Two governance items this week address the emerging AI security posture gap in enterprise and federal environments. Executive Order 14409 imposes binding 30-60 day hardening deadlines on federal civilian agencies against AI-enabled threat vectors; note that the source material for EO 14409 is T3-tier only and a T1-tier confirmation (Federal Register or White House official statement) is required before treating compliance deadlines as verified. Separately, CrowdStrike introduced a per-action continuous authorization model for AI agents that addresses structural privilege abuse risks in agentic AI deployments on AWS and within Falcon-connected environments. Neither item has an assigned CVE; both are configuration and governance problems requiring immediate inventory and policy action.