Four governance and strategic items this week converge on a single operational theme: AI is simultaneously accelerating attacker capabilities and creating structural gaps in enterprise identity, detection, and compliance infrastructure. The Five Eyes joint advisory documents AI-enhanced phishing, faster vulnerability weaponization, and lower-cost attack tooling. The OAuth 2.1 / JWT structural gap means enterprise AI agents are operationally indistinguishable from human principals in audit logs and identity security tools. The proposed US AI Incident Reporting Act introduces pending compliance obligations for AI system developers. The Fortinet ecosystem analysis documents the compression of the weaponization window to 24-72 hours. No CVEs apply to any of these items.