COGNOSCERE Daily Tech Review — Issue T100 · Wednesday, April 29, 2026

Or visit Intelligence Overview for deeper analysis.

ACTCISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV Catalog

CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog on April 28–29, 2026: CVE-2024-1708, a ConnectWise ScreenConnect path traversal flaw linked to Medusa ransomware delivery by China-nexus threat actor Storm-1175, and CVE-2026-32202, a Microsoft Windows Shell protection mechanism failure exploited by Russian APT28 in attacks targeting Ukraine and EU countries since December 2025. Federal civilian agencies must remediate both by May 12, 2026.

The Hacker News · Cybersecurity Incidents · Relevance: 0.9 · Source →

KEV, zero-day, ransomware, Windows Shell, ConnectWise, federal mandate, patch deadline, nation-state, APT28

ACTCritical GitHub Enterprise Server RCE Flaw Disclosed (CVE-2026-3854)

Researchers disclosed a critical command injection vulnerability (CVE-2026-3854, CVSS 8.7) in GitHub.com and GitHub Enterprise Server that allows an authenticated user with repository push access to achieve remote code execution via a crafted git push operation. The flaw was discovered by Google-owned Wiz in March 2026 and has since been patched by GitHub.

The Hacker News · Cybersecurity Incidents · Relevance: 0.9 · Source →

RCE, command injection, GitHub Enterprise, DevSecOps, patch, supply chain security

PREPAREMedtronic Confirms Data Breach After ShinyHunters Claims Theft of 9M Records

Medical device giant Medtronic confirmed unauthorized access to certain corporate IT systems following claims by the ShinyHunters cybercrime group, which alleged the theft of more than 9 million records containing PII along with terabytes of internal corporate data. Medtronic filed an SEC 8-K disclosure, stated no impact to products, patient safety, or operations, and removed itself from the group's leak site under unclear circumstances, with the breach investigation ongoing.

SecurityWeek · Cybersecurity Incidents · Relevance: 0.9 · Source →

data breach, PII, healthcare, SEC disclosure, extortion, medical device, HIPAA, cybercrime

PREPAREProofpoint Outlines Enterprise AI Security Controls Framework Amid Shadow AI Surge

Proofpoint disclosed that 68% of employees admit to using AI tools not approved by their employers, and outlined a three-pillar security framework covering unsanctioned AI tool access, AI agent deployment governance, and AI-to-enterprise-data connectivity risks. The company's Proofpoint Nexus detection platform uses data from across its systems to surface risk across users, data, and AI activity.

CRN Asia · Cybersecurity Policy · Relevance: 0.8 · Source →

shadow AI, AI governance, enterprise security, data loss prevention, agentic AI, insider risk, CISO

PREPAREEU AI Act High-Risk Enforcement Deadlines Set to Slip by 16 Months Following April 28 Trilogue Vote

A trilogue vote on April 28, 2026 advanced a proposal to delay enforcement of the EU AI Act's high-risk system obligations, moving the standalone high-risk AI systems deadline to December 2, 2027 and AI embedded in regulated products to August 2, 2028; formal adoption is expected by July 2026. The substantive compliance obligations—conformity assessments, technical documentation, and CE marking—remain unchanged, and organizations are advised to use the additional runway for genuine compliance preparation rather than treating the delay as relief.

Asanify · AI Regulation and Governance · Relevance: 1.0 · Source →

EU AI Act, compliance, regulation, high-risk AI, deadline, governance, Europe, Digital Omnibus

PREPAREGoogle Cloud Next 2026: Gemini Enterprise Agent Platform, 8th-Gen TPUs, and Agentic Security Unveiled

At Google Cloud Next 2026, Google announced the Gemini Enterprise Agent Platform to replace the standalone Vertex AI roadmap, treating AI agents as governed enterprise workloads with identity, policy enforcement, and observability controls. The event also featured two new eighth-generation TPU chips (TPU 8t for training at 121 ExaFlops per superpod and TPU 8i for inference), a new AI networking fabric, an Agentic Data Cloud architecture, and integration of Wiz's Cloud and AI Security Platform into Google's threat intelligence stack.

Virtualization Review · Agentic Systems · Relevance: 0.9 · Source →

cloud infrastructure, agentic AI, enterprise platform, TPU, AI security, Google Cloud, Gemini, Cloud Next

PREPAREAgentic AI Foundation Grows to 170+ Members as MCP Protocol Exceeds 110M Monthly Downloads

The Agentic AI Foundation, launched under the Linux Foundation in December 2025 by Anthropic, OpenAI, and Block, has grown to more than 170 member organizations in under four months—doubling CNCF's early membership pace—while Anthropic's Model Context Protocol has surpassed 110 million monthly SDK downloads and been deployed on more than 10,000 enterprise servers. Gartner forecasts that 40% of enterprise applications will embed AI agents by end of 2026, up from under 5% in 2025.

IntuitionLabs · Agentic Systems · Relevance: 0.9 · Source →

agentic AI, open standards, MCP, A2A, enterprise adoption, interoperability, Linux Foundation, orchestration

PREPAREState AI Laws – Where Are They Now? Colorado, New York, and California Governance Landscape in April 2026

Cooley's April 2026 analysis maps the fast-moving US state AI regulatory landscape: New York Governor Hochul signed RAISE Act amendments on March 27, 2026, shifting the law toward a California-style transparency and reporting framework; Colorado's AI law may be substantially revised with an effective date reset to January 1, 2027; and California's numerous AI laws are approaching their 2026 compliance effective dates without yet triggering enforcement activity. Companies operating across multiple states face an increasingly layered and inconsistent compliance environment.

Cooley LLP · AI Regulation and Governance · Relevance: 0.9 · Source →

AI regulation, state law, RAISE Act, Colorado AI Act, California AI, compliance, governance, frontier models

WATCHAnthropic Shifts to Per-Token Enterprise Billing as Agentic AI Breaks Flat-Rate Pricing Economics

CNBC reports that Anthropic has moved away from flat-rate enterprise subscriptions toward per-token billing after agentic AI workloads—which burn millions of tokens per session versus hundreds for conversation—broke the economics of fixed-price plans. Salesforce is pursuing a parallel shift to an 'agentic work units' metric, and both Anthropic and OpenAI are expected to pursue IPOs in 2026 where demand measurement will be central to investor scrutiny.

CNBC · Enterprise AI Adoption · Relevance: 0.9 · Source →

AI pricing, enterprise AI, agentic AI, per-token billing, IPO, AI economics, Anthropic, Salesforce

WATCHOrkes Raises $60M Series B to Scale AI Agent Workflow Orchestration Platform

Orkes, the agentic workflow orchestration platform founded by the original architects of Netflix's Conductor system, raised $60 million in a Series B round led by AVP with participation from Prosperity7 Ventures, Nexus Venture Partners, Battery Ventures, and Vertex Ventures US, bringing total funding to approximately $90 million. The company has tripled its customer base since its 2024 Series A and serves enterprises including JP Morgan Chase, Quest Diagnostics, Twilio, and LinkedIn, targeting the gap between AI pilots and production-grade agent deployments.

Business Wire · AI/ML Tooling and Frameworks · Relevance: 0.9 · Source →

funding, Series B, AI orchestration, agentic AI, enterprise software, workflow automation, production AI, MLOps

WATCHAnthropic and Infosys Collaborate to Deploy Claude AI Agents for Telecom, Financial Services, and Manufacturing

Anthropic and Infosys announced a collaboration integrating Claude models and Claude Code with Infosys Topaz to build production-grade AI agents for regulated industries including telecommunications, financial services, and manufacturing, with an emphasis on governance, compliance reviews, and legacy system modernization. The partnership extends Anthropic's enterprise reach in India and positions Claude as the only frontier model available on all three major cloud platforms: AWS Bedrock, Google Cloud Vertex AI, and Microsoft Azure.

Anthropic · Enterprise AI Adoption · Relevance: 0.8 · Source →

enterprise AI, regulated industries, telecom, financial services, manufacturing, agentic AI, legacy modernization, Claude

WATCHPwC April 2026 C-Suite Outlook: Executives Embed Volatility Into Strategy as 87% Anticipate Higher Business Taxes

PwC's April 2026 survey of 633 US executives found that 87% expect US fiscal pressures to drive business tax increases and are already planning for it, while 98% defaulted to at least one defensive response when facing major disruptions—revealing that even confident executives remain more reactive than proactive under adversarial conditions. The report identifies strategic execution as the primary differentiator, with leading firms moving to embed geopolitical and policy volatility directly into long-term planning frameworks.

PwC · Strategic Planning Tools · Relevance: 0.8 · Source →

C-suite, executive strategy, geopolitical risk, tax policy, strategic planning, decision-making, volatility, enterprise leadership

WATCHAI Model Risk Management Market Growing by $1.16B in 2026, Driven by Regulatory Scrutiny and Algorithmic Bias Concerns

The global AI model risk management market is projected to grow from $7.17 billion in 2025 to $8.33 billion in 2026 at a 16.2% CAGR, driven by increased enterprise AI adoption, heightened regulatory scrutiny, rising incidents of algorithmic bias, and the expansion of digital decision systems, according to a Research and Markets report. The market is expected to reach $15 billion by 2030 as mandatory AI compliance regulations and generative AI deployments accelerate demand for model validation, monitoring, explainability, and governance tools.

Globe Newswire · Risk Assessment Technology · Relevance: 0.8 · Source →

AI risk management, model governance, explainability, regulatory compliance, enterprise AI, market growth, AI auditing