Enterprise ITSaturday, July 18, 2026· Fresh today

Cybersecurity Briefing: EU-UK Sanctions, GPT-5.6 Passkeys, Ransomware Trends

New EU-UK sanctions target Russian cyber operations, OpenAI mandates hardware passkeys for its advanced GPT-5.6 models, and Sophos reports that identity is now the primary initial access vector for ransomware attacks, surpassing exploited vulnerabilities.

Written by the Technology Tutor editorial pipeline from 1 primary source. How we source →

This week's cybersecurity news brings key updates on international cyber sanctions, evolving ransomware attack methods, and enhanced security requirements for advanced AI models. These stories underscore the dynamic and critical nature of enterprise IT security.

EU-UK Sanctions Target Russian Cyber Operations

The European Union and the United Kingdom have jointly imposed a new round of sanctions against Russia, targeting 24 individuals and entities. These sanctions address their alleged support for Russia's cyber operations, involvement in election interference, and disinformation campaigns against Ukraine Source.

Among the entities sanctioned is Russia's Federal Security Service (FSB) Centre 16, which the UK Government has formally attributed to a cyberattack on Poland's energy grid. John Hultquist, Chief Analyst at Google Threat Intelligence Group, noted that "FSB’s Center 16 is home to some of the most disciplined, sophisticated actors in the cyber espionage landscape." This marks the first joint cyber sanctions package between the UK and EU.

Why it Matters for Business Leaders:

Such sanctions reflect an ongoing effort to deter state-sponsored cyber warfare. Businesses operating internationally, especially those in critical infrastructure sectors, must be aware of geopolitical cyber threat actors and ensure their defenses are resilient against sophisticated, state-level attacks.

OpenAI Mandates Hardware Passkeys for Advanced AI Access

OpenAI has launched its GPT-5.6 family of models, promising enhanced performance. Alongside this, the company is implementing stricter access controls: hardware-backed passkeys will be mandatory for individual members of its Trusted Access for Cyber (TAC) programme to access its most capable models Source.

Starting September 1, 2026, TAC members must enable Advanced Account Security using a hardware-backed passkey. Those who do not meet this requirement will revert to default access. Jerrod Chong, CEO of Yubico, stated, "By requiring hardware-backed passkeys rather than sync passkeys or software-based alternatives, OpenAI is validating that our product is the best defense for account takeover."

Why it Matters for Business Leaders:

This move by OpenAI highlights the growing recognition of account security risks, particularly for access to advanced AI systems. For enterprises leveraging AI, adopting hardware-backed multi-factor authentication (MFA) becomes a crucial step in preventing account takeovers and protecting sensitive AI resources and data.

Sophos Report: Identity as Leading Ransomware Access Vector

Sophos has released its annual State of Ransomware report, surveying IT and cybersecurity leaders across 17 countries. The report reveals a significant shift in ransomware intrusion methods, with identity now accounting for 79% of initial access vectors (IAV) Source.

For the first time in four years, exploited vulnerabilities are no longer the most common root cause. Instead, malicious email (26%) and phishing (24%) have emerged as the top methods for initial access. This suggests cybercriminals are increasingly targeting human elements and user credentials.

Why it Matters for Business Leaders:

This trend underscores the need for businesses to prioritize identity and access management (IAM) solutions, strong authentication protocols, and comprehensive employee training on phishing prevention. Securing user identities and reducing human vulnerability are paramount in defending against ransomware.

Hitachi, OpenAI & Google Cloud Enhance Physical AI Security

Hitachi is expanding its partnerships with OpenAI and Google Cloud to tackle security challenges associated with physical AI deployments. Physical AI involves connecting data analysis and decision-making to autonomous control of devices and equipment in real-world environments Source.

Hitachi is deploying its Forward Deployed Engineers (FDE) model, which embeds software specialists directly with customers to support physical AI integrations and cybersecurity measures. These FDEs assist with identifying management challenges, building proof-of-concepts, and deploying projects into operations.

Why it Matters for Business Leaders:

As AI extends into physical operations, robust security becomes critical to prevent manipulation or compromise of autonomous systems. Businesses adopting physical AI solutions should ensure that cybersecurity is integrated from the design phase, considering the potential impact on both digital and real-world assets.

Broadcom Secures Standard Chartered with Private Cloud

Standard Chartered has partnered with Broadcom to deploy a private cloud infrastructure aimed at enhancing threat protection and adopting a Zero Trust architecture. This agreement highlights how global financial institutions are prioritizing security-first designs in response to escalating cyber threats Source.

The collaboration utilizes VMware Cloud Foundation (VCF) to standardize Standard Chartered's technology infrastructure across 54 markets. Broadcom, which acquired VMware in 2023, is positioning the VCF platform as a key component of its enterprise private cloud strategy.

Why it Matters for Business Leaders:

This move by Standard Chartered demonstrates a significant investment in resilient and secure cloud infrastructure. For enterprises considering private cloud solutions, this emphasizes the importance of platforms that integrate robust security features and support a Zero Trust model from the ground up, providing consistent protection across global operations.

Key takeaways

  • 01EU and UK impose joint sanctions on Russian entities for cyber operations, emphasizing global state-sponsored threat awareness.
  • 02OpenAI mandates hardware-backed passkeys for GPT-5.6 access, highlighting the need for strong identity security in AI applications.
  • 03Sophos reports identity-based attacks (malicious email, phishing) are now the top initial access vector for ransomware, surpassing exploited vulnerabilities.
  • 04Hitachi, OpenAI, and Google Cloud are collaborating to secure physical AI deployments, urging businesses to integrate cybersecurity into autonomous systems.
  • 05Standard Chartered adopts Broadcom's VMware Cloud Foundation for a security-first private cloud, showcasing a trend toward integrated Zero Trust architectures.

Frequently asked

How do the new EU-UK sanctions impact my business?+

If your business operates internationally or within critical infrastructure sectors, these sanctions highlight the persistent threat of state-sponsored cyberattacks. It's crucial to review your cybersecurity defenses against sophisticated actors and ensure compliance with international regulations.

Why is OpenAI requiring hardware passkeys for its AI models?+

OpenAI is implementing hardware passkeys to strengthen account security and prevent unauthorized access to its advanced GPT-5.6 models. This move signals the importance of robust multi-factor authentication (MFA) to protect sensitive AI resources from account takeovers.

What's the main takeaway from the Sophos ransomware report for my IT strategy?+

The Sophos report indicates that identity-based attacks, like phishing and malicious emails, are now the primary way ransomware gains access. Your IT strategy should heavily prioritize identity and access management (IAM), strong authentication, and continuous employee training to combat these threats.

How does physical AI security relate to my operations?+

As AI integrates with physical systems, securing these deployments becomes critical to prevent manipulation of autonomous equipment. Businesses adopting physical AI should ensure cybersecurity is embedded from the start to protect both digital assets and real-world operations.

What can I learn from Standard Chartered's private cloud initiative?+

Standard Chartered's move to a Broadcom-powered private cloud with a Zero Trust architecture demonstrates a commitment to security-first infrastructure. This approach offers enhanced threat protection and standardization, which can be a model for enterprises seeking to fortify their global operations against escalating cyber threats.

Sources

Every briefing is drafted from primary sources — official announcements, vendor blogs, and reputable industry reporting — then edited by our pipeline.

#cybersecurity#ai#ransomware#data security#cloud security
See all →

Free account

Want to go deeper?

Sign up free to unlock the full daily industry feed, save posts and articles to your library, and chat with the AI tutor about anything you read.