Jacobian Engineering
Cyber security, compliance, audit, and managed IT services. At Jacobian Engineering, your success is our success.
04/09/2026
A new study published by JAMA Network analyzed over 105,000 manuscript submissions across 13 medical journals to assess author disclosure of artificial intelligence use. Since implementing disclosure requirements in August 2023, only 3.3% of authors reported using AI tools—though this figure increased significantly over the study period.
The most commonly disclosed AI applications were language refinement and statistical model development. While these disclosure rates likely underrepresent actual AI use, the study highlights an important trend: organizations across industries are grappling with how to track, govern, and document AI tool usage within their operations.
For healthcare technology companies and SaaS organizations, this research carries significant implications. Regulatory bodies and compliance frameworks are increasingly scrutinizing how organizations implement and govern AI tools. Whether your team uses AI for code generation, documentation, data analysis, or operational workflows, the expectation for transparency and accountability is growing.
The JAMA study reveals a fundamental challenge: without clear policies and reporting mechanisms, organizations cannot accurately assess the scope of AI use within their operations. This blind spot creates risk—from compliance gaps to questions about data handling, intellectual property, and output accuracy.
Healthcare organizations face particular pressure, as AI-generated content in clinical documentation, research submissions, or patient communications may intersect with HIPAA requirements and institutional review standards. SaaS companies pursuing SOC 2 or HITRUST certification must demonstrate governance over the tools and technologies their teams employ.
Practical steps organizations should consider:
- Develop clear AI acceptable use policies that define approved tools and applications
- Implement disclosure requirements for AI-assisted work products
- Establish review processes for AI-generated outputs, particularly in regulated contexts
- Document AI governance practices as part of broader compliance programs
- Train staff on organizational expectations and documentation requirements
At Jacobian Engineering, our compliance management services help organizations develop and implement AI governance frameworks that integrate with existing security and compliance programs. We work with healthcare technology companies and SaaS organizations to build policies that address emerging regulatory expectations while maintaining operational flexibility.
The trajectory is clear: AI transparency requirements will expand beyond academic publishing into broader business operations. Organizations that establish governance frameworks now will be better positioned as regulatory expectations mature.
04/07/2026
Anthropic's recently released Claude Cowork research preview contains a significant vulnerability that allows attackers to exfiltrate user files through indirect prompt injection, and the flaw remains unpatched despite being acknowledged by Anthropic.
The attack chain is straightforward. When a user connects Cowork to a local folder and uploads a file containing a hidden prompt injection, the malicious payload can manipulate Claude to upload sensitive files to an attacker-controlled Anthropic account using curl commands. The injection exploits an allowlisted path to the Anthropic API, bypassing the VM's network restrictions. No human approval is required.
What makes this particularly concerning is how easily the injection can be concealed. Attackers can hide malicious prompts in .docx files using 1-point white-on-white text with minimal line spacing, effectively invisible to users who open the document. The vulnerability was originally disclosed by security researcher Johann Rehberger and has been confirmed to work against both Claude Haiku and the more resilient Claude Opus 4.5.
Anthropic's response places the burden on users to "avoid granting access to local files with sensitive information" and watch for "suspicious actions that may indicate prompt injection." For a tool designed for general users, this guidance is inadequate.
The broader concern is Cowork's integration footprint. The platform connects to browsers, MCP servers, and can execute AppleScripts, send messages, and access daily workflow tools. Each integration point expands the attack surface where sensitive data intersects with untrusted inputs.
Organizations incorporating AI agents into workflows should implement several protective measures: restrict AI tool access to non-sensitive directories, establish data classification policies that define what information AI assistants can access, review files from external sources before processing them through AI tools, and monitor for unexpected network activity from AI-enabled applications.
Jacobian Engineering's application security assessments evaluate how AI-integrated tools handle sensitive data and test for prompt injection vulnerabilities that traditional security tools miss. We help organizations establish secure boundaries for AI agent deployments before these tools gain access to critical business information.
The rapid deployment of AI agents into enterprise workflows is outpacing the security controls needed to protect them. Organizations adopting these tools should treat them as high-risk integrations requiring the same security scrutiny applied to any third-party application accessing sensitive data.
04/03/2026
A barely perceptible delay revealed a significant threat. Amazon recently discovered a North Korean operative working as a contract system developer after security monitoring flagged unusual keystroke input lag exceeding 110 milliseconds, indicating the company laptop was being remotely controlled from overseas.
Amazon's Chief Security Officer Stephen Schmidt shared details of this case and a sobering statistic: Amazon has thwarted more than 1,800 DPRK infiltration attempts since April 2024, with attempts increasing 27% quarter-over-quarter. The laptop in question was located in Arizona, where a woman facilitating fraud on behalf of North Korean workers was later sentenced to prison.
Standard U.S.-based remote workers exhibit keystroke latency in the tens of milliseconds. The additional lag from transcontinental remote access, even through sophisticated VPN chains, created a measurable anomaly that quality security software identified.
Schmidt's key observation: "If we hadn't been looking for the DPRK workers, we would not have found them."
This threat extends far beyond Amazon. North Korean IT workers are actively targeting U.S. corporations across all sectors, using stolen identities, proxy interviewers, and laptop farms to gain employment. Their objectives range from generating hard currency for the regime to espionage and potential sabotage.
The challenge for most organizations is that detecting these threats requires continuous monitoring and behavioral analysis capabilities that many lack. Remote work has become standard, making geographic verification through network telemetry essential rather than optional.
Organizations should evaluate their current visibility into endpoint behavior, including keystroke patterns, network latency anomalies, and remote access indicators. Background verification processes should be examined for susceptibility to proxy candidates. Security teams need clear escalation paths when behavioral anomalies surface.
Jacobian Engineering's managed security operations provide the continuous monitoring and behavioral analysis capabilities that organizations need to detect sophisticated infiltration attempts. Our 24/7 monitoring services help SMBs and SaaS companies implement enterprise-grade threat detection without building these capabilities in-house.
The 110-millisecond gap that exposed this infiltrator was only visible because someone was actively looking for it. In an era of distributed workforces and nation-state threats, passive security postures leave organizations exposed to risks they cannot see.
Click here to claim your Sponsored Listing.
Category
Contact the business
Telephone
Website
Address
Jackson, CA
95642
Opening Hours
| Monday | 9am - 5pm |
| Tuesday | 9am - 5pm |
| Wednesday | 9am - 5pm |
| Thursday | 9am - 5pm |
| Friday | 9am - 5pm |