Policy Pulse - Issue #17 | Week of May 30, 2026

Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.

Top Story

Microsoft's "A Shared Responsibility" post invokes the Digital Crimes Unit against the Nightmare Eclipse zero-day drops, and the security community is not having it.

On May 27, 2026, the Microsoft Security Response Center published "A Shared Responsibility: Protecting customers through Coordinated Vulnerability Disclosure," responding to six zero-day exploits dropped over six weeks by a researcher operating as Nightmare Eclipse (also Chaotic Eclipse, Dead Eclipse): BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), YellowKey (CVE-2026-45585), GreenPlasma, and MiniPlasma, hitting core Windows components including Defender and BitLocker. Three of the six were confirmed exploited in the wild within days of release; CISA added RedSun (CVE-2026-41091) and UnDefend (CVE-2026-45498) to the KEV catalog on May 20 (Microsoft MSRC, TechCrunch).

The post's load-bearing line was the threat itself: "Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity, coordinating as needed with law enforcement around the world" (Windows Central, Notebookcheck). The researcher had publicly framed the dumps as retaliation for MSRC mistreatment on earlier private submissions: slow triage, opaque communication, and at least one demand for an exploit video before triage proceeded. Microsoft's response did not engage with that framing.

The reaction from named voices in the disclosure community has been overwhelmingly negative. Katie Moussouris, who built Microsoft's bug bounty program and helped codify the coordinated-disclosure framework Microsoft is now invoking, said the post's invocation of "responsible disclosure" was the first problem and the Digital Crimes Unit prosecution threat made it materially worse, predicting it would push researchers away from trusting MSRC (The Next Web). Kevin Beaumont called the situation a "dumpster fire of [Microsoft's] own making" and surfaced the SandboxEscaper precedent: Microsoft previously hired a researcher who had publicly dropped zero-day POCs against Microsoft products, behavior the MSRC blog now categorizes as criminal (Notebookcheck). Gabriel Landau and dozens of other Windows security researchers came forward with their own MSRC horror stories within 24 hours of the post (International Cyber Digest summary).

Why it matters for VDP: This is the highest-profile vendor-vs-researcher disclosure rupture since Mythos. The Digital Crimes Unit framing converts what should be a vendor-process complaint into a credible criminal threat, and named pioneers of coordinated disclosure are publicly disputing the vendor's claim to the framework. VDP operators with researcher-facing intake should expect inbound questions this week about whether their own program would respond to a frustrated researcher with prosecution language, and should have an honest answer ready.

Throwback: In Issue #15 we covered the structural asymmetry between frontier-AI consortium programs and independent researchers; this week shows the older, simpler asymmetry between a single vendor and a single researcher is still the one that breaks the loudest.

Featured Commentary

Casey Ellis, Coordinated, Until It Isn't (cje.io, May 17, 2026). Written eleven days before the MSRC post but reading like it was written in response to it. The core thesis: coordinated disclosure works when it works because researchers choose it, and we're approaching the day when it stops being rational for them, and we're not prepared. The triggering incident in the post was the Moksha / Citrix XAPI drop, but the structural argument generalizes cleanly to the Nightmare Eclipse situation: when vendors put all legal, reputational, and time costs on the researcher and respond to frustration with prosecution language, the goodwill that coordinated disclosure runs on evaporates. The post decomposes Moksha's action into four distinct decisions (going public; no embargo; withholding patches from the vendor; performative branding) and argues that conflating them lets vendors dismiss the legitimate ones along with the controversial ones. Required reading before forming a take on the MSRC post.

Upcoming Deadlines & Events

This Week in Policy

AI & Emerging Tech Security

• CAISI signs pre-deployment testing agreements with Google DeepMind, Microsoft, and xAI. On May 5, 2026, the Center for AI Standards and Innovation announced new agreements bringing its frontier-model pre-deployment evaluation program to five labs (joining existing partners Anthropic and OpenAI). Testing covers cyber, biosecurity, and chemical risks, with some evaluations performed in classified environments through the interagency TRAINS Taskforce (HPCwire, Nextgov). Why it matters for VDP: With five frontier labs now in pre-deployment evaluation, the early-warning pipeline for offensive cyber capability now sits primarily with the US executive branch. Non-government VDP coordinators still see capability disclosures only on the lab's release schedule, not the evaluator's.
• AISI publishes second positive end-to-end multi-step cyber-attack evaluation, this time on GPT-5.5. The UK AI Security Institute reported that OpenAI GPT-5.5 reached a similar level of cyber performance to the Mythos Preview AISI flagged in Issue #16, completing one of AISI's multi-step cyber attack simulations end-to-end (Palo Alto Networks, Cyber.gov.au). Why it matters for VDP: Two end-to-end successes in two evaluation cycles is no longer a single-vendor anomaly. Programs should expect AI-discovered vulnerability submissions at materially higher volume during the next 12 months.

Federal Strategy & Regulation

• CISA launches CI Fortify guidance for operating critical infrastructure through cyber conflict. Released May 2026, the guidance directs critical infrastructure entities, with priority for "defense critical infrastructure" tied to military operations, to invest now in isolation (disconnecting from third-party and business networks while sustaining essential service) and recovery capabilities. CISA plans targeted assessments of named-priority operators (CISA, Nextgov). Why it matters for VDP: Operators tightening isolation boundaries will face harder questions about how external researchers reach disclosure intake when business-network email and web forms are presumed unreliable. Out-of-band intake channels (signed PGP, signal-flag escrow, third-party coordinator) move from nice-to-have to operational necessity.
• CISA's Cyber AI Profile (NIST IR 8596) virtual working sessions ran April 28, May 5, and May 12. The preliminary draft's 45-day comment window closed January 30, 2026; NIST is now consolidating input ahead of an initial public draft later in 2026 (NIST CSRC, Global Policy Watch). Why it matters for VDP: The Profile is the first federal attempt to map CSF controls to AI-specific risks. VDP teams running AI products should track the next draft to align intake taxonomy and triage SLAs with whatever the Profile lands on.

CVE & Vulnerability Programs

• Three supply-chain vulnerabilities added to KEV on May 27. CVE-2026-8398 (Daemon Tools Lite trojanized signed installers, April–May 2026), CVE-2026-45321 (compromised @tanstack/react-query npm releases 5.67.0–5.67.2 affecting 2M+ downstream repositories), and CVE-2026-48027 (malicious Nx Console v18.95.0 on Visual Studio Marketplace and OpenVSX for roughly 36 minutes on May 19) (SC Media, Security Affairs). Federal remediation due June 10, 2026. Why it matters for VDP: All three are supply-chain compromises against developer tooling. Programs receiving "your installer is signed but malicious" reports should be prepared to triage code-signing-bypass workflows that defenders historically deprioritized.
• CVE Program funding extended through 2026; CVE Foundation reassesses scope. The January 21, 2026 CVE board meeting confirmed "no funding cliff in March" and operations extending well beyond the original 11-month MITRE bridge. The contract remains largely opaque even to board members, and the CVE Foundation, created during last year's near-shutdown, is reassessing whether to pursue alternative governance now that the immediate crisis has passed (CSO Online, BankInfoSecurity). Why it matters for VDP: Funding stability is not governance reform. Programs that depend on CVE for downstream coordination should not assume the single-point-of-failure problem is solved.

Legal & Researcher Protections

• UK National Security Bill confirms Computer Misuse Act reform; statutory defence covers ~0.4% of the UK cyber workforce. Announced in King Charles III's State Opening of Parliament on May 13, 2026 and expected in Parliament later this year, the bill is the first statutory defence for cybersecurity work since the CMA was enacted in 1990. As drafted, the defence is gated to British nationals holding active chartered accreditation from the UK Cyber Security Council, roughly 300 individuals out of a 69,600-person sector, and covers scanning for known vulnerabilities only. It explicitly excludes confirming a vulnerability is real, bug bounty work, academic research, independent and hobbyist research, professionals at smaller firms, and any activity by agentic AI tools (The Record, Computer Weekly). Jen Ellis called out the "misalignment between expectations and reality"; industry sources described the chartered-only structure as a "pay to play" model. Why it matters for VDP: A defence that covers 0.4% of the UK workforce and excludes bug bounty hunters does not solve the chilling-effect problem the reform exists to solve. UK-facing VDP programs should plan for the same legal risk calculus through 2027. Throwback: In Issue #15 we noted the UK CMA defence was still in drafting; this week confirms the shape, and the shape is the problem.
• Microsoft DCU framing escalates the US disclosure-criminalization question. See Top Story. The MSRC post's "criminal activity" framing for uncoordinated zero-day disclosure has no statutory backing in the US (no CFAA charge has been brought against a researcher solely for publishing PoC), but the threat itself is material because the precedent for vendor-driven CFAA referral exists.
• DMCA Section 1201 tenth triennial rulemaking expected to launch in June 2026. The current exemptions (including the security-research and AI-trustworthiness-research carve-outs) extend through October 2027, but the Copyright Office traditionally begins the next cycle 12-15 months before exemption expiry (Copyright Office, Finnegan IP Updates). Why it matters for VDP: This is the lever security researchers have for keeping legal cover on circumventing technological protection measures. Drafting collective comments early (rather than at the close-of-comment deadline) is the difference between renewal and expansion.

International Developments

• EU CRA conformity assessment bodies designated from June 11. The next CRA milestone is the activation of EU-wide product certification pathways, three months before the September 11 reporting obligations take effect for actively exploited vulnerabilities (European Commission). Why it matters for VDP: The 24-hour early warning and 72-hour full notification clock will land on every product manufacturer with EU customers in 100 days. VDP operators serving the EU market should be running tabletop exercises against the Single Reporting Platform timeline now.
• ENISA designated as EU CVE root; EUVD operational under NIS2. ENISA's European Vulnerability Database is now live and operating as the EU's coordinated-disclosure backbone, interoperating with the global CVE Program rather than forking it (ENISA, Industrial Cyber). Why it matters for VDP: Programs running EU-resident infrastructure now have a second authoritative vulnerability registry to coordinate with, with mitigation status fields the global CVE record does not capture.

Worth Reading

• Coordinated, Until It Isn't (Casey Ellis, cje.io): See Featured Commentary above. The clearest decomposition of the four-decisions-not-one structure of a public drop. Reads as if written for the MSRC post.
• Microsoft hits out over irresponsible vulnerability disclosure (Computer Weekly): The most-restrained UK trade-press writeup of the MSRC post and the community pushback, useful for an audience that needs the facts before the takes.
• Disgruntled 0-day hunter "humiliated" by Microsoft pledges "bone shattering drop" as Redmond calls cops (The Register): The opposite end of the tonal spectrum from Computer Weekly, capturing the researcher's stated motivation and the escalation dynamic, which the MSRC post largely elides.
• Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time (Help Net Security, interview with ENISA's Nuno Rodrigues Carvalho): The clearest articulation of why CVD-as-obligation lands on member states unevenly, and what ENISA expects to do about it through 2027.
• CISA's CI Fortify rewrites the disconnection playbook for critical infrastructure (Complex Discovery): The best plain-language read of what isolation-as-design actually means for an OT operator versus an IT-trained ear.

From the Archive

threats.disclose.io: the Research Threats archive is built for weeks exactly like this one.

disclose.io's open archive of legal threats against good-faith security researchers, a continuation of the work @attritionorg started, is maintained as a community-curated open-source repository so the ecosystem can document and learn from disclosure-gone-wrong cases in one place. The premise is simple: organizations sitting where Microsoft is sitting this week should be able to read what other organizations did, and what happened next, before deciding how to phrase their own response.

The Nightmare Eclipse / MSRC episode is exactly the kind of case the archive exists to capture: vendor sends prosecution-language response, community names harm, pioneers of the framework being invoked publicly dispute the invocation. The archive turns one-off incidents into ecosystem memory, which is the only thing that actually changes vendor behavior over time.

Researchers facing legal threats can find precedent, language, and contacts in one place rather than having to start from zero. The repo is community-maintained: submissions, corrections, and additions are welcome at github.com/disclose and via threats.disclose.io.

Friends of disclose.io

I Am The Cavalry: Hackers on the Hill returns June 16 in Washington, DC.

The all-volunteer initiative from I Am The Cavalry brings cybersecurity researchers and policymakers together for a single day inside the US Capitol. The 2026 day lands two weeks after the Computer Misuse Act draft surfaced in the UK and four weeks before the EU CRA Article 14 reporting clock starts; the policy surface area is unusually live this cycle.

Why it matters:

• Researcher-policymaker meetings are still the highest-yield single channel for moving committee-stage language on disclosure-friendly law
• The 2026 day is timed against an active US federal vulnerability disclosure agenda (CIRCIA implementation, KEV catalog evolution, ONCD coordination)
• Pairs with parallel "Hackers on More Hills" engagements that I Am The Cavalry is scaling regionally and internationally through 2026

Hackers on the Hill 2026: registration is open.

I Am The Cavalry has been the most durable connective tissue between the security research community and the US public-safety policy apparatus for the better part of a decade, and continues to be the model for how to run an unpaid, vendor-neutral policy day at scale.

Policy Pulse is a weekly bulletin from disclose.io. Keeping the security research community informed on policy that affects our work.

Have a tip or want to contribute? Reply to this email, reach out on Bluesky, or drop a comment in the community forum.