SAFE CHIPS Act moves to lock in AI chip export curbs to China
A bipartisan group of senators has introduced the SAFE CHIPS Act to harden export controls on advanced AI chips to China and other adversarial nations. The bill would block the administration from easing existing restrictions for thirty months and require Commerce to deny licenses for chips more advanced than those already cleared to ship.
For technology leaders, the message is that AI infrastructure planning cannot be separated from geopolitics. Access to top tier accelerators, and the pricing and timing of deployments, will remain constrained by policy choices rather than just vendor roadmaps. That reality strengthens the case for multi region, multi vendor strategies and for modeling scenarios where the most advanced hardware is in short supply or reserved for specific jurisdictions.
“No Robot Bosses Act” revived to rein in AI driven workplace surveillance and management
Lawmakers have revived the No Robot Bosses Act, a bill designed to put guardrails around AI systems that hire, monitor, and discipline workers. The proposal would add protections for job applicants and employees affected by automated decision systems, and it reflects growing concern about bias and opacity in workplace AI tools.
For CIOs, HR leaders, and legal teams, this is an early signal of how regulators will approach AI in the workplace. If your organization uses automated hiring screens, productivity analytics, or algorithmic scheduling, you should expect pressure for more transparency and formal accountability. A practical response is to inventory where these tools are already in production, document the data and logic behind them, and ensure there is a clear owner for fairness testing and appeals.
ServiceNow’s Veza deal turns identity into an AI era control plane
ServiceNow has announced a definitive agreement to acquire Veza, an AI native identity security platform built around an Access Graph that maps who and what has access across applications and data. The deal, reported at roughly one billion dollars, is aimed at strengthening ServiceNow’s role as an identity aware operating layer for security and operations.
For CIOs and CISO leaders, the acquisition is a clear sign that identity is becoming the control plane for agentic AI. As autonomous and semi autonomous agents start to initiate workflows and touch sensitive data, enterprises will need a unified view of human, machine, and agent identities. The strategic question is whether your current identity architecture can provide that view, or whether you will need to consolidate onto platforms that treat agents as first class principals.
Sources:
https://newsroom.servicenow.com/press-releases/details/2025/ServiceNow-to-Expand-Security-Portfolio-With-Acquisition-of-Vezas-Leading-AI-native-Identity-Security-Platform/default.aspx
https://www.securityweek.com/servicenow-to-acquire-identity-security-firm-veza-in-reported-1-billion-deal/
Modernizing Government Technology Reform Act would extend TMF through 2032
On the federal side, Senators Jerry Moran and Gary Peters have reintroduced the Modernizing Government Technology Reform Act to extend the Technology Modernization Fund through 2032. The bill is framed as a way to give agencies a stable vehicle for long term IT and cybersecurity modernization, not just short sprint projects.
For federal CIOs and integrators, this legislation represents the long runway counterpart to the near term TMF cliff. If it advances, agencies will have more confidence to design multi year transformations around zero trust, legacy retirement, and AI enablement. The practical move now is to align high impact projects with the kinds of investments TMF is meant to support and to be ready with strong business cases if and when a longer authorization becomes reality.
Sources:
https://www.moran.senate.gov/public/index.cfm/news-releases?id=24712D67-0046-47ED-A1DC-34FAA77B2994
Brickstorm backdoor shows hypervisors are now prime nation state targets
A new joint advisory from CISA, the National Security Agency, and the Canadian Centre for Cyber Security details the Brickstorm malware, a People’s Republic of China linked backdoor used for long term persistence in government and information technology environments. The campaign targets VMware vSphere and Windows systems, with at least one victim seeing continuous access for more than a year.
For infrastructure and security executives, Brickstorm is a case study in why the virtualization and management layers can no longer be treated as background plumbing. If an attacker owns your hypervisor, they can pivot across workloads, harvest credentials at scale, and quietly reshape the environment below your monitoring. Leaders should be asking for specific plans to harden vSphere, tighten segmentation around management networks, and deploy detection content tuned for attacks on the control plane itself.
Sources:
https://www.cisa.gov/news-events/alerts/2025/12/04/prc-state-sponsored-actors-use-brickstorm-malware-across-public-sector-and-information-technology
https://www.cisa.gov/news-events/analysis-reports/ar25-338a
https://www.reuters.com/world/china/chinese-linked-hackers-use-back-door-potential-sabotage-us-canada-say-2025-12-04/
Nuclear medicine tracking software flaws spotlight healthcare OT exposure
CISA has published a medical ICS advisory on Mirion’s EC2 NMIS BioDose software, which is used in nuclear medicine and radiology workflows. The advisory describes several high severity vulnerabilities that could allow attackers to modify program executables, access sensitive data, or execute arbitrary code within these clinical systems.
For healthcare CIOs, CISO leaders, and clinical engineering teams, the message is that medical operational technology belongs on the main cyber risk agenda. These platforms sit close to both patients and regulated materials, yet often fall into gaps between IT and biomed ownership. Addressing this exposure means building a real inventory, demanding software bills of materials and patch commitments from vendors, and ensuring segmentation and monitoring extend all the way into the clinical environment.
Sources:
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01
This update was assembled using a mix of human editorial judgment, public records, and reputable national and sector-specific news sources, with help from artificial intelligence tools to summarize and organize information. All information is drawn from publicly available sources listed above. Every effort is made to keep details accurate as of publication time, but readers should always confirm time-sensitive items such as policy changes, budget figures, and timelines with official documents and briefings.
All original content, formatting, and presentation are copyright 2025 Metora Solutions LLC, all rights reserved. For more information about our work and other projects, drop us a note at info@metorasolutions.com.
