PromptSpy & Cline CLI: How AI and Supply Chain Attacks Expose NIS2 and DORA Compliance Gaps in 2026

The Evolving Threat Landscape: AI-Powered Malware and Supply Chain Vulnerabilities

As we move through 2026, cybersecurity threats have evolved in sophistication, leveraging emerging technologies to bypass traditional defenses. Two recent incidents—the PromptSpy malware abusing Google's Gemini AI and the Cline CLI supply chain attack—illustrate how malicious actors are exploiting AI systems and open-source dependencies to create persistent threats. These attacks not only compromise organizational security but also expose significant gaps in compliance with critical regulations like the NIS2 Directive and DORA, which mandate robust incident response and supply chain security measures.

PromptSpy represents the first known instance of malware that abuses a legitimate AI chatbot (Google's Gemini) as part of its execution flow. This Android malware achieves persistence through automated recent-apps techniques, making removal difficult while capturing lockscreen data, blocking uninstallation attempts, gathering comprehensive device information, and taking screenshots. Meanwhile, the Cline CLI attack involved a compromised npm publish token that released a malicious update (version 2.3.0) installing OpenClaw, a self-hosted autonomous AI agent, onto developer systems. Both incidents highlight how AI systems and third-party dependencies have become attractive attack vectors in 2026.

AI-Powered Malware Risks and Governance Implications

The PromptSpy malware demonstrates how malicious actors can repurpose legitimate AI tools to enhance malware functionality and evade detection. By integrating with Google's Gemini AI chatbot, the malware leverages AI capabilities to maintain persistence and collect sensitive data more effectively. This creates several governance challenges:

• AI System Integrity: Organizations must ensure that AI systems integrated into their operations are not being manipulated for malicious purposes. The EU AI Act, which classifies certain AI systems as high-risk, requires organizations to implement appropriate risk management measures. While the full applicability of the AI Act begins on 2 August 2026, prohibited AI practices and AI literacy obligations apply from 2 February 2025.
• Incident Response Complexity: AI-powered malware can adapt and evolve, making traditional signature-based detection less effective. Under NIS2 Directive (Directive (EU) 2022/2555), which member states must transpose by 17 October 2024, essential and important entities must implement risk management measures and incident reporting within 24 hours for early warning and 72 hours for notification.
• Mobile Device Security: With PromptSpy targeting Android devices, organizations must extend their security controls to mobile endpoints, which often fall outside traditional corporate security perimeters. This aligns with NIST Cybersecurity Framework 2.0's expanded focus on governance and protection across all organizational assets.

For organizations navigating these challenges, tools like AIGovHub's cybersecurity compliance platform can help map AI governance requirements to specific security controls, ensuring alignment with both AI-specific regulations and broader cybersecurity frameworks.

Supply Chain Attack Vectors and Third-Party Risk Management

The Cline CLI supply chain attack illustrates how vulnerabilities in open-source dependencies can compromise entire software ecosystems. By compromising an npm publish token, attackers injected malicious code into a legitimate update that automatically deployed on developer systems. This incident highlights several critical compliance requirements:

• Third-Party ICT Risk Management: DORA (Regulation (EU) 2022/2554), applicable from 17 January 2025, requires financial entities to implement comprehensive third-party ICT risk management programs. This includes due diligence assessments, contractual safeguards, and continuous monitoring of critical service providers.
• Software Integrity Verification: Organizations must verify the integrity of software updates and dependencies before deployment. The NIS2 Directive mandates supply chain security measures, requiring entities to assess and address risks stemming from direct suppliers and service providers.
• Open-Source Governance: With many organizations relying on open-source components, establishing governance frameworks for open-source usage becomes essential. This includes maintaining software bills of materials (SBOMs), monitoring for vulnerabilities, and implementing secure update mechanisms.

Vendor solutions like CrowdStrike and Palo Alto Networks offer advanced threat detection capabilities that can help identify suspicious activities in software supply chains, but organizations must integrate these tools into broader compliance frameworks.

Regulatory Mandates for Patching and Incident Reporting

Recent additions to CISA's Known Exploited Vulnerabilities (KEV) catalog, including CVE-2025-49113 in Roundcube webmail software with a CVSS score of 9.9, underscore the importance of timely patching and vulnerability management. These regulatory requirements are becoming increasingly stringent:

• CISA KEV Catalog Requirements: Under Binding Operational Directive 22-01, federal agencies and critical infrastructure operators must address vulnerabilities listed in the KEV catalog within specified timeframes. While not directly applicable to all private sector organizations, many regulators reference the KEV catalog as a benchmark for effective vulnerability management.
• NIS2 Incident Reporting Timelines: The NIS2 Directive requires essential and important entities to submit an early warning within 24 hours of becoming aware of a significant incident, followed by a more detailed notification within 72 hours. This rapid reporting timeline necessitates automated detection and reporting capabilities.
• DORA Digital Operational Resilience Testing: DORA requires financial entities to conduct regular digital operational resilience testing, including threat-led penetration testing (TLPT). These tests must simulate sophisticated attack scenarios, including supply chain compromises and AI-powered malware.

Organizations should verify current patching requirements and reporting timelines, as regulatory expectations continue to evolve in response to emerging threats.

Practical Steps for Enhancing NIS2 and DORA Compliance

Based on the lessons from PromptSpy, Cline CLI, and recent vulnerability disclosures, organizations can take several actionable steps to strengthen their compliance posture:

1. Conduct Comprehensive Risk Assessments: Identify all AI systems and third-party dependencies in your environment. Assess their potential impact on security and compliance, particularly focusing on high-risk AI systems as defined by the EU AI Act and critical ICT service providers under DORA.
2. Implement AI-Specific Security Controls: For organizations using or developing AI systems, implement controls aligned with the NIST AI Risk Management Framework (AI RMF 1.0) and ISO/IEC 42001. This includes monitoring for unusual AI system behavior that might indicate compromise, as seen with PromptSpy's abuse of Gemini AI.
3. Strengthen Supply Chain Security: Develop vendor assessment questionnaires specifically addressing software integrity, update mechanisms, and incident response capabilities. Require suppliers to provide evidence of their security practices, such as SOC 2 reports or ISO 27001 certifications. Remember that SOC 2 is an attestation report, not a certification.
4. Automate Vulnerability Management: Integrate CISA's KEV catalog and other vulnerability databases into your patch management processes. Establish clear timelines for addressing critical vulnerabilities based on their exploit status and potential impact.
5. Enhance Incident Response Capabilities: Develop playbooks for responding to AI-powered malware and supply chain attacks. Test these playbooks through tabletop exercises that simulate scenarios similar to PromptSpy and Cline CLI. Ensure your incident response procedures align with NIS2 and DORA reporting requirements.
6. Leverage Specialized Tools: Consider implementing specialized security solutions that address emerging threat vectors. For AI security, tools that monitor AI system interactions and detect anomalous patterns can help identify compromises like PromptSpy. For supply chain security, software composition analysis tools can identify vulnerable dependencies before they're deployed.

AIGovHub's compliance platform can help organizations map these practical steps to specific NIS2 and DORA requirements, providing a structured approach to addressing regulatory gaps.

Key Takeaways for Cybersecurity Leaders

• AI-powered malware like PromptSpy represents a new class of threats that require specialized detection and response capabilities beyond traditional security controls.
• Supply chain attacks targeting open-source dependencies, as seen with Cline CLI, highlight the need for comprehensive third-party risk management programs aligned with DORA requirements.
• Regulatory expectations for patching and incident reporting are becoming more stringent, with NIS2 requiring notifications within 24-72 hours and CISA's KEV catalog driving rapid vulnerability remediation.
• Compliance with NIS2 and DORA requires integrated approaches that address both technological controls and governance processes, particularly for AI systems and third-party dependencies.
• Proactive vulnerability management, regular resilience testing, and continuous monitoring are essential components of effective cybersecurity compliance in 2026.

Conclusion: Proactive Governance in an Evolving Threat Landscape

The PromptSpy and Cline CLI incidents serve as timely reminders that cybersecurity threats continue to evolve, leveraging new technologies and attack vectors. As regulations like NIS2 and DORA come into full effect, organizations must adopt proactive governance approaches that address both current threats and emerging risks. This requires integrating AI governance, supply chain security, incident response, and vulnerability management into a cohesive compliance strategy.

By learning from these real-world incidents and aligning security practices with regulatory requirements, organizations can not only improve their compliance posture but also enhance their overall resilience against sophisticated cyber threats. The convergence of AI advancement and regulatory evolution creates both challenges and opportunities for cybersecurity leaders willing to adopt forward-thinking approaches to governance and risk management.

This content is for informational purposes only and does not constitute legal advice.