Pall Mall Process consultation on CCIC guidelines
Public Sector Action
Summary
Hide ▲
Show ▼
The Pall Mall Process entered a second phase to gather industry input on what responsible behavior should look like for commercial spyware and zero-day exploit providers. The UK and France launched the initiative in 2024, and 27 governments plus companies including Google, Microsoft, Apple and Meta have signed on. The planned guidelines will complement the existing Code of Practice for States and aim to curb irresponsible use of commercial cyber intrusion capabilities (CCICs). The effort matters because the CCIC market spans VRED, malware creation, C2, hacking-as-a-service, and access-as-a-service, giving governments and vendors a shared framework for limiting harmful use.
Related Happenings
ICO releases five-step AI cyber guidance
Public Sector Action
First: 14.05.2026 12:00
Last: 14.05.2026 12:00
Sources 1
About this happening:
The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
ICO releases five-step AI cyber guidance
Public Sector ActionAbout this happening: The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
UK Cyber Resilience Pledge pushes board-level security and supply-chain hardening
Defensive Guidance
First: 13.05.2026 12:05
Last: 13.05.2026 12:05
Sources 1
About this happening:
The **UK government's Cyber Resilience Pledge** will launch later this year, giving organizations a concrete set of steps to strengthen defenses and reduce supply-chain risk. It a...
UK Cyber Resilience Pledge pushes board-level security and supply-chain hardening
Defensive GuidanceAbout this happening: The **UK government's Cyber Resilience Pledge** will launch later this year, giving organizations a concrete set of steps to strengthen defenses and reduce supply-chain risk. It a...
UK government cyber resilience funding and pledge
Public Sector Action
First: 22.04.2026 17:10
Last: 22.04.2026 17:10
Sources 1
About this happening:
**UK government** announced **£90m ($120m)** in cybersecurity funding and a new **Cyber Resilience Pledge**, aiming to strengthen **national cyber resilience**. The initiative was...
UK government cyber resilience funding and pledge
Public Sector ActionAbout this happening: **UK government** announced **£90m ($120m)** in cybersecurity funding and a new **Cyber Resilience Pledge**, aiming to strengthen **national cyber resilience**. The initiative was...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
CISA BOD 22-01 order for FCEB iOS patching
Public Sector Action
First: 23.03.2026 10:37
Last: 23.03.2026 10:37
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure devices against **DarkSword-linked iOS flaws**, tightening federal exposure to attacks that enabled **sandbox escape** and **remote co...
CISA BOD 22-01 order for FCEB iOS patching
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure devices against **DarkSword-linked iOS flaws**, tightening federal exposure to attacks that enabled **sandbox escape** and **remote co...
Timeline
-
03.12.2025 12:35 2 articles · 5mo ago
Pall Mall Process enters second-phase industry consultation
Industry Or Public Sector UpdateThe Pall Mall Process, launched in 2024 by the UK and France with 27 governments and companies including Google, Microsoft, Apple and Meta, moved into a second phase to gather views from the offensive cyber industry on responsible behavior for commercial spyware and zero-day exploit providers. The planned guidelines are meant to complement the Code of Practice for States and address the broader CCIC ecosystem, including vulnerability research and exploit development (VRED), malware creation, command and control (C2), hacking-as-a-service, and access-as-a-service.
Show sources
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35
- Pall Mall Process to Define Responsible Commercial Cyber Intrusion — www.infosecurity-magazine.com — 03.12.2025 12:35