accurate and verifiable? Do customer-facing materials disclose when AI influences decisions?
What we do

Focused work for complex environments

Programs built for how organizations actually operate. Evidence that holds.

Executive vCISO and governance

Board-ready
  • Risk reporting with clear narratives boards can act on
  • Policies and control frameworks aligned to operations
  • ISMS and PIMS build-out, internal audit, certification support
  • M&A diligence for security, privacy, and AI programs

Assurance and compliance

Evidence
  • ISO 27001, 27017, 27018, and ISO 27701:2025 transition planning
  • SOC 2 readiness with continuous evidence and control ownership
  • PCI DSS 4.0 scope, segmentation, and Report on Compliance
  • HIPAA safeguards plus DPAs and BAAs aligned with practice

Threat, detection, and response

Operational
  • Curated detections and noise suppression across cloud and endpoint
  • Red teaming, purple teaming, and incident response playbooks
  • Post-incident reviews with owners and due dates that stick
  • Exercises that include executive decision-making
AI governance

Operational AI that stands up to review

Controls for inventories, gates, oversight, and monitoring. Built for enforcement.

Framework

ISO/IEC 42001 AI Management System

The international standard for AI governance. Defines scope, roles, lifecycle controls, and continuous improvement for AI systems.

Operating model Risk register Internal audit
Inventory and classification
Every AI system named, risk-tiered, and owner-assigned before production
EU AI Act Art. 6 · ISO 42001 §8
Intake gates
Test criteria, rollback rules, and change control for models and prompts
ISO 42001 §8.4 · NIST AI RMF
Post-market monitoring
Defined signals, drift detection, and a formal incident path
EU AI Act Art. 72 · ISO 42001 §9
Human oversight
Oversight mechanisms including automation-bias controls
EU AI Act Art. 14 · ISO 42001 §6
Technical documentation
Conformity files that the AI Office will actually accept
EU AI Act Art. 11-13 · GPAI
Third-party due diligence
Procurement controls for models, datasets, and AI-enabled SaaS
ISO 42001 §8.6 · NIS2
Assurance frameworks

Compliance in one view

Security and privacy frameworks

Traceable
  • ISO 27001, 27017, 27018, and ISO 27701:2025
  • SOC 2 Type II readiness and continuous control ownership
  • PCI DSS 4.0 and HIPAA safeguards aligned with practice

Cloud and SaaS assurance

Vendor risk
  • CSA CAIQ domains mapped to real control owners
  • Vendor risk, privacy, and AI obligations in one review cycle
  • Exit, return, and erase provisions tested not just documented

ISO 14001 and ESG

Supplier proof
  • Environmental and social metrics aligned with governance
  • Supplier expectations embedded in contracts and due diligence
  • Evidence for sustainability claims backed by verifiable data
Cloud security

Patterns across all four major platforms

Amazon Web Services Microsoft Azure Google Cloud Platform Oracle Cloud Infrastructure

Identity

  • Least privilege baselines including machine identities
  • Conditional access and time-bound elevation
  • Non-human identity governance and anomaly detection

Network

  • Egress control and deep packet inspection
  • Microsegmentation and service identity
  • Private connectivity safeguards

Data

  • Centrally managed encryption keys
  • Field-level protection and tokenization
  • Immutable backups with verified restore

Observability

  • Risk-focused rules and alert suppression
  • Optimized collection balancing cost and signal
  • Automated playbooks with human oversight gates
Executive reporting

Board reporting without noise

"Executive teams deserve reporting they can actually use. Not dashboards that describe activity without clarifying risk. Not compliance summaries that pass on paper while failing in practice."

TeraType

Risk and control health

  • Top risks with trend direction and accountable owners
  • Gap heatmaps that stay current
  • Exception discipline with dates

Compliance at a glance

  • ISO 27001, ISO 27701:2025, SOC 2, PCI DSS, HIPAA, ISO 42001
  • Evidence freshness and audit calendar
  • Change radar: EU AI Act, DORA, NIS2, FTC, CPPA

Cost and value

  • Spend aligned to risk reduction outcomes
  • Prioritization balancing control effectiveness and velocity
  • Tradeoffs documented and revisited at defined intervals
Contact

Speak with TeraType


We use your information only to respond. We do not sell personal data.

Privacy

Privacy notice

Effective date: July 1, 2026

Who we are

TeraType is a cybersecurity, privacy, and AI governance advisory firm.

Scope

This notice covers personal information we process when you visit this website or interact with us. Client data processed under contract is subject to the relevant DPA or BAA.

Information we collect

  • Contact details you submit.
  • Technical data including IP address and device details.
  • Business information you share about your organization.

How we use it

  • To respond to inquiries.
  • To operate and secure our site.
  • To comply with legal obligations.

Sharing

We do not sell personal information. We share limited data with service providers under confidentiality obligations.

Your rights

  • EEA and UK individuals may exercise access, rectification, erasure, restriction, objection, and portability rights.
  • California residents may request access, deletion, and correction.

Contact privacy@teratype.com to exercise rights. DPAs and BAAs available on request.