Reading scan time: 6 minutes
Listen time: 6 minutes
​

Your Friday Five:

Every week our team rips through 200+ insurance, legal, regulatory, and market-risk articles so you don't have to!

Three reasons to read this week...

• Regional and mutual insurers: Google just intercepted the first cyberattack built entirely by AI. It targeted the same open-source code your TPAs and core system vendors build on. Inside: what it targeted, how they caught it, and the one question to ask your top three vendors before your next renewal meeting.
  ​
• MGAs: A worm infected nearly 800 software components that your binding authority platforms likely depend on. Inside: why most cyber and E&O policies were not written to cover a supply chain event like this, and three specific policy sections to check this week.
  ​
• Insurtechs: The NAIC already built the regulatory framework that requires your carrier partners to oversee your cybersecurity posture. Inside: the Model #668 checklist, the fines, and what your carrier clients will be asking you to prove.

Prefer to listen? Check out the audio version.

Your Vendors Are the Target Now, Not You

Summary

Google just confirmed a first: a criminal group used AI to find and build a zero-day exploit.

A zero-day is a flaw in software that nobody knows about yet. Not the company that built it, not the security teams watching it. These flaws are valuable. State actors and criminal groups have paid millions to acquire them. What changed this week is that AI found one on its own.

The target was a login bypass in a widely used, open-source web admin tool. The code had every marker of AI output: structured notes, clean format, and a made-up severity score that does not exist in any real database. Google caught it and worked with the vendor to patch it before the mass attack could start.

Source: Google Threat Intelligence Group, GTIG AI Threat Tracker (May 11, 2026)

So what?

Google runs a full-time threat team with AI-driven defense tools.

That is why they caught it first. Most TPAs, core system vendors, and insurtechs serving regional insurers do not have that setup. They build on open-source code. Their software sits on the same libraries attackers can point AI at. And the Google report flagged a direct concern: attackers are already using software supply chain footholds to jump into broader networks and deploy ransomware. The entry point is your vendor's code.

The destination is your data.

The cost is concrete. A vendor-originated breach for a mid-size regional mutual can run $150,000 to $400,000 in defense and notification costs before the cyber tower responds. Stack two or three vendor events in a year and you are looking at 50 to 100 basis points on the expense ratio. That is the kind of cost AM Best is starting to ask about.

Underwriters are responding. We are seeing supply chain security questions on cyber applications, tighter sublimits on dependent business interruption, and increased retentions for accounts that cannot document vendor oversight. Carriers that show up to renewal without answers get different terms.

Monday morning, ask your top three vendors one question: have you run AI-level security scanning on the systems that touch our data? If the answer takes more than a sentence, raise it with your risk committee.

Source: LION Intelligence

If you want to grab a virtual coffee and discuss vendor risk, Book a 1:1 call with our team!

Your Cyber Policy Might Not Cover This

Summary

A worm called Shai-Hulud has been spreading through the software supply chain since September 2025.

A worm is malware that copies and spreads itself without anyone pressing a button. Unlike a virus that needs you to click a link, a worm moves on its own. It infects one system, steals credentials, and uses them to infect the next.

The numbers: nearly 800 poisoned software components. More than 20 million weekly downloads across affected packages. Over 500 developers with stolen logins posted to public pages. Cloud keys for AWS, Google Cloud, and Azure taken. The first wave led to roughly $50 million in crypto theft. Microsoft flagged a fresh resurgence on May 11.

Shai-Hulud is the infrastructure version of the attack. The Vercel breach from April 19 shows the human access version of the same logic. A Vercel employee was hacked through a third-party AI tool called Context.ai. The attack was not AI-powered. It was classic credential theft: malware infected a Context.ai employee, the attacker stole access tokens, walked into the Vercel employee's Google Workspace, and reached internal systems. Customer API keys and database logins were exposed. The stolen data appeared on BreachForums at $2 million.

The real story is that an AI productivity tool with too much access became the front door.

Sources: Microsoft Security Blog (May 11, 2026 update); Palo Alto Unit 42; Vercel Security Bulletin (April 2026)

The LION Lens

What happened — A worm infected nearly 800 software components downloaded 20 million times per week, stole cloud keys, and jumped to a second package library in one push (Microsoft, Palo Alto Unit 42, Check Point).

Why it matters — Regional insurers and mutuals outsource to TPAs, core system vendors like Guidewire, Duck Creek, and Majesco, and insurtechs. Those vendors build on public open-source libraries. One poisoned component in a TPA's claims system puts every carrier on that platform at risk. Most vendors cannot produce a real-time inventory (a software bill of materials, or SBOM) of every software component in their systems. If they cannot tell you what is in their code base, they cannot confirm whether they were exposed.

Practical implications — We saw this pattern with MOVEit in 2023. One vendor got hit and the fallout spread across hundreds of organizations including insurers. Shai-Hulud follows the same path but faster and self-copying. For carriers writing cyber, one supply chain event can trigger claims across dozens of insureds at once.

So what?

Your TPA's claims system, your policy admin platform, your agent portal.

They are all built on open-source code from public libraries. One of those libraries got poisoned nearly 800 times. You don't need to understand the technical details. You need to understand that your vendor probably does not know every piece of code running inside the tools you depend on. And neither do you.

The Vercel breach shows the human access version of the same problem.

An employee connected a third-party AI tool to their work account. The tool got hacked. The attacker walked through that connection into internal systems and customer data. It was an app with too much access. Ask yourself: how many third-party tools have your employees connected to corporate accounts?

What We're Telling Clients

Here's how we're advising clients:

Pull your cyber policy and read the vendor language. Most FI cyber forms were written for direct breaches. A supply chain event starts three layers removed from your network. Third-party software failure exclusions and sublimits for vendor-caused losses are common. Check before a claim forces the question.

Ask about the war exclusion. The Google report found state actors (China and North Korea) using AI for vulnerability research. Since Lloyd's Market Bulletin Y5381, most cyber policies carry standalone state-backed cyber attack exclusions. Attribution is rarely clear in real time. That uncertainty is a coverage risk. Map your cyber war exclusion against a vendor-originated, state-linked scenario before renewal.

Check your notification obligations now. If a vendor breach exposes customer data your firm holds, your state notification duties may trigger even though your own systems were not breached. Under Model #668, the 72-hour clock to notify your commissioner starts at discovery, not confirmation. If you believe your vendors may have been exposed, review your coverage position now.

This is exactly the kind of exposure that surfaces during a structured renewal review. If your program has not been stress-tested against vendor supply chain scenarios, that conversation should happen before renewal, not after a claim.

A note for MGAs: If carriers are now required under Model #668 to oversee their third-party vendors, and you hold binding authority, the compliance burden flows downstream to you. A supply chain breach that compromises delegated data is not just a cyber claim. It is an E&O exposure with your capacity providers. Make sure your next E&O renewal addresses it.

If your team hasn't stress-tested your cyber or E and O program against a vendor supply chain event, we do that work with clients every day. Book a 1:1 call with our team.

The IMF Just Told Your Regulators to Pay Attention

Summary

The IMF warned on May 7 that AI-driven cyber risk now threatens the stability of the global financial system and called for board-level oversight, cyber stress testing, and tougher resilience standards.

Your regulators were already moving.

The NAIC's Insurance Data Security Model Law (#668) has been adopted in at least 28 states. It requires every licensed insurer to keep a written security program, investigate cyber events, notify the state commissioner within 72 hours, and oversee third-party vendors. That last part is the one most carriers have not fully built out. Under Model #668, you are on the hook for your vendor's cyber posture, not just your own.

At the Spring 2026 meeting, the NAIC adopted the intake form for a centralized Cybersecurity Event Notification Portal and is building a registry for vendors that provide AI models and data to insurers. The working group released amendment drafts focused on AI use and third-party data.

Sources: IMF Blog (May 7, 2026); NAIC Model #668 adoption map; Alston & Bird NAIC Spring 2026 recap (April 2, 2026)

So what?

When the IMF labels something a systemic risk, domestic regulators follow. The NAIC is not waiting. They already built the framework.

For directors, the exposure is personal.

If a supply chain event hits your firm and the board cannot show it oversaw a cyber plan, the question shifts from "did we have good tech" to "did the board do its job." That is the Caremark test. Courts are widening its reach into areas where boards missed known risks (Marchand v. Barnhill in food safety). Cyber at financial firms is heading into the same zone.

Model #668 gives you the checklist: a written security program, a documented incident response plan, third-party vendor oversight with due diligence on record, and a board review cycle with management reporting on cyber posture. If your firm cannot point to those things after a vendor breach, the gap becomes the evidence.

For CFOs: budget for this now.

Building a vendor oversight program that meets Model #668 typically runs $50,000 to $150,000 for a mid-size mutual, depending on how much is already in place. That is far cheaper than defense costs, regulatory fines (up to $50,000 per violation in some states), and the fallout from being caught without a plan.

Before your next board meeting, ask one question: can we produce a written cyber resilience plan that covers vendor supply chain risk? If the answer is no, that is the agenda item. Model #668 is not coming. It is here.

The Bottom Line

AI is shrinking the window between finding a flaw and using it. The software supply chains your firm depends on were built for a slower threat world. The IMF called it a systemic risk. The NAIC already built the regulatory framework to hold you accountable for it.

The board question is no longer whether to invest in cyber resilience. It is whether you can show you already have.

In Case You Missed It!

In Wednesday's Intelligence Brief we partnered with our friends at Nationwide's FI team and dove into the other side of the AI threat coin: social engineering.

"The Bad Guys Have New Social Engineering Superpowers" breaks down how AI-generated deepfakes, voice clones, and hyper-targeted phishing are hitting financial institutions right now. The numbers are real: AI-generated phishing emails now achieve a 54% click-through rate, four and a half times higher than human-written scams. Vishing attacks surged 442% last year. One deepfake voice scam extracted $25.6 million from a single firm.

The piece includes a five-step defense framework, counter-AI protocols for 2026, and five board-ready questions including whether your Crime policy's social engineering sublimit contemplates AI-generated impersonation, and whether your verification procedures have been tested against a deepfake voice scenario in the last 12 months.

If this week's edition is about the software supply chain threat, Wednesday's piece is about the human one. And Jim Kardaras, head of Nationwide's Crime underwriting team, joins the series next to break down how social engineering is changing the underwriting conversation.

Read the full edition here or listen here​

Thank you for reading today's edition!

Want to share this edition via text, email or social media? Simply copy-and-paste the link below:

​https://lionspecialty.kit.com/posts/your-vendors-are-the-target-now-your-cyber-policy-may-not-cover-it​

And if this briefing was forwarded to you, subscribe directly here.
​

Stay Covered Out There Y'all,

FLIP

Founder and Managing Partner of LION Specialty

P.S. AI controls, vendor integration, and board oversight are stacking into the kind of multi-front exposure most companies never stress-test until a competitor moves first. Comment BLUEPRINT and we'll send you our D&O Contract Vigilance Blueprint, a 5-day email course on the policy gaps that only show up after a claim is filed.

Nothing in this briefing constitutes legal, technology, or vendor selection advice. These are the opinions of the founder. It's market intelligence designed to help you ask better questions of your advisors and make sharper decisions at your next insurance renewal.