PeopleSoft 0-Day, Anthropic and the White House: What This Week in Cybersecurity Really Says About AI
Article Summary
📖 9 min readA 0-day vulnerability in PeopleSoft exposed thousands of sensitive records, while Amazon and Anthropic clashed behind the scenes at the White House. Both events share the same root cause: governance lagging far behind technology.
Key Points:
- A 0-day vulnerability in PeopleSoft (Oracle ERP) enabled the exfiltration of gigabytes of sensitive data from hundreds of organizations.
- Victims were running 10-to-15-year-old instances, rarely updated: technical debt has real, concrete consequences.
- Amazon, both an Anthropic investor and a direct competitor via AWS Bedrock, reportedly played a role in banning Anthropic's Fable from the White House.
- AI security assessments carried out by vendors or their investors are structurally biased.
- AI memory must be treated as a sensitive database: isolation, controlled access, and sovereign hosting are non-negotiable.
Two events. One lesson.
This week delivered two pieces of news that, on the surface, have nothing in common. On one side, a 0-day vulnerability in PeopleSoft that enabled the theft of several gigabytes of data from hundreds of organizations. On the other, revelations about Amazon’s role in banning Anthropic’s Fable from the White House — a decision apparently driven by internal AI security research.
Two stories. One common thread: we deploy complex systems without truly understanding the risks. And when things break, they break at scale.
Here’s what we can concretely take away.
The PeopleSoft 0-Day: When Legacy Infrastructure Becomes a Time Bomb
PeopleSoft. For those unfamiliar, it’s Oracle’s ERP system — human resources, finance, payroll management — deployed in universities, hospitals, public administrations, and large enterprises since the 1990s. Hundreds of organizations worldwide. Millions of employee, student, and patient records.
The exploited flaw is a 0-day. No patch was available at the time of the attack. Attackers had all the time they needed to do as they pleased.
The result: gigabytes of exfiltrated data. Names, social security numbers, financial data, HR records. The kind of data that fuels targeted phishing campaigns for years.
What is striking here is not the sophistication of the attack.
What is striking is the profile of the victims. Organizations that have been running PeopleSoft for decades, often with instances that are 10 to 15 years old, rarely updated, poorly monitored. Critical systems treated like furniture — no one touches them anymore because they “work.”
Except a system no one touches anymore is a system no one secures anymore.
Security researcher Kevin Beaumont, who tracked this campaign closely, summarizes the situation well: attackers didn’t need to be brilliant. They just needed to find exposed, unpatched instances. In a park as large as PeopleSoft’s, that’s trivial.
The lesson is not new. But it remains ignored at an industrial scale: technical debt kills. Not metaphorically. Concretely, in stolen data, GDPR fines, and lawsuits.
Amazon, Anthropic and the White House: When AI Security Becomes Geopolitical
The other story of the week is more complex — and more revealing of the actual state of the AI market.
According to sources close to the matter, internal Amazon research on Anthropic’s model security reportedly played a role in banning Anthropic’s Fable from the White House. For those not following: Fable is an Anthropic tool using Claude for narrative interactions and role-playing. Its access in US government environments has been blocked.
The official version remains vague. But the pattern is clear: Amazon invests heavily in Anthropic (several billion dollars), and internal Amazon research reportedly highlighted concerns about certain model behaviors in specific contexts.
Here is where things get interesting.
Amazon is simultaneously a major Anthropic investor AND a direct competitor via AWS Bedrock, which offers its own AI models. The line between “legitimate security research” and “competitive influence” is, to say the least, porous.
This is not an accusation. It is a structural observation: when the same actors fund, evaluate, and compete against AI models, conflicts of interest are systemic. Not exceptional.
For organizations deploying AI — and this is where it directly concerns us — this story raises a concrete question: who owns the security evaluation of your AI tool?
If it’s the vendor itself, or its primary investor, the answer is inadequate.
What These Two Stories Have in Common
On the surface: nothing. A hacked legacy ERP, a geopolitical dispute over a narrative AI tool.
In depth: everything.
First commonality: hidden complexity.
PeopleSoft is complex. Organizations using it often don’t fully understand what they’re exposing. Language models like Claude are complex. Organizations deploying them often don’t fully understand how they behave in every context.
Uncontrolled complexity is the universal attack vector — whether it’s a 0-day in an ERP or unexpected behavior in an LLM.
Second commonality: governance lagging behind reality.
IT teams managing PeopleSoft had no rapid response process for a 0-day on a “stable” system. Government decision-makers who evaluated Fable probably had no clear framework for assessing risks specific to conversational AI models.
In both cases, governance is chasing technology. And in both cases, that is dangerous.
Third commonality: the scale of consequences.
Hundreds of organizations affected by PeopleSoft. A decision impacting AI adoption in US government environments. When critical systems are poorly governed, the effects are not local — they are systemic.
“Security is not a feature you add later. It is a design constraint you respect from the start.” — Fundamental principle of security-by-design, popularized by Bruce Schneier
Three Actionable Takeaways for Builders and Teams
No abstract moralizing. Here’s what I concretely take away.
1. Inventory your “stable” systems
Systems no one touches are often the most dangerous. PeopleSoft is the perfect example. In your stack, what has been running for more than 3 years without a serious security audit? Legacy CRM? Forgotten WordPress instance? Undocumented internal API?
Make the list. Prioritize by criticality of exposed data. Act.
2. Clarify who evaluates your AI
If you use AI tools in sensitive contexts — customer data, HR data, financial information — ask yourself: who assessed the risks of this model in your specific context? Not in a generic benchmark. In your context.
The Amazon/Anthropic story shows that even institutional evaluations can be biased. At your scale, this is even more true. Develop your own evaluation grid, even a simple one.
3. Treat AI memory as sensitive data
This is the point I apply directly in Nova-Mind: when an AI assistant remembers your clients, your projects, your preferences — it is a database. With all the implications that entails. Where is that data stored? Who has access to it? What happens if the vendor is compromised?
These questions are not paranoid. They are professional.
The Real Question Behind These Two Stories
We talk a lot about AI as a productivity revolution. It is one. But every revolution creates new risk vectors.
PeopleSoft reminds us that old systems don’t become safer with time — they become more fragile. The Anthropic/White House affair reminds us that new systems are not transparent by default — they are opaque by design.
The answer is not to stop deploying. The answer is to deploy with clarity.
Concretely: know what you’re using, understand what you’re exposing, and know who is evaluating with what interests. It’s not glamorous. It’s the work.
According to a 2023 IBM study, the average cost of a data breach reached 4.45 million dollars — a record high. And a growing share of these breaches involves poorly maintained legacy systems or misconfigured cloud setups.
The numbers are there. The practices, less so.
What This Means for You
If you’re a freelancer, solopreneur, or running a small team, you might think these stories don’t concern you. PeopleSoft is for large corporations. The White House is far away.
Wrong.
The PeopleSoft vulnerability hit mid-sized universities and regional hospitals. Organizations with 50 to 500 employees. Not multinationals.
And questions about AI tool governance — who has access to what, where your clients’ data is stored, how your AI assistant handles sensitive information — these questions are just as relevant for a freelancer with 30 clients as they are for a government administration.
The difference is the scale of consequences. Not the nature of the problem.
At Nova-Mind, we have made clear choices on these questions: data hosted on Supabase with per-user isolation, AI memory stored locally via pgvector, no client data used to train third-party models. Not because it’s a marketing argument. Because it’s the right architecture for a tool we use ourselves with real client data.
If these questions concern you — and they should — now is the time to ask them of every AI tool you use. Not after the next breach. Now.
Discover how Nova-Mind handles your data privacy — or ask me directly. I’ll answer.
Share this article
Social networks
Analyze with AI
Charles Annoni
Front-End Developer and TrainerCharles Annoni has been helping companies with their web development since 2008. He is also a trainer in higher education.
