Just a quick reminder, The Exchange Daily is still free but will require you to subscribe at tie.metora.solutions. If you want more than Daily updates, the Exchange Weekly is your deep dive but requires a paid subscription. The end of year sale has been extended through the end of next week.
So, if you enjoy both the Exchange Daily newscast and the Exchange Weekly Indepth Newsletter, trade a single cup of coffee for a subscription each month at https://go.metora.solutions/New-Years-Special.
OpenAI updates ChatGPT Enterprise and Edu release notes (GPT-5.2 early access and custom GPT transition date)
OpenAI updated its ChatGPT Enterprise and Edu release notes with changes you should treat like a platform release, not casual product news. The update highlights GPT-5.2 early access for eligible workspaces and sets a dated transition that affects how teams create and manage custom GPTs. If your organization runs internal GPT catalogs or relies on GPT-based workflows, this is a good moment to tighten publishing controls, confirm ownership, and run a quick regression test plan against your highest-value use cases. The practical takeaway is simple: put the transition on your change calendar, communicate it to stakeholders, and make sure your governance and audit posture is ready before behavior changes land in production.
Sources:
Google Vertex AI grounding with Google Search clarifies billing and audit implications for Gemini 3
Google’s documentation on grounding with Google Search in Vertex AI is a reminder that higher quality, search-grounded answers also introduce metered external dependencies. That matters because it changes how teams forecast cost, set policy, and control what data is permitted to reach external search systems. For enterprise deployments, grounding should be treated as both a quality feature and a governance feature, with clear guardrails on prompts, query volume, and acceptable use. Teams that measure and cap usage will be better positioned to scale grounded experiences without surprise spend or compliance friction.
Sources:
2025-12-30 | https://docs.cloud.google.com/vertex-ai/generative-ai/docs/grounding/grounding-with-google-search
Vertex AI Agent Engine pricing change (Sessions, Memory Bank, Code Execution billing begins Jan 28, 2026)
Google’s Vertex AI release notes include a pricing change for Agent Engine that creates a concrete cost milestone. Starting January 28, 2026, Sessions, Memory Bank, and Code Execution will begin charging for usage, which impacts teams prototyping agentic workflows that rely on persistent memory and tool execution. This is the moment to shift pilots into a controlled cost model by separating test and production environments, adding usage alerts, and defining explicit retention and access rules for agent memory. Organizations that treat memory and code execution as premium capabilities, not defaults, will avoid runaway usage and keep unit economics predictable.
Sources:
FedRAMP 20x Phase 2 Cohort 2 proposal window (Jan 5 to Jan 9, 2026)
FedRAMP 20x Phase 2 continues, and the Cohort 2 proposal window runs from January 5 through January 9, 2026. For cloud vendors selling into government, this is a practical scheduling issue: evidence readiness, documentation quality, and staffing for continuous monitoring will determine whether participation is realistic. For agencies, it signals an effort to increase authorization throughput and reduce time-to-value for secure cloud capabilities. The smart move is to use the window to align internal resourcing, confirm boundary clarity, and make sure the security narrative is consistent across technical controls, documentation, and operational monitoring.
Sources:
2025-12-10 | https://www.fedramp.gov/blog/fedramp-20x-phase-2-is-here/
AI Talent Act (H.R. 6573) aims to create AI talent teams inside federal agencies
A bill introduced in the House, H.R. 6573, signals continued federal focus on building internal AI capability rather than outsourcing the entire operating model. The proposal centers on establishing AI talent teams to help agencies recruit and retain AI skills and support agency adoption. For federal IT leaders, it is a reminder to formalize AI roles, define career paths, and reduce single points of failure in AI programs. For industry partners, it suggests future procurements will increasingly favor vendors that can enable internal capability and knowledge transfer, not just deliver tools.
Sources:
Microsoft Incident Response warns of “imposter for hire” remote worker fraud as an access vector
Microsoft Incident Response published a case study describing how fake remote hires can become a direct path into enterprise environments. In this pattern, the attacker’s first step is not a phishing email or an exploit, but a successful onboarding process that grants trusted access. For security and HR leaders, the takeaway is to treat onboarding as a security workflow, with strong identity proofing, staged access, and close monitoring of early account activity. Organizations that increase verification rigor, tighten privileged access by default, and improve anomaly detection for new accounts will materially reduce this risk.
Sources:
2025-12-11 | https://www.microsoft.com/en-us/security/blog/2025/12/11/imposter-for-hire-how-fake-people-can-gain-very-real-access/
OPM publishes updated Guide to Telework and Remote Work in the Federal Government
OPM published an updated guide on telework and remote work in the federal government, reinforcing that remote work remains a core operating assumption. For federal IT leaders, policy refreshes like this often translate into tooling expectations, audit questions, and funding decisions tied to identity, endpoint security, and collaboration platforms. The practical response is to align technical controls with policy language, validate continuity plans for surge remote work, and ensure identity and device trust are consistently enforced for remote users. Treat it as a governance checkpoint that can drive operational readiness.
Sources:
2025-12-31 | https://www.opm.gov/policy-data-oversight/worklife/reference-materials/guide-to-telework-and-remote-work-in-the-federal-government.pdf
Federal Register notice withdraws parts of ONC “HTI-2” rulemaking package
A Federal Register notice withdrew parts of the ONC rulemaking package often referenced as “HTI-2,” which can change compliance assumptions and roadmaps for interoperability and health data technology programs. For healthcare CIOs and vendors, changes like this should be treated as formal change management: confirm what remains active, what is withdrawn, and how customer expectations may shift. For security leaders, any policy shift that touches APIs and data exchange can also change threat models and control requirements. The practical move is to review your roadmap, update your regulatory watchlist, and keep vendor partners aligned on what is required now versus what is likely next.
Sources:
Topics We’re Tracking (But Didn’t Make the Cut)
Dropped Topic: Late December CISA Known Exploited Vulnerabilities updates.
Why It Didn’t Make the Cut: We already ran a patch stack story yesterday, and there was no single new item today that clearly changed enterprise-wide priorities for this specific lineup.
Why It Caught Our Eye: KEV additions can create hard remediation deadlines that override normal patch cadence.
Dropped Topic: Additional vendor “top risks for 2026” outlook pieces.
Why It Didn’t Make the Cut: Most were commentary and recap rather than primary-source updates inside the last 48 hours.
Why It Caught Our Eye: Some contained useful planning heuristics for boards and budget cycles.
Quick Disclaimer and Sources Note: The author used AI in part to create this newscast. Our goal is to be transparent and show you how we sourced the info we used.
This newscast was developed using only public sources of information.
This update was assembled using a mix of human editorial judgment, public records, and reputable national and sector-specific news sources, with help from artificial intelligence tools to summarize and organize information. All information is drawn from publicly available sources listed above. Every effort is made to keep details accurate as of publication time, but readers should always confirm time-sensitive items such as policy changes, budget figures, and timelines with official documents and briefings.
All original content, formatting, and presentation are copyright 2026 Metora Solutions LLC, all rights reserved.
For more information about our work and other projects, drop us a note at info@metorasolutions.com.
Schedule a meeting with us at https://go.metora.solutions/Book-a-Meeting
