The Federal Communications Commission approved new rules Thursday that boost cybersecurity regulations for the nation’s emergency alert systems and update security rules for the nation’s undersea cables.

The new rule would overhaul two national emergency systems, the Emergency Alert System and Wireless Emergency Alerts, to better protect against hijacking attacks from malicious actors.

The EAS is a national public warning system that state and local authorities use to disseminate information related to weather events, AMBER alerts and other emergencies via radio and television broadcasting stations. The WEA handles much of the same messaging via text.

A compromise of either system by a foreign government, cybercriminal group or other rogue actor could be used to sow chaos and disinformation in calmer times, or impede coordination efforts in the face of a genuine emergency. Any vulnerability in systems like the Emergency Alert System “can have serious consequences,” said FCC Commissioner Olivia Trusty in a statement after the vote.

“That is why it has been appropriate for the Commission to conduct a comprehensive review of the EAS framework by focusing on the security of the system itself,” Trusty continued. “As cybersecurity threats continue to evolve, EAS participants must take appropriate steps to safeguard the infrastructure that supports the delivery of life-saving alerts.”

The new rules amount to basic – but still critical – cyber hygiene practices for users accessing and updating the EAS and WEA systems. They must use strong passwords, quickly install security patches from vendors and use firewalls to limit access to their equipment.

The rule also creates a new authentication ID system to verify alerts before they’re submitted and avoid duplicate or unauthorized alerts from spreading.

Another rule passed by the Commission Thursday provided the first comprehensive update to the FCC’s submarine cable regulations in decades, and moves to tighten cybersecurity requirements in some areas while loosening them in others.

It exempts some undersea cable providers from submitting to stringent national security licensing reviews needed to land and operate cables that touch U.S. territory.

The review, called “Team Telecom,” is an interagency body led by the Department of Justice’s Foreign Investment Review Section and other federal agencies that advise the FCC on the national security implications of their telecom policies.

The new rules would presumptively exempt applications for undersea cable licensees when the provider can self-certify to “high security standards” that are “structured to increase certainty, predictability, and faster timelines for the licensing process.”

“Currently, all submarine cable applications get referred to Team Telecom…the changes adopted would exempt applications from applicants that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring,” the FCC said in a release.

Other parts of the rule give the FCC greater oversight of critical functions within undersea cable operations. Owners and operators of submarine line terminal equipment, who connect submarine cables to land-based facilities in the U.S., will be subject to a new licensing requirement.

The rule also moves to update safeguards meant to address vulnerabilities related to principal equipment, third-party service providers, and other areas of concern in the undersea cable supply chain.

The post FCC passes new cybersecurity rules for emergency systems, undersea cables appeared first on CyberScoop.

Russian authorities used Cellebrite phone-cracking technology to break into a device belonging to a prominent domestic human rights activist they arrested and imprisoned, despite the company canceling its contract with the Russian government, according to a report published Thursday.

The University of Toronto’s Citizen Lab reached its conclusions after analyzing a phone belonging to Andrey Pivovarov and examining court documents he provided confirming the usage of Cellebrite’s UFED product.

Pivovarov was arrested in March 2021, sentenced in 2022 and released in 2024 as part of a prisoner exchange. Citizen Lab found evidence that authorities accessed his phone around June 2021 while the phone was in Russian government hands.

Investigators also said it appears Russian authorities might have used information it got from Pivoarov’s phone to surveil other regime opponents, combining information in the court documents with the later targeting of fellow dissident Anastasiya Burakova in a hacking campaign linked to Russia’s Federal Security Service (FSB).

“The historic architecture of Cellebrite forensic systems means that much of the functionality in the UFED product has continued to operate long after updates cease,” Citizen Lab said in its report. “Furthermore, Cellebrite systems have historically featured an offline mode. Consequently, the way Cellebrite’s technology was designed appeared to make it difficult for the company to meaningfully cut off problematic customers.

“While Cellebrite has argued that its cancellations in Russia … went beyond what was legally required, this investigation contributes evidence that the contract cancellation did not immediately block Russia from leveraging Cellebrite’s tools for political persecution,” it continued.

Cellebrite provided a response to Citizen Lab’s report, saying that Cellebrite’s technology would be ineffective in Russia today.

“Any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized,” Cellebrite spokesperson Victor Cooper told CyberScoop, echoing the Citizen Lab response. “The Cellebrite hardware previously sold, prior to March 2021, would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite. Rapid technology advances render legacy digital forensic hardware and software ineffective within a short period of time. Russia remains permanently on our restricted-customer list.”

The Russian Embassy in Washington, D.C. did not immediately respond to a request for comment.

The post Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract appeared first on CyberScoop.

An attacker exploited a previously unknown and unpatched Cisco vulnerability earlier this year to infiltrate a communications service provider and gain the highest level of access possible, Mandiant said Wednesday.

Cisco has since patched the flaw, one of seven actively exploited zero-day vulnerabilities this year in its SD-WAN (software-defined wide area network) software used to manage internet traffic within organizations, typically those that are widely distributed, such as banks with numerous branches.

But Google-owned cybersecurity firm Mandiant said the attacker (or attackers) could have used its root-level access to obtain broad and undetected visibility into the internal traffic throughout the provider’s entire corporate network. In a caveat, Mandiant also said it could not fully assess how far the compromise actually went because of how cleverly the perpetrators hid their activity.

The attack illustrated hackers’ ongoing targeting of edge devices, Mandiant said. Attacks on such devices have been very common and involved in some of the most consequential breaches in recent years, prompting the Cybersecurity and Infrastructure Agency to direct federal agencies to give them special attention this year.

“This campaign underscores the living off the edge paradigm, where threat actors prioritize the compromise of network appliances to bypass traditional security perimeters,” Mandiant wrote in a blog post. “As organizations increasingly adopt software-defined networking, the orchestrators managing these environments become primary targets. These devices offer a black box environment for threat actors: they often lack the telemetry required for deep forensic analysis, and their role as a central control plane provides a stealthy platform for persistent, wide-scale access to internal enterprise traffic.”

Mandiant didn’t attribute the attack to any specific group, citing the work the attacker did to cover their tracks and delete evidence. But it noted that “for state-sponsored actors, the ability to exploit zero-day vulnerabilities in these platforms remains a premier vector for long-term strategic intelligence collection.”

Kelli Vanderlee, senior manager for Google Threat Intelligence Group, told CyberScoop that “exploiting zero day vulnerabilities in edge devices and the extensive anti-forensic activities are consistent with previously documented cyber espionage threat actor behavior.”

The company also didn’t name the victim service provider.

The attacks on the service provider came in two waves. The first activity Mandiant observed from late 2025 to early 2026 exploited one of two then-unpatched vulnerabilities (CVE-2026-20127 or CVE-2026-20182), with the attacker making unauthorized “peering” connections to the victim’s SD-WAN Manager devices in a kind of digital handshake to verify identity and trust.

Once there, the attacker facilitated its access and used it to manipulate default account passwords in hopes of avoiding detection. Next, the attacker exploited the zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager, activity Mandiant observed in March, and created a rogue user account, “troot” that gave full root-level control.

“On June 4, 2026, Cisco published a security advisory about a privilege escalation vulnerability in Cisco Catalyst SD-WAN Manager,” a Cisco spokesperson said. “Cisco strongly recommends customers upgrade to a fixed software release as outlined in the advisory.”

Updated 6/24/26: to include Cisco comment.

The post Malicious hackers exploit Cisco zero-day for highest access level at communications service provider appeared first on CyberScoop.

An epidemic of cyberattacks on open-source software has mounted in recent months, making clear how uniquely difficult it is to protect the publicly available code, from both a policy and a technical perspective, that serves as the foundation for so much of the digital world.

While open-source software security got a boost in attention under President Joe Biden — whose administration grappled with the fallout from the potentially catastrophic Log4j flaw that emerged in 2021 — a number of open-source experts say that government protection efforts have suffered setbacks under President Donald Trump. Many also say companies that heavily rely on open-source software, which is basically all of them, haven’t shouldered enough of the responsibility for safeguarding it.

“What we’re seeing is years of lack of investment sustainment in open-source software that is finally starting to catch up to us, where it seems like every week there’s a new supply chain compromise,” said Jack Cable, who held a role at the Cybersecurity and Infrastructure Security Agency where he worked on open-source security before departing under Trump.

The advancements of frontier artificial intelligence models stand to exacerbate the risk further, while simultaneously illustrating what makes defending open source difficult: Project Glasswing said shortly after its announcement that it had uncovered 6,202 high- or critical-severity vulnerabilities in a scan of more than 1,000 open-source projects, but that it had disclosed only 502 of them to open-source project maintainers and only 75 had been patched as of May 22 (albeit some due to typical patching lagtimes).

At the same time, there are questions about how much the government can help, even as overseas governments seek to focus on open-source security.

The evolution of open-source risk 

There are a series of factors contributing to the current threat to open-source software, experts say.

One is simply that attackers go to the area where they can get the highest return on their work. Compromising open-source software gives them the chance to get into the supply chain and exploit additional targets.

“Twenty years ago, open source was still fairly niche,” said Æva Black, who also worked on open-source security at CISA but left when Trump came back into power. “The potential blast radius if you managed to compromise open source was relatively small, because back then the world didn’t run on open source. Now almost everything runs on open source,” she said, from modern cars to satellites.

Another part is the nature of open-source software itself.

“It’s a symptom [of having] lots of open source [that] is a little bit under-maintained or not cared for enough, so that we spend too little effort and money and infrastructure on them,” said Daniel Stenberg, who is the creator and maintainer of cURL, a popular open-source project. “Lots of open source is being maintained by small teams, lots of volunteers, and I think that that’s a tough situation.”

That doesn’t mean the maintainers are to blame, Stenberg said. The companies that rely on open-source need to be diligent about using it, Black said.

“What we’re seeing in that realm right now is not new; it is more advanced and far more widespread,” she said. “The problem remains that companies who use open source — because open source is by far the most efficient way to collaborate on non-product value features — most companies are not implementing a responsible and safe utilization pathway.”

Open-source projects lack a systematic way to handle coordinated vulnerability disclosures, unlike companies or industry groups with formal processes, said Dan Lorenc, CEO and co-founder of Chainguard. Project maintainers sometimes aren’t reachable, and those who are available are flooded with reports, many of them unverified findings from AI tools that waste their time without adding value..

Of course, some of those vulnerability reports turn out to be legitimate. “Mythos and AI models have contributed to an uptick in the number of vulnerabilities and things that we’re able to find” in open-source software, said Alex Zenla, chief technology officer for the cybersecurity company Edera.

All of that leaves more room for companies, non-profits and world governments to improve open-source security.

A moment of momentum

While open-source software security isn’t a new issue, the 2021 discovery of the Log4j flaw sounded alarms within the cybersecurity community. Jen Easterly, then the director of CISA, called it “one of the most serious I’ve seen in my entire career, if not the most serious,” with the potential to affect hundreds of millions of devices given the ubiquitous nature of the popular open-source logging library.

A year later, the Cyber Safety Review Board released its report on the incident, concluding that swift action from industry and government averted a disaster. But the incident “called attention to security risks unique to the thinly-resourced, volunteer-based open source community,” it wrote. “This community is not adequately resourced to ensure that code is developed pursuant to industry-recognized secure coding practices and audited by experts.”

The U.S. government actions after included some steps focused specifically on open-source software such as creation of the Open-Source Software Security Initiative and hires of well-regarded open-source security experts at CISA such as Black, but also some steps that could be applied more generally and still help with open-source security, such as greater promotion of secure-by-design, memory-safe languages and software bills of materials (SBOMs).

Some of the Biden administration work on open-source security started before Log4j, such as provisions from an executive order he issued in 2021 that directed CISA along with the Office of Management and Budget and General Services Administration to issue guidance to agencies. 

The administration’s 2023 cybersecurity strategy also stepped into the long, thorny discussions over software liability, with a mention of open-source security: “Responsibility must be placed on the stakeholders most capable of taking action to prevent bad outcomes, not on the end-users that often bear the consequences of insecure software nor on the open-source developer of a component that is integrated into a commercial product.“ The Biden administration always indicated that addressing software liability would take a prolonged battle ahead.

Under Trump, many of the Biden administration’s efforts have languished. CISA’s splashy hires on open-source are gone, including Black, Tim Pepper and Anjana Rajan. Also departed are leading figures on secure-by-design and SBOMs, with CISA personnel cutbacks slicing deep. 

No one has seen any sign that the national cyber director-led Open-Source Software Security Initiative is active, with few participants remaining in government today. The Trump administration cyber strategy doesn’t mention open-source.

“The loss of open-source experts at CISA “is unfortunate, and it will be hard for the government to try to rebuild capacity, but I do think now more than ever CISA has a core role to play to secure open source software,” Cable said.

The pressure is mounting

It’s not that the issue is getting zero attention from those in a position to make a difference. Nick Andersen, the acting director of CISA, said last month that open-source security was an area of particular concern for him.

Andersen responded to concerns about CISA staffing levels on open-source security and spoke more broadly on the topic in a statement to CyberScoop.

“As artificial intelligence and other technologies have the power to transform how vulnerabilities are discovered and exploited, CISA recognizes that the open source software (OSS) that underpins much of the nation’s critical infrastructure will need to be hardened,” he said. “CISA actively collaborates with our partners on shared priorities, including OSS security, to ensure time and resources are spent where they matter the most.  We have an immensely talented team, but are also accelerating our hiring in critical areas, to strengthen the nation’s defenses against cyber threats.”

The Office of the National Cyber Director did not respond to requests for comment.

There’s been some activity on Capitol Hill, too. The Securing Open Source Software Act, which Cable worked on during a stint as a Senate staffer, would direct CISA and other agencies to take actions to mitigate open-source software security risks, but the legislation has stalled since its introduction in 2022. A portion of the bill, however, was included in the Department of Homeland Security funding law Trump signed in April, directing CISA to brief Congress on the value of establishing something like an open source program office, which some companies use to manage open source within a given firm.

Senate Intelligence Committee Chairman Tom Cotton, R-Ark., has pushed the executive branch to improve its awareness of foreign adversaries playing roles in open-source software used by national security-focused agencies.

The annual defense policy bill in the House calls on the Defense Department’s chief information officer to report to Congress on a plan to secure open-source software supply chains, saying lawmakers are “concerned that the Department lacks sufficient visibility into the origins, maintenance, and security of OSS applications and software dependencies.”

That defense authorization bill language is “really beneficial, and I think it signals acknowledgement of this changing of culture” around open-source security risks, said Hayden Smith, founder of HuntedLabs, whose company won a contract with the Space Development Agency on supply chain security — agency work that the defense bill singled out.

“The report language is the first time the Hill is trying to get a true handle on foreign influence in open source code where they have oversight,” he said, saying it was a “piece of the puzzle” along with Cotton’s letter and a memo from Secretary of Defense Pete Hegseth last year about foreign influence in the Pentagon supply chain. “It’s good and would trickle down into everyone who provides software to the department.”

Zenla, though, believes trying to isolate China from open-source systems isn’t in and of itself a good idea. 

“I don’t think that that makes a lot of sense, because they’re actually pretty good things that people contribute to open source,” she said. “Not everyone is malicious, and what are we going to do, spy on every single open source maintainer?” It’s more about doing things like making sure that highly-classified systems are set up in a separate way, she said.

Europe is also taking action to secure open-source software that the United States doesn’t seem ready or willing to do right now. Germany, for instance, devotes grants to the security of open-source projects, although Stenberg pointed out that sometimes money doesn’t equate to maintainers being able to fix flaws more quickly, depending on the project’s size.

The Cyber Resilience Act (CRA) adopted by the Council of the European Union in 2024 could offer another road on open-source security. The CRA requires those who use open-source software products as part of any commercial activity to take certain security measures. 

Black said that when she was at CISA, there were discussions between the agency and European counterparts about finding compatible ideas on open-source security, but that momentum died with the Trump administration.

But “Europe kept rolling, and now has in place a new legal framework that is set to really reshape open-source security for potentially the whole world, but certainly for anyone who wants to work with Europe on open source,” she said.

Lorenc recently wrote that “open source isn’t governable.” He said an organization like a neutral nonprofit, possibly using some government funding, should take responsibility for things like coordinating vulnerability disclosure into one pipeline. He also said there needs to be one authority in charge of “forking” — that is, taking a project and assigning stewardship elsewhere — when a maintainer isn’t responsive to vulnerabilities. 

There are differing opinions on how much past government warnings, advisories and guidance have helped. Smith gave some credit to government agencies that “have all responded to open source attacks using the means they have.”

Stenberg said that “I don’t think they make any big dent at all in the big scheme of things.” They might get some attention initially, “then two years later we all forgot about them, and they actually didn’t change much.”

Ideally, everyone could get on the same page, Zenla said. “The best way to do this is if people actually collaborated on a global scale on some sort of regulation around this, but that seems nearly impossible at the current moment,” she said. (The United Nations’ Open Source Week runs all this week.)

But if there’s an upside to the spate of attacks on open-source software, it’s the energy it gives to how better to secure it, Lorenc said, invoking the political saying to never let a good crisis go to waste.

“Everyone knows the industry has to change,” he said. “This is a really good crisis, and the right things are happening in the right places, and organizations are rethinking their culture around software development, and they know what they have to do. It’s just something that’s never been top of the priority list for the last 10 years. Now it is, and they’re doing it, and it’s, ‘Can we do it fast enough?’”

The post Open-source security is posing challenges governments can’t easily solve appeared first on CyberScoop.

President Donald Trump signed two executive orders Monday to accelerate the federal government’s transition to post-quantum encryption and reprioritize government financing to support the domestic quantum computing industry. 

The orders, which CyberScoop first reported on last year, direct the government to throw its weight behind the quantum computing industry. They are part of a broader effort by the Trump administration to put its stamp on the development of another key emerging technology.

In May, the Department of Commerce announced letters of intent for more than $2 billion in federal financing incentives for nine quantum companies under the CHIPS and Science Act. Last year, the administration did something similar with its AI-focused executive orders and action plan that created special federal export programs for AI technology and equipment, directed federal agencies to mobilize federal financing tools to support the industry, and cut or curtail regulations that the administration said may impede domestic growth. 

Ahead of the signing, sources previewed details of those orders to CyberScoop. Per one of those sources, who spoke on condition of anonymity to discuss pending administration actions, a “whole of government approach is used to empower research and development into quantum computing, as well as quantum sensing [and other resources].”

They described the Trump administration’s attitude for propping up industry as “don’t let us miss out on prioritizing the feeders for the research or the development of quantum.” 

The second order requires federal civilian networks to adopt quantum-resistant encryption faster than the current 2035 deadline. The new encryption algorithms, vetted by the National Institute of Standards and Technology, will protect against future quantum computer attacks. 

Agencies that miss the new deadline must report to the Office of Management and Budget explaining why. 

On hand for the signing were Department of Energy Undersecretary for Science Darío Gil, Department of Commerce Secretary Howard Lutnick, National Cyber Director Sean Cairncross, Defense Secretary Pete Hegseth, Federal Chief Information Officer Greg Barbaccia, and Office of Science and Technology Policy Director Michael Kratisos.

Multiple executives from technology companies were also on hand for the order’s signing, complimentary of the government’s efforts in boosting the industry.

“IBM applauds the Administration for taking this important, timely step forward,” said IBM CEO Arvind Krishna in a statement. “Sound policy, sustained investment and public-private partnership are vital to sustaining U.S. quantum leadership and technological resilience. We’re proud to keep building on this foundation — strengthening U.S. competitiveness and bolstering national security as we shape the quantum future together.”

“At Google, we are proud of our sustained breakthroughs in quantum computing and post-quantum cryptography,” said Google President and Chief Investment Officer Ruth Porat. “Quantum computing is a transformational technology that can advance national security, drug discovery, energy solutions and more.”

Update; 6/22/26; 5:20 p.m.: This story was updated after the signing with details about the orders, signing ceremony attendees, and comments from IBM’s Arvind Krishna and Google’s Ruth Porat.

The post Trump executive orders speed up post-quantum migration, boost industry appeared first on CyberScoop.

The Senate Judiciary Committee approved a new bill this week that seeks to prevent unauthorized deepfakes of American artists, performers and public figures. While the bill sailed through a committee voice vote, both Senators and outside groups say they’re worried it could become a tool for the powerful to quash free speech. 

The NO FAKES Act, introduced by Sens. Chris Coons, D-Del., and Marsha Blackburn, R-Tenn., would give Americans near-exclusive rights to their own digital AI replicas, and those rights live on, passing to heirs, executors and estates for at least 70 years after an individual dies.

While living, creators would be able to essentially license their likeness and image to others, over 10-year contracts for adults and 5 years for minors.

It would also permit individuals to sue anyone who uses their AI-generated image without permission, and pay up to $750,000 for violations. Blackburn submitted letters of support for the bill from more than 40 groups, including the Screen Actors Guild – American Federation of Television and Radio Artists, the American Medical Association, Creative Artists Agency, the Broadcasters’ Associations and the Human Artistry Campaign.

“It is imperative that we put this national standard in place for voice and visual likeness protection of creators, to protect from proliferation of harmful AIgenerated deepfakes that are created without their consent,” said Blackburn in a Thursday markup of the bill.

The introduction of consumer-grade AI tools has made it trivial to create convincing deepfakes of real individuals and public figures. The harms are well documented: bad actors have used them to create nonconsensual pornography or sexualized media of people they know, create child sexual assault material (CSAM) , and blackmail or humiliate individuals.

Artists have faced real challenges in the AI era when it comes to controlling their digital likeness. Last year, the Better Business Bureau warned that its Scam Tracker had been flooded with complaints about AI-celebrity endorsement scams. These included  deepfakes of Oprah Winfrey promoting weight loss products, Kim Kardashian pleading for donations to fight California wildfires, and pop star Taylor Swift and celebrity chef Gordon Ramsay endorsing cookware.

In the political arena, candidates now create deepfakes of their political opponents, putting words into their mouths or placing them in embarrassing or humiliating situations. Online, disinformation actors have repeatedly spread AI-generated videos and images of politicians like Donald Trump, Kamala Harris, and even regional or local politicians saying or doing scandalous things.

The bill represents one of the most aggressive attempts by U.S. policymakers to protect the digital commercial rights of artists and public figures. New York, for instance, passed a law this month that requires film and television advertisers to publicize when they’re using deepfakes in ads, but does not create a similar copyright regime for artists’ likeness. A Tennessee law, The ELVIS Act, that prohibits the unauthorized use of an individual’s voice and likeness and creates secondary liability for large platforms that publish or distribute the content.

The NO FAKES Act faces opposition from an alliance of tech business and digital rights groups. They argue the bill  fails to balance the commercial rights of artists to control their own image with longstanding First Amendment constitutional rights to free speech and parody.

Amy Bos, vice president of government affairs at NetChoice, a trade association for online businesses, said that while her group supports legislation that prevents unauthorized AI generated deepfakes, “good intentions do not make good law.”

“As written, this bill creates a dangerous financial incentive for platforms to aggressively over-remove lawful content, burdens creators with an unworkable counter-notification system, and fails to deliver the uniform national standard its sponsors promised,” Bos said in a statement.

Many digital civil groups agree with that view. A broad coalition of policy groups – including the American Civil Liberties Union, the R-Street Foundation, the Center for Democracy and Technology, the Electronic Frontier Foundation and others – wrote to the Senate Judiciary Committee this week to urge members to oppose the bill in its current form.

They argued the current bill creates a “Heckler’s veto” over most online content, allowing artists, public figures and advocacy groups to flood the notification system with takedown requests for content they don’t like. Similar to a law already on the books, the Digital Millenium Copyright Act, virtually all the incentives in the bill push platforms to be overaggressive in taking down content, regardless of whether it violates the law or not.

This approach could end up quashing not just unauthorized ads but also scores of other likely First Amendment protected uses, such as education, humor, satire and parody.

In 2023, a humorous AI-generated image of Pope Francis in a puffy Balenciaga jacket went viral. Under the NO FAKES Act, the coalition says that post would be illegal for anyone to post until nearly 2100.

In the political arena, both Republicans like Trump and Democrats like California Governor Gavin Newsom have used AI deepfakes to skewer their political opposition.

“A law that undermines free expression will struggle to survive constitutional review,” the groups wrote. “In the meantime, it can do lasting damage, both to lawful speech and to the autonomy of the people it claims to protect. We urge the Committee not to advance the NO FAKES Act in its current form, to examine how existing state and federal law already addresses the legitimate harms the bill seeks to address, and to pursue narrowly tailored solutions only where a genuine gap remains. We would welcome the opportunity to assist.”

While the bill passed by voice vote and with broad support, multiple Republican and Democratic members of the committee said they had similar concerns and expressed a desire to continue tweaking the bill further before passage into law.

In the Senate meeting, Coons appeared to dismiss those charges, arguing that changes made to the bill ahead of markup adequately address any First Amendment concerns.

“I want to be clear, NO FAKES includes features that protect free speech,” Coons claimed. “Parody, satire documentaries, biopics, newscasts, they’re all protected and we built in appropriate counter notification processes and exempted research libraries and archives.”

The post Congress tees up No FAKES Act, aiming at AI-generated deepfakes appeared first on CyberScoop.

Accenture announced Thursday it would acquire a majority stake in industrial cybersecurity firm Dragos for $3.25 billion and purchase two smaller security companies outright, essentially making a $4.18 billion bet that defending the IT networks of power grids, pipelines, factories and critical infrastructure sectors will become one of the defining challenges of the AI era.

The deals — which also include two Austin, Texas-based companies, runZero and NetRise —  represent a significant strategic pivot for Accenture toward operational technology (OT) security,  a segment of the cybersecurity market that has long been underfunded relative to traditional IT defenses. The announcement comes as the consulting giant faces pressure on its core business from the same AI tools reshaping the threat environment it is now moving to address.

Dragos, founded in 2016 by former intelligence specialists and based in Hanover, Maryland, has built what the industry regards as a leader detecting threats in OT environments. Its proprietary dataset of industrial threat intelligence has made it a trusted partner to critical infrastructure operators globally.

RunZero specializes in asset discovery and attack-surface intelligence — essentially mapping what is connected to a network and identifying where it is exposed. NetRise focuses on firmware-level visibility and software supply chain security, areas that have drawn increased scrutiny since high-profile incidents revealed how deeply embedded vulnerabilities can propagate through industrial device ecosystems.

Dragos co-founder and CEO Robert M. Lee will continue leading the combined entity, which will operate as an independent business under Accenture’s ownership. The CEOs of runZero and NetRise, HD Moore and Tom Pace, respectively, along with NetRise’s chief technology officer Michael Scott, will join Dragos as senior executives.

The acquisitions are not Accenture’s first move in OT security. The company acquired Cimation in 2015 and Revolutionary Security in 2020, along with several other OT-focused firms. 

Thursday’s deal, however, is of a different scale and ambition. Where previous acquisitions built out Accenture’s services capabilities, the addition of Dragos, runZero and NetRise moves the company firmly into OT cybersecurity software, a market it had not previously entered at scale.

Accenture and Dragos describe this expanding environment — which also encompasses Internet of Things devices, cloud-connected sensors and related IT infrastructure — as “xOT.” The concern is that as AI is integrated into industrial decision-making, the attack surface grows. At the same time, adversaries are using AI to shorten the window between compromising an IT network and pivoting to OT systems underneath it.

Despite that convergence, most cybersecurity budgets remain concentrated on traditional IT, leaving critical infrastructure comparatively exposed. The OT cybersecurity services market is estimated at roughly $7 billion in 2026. The broader OT cybersecurity market, which includes software, is estimated at $27 billion this year and projected to reach nearly $59 billion by 2031, growing at approximately 16% annually.

“Our energy and water systems, manufacturing plants, data centers and other operational environments need cybersecurity built from the ground up for xOT and designed to keep pace as threats evolve. The consequences of getting it wrong become societal threats,” Lee said in a release. “Organizations need solutions, not a patchwork of software and services. The addition of runZero and NetRise will allow the Dragos Platform to be a unique end-to-end platform for global defense, and Accenture will bring its decades of trusted relationships and deep expertise to help us scale and secure more critical infrastructure and physical operations globally.”

The transactions are expected to close in August or September, pending customary regulatory approvals.

The post Accenture shells out $4.18B on three companies in big industrial cybersecurity push appeared first on CyberScoop.

While Washington D.C. frets over the potential impact of Anthropic’s Claude Fable 5, security researchers continue to track how the integration of frontier AI tools are transforming the digital security landscape for malicious hackers and defenders alike.

The breakneck speed of model releases may be creating short, silent security gaps for developers who must choose between performance and security, according to a new report.

Researchers at Backslash Security pored through update logs for Claude Code, Anthropic’s flagship coding model, finding the company was patching dozens of newly discovered security vulnerabilities in the program between April and early June 2026.

The logs revealed the details of more than 30 security relevant patches implemented over that timeframe, but Anthropic did not publicize them. Instead, Backslash Security researchers found them by reviewing update logs for every new version of a Claude Code release in the last two months, noted the security-relevant fixes and traced each one back to the version and date it shipped.

The patches included fixes for data poisoning, prompt injection and arbitrary code execution vulnerabilities. One bypassed core safeguards put in place to prevent Claude Code from accepting catastrophic deletions commands, such as erasing an entire codebase, by adding a single backslash to the command. Another leaked user OAuth credentials, while a third allowed an AI agent to plant a backdoor in shell startup files.

There is nothing inherently odd about this: most companies regularly update and patch their software  and anyone who had auto-updates turned on would automatically be switched to the newest, secure version of Claude Code.

But Yossi Pik, co-founder and chief technology officer at Backslash Security, told CyberScoop that the research concluded “the way AI agents are released is different than previous software.”

“We debated internally, because when I originally said I wanted to write about this, I was told ‘Okay, every company has the [same] issue, then they patch and fix,” he said. “This is the nature of software, but I think that what makes this unique is the cadence and frequency of the releases.”

AI companies keep a ferocious pace when updating their models. Claude Code’s changelog indicates there have been 16 different versions through the first half of June, while OpenAI’s Codex was updated 6 times.

Because model updates often bring short-term performance and stability issues, software developers typically wait a week or more before upgrading to a new version.

These time gaps create small windows of vulnerability and force developers to choose between security and performance. The report identifies several reasons why developers don’t automatically update their AI models, including companies that may rely on internal vetting or release schedules, operate in regulated or air-gapped environments where model versions are frozen, and the need to maintain long-running sessions or use manual installations.

Pik said some IT and security teams have also told him they prefer not to install any new version of an AI model without letting it run on other environments first.

“You don’t have that much flexibility, either I go to the latest and I’m getting a less stable version [of the model] or I’m waiting for a few days or a week until I can install it, and hope that nothing would happen during this time,” said Pik.

The Backslash report is not intended as a dig at the security rigor of Anthropic, noting the company tends to “patch fast and document more than anyone” and has addressed every issue and vulnerability identified in the report.

Rather, it’s to highlight the series of mostly silent and persistent security exposures that an organization faces when adopting AI into their workflow.

Other software programs and technology products face similar tradeoffs through different updates, but most of the vulnerabilities detailed in the change log – such as getting an agent to leak data or accept malicious prompts – are unique to large language models and AI systems.

That means integrating AI tools can bring new security problems to an organization, both from outsiders who can poison or influence the model and insiders who can maliciously or accidentally direct the model to access or leak systems, data and identities.

For most Claude Code users, this process runs automatically in the background. Yet Yik points out that just as AI is transforming work itself,  it’s also changing how we need to approach software security and updates.

“It should not be compared to [Microsoft] Office that is installed and gets patched once in a while,” he said. “It’s a completely different beast that keeps evolving, and we don’t want to limit it…I think that it’s great for everyone. We just need to make sure that we do it in a secure way, and every organization should understand what that means for them.”

The post AI’s constant patching treadmill can be a security problem appeared first on CyberScoop.

A policy paper published Tuesday advocates for software bills of materials (SBOMs) for artificial intelligence as a mechanism for reducing cyber risk and improving transparency, and seeks to give lawmakers, federal agencies and others a roadmap on how to proceed.

The SBOM, commonly described as an inventory of software ingredients, emerged in the 2010s and has expanded beyond software to include hardware and AI.

But the paper from the Institute for Security and Technology, which CyberScoop is the first to report on, argues that AIBOMS require foundational work before they can be widely implemented.  This comes as some companies are already offering AIBOM services and other organizations are actively shaping AIBOM policy.

“What we’re worried about is we would end up in a ‘fire, ready, aim’ situation where everyone was doing it, but we were all doing slightly different things,” said a co-author of the paper, Allan Friedman, who has worked on SBOMs in multiple U.S. government roles. “If we don’t have a shared vision, it becomes a lot harder to have a coherent policy. It becomes a lot harder to have common tools and interoperable data and it becomes a lot harder to use the data that we’re tracking to actually deliver on the promise of supply chain transparency.”

The idea for the paper sprung from discussions with Hill aides and Pentagon staffers, Friedman said, and people like them are the target audience as well.

A key premise is that AIBOM policy needs to explore the topic from two sides.

“How do you solve the chicken-and-egg issue, where no one’s providing the data, so no one’s asking for it, and no one’s asking for it, so no one’s providing it?” Friedman told CyberScoop. “The answer is, you have to go from both supply and demand.”

On the supply side, “An AIBOM should capture relevant details about the models and datasets used for training, fine-tuning, evaluation, validation, testing, retrieval, grounding, augmentation, or other model development or operational purposes,” the paper suggests.

“The demand side begins with some form of forcing function or requirement that organizations understand what is in the products they manufacture and sell,” it states, with one such requirement potentially being an industry mandate to require the tracking of system components — for example, like the “lightweight” standards used in the payment card industry on data security that isn’t overly exact about how components should be tracked.

But it could also include government regulations or contracting conditions, Friedman argues with his Institute for Security and Technology colleague Nick Leiserson. (The scope of government directives on AI is a topic of considerable debate on Capitol Hill and within the Trump administration right now.)

Friedman said the paper isn’t meant to be the be-all, end-all, and acknowledged the prior work of organizations like the Open Worldwide Application Security Project (OWASP) and Linux Foundation.

“We’re not saying this is a brand new topic, nor are we saying that AIBOM will solve all AI security issues,” he said. “I’ve been fighting this fight for SBOM for a decade. You know, SBOM will not pick up your dry cleaning.”

And as AI continues to evolve rapidly, that means papers like the one published Tuesday are just at the beginning of the discussion, Friedman said.

The post A case for how to shape ‘ingredient lists’ for AI models appeared first on CyberScoop.

Last Friday, the Trump administration sent a shock through the tech ecosystem when the Department of Commerce levied export controls on Anthropic’s new AI model Fable 5.

Anthropic has taken steps to limit the risks around the commercial sale of its Mythos model, including declining to release it publicly, funneling it to organizations for cyber defense and developing guardrails for Fable 5 that would default its answers to older, less powerful models around sensitive topics like cybersecurity and biological warfare.

But the Trump administration was reportedly alarmed by recent reports from Amazon and another cybersecurity researcher claiming to have jailbroken Fable 5 within days of its public release, and determined that if researchers in the U.S. could jailbreak the model, so could America’s foreign adversaries.

The Commerce Department’s decision spurred Anthropic to shut off the models for all users as they attempted to convince the White House to change course.

But some cybersecurity and AI experts have sharply disagreed with the White House’s actions, saying the research has not demonstrated that anyone has been able to circumvent Fable 5’s safeguards and access the kind of dangerous new capabilities that have worried officials.

Katie Moussouris, a well-known cybersecurity expert, said Monday that Anthropic provided her with a copy of third-party research on guardrail bypass techniques for Fable 5.

According to Moussouris, the researchers asked three Claude models – Fable 5, Mythos and Claude Opus – to review batches of known, vulnerable open source code for security issues. Fable 5 initially refused the request, but the researchers were able to use “a multistep and manual process” to get Fable 5 to turn the output into automated scripts that could test patches for the vulnerability.

Third-party research since Fable 5’s release has not found ways to bypass its safeguards around hacking. The capabilities researchers have demonstrated are foundational to what makes Fable 5 and other frontier models valuable for cybersecurity defense.

“Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works,” she wrote. “That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day.”

Moussouris previously provided technical expertise to the Waasenaar Agreement, a voluntary multilateral security agreement around controlling exports for both munitions and dual use technology that includes the U.S. and dozens of other countries.  Based on the research she’s seen, she called placing export restrictions on all foreign sales of Fable 5 “heavy handed” and “misguided.”

Some lawmakers who in favor of higher regulations and scrutiny on the national security implications of AI were nevertheless critical of the White House decision. Senator Mark Warner, D-Va., told CyberScoop in a statement that while “there may be circumstances where restrictions on the export of frontier AI models are warranted,” those decisions must be “grounded in a transparent, risk-based process with clear rules and consistent standards.”

The Trump administration’s approach, he argued, has been the opposite, and he called for Congress to pass a statutory framework for testing and approving frontier AI models based on transparency, predictability and fairness.

“This administration has repeatedly shown a willingness to weaken export controls designed to protect our national security and maintain our technological edge over adversaries, while also making no secret of its hostility toward Anthropic,” said Warner. “That raises serious questions about whether this effort is being driven by objective national security concerns or something else.”

Anthropic said it subjected Fable 5 to 1,000 hours of testing from internal and external red team, reporting that no universal jailbreaks were found that would remove those guardrails or allow the model to access Mythos for cyber and biology work.

Moussouris is far from alone. She is one of dozens of cybersecurity experts who signed an open letter Monday calling on the Trump administration to “Free Fable.”    

The researchers say that while Mythos-class models are “quite good” at identifying and exploiting vulnerabilities in software code, they “are not uniquely good” compared to other frontier models they use every day for cybersecurity defense.

For example, despite OpenAI’s Daybreak model offering similar vulnerability discovery and patching capabilities. It was not included in the Commerce Department’s restrictions.

The researchers also note that Fable 5’s guardrails have been notoriously oversensitive compared to other frontier models used by red teamers, becoming “a source of humor in the cyber community on launch day” as IT and cyber workers reported online that they couldn’t get the model to perform basic defensive cybersecurity tasks.

The letter questions whether the issues found in the jailbreaking reports would even qualify as offensive capabilities, and note they can be reproduced in other commercial and open-source models, including GPT 5.5, Claude Opus, Claude Sonnet and Chinese models like Kimi 2.7.

“The justification for this unprecedented action was that Fable provides a unique ‘uplift’ of capabilities beyond other AI models, but AI has been finding bugs and generating working exploits at superhuman levels since last year,” they wrote.

The White House decision comes as AI companies face increasing backlash from a public that is now overwhelming calling for more robust government intervention.

A Johns Hopkins University poll in May found broad, bipartisan support for AI regulations, with 73% calling for bans on AI-generated images and video, 68% calling for labels on AI content, 75% wanting disclosure laws around when they interact with AI chatbots and 70% calling for “the right to interact with a human rather than an AI in medical, legal, educational and government settings.”

Another global survey of 18,000 people released this week found that the top four concerns most people have around AI all revolve around the tool’s ability to spread misinformation, create deepfakes to embarrass or hurt others, making it easier for criminals to hack into victim networks and helping terrorists create new weapons.

Senior reporter Tim Starks contributed reporting for this story.

The post Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat  appeared first on CyberScoop.

Microsoft addressed a whopping 206 vulnerabilities lurking in its vast portfolio of business products and foundational systems in this month’s Patch Tuesday update, marking the vendor’s largest monthly batch of security patches on record, according to researchers.

The massive assortment of vulnerabilities in Microsoft’s latest defect dump accentuates an alarming trend across technology — fears and warnings about a roaring flood of error-riddled software have materialized. And the disease is spreading. 

“It is extraordinary that Microsoft can produce so many patches in a single month, but it does raise concerns,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a blog post Tuesday.

Researchers consistently highlight the role artificial intelligence is playing in discovering more vulnerabilities and aiding in the development of patches and testing. Childs isn’t alone in wondering if this is the new normal and how that will impact defenders’ strategies for patch prioritization and deployment. 

“Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday,” Satnam Narang, senior staff research engineer at Tenable, said in an email.

This vulnerability flood isn’t a one-off or rare event. Half of Microsoft’s Patch Tuesday updates through the first half of this year contained a volume of defects well into the triple digits. 

“The current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018,” Childs wrote. 

Microsoft disclosed three vulnerabilities — CVE-2026-45586, CVE-2026-50507 and CVE-2026-49160 — that were publicly known at the time of release, but not yet exploited in the wild, according to the company. 

Yet, in an out-of-band update May 19, the vendor did disclose and release a patch for CVE-2026-41091, an actively exploited zero-day vulnerability affecting Microsoft Defender.

Microsoft disclosed one max-severity vulnerability — CVE-2026-48567, affecting Azure HorizonDB — and nine defects with critical CVSS ratings. The company designated 15 of the vulnerabilities it addressed this month as more likely to be exploited.

The full list of vulnerabilities addressed this month is available in Microsoft’s Security Response Center.

The post Microsoft breaks Patch Tuesday record with 206 vulnerabilities appeared first on CyberScoop.

Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly.

On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and bioweapons research.

Anthropic said Claude Fable 5 was the “same underlying model” as Mythos, but its responses for certain topics like cybersecurity and biology will be drawn from a previous Claude Opus model that is already public.

“Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” the company said in a draft blog sent to CyberScoop ahead of the announcement. “We’ve therefore launched the model with safeguards that route queries on a narrow set of topics to our next-most-capable model, Claude Opus 4.8.”

Anthropic also said they subjected Fable 5 to both internal and external red team testing for common model vulnerabilities, like jailbreaking. Anthropic said these tests identified no known “universal” jailbreaking techniques, but does not specify if partial jailbreaking techniques were discovered.  

The company is betting that won’t change when Fable 5 is made available to the broader public, but it’s worth noting that cybersecurity researchers have consistently found ways to jailbreak older AI models.

“The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures,” the company wrote.

Anthropic is changing its data retention policies for Fable and Mythos models, keeping all user traffic for 30 days on both its own platforms and third-party services. A White House executive order creates a voluntary framework for AI companies to share frontier models with the government up to 30 days before public release. The company says the retained data won’t be used to train new Claude models or for “any non-safety-related-purpose.”

Following publication, a spokesperson for Anthropic told CyberScoop the company’s data retention policies “are specific to their safeguards work and is unrelated to the EO.”

Most organizations are still deciding whether to adopt AI into their IT and cybersecurity ecosystem.  But models like Mythos can scan for vulnerabilities, chain together exploits, and steal data from a victim network in minutes. Automation in hacking existed before AI, but experts have said frontier models like Mythos and OpenAI’s Daybreak can allow even low-level cybercriminals to wreak havoc.

While Anthropic cited its commitment to developing safe and secure AI in its reasons for not publicly releasing Mythos, many organizations have been clamoring for access, and its enhanced cybersecurity functions in cybersecurity and other areas have been the subject of congressional hearings, national security papers and White House executive orders.

Releasing a limited version of the model in Fable 5 represents an attempt to split the difference between those two desires. Anthropic said it would release follow up benchmarks and assets for the model.

So what can Fable 5 do? 

Anthropic said it’s possible the restrictions built into Fable will make it harder for the model to fulfill both malicious and legitimate user requests.

“Because we have prioritized safety, we’ve deliberately tuned the safeguards to be cautious, and they are still stricter than would be ideal—for example, sometimes benign requests will trigger our classifiers,” the company wrote. “We recognize that this will be frustrating to some users, and our aim is to reduce false positives as we update and refine the safeguards after launch.”

If Fable 5 draws its cybersecurity and biology answers entirely from Claude Opus 4.8, it will still provide users with impressive – though not unique – dual use cybersecurity capabilities.

According to the system card published for Opus 4.8, the model is a slight improvement on previous models like 4.7 in the realm of cybersecurity but was “generally much less capable than Mythos Preview.”

Opus 4.8 was tested on its ability to write complete end-to-end exploits and build exploit primitives that provide attackers with the ability to execute arbitrary code. It averaged a score just 5 out of 16 in proficiency, compared to Mythos Preview which scored closer to 10.

Without safety guardrails in place, Opus 4.8 can still reproduce nearly 80% of previously discovered vulnerabilities in real open-source software projects when given a high level description of the weakness. The system card said Anthropic’s unspecified safeguards whittle this success rate down to 1%.

Another test assessing Opus’ ability to develop exploits for the popular Firefox browser found that, again without guardrails, the model could identify a full working exploit 8.8% of the time and a partial working exploit 68.8% of the time.

The company also said that members of Project Glasswing – a consortium of public and private businesses given access to a preview version of Mythos – will be able to upgrade to the latest full model, Claude Mythos 5, to continue their work. Access to Mythos 5 will be expanded over time “through a more systematic trusted-access program” including federal agencies.

The post Anthropic’s new model is Mythos on a leash appeared first on CyberScoop.

Microsoft reopened some wounds and has reignited debate over the past couple weeks about vulnerability disclosure and the sometimes adversarial dynamic it creates between security researchers and vendors. 

The latest controversy ensued when Microsoft threatened criminal legal action against a security researcher who publicly disclosed a series of zero-day vulnerabilities with proof-of-concept exploits. Microsoft insisted it received no details about the vulnerabilities prior to release, adding that the defects were not responsibly disclosed and put its customers at unnecessary risk.

The public dispute between Microsoft and the researcher known as “Nightmare Eclipse,” who couldn’t be identified or reached for comment, sparked dismay among some security professionals. Microsoft’s forceful response and the resulting backlash revived a friction point between vendors and researchers who find and report flaws in the software they sell.

“The fight is being argued as coordinated disclosure, but the grievance underneath is personal and specific in a way disclosure shouldn’t be, especially with a vendor that has been at it for so long,” Katie Moussouris, founder and CEO at Luta Security, told CyberScoop.

“Microsoft seemed to get emotional and shouldn’t have publicly said anything, but somehow felt justified in calling out a researcher and involved law enforcement in the same breath,” she said. “That puts them right back in the first stages of vulnerability disclosure grief: denial and anger.”

The former longtime Microsoft employee who ran outreach with the security community, created the company’s first bounty program and has given conference talks on the subject as far back as 2013, said the company doubled down on its lack of responsibility in the whole saga.

Microsoft declined to answer questions in the wake of the fallout.

Nightmare Eclipse hinted at a breakdown and impending battle with the vendor in a series of blog posts leading up to Microsoft’s missive about the vulnerabilities RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma.

Attackers exploited three of the six vulnerabilities Nightmare Eclipse released before they were patched by Microsoft.

The researcher claimed Microsoft refused to communicate, didn’t pay or credit them for discovering and reporting some of the vulnerabilities, deleted the Microsoft Security Response Center account they used to disclose vulnerabilities and flagged their GitHub account for removal. 

“You are proving to everyone that you are actively escalating this conflict,” they wrote, before threatening Microsoft with a release in mid-July that “will make sure your bones are shattered that day.”

Vulnerability disclosure is a two-way street

The characteristics of proper vulnerability disclosure processes are nuanced and often framed in the eyes of the beholder.

Any successful dance between bug hunters and vendors comes down to meeting each other halfway, said Andrew Morris, founder and chief architect of GreyNoise. 

While vendors must fix software defects and prioritize security, Morris noted that irresponsible vulnerability disclosure harms both incident responders and potential victims. 

“Personally, I feel like this researcher is being extremely petty. It seems like they have an ax to grind,” he said.

“You’re not allowed to give somebody something and say it’s out of the kindness of your heart, and then be pissed when they don’t pay you for it.” 

But Morris also made clear that vendors bear responsibility for building trust with researchers.  

“If you actually care about being the first one to know about bugs in your software, not learning about it once harm has happened, or once somebody’s gotten popped, then you want to cultivate that trust with the security community,” Morris said. 

Microsoft said it recognizes that the relationship between security researchers and vendors is critical and, at times, fragile. 

“We deeply value the security community, and will continue to take your feedback seriously,” the company said in its post on X. 

Yet, the company remains steadfast in opposing the circumstances of Nightmare Eclipse’s disclosures, describing their actions as illegal, unjustifiable and irresponsible. 

“When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate,” Microsoft said without naming the researcher by their moniker. “We continue to believe strongly in coordinated vulnerability disclosure as the foundation for protecting customers and improving our products. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.”

The cost of pushback

Security researchers seek out defects for various reasons: bounty payouts, recognition, industry credibility, or simply the thrill of the hunt that comes with finding vulnerabilities and getting them fixed.

At its best, this process happens behind the scenes, with patches released and customers warned before exploitation occurs.

This collaborative approach has taken root and improved considerably, but there are still cases where researchers feel slighted. 

“The public has no idea what went on behind the scenes to judge why a researcher that previously coordinated finally had enough and decided to drop a zero-day [vulnerability],” Moussouris said. As such, she’s less inclined to criticize Nightmare Eclipse’s actions, adding that “they come off as someone who needs help.” 

Yet, trust breaks down between vulnerability researchers and vendors often. Earlier this week, security researcher Ammar Askar claimed his last interaction with Microsoft’s security team was so poor that he decided to publicly disclose any bugs he finds in VS Code going forward. He made good on that threat by dropping a vulnerability and exploit code for a defect that allows attackers to steal GitHub tokens. 

While actions like this can sabotage trust and drive a wedge between vendors and vulnerability researchers, recourse to a large extent is limited. Moussouris said most of the time, the legal and ethical boundaries are clear to those involved. Researchers can report bugs, withhold them, sell them, or publish them. “The one red line is crime: using a flaw to extort or attack people,” Moussouris said. 

“Threatening to publish on a set date is a threat to disclose, and disclosure is lawful. You can find the tone ugly. [Nightmare Eclipse] still broke no rule and violated no duty.” 

The timing couldn’t be worse 

Both sides are partly responsible for what happened, but Microsoft made things worse, Morris said. Threatening legal action and taking an aggressive approach have never worked. Building a good relationship between researchers and vendors requires open communication and trust. 

“I thought we were past this. It turns out that we are not,” he said. 

The Nightmare Eclipse incident comes at a fraught time in this space. Vendors and their customers are confronting a deluge of more vulnerabilities, and the rise of artificial intelligence models that discover them is exacerbating this challenge, leaving security experts alarmed about what’s coming.

The prospects for where vulnerabilities will be discovered and exploited next, and to what impact, are unknown and wildly unsettling. 

These signals imply that the classic, CVE-based system with responsibly disclosed processes is probably broken, Morris said. “There’s just so many CVEs. It’s like, is this even working anymore?”

For now and despite all its faults, coordinated vulnerability disclosure programs are widely viewed as the most sensible and scalable approach to this dilemma.

“Coordinated disclosure is what happens when a vendor gets lucky. Someone they did not hire hands them a real bug instead of using it or selling it. That puts the whole burden of keeping coordination alive on the vendor,” Moussouris said. “Silent patching with no CVE and calling out researchers who don’t follow your timeline for disclosure squanders the vendor’s luck.”  

She stressed the stakes: “I hope Microsoft and all vendors learn that coordinated vulnerability disclosure is a gift and a grace from the security researcher community to them, and public disclosure is still better than non-disclosure or crime.”

The alternatives to a deteriorating relationship could wreak havoc and leave every vendor and customer more susceptible to attack. 

“If vendors unlearn how to receive free intellectual property and labor from the security community in the form of vulnerability reports with gratitude, we’re headed for a world where nobody bothers to give vendors any heads up, or they move to a timed disclosure model that gives no grace,” Moussouris said.

She concluded with a direct message: “Product vendors wrote the vulnerable code, own the risk, and they owe it to their users to do everything in their power to reduce that risk.” That includes “keeping their grievances to themselves and learning from introspection on coordinated vulnerability disclosure gone wrong.”

The post Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away appeared first on CyberScoop.

The White House has updated rules for federal agencies to keep logs of significant cyber activities in their networks, touting it as a measure to cut back on red tape and focus on how cybersecurity risks have evolved.

The Office of Management and Budget memorandum, released Friday, replaces a 2021 memo signed by then-President Joe Biden. It continues revisions that President Donald Trump has made to federal cybersecurity guidance under his predecessor.

The new memo, M-26-14, nods at the intentions of the earlier memo, M-21-31, saying that “Implementation of that memorandum improved foundational capabilities across agencies” to establish standards for logging and improve agencies’ record-keeping for the purposes of detecting and responding to cyberattacks.

“However, some requirements, such as the retention of vast quantities of logging data without clear utility, proved neither operationally feasible nor cost-effective for most agencies,” last week’s updated memo states. “To address these inefficiencies and the evolving cyber threat environment, this memorandum directs agencies to employ a risk-based, prioritized logging approach.”

There have been calls for the idea of updating the 2021 memo, and one observer praised the new version to CyberScoop. Another analyst, however, questioned how much harm the Trump administration might do by rescinding the earlier memo before having all of the new memo’s directives in place.

One directive is for the Cybersecurity and Infrastructure Security Agency to develop a “logging reference architecture” within 90 days that prioritizes the objectives of conducting continuous event monitoring and enabling investigations of forensic analysis after a known or suspected compromise.

Agencies would have another 90 days to submit a logging plan that adheres to those principles. The memo also establishes a new model for measuring agency progress in implementation. Multiple government watchdogs have concluded that agencies weren’t meeting the prior memo’s benchmarks.

The new memo “sharpens focus on real-time threat detection and the ability to investigate and recover after a cyber attack,” John Harmon, regional vice president of cyber solutions at Elastic, told CyberScoop. “It gives agencies the flexibility to build logging architectures that fit their specific mission.”

Harmon also praised the memo’s recognition of artificial intelligence risks to cybersecurity, and the revised maturity model.

But Nick Leiserson, senior vice president for policy at the Institute for Security and Technology think tank, said the timing of the replacement memo and the rescinding of the previous memo will give agencies a reason not to budget and prioritize logging for a period of time that adds up to six months or more.

“Moving from that to nothing is not ideal, and that’s essentially what this is doing,” Leiserson, who served in the Biden administration’s Office of the National Cyber Director, told CyberScoop. “This is saying ‘We’re rescinding 21-31 right now’ You won’t have any new guidance for at least 90 days, when CISA publishes this logging reference architecture, and it’s not clear to me why you would disaggregate that and not have the two of those things come out at the same time.”

The post White House charts new course for federal agencies and cybersecurity logging appeared first on CyberScoop.

President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing. 

Speaking to reporters in the Oval Office Thursday, Trump said he opted to delay the order “because I didn’t like certain aspects of it” and expressed concerns that it could harm U.S. AI industry competition with countries like China. 

According to multiple sources, a draft version of the order circulating in the last 24 hours would have set up a voluntary testing regime between the U.S. federal government and frontier AI companies that would allow the government to study new models for 90 days before they’re publicly released. In addition to the government, the draft order would also facilitate access to the models for cybersecurity testers in critical infrastructure sectors, like finance and healthcare.

The draft order empowered the National Security Agency to conduct classified evaluations of frontier AI models, while the Department of the Treasury would have set up a new information sharing agreement between AI companies and cybersecurity defenders in critical infrastructure.

Other agencies, like the Office of the National Cyber Director, the Cybersecurity and Infrastructure Security Agency and the National Institute for Standards and Technology, would also be involved in defining which models are covered under the vetting regime.

In some sense, the order would formalize an already cooperative relationship between AI companies and governments like the U.S. and UK, where tech-focused agencies and regulators have already been provided access to previous models ahead of their release for testing and evaluation. 

A former federal official who has seen the latest draft circulated before Thursday’s announcement told CyberScoop that based on their conversations with the administration, the order was intended to facilitate more robust testing from government agencies compared to evaluations conducted for previous models. They said that is in part a reflection of the federal government’s maturing understanding of AI technology over the past five years.

“In the past there has been containerized optionality for the intelligence community and others to take a look at things, but it was really a lot of hand holding [from AI companies] and self-explanation of what they expect this thing to do,” said the official, granted anonymity to discuss sensitive conversations with the administration. “And now the government is coming forward and saying now we feel we’re prepared enough for you to just give us your tool…and we’ll go from there.”

But it also represents a stark pivot by the Trump administration, which came into office openly dismissive of AI safety policies and arguing that they would inhibit U.S. industry. Trump’s latest comments in delaying the order echo those same attitudes. 

The former official said that while the Trump White House doesn’t view its mission as telling AI companies “don’t develop AI that can do X, which was perceived to be the previous administration’s role,” they also acknowledged the administration’s early rhetoric on AI regulation has painted them into a corner. 

“I think the biggest challenge the administration has is that their tone was ‘no institution of guardrails’ and they don’t have a better word for making sure that the capabilities of emergent frontier models don’t disrupt security than to say ‘let’s test it and institute guardrails,’” the official said.  

While debate about how best to regulate AI-related harms continues, most agree there are genuine national security concerns around the technology.

Ram Shankar Siva Kumar, founder of Microsoft’s AI red team, told CyberScoop that in 2019, his staff consisted of himself and a few other security and machine learning specialists. Now a much larger staff of technologists are supported by specialists in psychology, linguistics, bioweapons and other fields.

“Because of frontier harms, what we have done has really morphed,” Siva Kumar said.

The United States, along with Israel, Russia, Ukraine and others have already deployed AI in targeted military operations or integrated the technology into their larger command and control structure. AI is being used to supercharge drone warfare, global hacking campaigns, and sophisticated surveillance and targeting of military personnel and civilians, imbuing the engineering choices of frontier AI companies with life and death consequences.

Some congressional members who previously opposed allowing AI to make autonomous kill decisions on the battlefield have been reconsidering their position.

Rep. Don Beyer, D-Va., who co-chaired the Congressional AI Caucus and was appointed to a bipartisan AI task force in 2024. said that while he thinks “we need to guard against dehumanizing” those decisions, he also worries that adversarial countries will use the same technology against the United States.

“It’s like if we say that Americans have to have a human in the loop and the Chinese don’t have to have a human in a loop, the non-human one will beat the human one every time,” Beyer said at an AI conference in Washington D.C. earlier this month.  

Meanwhile, experts have been increasingly concerned about the technology’s impact on cybersecurity, as current models are remarkably good at finding software bugs and vulnerabilities, while newer models like Anthropic’s Mythos and OpenAI’s Daybreak are capable of chaining together multiple exploits to conduct more sophisticated attacks.

While state-sponsored hackers are experimenting with the technology and using it to gain targeted efficiencies in their hacking operations, cybersecurity experts in the private sector and law enforcement agencies say the technology has mostly benefitted cybercriminals and scammers.

The post Trump postpones executive order focused on AI security  appeared first on CyberScoop.

Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday.

“The open-source community is one that I’m particularly worried about when we start to think about rapid escalation of vulnerability discovery,” acting director Nick Andersen said, referencing a cartoon about how key technologies that underpin the internet are often maintained by a single person. 

In one recent attack, a hacker hijacked an account of a single open-source project maintainer to  publish malicious updates for axios, popular with software developers, raising the potential for attacks that could spread more widely. TeamPCP, a suspected North Korean hacking group, has been on a sweeping spree of open-source attacks.

“There’s tremendous opportunity here to re-architect areas … to make investments in areas where we know that we’ve been lacking, and to just force some hard security decisions to be made… where people thought that their risk profile was different than what it is,” Andersen said.  “We see the escalation in terms of speed, scale and velocity of vulnerability discovery to weaponization and exploitation.”

CISA has been working with industry and others “to modify our approach to vulnerability management, modify our approach to coordinated vulnerability disclosure, modify our approach to remediation, with the explicit understanding that we’re just not going to be able to keep up using traditional mechanisms,” Andersen said, speaking at the National Cyber Innovation Forum in Washington, D.C.

The government and private sector can work together to identify the biggest threats and then give them the right level of attention, he said. On the federal government side, that means working to get a full picture of the extent of reliance on open-source technologies.

Overall, the United States has put off too many necessary security improvements, Andersen said.

“Whether you look at the private sector or you look at our governments and public sector networks and systems that we’re supporting, there’s just a tremendous amount of technical debt that’s out there,” he said. We’ve not made the right level of investment required in order to be able to readily secure ourselves for the future.”

The post CISA chief frets about open-source vulnerabilities, delayed security improvements appeared first on CyberScoop.

Congress wants answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen.

Other security professionals also voiced concern Tuesday about the leak and the potential for abuse by any malicious parties who got a hold of the information.

Security firm GitGuardian said it discovered a public GitHub repository last week that exposed credentials for privileged AWS GovCloud accounts and internal CISA systems dating back to November. The repository, apparently maintained by a contractor, was named “Private-CISA.” 

Krebs on Security first reported the incident.

“My main fear … is that a state actor will get the data and might be able to do bad stuff,” GitGuardian security researcher Guillaume Valadon told CyberScoop that he thought to himself upon discovering the leak, after concluding it was real; he initially thought it looked fake.

State-based attackers who obtained the credentials “might be able to gain persistence,” Valadon said, “so for me it’s even worse than an attacker destroying everything, having someone in a governmental system — it’s really, really bad.”

A House Homeland Security Committee aide said the panel is seeking a staff-level briefing from CISA on the matter.

Mississippi Rep. Bennie Thompson, the top Democrat on the Homeland Security Committee, and Delia Ramirez, the top Democrat on the panel’s cyber subcommittee, had separately demanded a briefing Tuesday in a letter to CISA’s acting director, Nick Andersen. 

They said they wanted to learn “how this serious security lapse occurred, any potential security consequences, remediation activities, corrective actions related to the contractor personnel involved, and efforts to monitor for and prevent similar activity from occurring in the future.”

Sen. Maggie Hassan, D-N.H., also sent a letter Tuesday to Andersen, seeking a classified briefing to answer questions about which systems were exposed, what forensic work CISA did to evaluate potential damage and what corrective action it has taken.

“This reported incident raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches,” Hassan wrote in the missive first reported by Axios, particularly “regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure.”

Both letters pointed to personnel and budget cutbacks at the agency as a potential contributor to the incident.

CISA said it was looking into what happened.

“The Cybersecurity and Infrastructure Security Agency is aware of the reported exposure and is continuing to investigate the situation,” a spokesperson said. “Currently, there is no indication that any sensitive data was compromised as a result of this incident. While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.” 

The repository was reportedly maintained by a contractor at Nightwing. A Nightwing spokesperson referred questions to CISA.

The kind of exposure that happened for CISA “is an unfortunately painful, but common and repeated, if not relentless, way that we see organizations inadvertently leak very sensitive credentials to the wider web,” said Ben Harris, founder of WatchTowr, a company that helps organizations detect such exposures.

Harris told CyberScoop he didn’t want to speculate on what attackers who obtained the credentials might be able to do with it, but he said that it would be “terrifying” if the contractor was transferring information from work to home, as one researcher theorized.

Dave Mitchell, senior director of threat intelligence at Infoblox, told CyberScoop the incident showed the importance of teams having controls and audits in place across their repositories.

“Of all the things that keep me up at night, misconfigurations in GitHub are a recurring nightmare. It’s critical for so many organizations — all it takes is one accidental upload or misconfiguration and you’ve signed yourself up for a major incident,” he said in a written statement. “No need for a threat actor to use advanced techniques to compromise you if the keys are already sitting on the counter.”

Travis Rosiek, public sector chief technology officer at Rubrik, noted that the timing of the issue aligned with the government shutdown that only recently resolved for DHS. He said the incident showed the federal government needs to prioritize resilience.

“A persistent shortage of cybersecurity talent, combined with funding lapses, high workforce turnover, and an increasingly complex threat landscape, created the perfect storm for this scenario,” he said in a written statement to CyberScoop. “No organization is immune, and we must ensure that the federal government, which is responsible for helping protect the nation’s critical infrastructure and enhancing our cybersecurity posture, remains fully operational 24-7, 365 days a year.”

Without minimizing the severity of the incident, some researchers who have looked at the leak said there are mitigating circumstances that make elements of it defensible or, at least, understandable.

CISA acted very swiftly to remove the repository, Valadon said, once he alerted them to the leak.

And even if CISA has the right policies in place, human error still can make it difficult to entirely avoid incidents like this, Harris said.

“The reality is this happens every single day to different organizations, including cybersecurity companies,” he said, noting it would be different if it was a pattern. “This is not exclusive to CISA. I don’t really think it reflects well if we saw this every single day with CISA. … It’s not ideal that it’s even happened once, but the reality is that cybersecurity is people, process, technology.”

CISA has had other security incidents in the past, including recently. The former acting director of the agency endured criticism for uploading sensitive contract data to ChatGPT last year. In 2024 the agency notified Congress of a breach of a chemical plant security tool.

Updated 5/20/26: to include more information on a House Homeland Security Committee briefing request.

The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first on CyberScoop.

As defenders get their hands on newer AI models with more powerful cybersecurity capabilities like Anthropic’s Mythos and OpenAI’s Daybreak, organizations are being told to prepare for a flood of new vulnerability reports.

But for bug bounty programs across the nation, that day may already be here, as yesterday’s frontier models and today’s open-source AI tools have dramatically increased the volume of bug reports flowing into companies around their own products or on larger bounty platforms online.

GitHub, one of the world’s largest online code repositories, said it is tightening its definition of a “complete” bug report after a significant increase in AI-assisted submissions over the past year.

Although the influx has had some benefits, many reports are submitted without proof of concept, are reliant on unrealistic attack scenarios or cover issues already listed as ineligible. As a result, the company is having difficulty separating signal from noise.

“This isn’t unique to GitHub,” wrote Jarom Brown, senior product security engineer at GitHub. “Programs across the industry are grappling with the same challenge, and some have shut down entirely.”

Brown said GitHub does not want to ban the use of AI generated reports entirely, calling it a “force multiplier” for security in the right context. But in a world where it’s never been easier to use AI to generate theoretical bugs, the company wants researchers to go the extra mile to confirm that their discoveries can actually be exploited in real-world conditions.

What we need is the same standard we’ve always expected: validation,” Brown wrote. “An AI-assisted finding that’s been verified, reproduced, and submitted with a working proof of concept is a great submission. An unvalidated output submitted as-is without reproduction or demonstrated impact is not.”

Grant Bourzikas, chief security officer at Cloudflare, said triaging bugs and proving they can be exploited  has always been one of the hardest parts of vulnerability research, and AI vulnerability scanners and code have “made it worse.”

For instance, code written in C and C++ programming languages are vulnerable to a range of exploits – like buffer overflows and out-of-bounds reading and writing – that don’t exist in memory safe languages like Rust. AI tools scanning software written in memory unsafe programming languages are far more likely to generate false positives.

But one of the biggest flaws continues to be that AI tools are also designed to give the user what they’re asking for, even when it’s not there. This leads to the generation of bug reports filled with speculation and qualifiers around exploitability that require human follow up.

“That’s a reasonable bias for an exploratory tool,” Bourzikas wrote. “It’s a ruinous one for a triage queue, where every speculative finding spends human attention and tokens to dismiss, and that cost compounds across thousands of findings.”

Cloudflare recently shared results from testing Mythos on 50 of its own code repositories, looking for exploits. Bourzikas called Mythos “a different kind of tool doing a different kind of work” from other frontier models, and that it made significant progress in reducing false positives.

For example, he pointed to two Mythos capabilities that stood out compared to other models: chaining exploits together and generating its own proof-of-concept code to confirm exploitability.

Older models could spot many of the same bugs, but they often couldn’t figure out how to exploit them effectively, or show that the issue could be exploited in real world conditions.

Others have argued that the gap in bug hunting capabilities between newer frontier AI models and older ones, or open source models available today is not as large as advertised. 

Swedish software developer Daniel Stenberg, lead developer for curl, an open source file transfer tool used around the world, recently wrote about his experience with Mythos Preview. Like others, he has also seen a higher volume of AI-fueled bug reports over the past year, but said the flood of low-quality reports has tapered off significantly since March as models have improved.

Curl is mature and polished by the standards of most software: Stenberg estimates each line of code has been rewritten or altered at least four times, and he said he has used both human and AI tools in the past to implement hundreds of bug fixes over Curl’s existence.

That makes it a unique testing ground for the enhanced capabilities of Mythos, which was reportedly so powerful at finding vulnerabilities that Anthropic opted not to release it to the general public.

After gaining access to Mythos, Stenberg received the results of a scan of 178,000 lines of curl code. Ultimately, the scan flagged five “confirmed” vulnerabilities. Further exploration by human researchers found that 4 of the bugs were false positives or had no security impact. The one remaining bug Mythos found? A low-severity flaw that will be fixed in a regular June update.

Even as he praised the impact of AI on cybersecurity generally, Stenberg concluded that for all the hype, Mythos is only “a bit better” than previously released models.

“My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing,” he wrote. “I see no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before Mythos.”

The post AI might cut false positives, but it won’t stop the slop  appeared first on CyberScoop.

A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure.

The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any supply chain risks are easier to identify. There’s been a growing focus from cyber experts on how they interact with AI.

The guidance produced by agencies from the G7 group of nations, including the Cybersecurity and Infrastructure Security Agency, is aimed at setting minimum voluntary standards for what SBOMs for AI should look like. It builds on past efforts to produce other kinds of SBOM guidance.

“While not exhaustive or mandatory, the supplemental minimal elements outlined in this guidance reflect the consensus of G7 experts and will expand over time to keep pace with the rapid advancement of AI technology,” CISA stated. (Some refer to SBOMs for AI as AIBOMs.)

The elements include those that fall under the categories of information related to the SBOM for AI itself, on the AI system as a whole, for identifying the models used by the AI system, on datasets used during the whole life cycle of the model, on physical and virtual infrastructure needed for operation and support support of the AI system, on cybersecurity measures that apply to AI models and systems and on the AI system’s key performance indicators. 

A trio of industry professionals who have worked on the topic of AISBOMs told CyberScoop they welcomed the guidance, in each case praising it as a good step that could nonetheless be improved upon.

“Pretty much every piece of software out there is now going to have AI incorporated into it, and when a hospital is buying an AI-enabled medical device, or the Department of War is buying an AI-enabled weapon system, or auto manufacturers are putting AI into cars, we need to be able to trust what AI is in those systems,” said Daniel Bardenstein, CEO of Manifest Cyber. “And the first step to trust is to identify what is this AI, where did it come from? How is it trained?”

“This is a strong, applaudable step towards getting everybody on the same page that this is the future of how we need to think about trusting AI,” said Bardenstein, who has built and AIBOM generator and worked on the topic in the past with CISA and the OWASP Foundation.

Dmitry Raidman, co-founder and chief technology officer at Cybeats — and someone who, like Bardenstein, has built his own AIBOM generator and worked on AIBOMs with CISA and OWASP — said the G7 guidance was “amazing” because it covers 80 to 90% of what’s needed.

“There was no baseline, but it now will put out a clear baseline,” he said.

On the downside, Bardenstein said he had concerns with how easily organizations can implement the guidance, and Raidman said it doesn’t adequately tackle the issue of runtime.

Allan Friedman, sometimes called the “godfather of SBOMs,” said the guidance was a good document, but probably mislabeled because it states that the elements it identifies are not mandatory.

“This document is laying out sets of types of data that could be useful,” said Friedman, who worked on SBOMs in multiple U.S. government roles who is senior technical adviser at the Institute for Security and Technology and technologist in residence at TPO Group. “And so it is a great, great piece to advance AI transparency and AI system transparency, but it lists potential elements. These aren’t the minimum elements.”

Friedman said the next steps could include mapping the guidance into what is being implemented today, and talking about aligning it with policies in the European Union and G7 governments to make sure there are minimal conflicts.

The post Major world economies spell out key elements of AI ‘ingredients list’ appeared first on CyberScoop.

Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first.

The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it out.

“The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices,” Amnesty International said in a Tuesday technical briefing. “This is the first time a major device vendor has released a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.”

To date, independent investigators have relied on records and often short-lived log files that weren’t meant for forensic use, and Amnesty said surveillance groups have grown increasingly aware of those forensic efforts. Intrusion Logging, a feature of Android Advanced Protection Mode, is designed specifically to keep track of possible intrusions for forensic purposes. It keeps records of security incidents like device unlocking, physical access and spyware installation and removal.

Google’s annual security and privacy update for Android phones mentions the feature and its development with Amnesty International, Reporters Without Borders and others. It also touts new protections against banking scam calls, other features for detecting suspicious activity on Android phones, additional privacy safeguards and more.

The firm has been working on the feature since announcing it last year.

“Intrusion Logging enables persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” wrote Eugene Liderman, director of Android security and privacy.

Intrusion Logging joins an expanding slate of features from tech companies to fight sophisticated attacks like those from commercial spyware, among them Apple’s Lockdown Mode and Memory Integrity Enforcement and WhatsApp’s Strict Account Settings.

Intrusion Logging “promises to help shift the balance to the advantage of defenders, providing civil society investigators with the key evidence needed to detect and expose some of the most advanced attacks facing journalists and activists,” said Donncha Ó Cearbhaill, head of the Amnesty International Security Lab, “With Intrusion Logging Google is the first major vendor to proactively address to challenge of detecting advanced attacks on device. By making more consensual forensic data available for researchers, we can make life more difficult for attackers and help civil society seek accountability when their devices are unlawfully targeted by spyware and mobile data extraction tools.”

The feature has some limitations, though, Amnesty said in its technical briefing. It requires Android 16 and is only available for now on Pixel devices; the device has to be linked to a Google account, and the logs may include sensitive information, like browser navigation history, so secure sharing of the logs is important.

The logs may also be deletable by attackers, Ó Cearbhaill told CyberScoop, but he said he understands there are plans to strengthen protections against that in future versions. And lots of attacks would be detectable in the logs where attackers wouldn’t necessarily have the root access needed to try to delete logs, he said.

To enable Intrusion Logging, users need to be using Android Advanced Protection Mode, and can find the feature at Settings > Security & privacy > Advanced Protection > Intrusion Logging. If users suspect some kind of security incident, they’ll need to export and share the logs with a forensic analyst.

The post Google and Amnesty International teamed up to make it harder for spyware vendors to hide appeared first on CyberScoop.