Key Takeaways
- CMMC Phase 2 takes effect Nov. 10, requiring third-party verification for defense contractor security controls.
- Hosting providers aren’t automatically in scope, but if you’re touching a client’s CUI (email, cloud tenant admin, etc.), you’re now part of their compliance picture.
- Experts warn how APIs and AI agents are the new blind spot — with broken authentication alone causing more than half of recent API incidents.
If you host, colocate, or manage infrastructure for anyone who’s working with a Department of Defense (DoD) contract, there’s a compliance deadline coming up that most of the hosting industry may not even be aware of.
Phase 2 of the Cybersecurity Maturity Model Certification (CMMC) will go into effect on November 10. Until last year, a contractor could implement security controls and just tell the government they’d done it. After November, they’re going to need a third-party assessor to confirm it.
Could You Be Part of a Client’s CMMC Scope?
☐ Host defense contractors
☐ Handle CUI
☐ Manage cloud environments
☐ Have administrative access
➡ If you checked multiple boxes, your services may be part of a client’s CMMC compliance review.
Now, to be clear, hosting and MSPs don’t automatically need their own CMMC certification just because a client happens to be a defense contractor.
But if their infrastructure hosts any of that client’s CUI — things like the email server, administering the cloud tenant, admin access — the provider is automatically part of that client’s compliance.
The Compliance Bar Is Going Up, Up, Up…
Cyrus Robinson, the VP of Security Operations at C3 Integrated Solutions, has a very unique view from inside the compliance world that’s serving the Defense Industrial Base.
“For organizations supporting highly regulated industries, especially the Defense Industrial Base, the attack surface is no longer limited to a single application, server, or vulnerability list,” he said.
This environment is built on APIs, cloud platforms, automation workflows, identity systems, and plenty of third-party integrations that are all constantly sharing data and triggering actions across several platforms. A small change can have a tsunami effect.
“A system may pass testing or review at a point in time but later become exposed because the environment changed faster than governance, documentation, and operational review processes could keep up,” Robinson added.
In December, a federal grand jury indicted a now-former CEO of a cybersecurity consulting firm, claiming that she falsely stated her company conducted independent cybersecurity assessments for defense contractors. The U.S. Department of Justice says that the company was actually consulting the same clients on how to pass the assessments.
Yikes.
This is all happening at a time when more than 50% of organizations have delayed application rollouts over API security concerns, and 58% monitor their APIs less than daily.
That’s a tale as old as time: Governance simply isn’t keeping up with the pace of how fast technology is changing. In 2026, we’re looking down the barrel of the API and AI systems gun.
Are APIs the Blind Spot Nobody’s Watching?
Out with the old, in with the new. Problems, that is.
“APIs have evolved into the operational control plane for modern applications, connecting services, workflows, AI systems and infrastructure across environments that security teams often cannot fully observe or govern in real time,” said Craig Riddell, Global Field CISO at Wallarm.
In fact, Wallarm’s own report found that broken authentication caused 52% of the API incidents, with unsafe API consumption behind another 27%.
What's Driving Today's API Security Incidents?
Source: Wallarm
- Broken Authentication
- Unsafe API Consumption
- Other Causes
“Modern risk rarely comes from a single vulnerability,” Riddell explained. “It increasingly emerges through chains of interactions across APIs, third-party services, AI agents and automated workflows.”
It’s why point-in-time scanning tools keep missing things. An application, as Robinson said, can pass a security test and still expose the business through an integration or permissions that nobody thought was “risky” enough.
After all, at the end of the day, we’re all just human. But humans being human is forgivable, right? AI agents being AI agents is a whole different liability category.
“AI is no longer just a tool developers use to write code, it is an endpoint,” warned Hari Srinivasan, the Global Head of Products at Lineaje. “They sit in the API call path, receiving traffic, making decisions, and triggering downstream actions.”
Organizations Can’t Secure What They Can’t See
One recent study found that direct prompt injection attacks against agents running on GPT-5 and Gemini succeeded more than 79% of the time.
How, you ask? The same way it always has: malicious instructions embedded into otherwise ordinary-looking data. And once that hits a customer’s end point, all hell can easily break loose. So Srinivasan’s advice is simple: Treat AI like any other software dependency and keep track of where it comes from, how it’s used, and what risks it may be bringing.
“Visibility without governance is still just noise,” he said, “but now that includes visibility into which models you are running, what they were trained on, and what API traffic they receive. An AI Bill of Materials is not optional when agents and models make business decisions.”
The current state of AI Bills of Materials — AIBOMS — makes it hard, though. While Gartner predicts that SBOM (software) adoption will rise from 56% in 2025 to 85% by 2028, the adoption rate for AIBOMs hasn’t even been determined yet because it’s so fresh.
Go figure: Cycode found that only 19% of organizations have full visibility into how AI is being used across their own development pipelines, just as the DoD is rolling out CMMC requirements that expect organizations to know exactly what’s happening inside their environments.
It’s as Srinivasan said: “When the model is an endpoint, AI governance is application security. Organizations that treat them as separate programs will find the gap between them is exactly where attacks land.”
Hosts Can’t Sit This One Out
If a federal grand jury indictment doesn’t scare you, maybe a fine will.
IBM’s cost of a data breach report priced the average supply chain compromise at $4.91 million, with a 267-day average detection-and-containment window. Verizon found that third-party involvement in breaches doubled in a single year (15% to 30%).
Put those together, and yeah, it’s scary.
No, hosting providers aren’t the ones training models or writing AI governance policy…but they are the infrastructure for all of this. So when an AI agent sends a malicious API call, or a client’s compliance regulations change to include the AI tools (which they will, undoubtedly), the provider’s name is already on the asset list whether they like it or not.
