Zscaler CXO Monthly Roundup | May 2026

Introduction

The CXO Monthly Roundup provides the latest Zscaler ThreatLabz research, alongside insights into other cyber-related subjects that matter to technology executives.

This month’s roundup includes a sneak peek into Zenith Live 2026, how attackers are abusing agentic ecosystems (including a malicious OpenClaw “DeepSeek-Claw” skill linked to Remcos RAT and GhostLoader), and my thoughts on how frontier AI models (Mythos and GPT 5.5 Cyber) are changing security testing.

Looking Forward: Zenith Live 2026

Join us at Zenith Live 2026, Zscaler’s flagship conference, happening June 8–11 in Las Vegas, Nevada (AMER) and June 15–18 in Vienna, Austria (EMEA). Zenith Live is the premier learning conference where experts converge to share the latest in Zero Trust networking and security to protect and enable organizations to thrive. 

If you are interested, Alex Philips, Peter Gerdenitsch, and I will deliver a mainstage keynote, “Stopping Cyber Attacks and Modernizing Security Operations”, at 9:45am June 10 in Las Vegas and June 17 in Vienna. We’ll share practical guidance on modernizing security operations to eliminate exposures and prevent attacks, with a focus on approaches best suited for the realities of cloud and AI-driven environments.

A sneak peek into Zenith Live 2026

Here’s what I’m most excited to share:

1. A demo of an autonomous, AI-driven attack - See how modern attacks can move from initial access to supply-chain impact, and what defenses matter most at each stage.
2. What we learned from testing powerful frontier AI models (Mythos & GPT 5.5 Cyber) - I’ll share takeaways from advanced model testing, along with my perspective and Alex’s and Peter’s views on real-world impact, including what security leaders should watch now versus later.
3. A look at cyber innovations across the Zscaler platform - See all the new cyber innovations across Zscaler’s platform covering endpoint enhancements, in-line detection capabilities, agentic security, SOC workflows, and more.
4. The launch of Zscaler’s Agentic SecOps product (with live demos) - Get a first look at how agentic capabilities can help security teams move faster, from investigation to containment, while improving consistency and resilience.

I look forward to seeing you there as we look ahead to the next phase of Zero Trust and AI-driven defense. 

• Register for Zenith Live - Las Vegas (AMER)

• Register for Zenith Live - Vienna (EMEA)

Malicious Skill Distributes Remcos RAT and GhostLoader

ThreatLabz published a technical analysis of a campaign that weaponized the OpenClaw framework by distributing a malicious “DeepSeek-Claw” skill. The skill’s installation instructions were crafted to trick AI agents (or unsuspecting developers) into executing hidden payloads, ultimately delivering malware such as Remcos RAT and GhostLoader.

After the skill is downloaded, the attack can branch into two infection paths depending on the operating environment and how the installation steps are run. One path leads to Remcos RAT (commonly on Windows), while the other delivers GhostLoader through a cross-platform, manual installation flow. The two infection paths are illustrated in the diagram below.

Execution path 1: Windows “automated” install → Remcos RAT

In the Windows path, the fake “DeepSeek-Claw” skill includes a command that automatically downloads and runs a malicious MSI installer. That installer abuses a legitimate GoToMeeting program to load a malicious DLL. From there, it disables some Windows security monitoring and launches Remcos RAT, giving the attacker remote control and the ability to steal data such as keystrokes and browser session cookies.

Execution path 2:  Manual / cross-platform install → GhostLoader

In the manual installation path (often used on macOS and Linux), the skill’s scripts trigger a hidden obfuscated Node.js payload during installation (for example via install.sh or npm install). This leads to GhostLoader, which focuses on stealing developer secrets, such as credentials, SSH keys, and cloud API tokens, and sending them to threat actor-controlled servers.

Zscaler Zero Trust Exchange Coverage – Zscaler Internet Access (Advanced Cloud Sandbox, Advanced Threat Protection, Advanced Cloud Firewall, SSL Inspection), Deception, Zscaler Private Access (AI Segmentation)

Security Testing with Mythos & GPT 5.5 Cyber

I recently wrote about a shift we’re seeing firsthand: frontier AI models like Anthropic’s Mythos and OpenAI’s GPT 5.5 Cyber are redefining security testing by connecting individual issues into real attack chains. 

To unlock the full potential of frontier AI in security testing, we created a framework organized around three core testing harnesses: Black Box Testing, Artifact & Code Repository Testing, and Gray Box & White Box Testing. Each harness is designed to mirror real-world attack and defense scenarios, as shown in the figure below.

Our model methodology 

Our testing showed that workflow has more impact than model choice. We got the best results when the model was used in a repeatable testing harness (discovery, planning, active testing, validation, triage, and remediation) rather than as an open-ended chatbot. Providing system architecture and a threat model reduced noise and improved precision, but context needs to be calibrated. Too little context can overstate severity, while overly prescriptive prompts can bias outputs toward known patterns and miss novel risks.

Our findings

The defining capability that separates new frontier AI models from conventional security tooling is multi-step reasoning. Rather than returning isolated findings, these models construct complete attack paths—connecting preconditions, privilege states, misconfigurations, and downstream exposures into chains that mirror how real adversaries actually operate. We pushed these models hard across the full spectrum of security capabilities. Below are the findings:

How security leaders can prepare

We developed these high-impact recommendations that go beyond active vulnerability management to start reducing your risks today:

• Hide your apps: Reduce your external exposure by moving your applications behind a Zero Trust Architecture like Zscaler Private Access. Attackers can’t breach what they can’t reach.
• Understand your assets and associated risks: Establish complete visibility of exposed and internal assets including AI assets. This is where Zscaler can help with AI Asset Management, Asset Exposure Management, External Attack Surface Management, and Unified Vulnerability Management, powered by AI.
• Prioritize deploying proactive defense with Deception: AI will use multiple paths to get to the action-on-objective stage and, in the process, inadvertently trigger carefully planted decoys in the environment. Zscaler customers can deploy our built-in Deception technology to auto-contain the asset or identity from accessing all real applications while capturing full activity in the decoy environment.
• Prioritize Zero Trust everywhere architecture: Apply Zero Trust consistently across remote and on-prem environments. Enforce user-to-application segmentation to prevent lateral propagation and reduce the blast radius from AI-driven attacks.
• AI red teaming and guardrails for your production models: Treat your production AI like a real attack surface. Protect it from prompt injection, toxic content, hallucinations, and model drift over time.
• AI-Powered Exposure Management:  Prioritize remediation and patching using Zscaler Exposure Management Remediation Agent for high risk areas (applicable to both external and internal assets).
   

Security is entering a phase where advantage comes from systems that understand exposure and reason across attack paths. Because of this, organizations should pair frontier AI with trusted context, disciplined testing harnesses, and Zero Trust architecture to move faster than attackers.

Zscaler Zero Trust Exchange Coverage – Zscaler Internet Access (Advanced Cloud Sandbox, Advanced Threat Protection, Advanced Cloud Firewall, SSL Inspection), Deception, Zscaler Private Access (AI Segmentation), Zscaler AI Protect, Zscaler Exposure Management (Asset Exposure Management, External Attack Surface Management, Unified Vulnerability Management)