France Reports Ransomware Drop as NIS2 Bites, Google Closes $32B Wiz Deal, LLM Guardrails Broken Wide Open
France's ANSSI confirms ransomware attacks on French organizations dropped significantly in 2025 — a signal that regulation-driven security investment is paying off. Meanwhile, Google completes its landmark $32 billion Wiz acquisition, reshaping cloud security compliance forever. Palo Alto's Unit 42 discovers that LLM safety guardrails can be trivially bypassed, raising urgent questions for EU AI Act compliance. And UK cyber-attacks are surging at four times the global rate.
📉 France's ANSSI Reports Ransomware Attacks Dropped in 2025
Regulation Impact: NIS2 · DORA · French National Cybersecurity Strategy
France's national cybersecurity agency ANSSI has released its annual threat report confirming that ransomware attacks on French organizations declined in 2025. Small and medium businesses remained the most targeted segment, but overall attack volumes dropped — a departure from the relentless upward trend of previous years.
The timing is significant. France was among the first EU member states to begin enforcing NIS2 requirements in late 2024, with mandatory incident reporting and risk management obligations taking effect for essential and important entities. ANSSI's report suggests that the combination of regulatory pressure, increased security spending, and improved resilience postures is starting to show measurable results.
What This Means for NIS2 Compliance
- Regulatory pressure works. France's data provides early evidence that mandatory cybersecurity requirements under NIS2 are driving tangible security improvements — a powerful argument for organizations still treating compliance as a checkbox exercise.
- SMBs remain the weak link. Despite overall improvements, small businesses continue to bear the brunt of ransomware attacks. NIS2's supply chain security requirements mean larger entities must now ensure their SMB partners meet minimum security standards.
- Incident reporting drives transparency. ANSSI's improved data quality is itself a product of mandatory reporting — organizations that previously handled breaches quietly are now contributing to the national threat picture.
⚡ DACH Takeaway
Germany's BSI and Austria's NIS authority should expect similar trends as their NIS2 transposition matures. Organizations in the DACH region still working toward compliance should treat France's results as validation that security investment under regulatory frameworks delivers measurable ROI.
☁️ Google Completes $32 Billion Wiz Acquisition — Cloud Security Landscape Shifts
Regulation Impact: DORA · NIS2 Cloud Provider Requirements · EU Data Sovereignty
Google has officially closed its $32 billion acquisition of Wiz, the largest cybersecurity deal in history. Wiz will operate within Google Cloud while maintaining its brand identity and multi-cloud support — a critical detail for European customers navigating DORA and NIS2 cloud provider requirements.
The deal fundamentally reshapes the cloud security compliance landscape. Wiz's Cloud Native Application Protection Platform (CNAPP) capabilities — spanning vulnerability management, misconfigurations, identity risks, and runtime threats — are now backed by Google's infrastructure and data sovereignty investments in Europe.
Regulatory Implications
| Framework | Impact |
|---|---|
| DORA | Financial entities using Google Cloud gain integrated ICT risk management tooling. Third-party risk assessments for cloud providers become more complex with consolidated security stacks. |
| NIS2 | Essential entities must assess whether Wiz's integration into Google Cloud changes their supply chain risk profile. Multi-cloud monitoring capabilities become a competitive differentiator. |
| EU Data Sovereignty | Google's commitment to maintaining Wiz's multi-cloud support means organizations aren't locked into a single provider — critical for sovereign cloud strategies across the EU. |
🤖 Palo Alto Unit 42 Discovers Major Security Gaps in LLM Guardrails
⚠️ EU AI ACT COMPLIANCE ALERT
Palo Alto Networks' Unit 42 research team has developed successful attacks that bypass safety guardrails in popular generative AI tools. Organizations deploying AI systems under the EU AI Act's risk classifications must urgently reassess their guardrail implementations.
Researchers at Palo Alto's Unit 42 have published findings demonstrating that safety guardrails in major LLM platforms can be systematically bypassed. The attacks are not theoretical — they work against production systems and can force AI tools to generate harmful, biased, or non-compliant outputs.
This research lands at a critical moment. The EU AI Act's risk-based framework requires that high-risk AI systems implement robust safety measures, including output filtering, bias detection, and human oversight mechanisms. If the very guardrails designed to ensure compliance can be trivially circumvented, the entire regulatory framework's effectiveness comes into question.
What Organizations Must Do Now
- Audit your AI guardrails. If you're deploying LLMs in any customer-facing or decision-making capacity, your guardrails may not be as robust as your vendor claims. Independent red-teaming is essential.
- Document your AI risk assessments. The EU AI Act requires demonstrable risk management for high-risk systems. Guardrail bypass vulnerabilities must be documented, mitigated, and reported.
- Implement defense in depth. Don't rely on a single guardrail layer. Combine input filtering, output monitoring, human review, and logging to create multiple safety barriers.
- Monitor for adversarial inputs. Automated detection of jailbreak attempts and prompt injection attacks should be part of your AI security monitoring stack.
🇬🇧 UK Cyber-Attacks Surge at Four Times the Global Rate
Regulation Impact: Post-Brexit Cyber Strategy · UK GDPR · Critical Infrastructure Protection
Check Point's latest data reveals that cyber-attack volumes against UK organizations are growing at four times the global average. The surge affects all sectors, with financial services, healthcare, and critical infrastructure facing the heaviest targeting.
The UK's post-Brexit regulatory divergence from the EU creates a particularly interesting comparison point. While EU member states benefit from the coordinated NIS2 framework, the UK is pursuing its own Cyber Security and Resilience Bill and updated Network and Information Systems (NIS) regulations independently.
Cross-Border Compliance Challenges
For organizations operating across both the EU and UK, this divergence creates dual compliance obligations:
- Incident reporting timelines differ. NIS2 requires 24-hour early warnings and 72-hour full reports. UK NIS regulations have their own timelines and reporting authorities.
- Supply chain requirements overlap but aren't identical. An organization compliant with NIS2 supply chain provisions may still need additional measures for UK compliance, and vice versa.
- Data protection interplay. UK GDPR and EU GDPR breach notification requirements run in parallel, potentially requiring dual reporting for a single incident.
🔒 OpenAI Acquires Promptfoo — AI Security Testing Goes Mainstream
Regulation Impact: EU AI Act · AI Security Standards · Conformity Assessments
OpenAI has announced its acquisition of Promptfoo, an AI security testing startup that helps developers identify vulnerabilities in LLM applications. The deal signals that even AI's biggest players recognize the critical gap between AI capabilities and AI security — exactly the gap the EU AI Act is designed to address.
Promptfoo's platform enables automated red-teaming, safety evaluations, and security testing for AI agents — capabilities that map directly to EU AI Act requirements for conformity assessments and ongoing monitoring of high-risk AI systems.
Why This Matters for EU Compliance
- Conformity assessments need tooling. The EU AI Act requires that high-risk AI systems undergo conformity assessments. Tools like Promptfoo provide the automated testing capabilities needed to make these assessments scalable.
- Agentic AI introduces new risks. As AI systems become more autonomous (agentic), the attack surface expands. Security testing must evolve from static evaluations to continuous monitoring — a requirement the EU AI Act anticipates.
- Market consolidation favors integrated platforms. OpenAI embedding security testing directly into its platform could set de facto standards for AI safety testing — standards that EU regulators will be watching closely.
🏛️ Senate Confirms New NSA & Cyber Command Leader — US Cyber Strategy Implications
Regulation Impact: US-EU Cyber Cooperation · Transatlantic Data Flows · Critical Infrastructure Defense
The US Senate has confirmed Joshua Rudd to lead both the National Security Agency and US Cyber Command under the controversial "dual-hat" arrangement. The confirmation comes as transatlantic cybersecurity cooperation faces scrutiny under shifting US administration priorities.
For European organizations, US cyber leadership changes matter because of the deep interconnection between US and EU critical infrastructure defense, intelligence sharing under the EU-US Data Privacy Framework, and coordinated responses to nation-state threats. Any shift in US cyber doctrine ripples through NATO's cooperative cyber defense posture and bilateral agreements with EU member states.
📊 EU Regulation Status Tracker — March 2026
| Regulation | Status | Key Deadline | Action Required |
|---|---|---|---|
| NIS2 | ⚡ Enforcing | Oct 2024 (transposed) | Full compliance mandatory. Incident reporting active. |
| DORA | ⚡ Enforcing | Jan 17, 2025 | Financial entities must have ICT risk frameworks operational. |
| EU AI Act | 🔶 Phasing In | Aug 2025 (prohibited AI) / Aug 2026 (high-risk) | Classify AI systems. Begin conformity assessments for high-risk. |
| GDPR | ✅ Mature | Ongoing | 72-hour breach notification. DPO requirements. Cross-border transfers. |
| CRA | 🟡 Transitioning | Dec 2027 (full) | Digital product manufacturers must plan for security-by-design obligations. |