The Federal Communications Commission approved new rules Thursday that boost cybersecurity regulations for the nation’s emergency alert systems and update security rules for the nation’s undersea cables.

The new rule would overhaul two national emergency systems, the Emergency Alert System and Wireless Emergency Alerts, to better protect against hijacking attacks from malicious actors.

The EAS is a national public warning system that state and local authorities use to disseminate information related to weather events, AMBER alerts and other emergencies via radio and television broadcasting stations. The WEA handles much of the same messaging via text.

A compromise of either system by a foreign government, cybercriminal group or other rogue actor could be used to sow chaos and disinformation in calmer times, or impede coordination efforts in the face of a genuine emergency. Any vulnerability in systems like the Emergency Alert System “can have serious consequences,” said FCC Commissioner Olivia Trusty in a statement after the vote.

“That is why it has been appropriate for the Commission to conduct a comprehensive review of the EAS framework by focusing on the security of the system itself,” Trusty continued. “As cybersecurity threats continue to evolve, EAS participants must take appropriate steps to safeguard the infrastructure that supports the delivery of life-saving alerts.”

The new rules amount to basic – but still critical – cyber hygiene practices for users accessing and updating the EAS and WEA systems. They must use strong passwords, quickly install security patches from vendors and use firewalls to limit access to their equipment.

The rule also creates a new authentication ID system to verify alerts before they’re submitted and avoid duplicate or unauthorized alerts from spreading.

Another rule passed by the Commission Thursday provided the first comprehensive update to the FCC’s submarine cable regulations in decades, and moves to tighten cybersecurity requirements in some areas while loosening them in others.

It exempts some undersea cable providers from submitting to stringent national security licensing reviews needed to land and operate cables that touch U.S. territory.

The review, called “Team Telecom,” is an interagency body led by the Department of Justice’s Foreign Investment Review Section and other federal agencies that advise the FCC on the national security implications of their telecom policies.

The new rules would presumptively exempt applications for undersea cable licensees when the provider can self-certify to “high security standards” that are “structured to increase certainty, predictability, and faster timelines for the licensing process.”

“Currently, all submarine cable applications get referred to Team Telecom…the changes adopted would exempt applications from applicants that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring,” the FCC said in a release.

Other parts of the rule give the FCC greater oversight of critical functions within undersea cable operations. Owners and operators of submarine line terminal equipment, who connect submarine cables to land-based facilities in the U.S., will be subject to a new licensing requirement.

The rule also moves to update safeguards meant to address vulnerabilities related to principal equipment, third-party service providers, and other areas of concern in the undersea cable supply chain.

The post FCC passes new cybersecurity rules for emergency systems, undersea cables appeared first on CyberScoop.

In a novel maneuver for a disruption operation against cyber attackers, industry and law enforcement teamed up to conduct a court takedown of two widely-used criminal tools at once rather than individually, Microsoft said Tuesday.

The takedown simultaneously went after Amadey, a botnet that can serve as a malware delivery system, and StealC, an infostealer. Cybercriminals often use them in conjunction and they rely on the same infrastructure, Microsoft said.

“When multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from,” said Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit. “The result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild. It’s no longer enough to go after threats one by one. We need to interrupt how the attacks are put together.”

Microsoft had been tracking Amadey with ESET, BitSight, Lumen and Mitsui Bussan Secure Directions. Meanwhile, Europol had been investigating StealC alongside law enforcement partners including Germany’s Federal Criminal Police Office and the Dutch and Danish National Police as well as IBM X-Force and Proofpoint.

They then joined forces and turned to the Racketeer Influenced and Corrupt Organizations (RICO) Act, used to help authorities go after organized crime, to disrupt more than 200 command-and-control servers. Microsoft said it gained insights from its artificial intelligence product Copilot that “allowed the legal team to treat both malware families as part of a single criminal conspiracy.”

Microsoft regularly leads court-authorized disruption operations, but the industry and law enforcement partnerships combined with AI to expand data collection and identify connections beyond what one company could normally do, it said.

Amadey and StealC were linked to more than 140,000 infected computers around the globe in the first week of May alone, the company said. StealC has ranked among the top infostealers for years since its emergence in 2023 and sells in underground forums as a malware-as-a-service. It’s typically used by Russia-linked groups.

Amadey dates back to 2018, and is also commonly employed by Russian groups, including in attacks on Ukraine.

Their interaction shows the assembly line-like structure of modern cybercrime, Microsoft said. Even if the cybercriminals behind both tools never coordinate, their tools are designed to work together, it said.

“StealC is an infostealer that collects sensitive data from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms,” the company wrote in a separate blog post. “It is a malware-as-a-service (MaaS) offering that threat actors use to generate customized payloads and manage stolen data through a centralized web panel. Meanwhile, Amadey is a MaaS loader that threat actors use to deliver StealC and other malware. Modular, pay-as-you-go models like StealC and Amadey allow threat actors to use a single initial infection to quickly escalate into multiple other threats.”

The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop.

Intelligence agencies for the United States, Canada, UK, Australia and New Zealand are warning that advanced AI models capable of wreaking havoc in the cyber domain are “months away” from being publicly available.

In a joint statement, the Five Eyes alliance say they expect the kind of advanced hacking capabilities provided by frontier models like Anthropic’s Fable 5 and OpenAI’s Daybreak to become broadly available the public within the year, despite efforts by AI companies to withhold them or restrict their access.

“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the agencies said. “The timeline is not years, it is months.”

The statement, which included signatures from NSA’s Director of the Cybersecurity Directorate David Imbordino and acting CISA Director Nick Andersen, does not specifically cite secret or classified sources or methods to reach this conclusion.

But much of the underlying justification provided by the intelligence agencies also aligns with what public cybersecurity and AI experts have been warning about for months.

AI models capable of exploiting cybersecurity weaknesses are already available today through multiple channels: older commercial models, open-source versions, or foreign and black-market sources. And while newer models like Mythos are reportedly significantly more powerful for cybersecurity-related tasks, the breakneck pace of frontier model development often means that yesterday’s restricted frontier AI is tomorrow’s free, open-source AI.

Representative Andrew Garbarino, R-N.Y., Chair of the House Homeland Security Committee, said the warning from intelligence agencies “underscores what the Committee has repeatedly heard through roundtables, briefings, and hearings with industry leaders: China is just months, if not now weeks, away from achieving frontier AI capabilities comparable to those of the United States.”

“This threat reinforces the urgency of ensuring that federal agencies and critical infrastructure operators can responsibly leverage advanced U.S. models, and receive the guidance and support necessary to do so, to find vulnerabilities before adversaries can exploit them,” said Garbarino in a statement.”

The agencies flag legacy systems, sluggish patching loops, unnecessary internet connectivity, weak identity and access controls, and a lack of pre-incident planning by organizations as key weaknesses that AI will excel at exploiting.

“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the agencies wrote. “We must act before and be prepared to adapt and withstand evolving threats.”

Since large language models burst onto the scene, open-source models have run about 6-8 months behind the largest frontier AI companies.

To give an idea of how quickly the field develops: the capabilities described in the Amazon threat intelligence report that convinced the Trump administration to place export controls on Fable 5 could already be accomplished through older models like Claude Opus and Claude Sonnet, as well as open-source Chinese models.

Anthropic shut down access to their Fable 5 and Mythos 5 models as a result, and despite releasing a statement that they believe the White House decision was a “misunderstanding” the dispute remains resolved.

Programs like Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber Program provide AI systems to organizations for cyberdefense.  The goal is to give defenders a head start in finding and fixing vulnerabilities before AI systems can exploit them routinely in the coming years.

However, for all the fear surrounding the new technology, the recommended guidance is largely the same as it has been for decades. Governments, businesses and leaders must stop treating the digital security of their work as an afterthought or compliance issue.

“Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the agencies wrote. “Those that do not will face growing operational and strategic disadvantage.”

06/23/2026: This story was updated to include comment from Rep. Andrew Garbarino, R-N.Y.

The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected appeared first on CyberScoop.

Members of Congress responded with skepticism and caution Tuesday to the Trump administration’s decision to impose export controls on Anthropic’s newest AI models.

The Friday order, which Anthropic said forced it to disable its Fable 5 and Mythos 5 artificial intelligence models, was prompted by what the administration said were national security concerns that a large number of cybersecurity professionals have dismissed as ill-founded.

Several Hill Democrats told CyberScoop they were concerned that the administration’s decision was driven by other considerations. Notably, the administration has feuded with Anthropic over use of its models for domestic surveillance and fully autonomous weapons.

Sen. Angus King, a Maine independent who caucuses with Democrats, said he would need to be convinced it was a legitimate national security order and hadn’t yet seen a full justification.

“What they did was pretty extreme, and I’d want to see what the basis was, as opposed to all the other issues that are swirling around in cybersecurity,” he said. “I’m a little skeptical because of their otherwise announced antipathy to this company.”

Leaders of the House Homeland Security Committee had contrasting takes, with Chairman Andrew Garbarino, R-N.Y., offering a two-pronged response and the top Democrat on the panel, Bennie Thompson of Mississippi, panning the order.

“The administration is right to treat advanced AI cyber capabilities as a national security issue, especially when foreign adversaries and cybercriminals are actively looking for ways to weaponize these tools,” Garbarino said in a statement. “At the same time, we need to make sure our response does not unintentionally disadvantage American companies, allied partners, or critical infrastructure defenders who need access to the best secure tools available in order to protect our networks here at home.”

The United States, not China, needs to set standards for trusted AI, Garbarino said.

But Thompson said the order adds evidence to the appearance that the Trump administration doesn’t “have a coherent plan for mitigating the cybersecurity risks” of frontier AI models, he told CyberScoop in a statement.

“AI regulations should rely on standards and procedures that provide confidence to the public that decisions are based on the evidence and not on politics,” he said. “Instead, the Trump administration has adopted an ad hoc approach where decisions are made by political appointees in the White House rather than experts and where companies are left guessing on how to comply.”

Virginia Sen. Mark Warner, the top Democrat on the Intelligence Committee, had also previously highlighted the administration’s quarrel with Anthropic in response to the order in a statement to CyberScoop.

Behind the scenes, the administration and Anthropic were reportedly continuing to try to forge a truce Tuesday. More broadly, the administration’s AI executive order had a rocky rollout as the administration swung back-and-forth on how involved the government should be.

Some lawmakers deferred on commenting Tuesday, such as Senate Homeland Security Committee Chairman Rand Paul, R-Ky., who told CyberScoop he didn’t have anything to say on the order.

Others said they were still seeking information from the administration.

“I have not had the opportunity to get a brief specifically as to the logic, the reasoning behind it, and so forth,” said Sen. Mike Rounds, the South Dakota Republican who chairs the Armed Services Subcommittee on Cybersecurity. “So I’m going to withhold judgment until I get an opportunity to get the rest of the story, so to speak.”

The post Lawmakers leery about Trump administration’s Anthropic order appeared first on CyberScoop.

While Washington D.C. frets over the potential impact of Anthropic’s Claude Fable 5, security researchers continue to track how the integration of frontier AI tools are transforming the digital security landscape for malicious hackers and defenders alike.

The breakneck speed of model releases may be creating short, silent security gaps for developers who must choose between performance and security, according to a new report.

Researchers at Backslash Security pored through update logs for Claude Code, Anthropic’s flagship coding model, finding the company was patching dozens of newly discovered security vulnerabilities in the program between April and early June 2026.

The logs revealed the details of more than 30 security relevant patches implemented over that timeframe, but Anthropic did not publicize them. Instead, Backslash Security researchers found them by reviewing update logs for every new version of a Claude Code release in the last two months, noted the security-relevant fixes and traced each one back to the version and date it shipped.

The patches included fixes for data poisoning, prompt injection and arbitrary code execution vulnerabilities. One bypassed core safeguards put in place to prevent Claude Code from accepting catastrophic deletions commands, such as erasing an entire codebase, by adding a single backslash to the command. Another leaked user OAuth credentials, while a third allowed an AI agent to plant a backdoor in shell startup files.

There is nothing inherently odd about this: most companies regularly update and patch their software  and anyone who had auto-updates turned on would automatically be switched to the newest, secure version of Claude Code.

But Yossi Pik, co-founder and chief technology officer at Backslash Security, told CyberScoop that the research concluded “the way AI agents are released is different than previous software.”

“We debated internally, because when I originally said I wanted to write about this, I was told ‘Okay, every company has the [same] issue, then they patch and fix,” he said. “This is the nature of software, but I think that what makes this unique is the cadence and frequency of the releases.”

AI companies keep a ferocious pace when updating their models. Claude Code’s changelog indicates there have been 16 different versions through the first half of June, while OpenAI’s Codex was updated 6 times.

Because model updates often bring short-term performance and stability issues, software developers typically wait a week or more before upgrading to a new version.

These time gaps create small windows of vulnerability and force developers to choose between security and performance. The report identifies several reasons why developers don’t automatically update their AI models, including companies that may rely on internal vetting or release schedules, operate in regulated or air-gapped environments where model versions are frozen, and the need to maintain long-running sessions or use manual installations.

Pik said some IT and security teams have also told him they prefer not to install any new version of an AI model without letting it run on other environments first.

“You don’t have that much flexibility, either I go to the latest and I’m getting a less stable version [of the model] or I’m waiting for a few days or a week until I can install it, and hope that nothing would happen during this time,” said Pik.

The Backslash report is not intended as a dig at the security rigor of Anthropic, noting the company tends to “patch fast and document more than anyone” and has addressed every issue and vulnerability identified in the report.

Rather, it’s to highlight the series of mostly silent and persistent security exposures that an organization faces when adopting AI into their workflow.

Other software programs and technology products face similar tradeoffs through different updates, but most of the vulnerabilities detailed in the change log – such as getting an agent to leak data or accept malicious prompts – are unique to large language models and AI systems.

That means integrating AI tools can bring new security problems to an organization, both from outsiders who can poison or influence the model and insiders who can maliciously or accidentally direct the model to access or leak systems, data and identities.

For most Claude Code users, this process runs automatically in the background. Yet Yik points out that just as AI is transforming work itself,  it’s also changing how we need to approach software security and updates.

“It should not be compared to [Microsoft] Office that is installed and gets patched once in a while,” he said. “It’s a completely different beast that keeps evolving, and we don’t want to limit it…I think that it’s great for everyone. We just need to make sure that we do it in a secure way, and every organization should understand what that means for them.”

The post AI’s constant patching treadmill can be a security problem appeared first on CyberScoop.

The U.S. government on Friday ordered Anthropic to immediately suspend foreign access to Fable 5 and Mythos 5, its two most advanced artificial intelligence models, citing national security concerns tied to a reported method of bypassing the models’ safety restrictions. 

The directive, issued late Friday afternoon by Secretary of Commerce Howard Lutnick in a letter to Anthropic Chief Executive Dario Amodei, placed the two models under export controls that prohibit use by foreign nationals, whether inside or outside the United States. 

Because of the scope of the restrictions, which includes foreign-born Anthropic employees, the company announced Friday evening that it disabled the models to ensure compliance. Access to the company’s other AI models was not affected. 

Fable 5 and Mythos 5 had been released earlier this week, with Anthropic describing them as the most capable systems it had ever deployed. Mythos was available to members of Project Glasswing, which allowed selected cybersecurity companies to use the model to identify and address security flaws.

It’s unclear how the Commerce Department action affects Project Glasswing. Anthropic did not respond to a request for comment.

The Commerce Department‘s letter did not detail the specific national security concern. In its blog post Friday night, the company said its understanding is that the government became aware of a technique for “jailbreaking” Fable 5, a term for methods that circumvent a model’s built-in safety guardrails. According to Anthropic, the government provided only verbal evidence of what it described as a “narrow, non-universal jailbreak,” which essentially involved prompting the model to read a specific codebase and identify software flaws. 

Anthropic disputed the severity of the finding. The company said it reviewed a report it believes formed the basis of the government’s directive and found that the capabilities demonstrated were already available in other publicly accessible models, including OpenAI’s GPT-5.5. The company said those same capabilities are used routinely by cybersecurity professionals for defensive purposes. 

Katie Moussouris, chief executive of the cybersecurity firm Luta Security, posted on BlueSky Saturday that the issue stems from “Defense Oriented Prompting,” a security-first method of engineering AI system instructions that treats natural language as code.

Other reports claimed that Amazon was responsible for flagging the security issues in the model. The company did not respond to CyberScoop’s request for comment. 

Anthropic acknowledged in its statement that perfect jailbreak resistance is not achievable for any model provider, and said it had designed Fable 5 around a “defense in depth” strategy, combining narrow jailbreak resistance with active monitoring. The company said no testers had found a universal jailbreak capable of broadly bypassing the model’s safeguards. 

“We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people,” Anthropic wrote. “If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.”

Friday’s directive is the latest episode in a prolonged dispute between Anthropic and the Trump administration. In February, President Donald Trump moved to bar Anthropic’s products from federal agencies after the company sought stronger restrictions on how the Pentagon used its technology.

Despite that, as Anthropic released Mythos under Project Glasswing, the National Security Agency was given Mythos 5 to conduct offensive cyber operations. Earlier this month, Trump signed an executive order directing federal agencies to bolster cyber defenses and establish a voluntary mechanism for the government to gain early access to powerful AI models before deployment. 

The administration’s stated rationale for Friday’s action drew widespread skepticism from researchers and analysts. Dean Ball, a senior fellow at the Foundation for American Innovation, called the move “baffling.” Chris McGuire, a senior fellow at the Council on Foreign Relations, said targeted export controls on model access could be a legitimate policy tool, but called the across-the-board restriction “highly questionable” and the deemed export provisions — which restrict foreign nationals inside the U.S. — “just absurd.” 

The broader implications for the AI industry remain uncertain. Aaron Levie, chief executive of Box, described the directive as “a big turning point for AI regulation,” arguing that the government’s willingness to deem specific models too powerful for certain uses establishes a precedent with potentially far-reaching consequences.

Other tech leaders in the government supported the action. 

“We fully support @POTUS and @SecWar in prioritizing national security and the security of our warfighters, DIB partners, critical infrastructure, international partners and allies,” DOD CIO Kirsten Davies wrote in a social post on X. “Some things are simply more important than revenue cycles, clickbait, and pre-IPO valuation. America First. Always.”

Anthropic said it believes the situation stems from a misunderstanding and is working to restore access as soon as possible.

The post Anthropic disables new models after government calls them a national security concern appeared first on CyberScoop.

Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly.

On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and bioweapons research.

Anthropic said Claude Fable 5 was the “same underlying model” as Mythos, but its responses for certain topics like cybersecurity and biology will be drawn from a previous Claude Opus model that is already public.

“Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” the company said in a draft blog sent to CyberScoop ahead of the announcement. “We’ve therefore launched the model with safeguards that route queries on a narrow set of topics to our next-most-capable model, Claude Opus 4.8.”

Anthropic also said they subjected Fable 5 to both internal and external red team testing for common model vulnerabilities, like jailbreaking. Anthropic said these tests identified no known “universal” jailbreaking techniques, but does not specify if partial jailbreaking techniques were discovered.  

The company is betting that won’t change when Fable 5 is made available to the broader public, but it’s worth noting that cybersecurity researchers have consistently found ways to jailbreak older AI models.

“The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures,” the company wrote.

Anthropic is changing its data retention policies for Fable and Mythos models, keeping all user traffic for 30 days on both its own platforms and third-party services. A White House executive order creates a voluntary framework for AI companies to share frontier models with the government up to 30 days before public release. The company says the retained data won’t be used to train new Claude models or for “any non-safety-related-purpose.”

Following publication, a spokesperson for Anthropic told CyberScoop the company’s data retention policies “are specific to their safeguards work and is unrelated to the EO.”

Most organizations are still deciding whether to adopt AI into their IT and cybersecurity ecosystem.  But models like Mythos can scan for vulnerabilities, chain together exploits, and steal data from a victim network in minutes. Automation in hacking existed before AI, but experts have said frontier models like Mythos and OpenAI’s Daybreak can allow even low-level cybercriminals to wreak havoc.

While Anthropic cited its commitment to developing safe and secure AI in its reasons for not publicly releasing Mythos, many organizations have been clamoring for access, and its enhanced cybersecurity functions in cybersecurity and other areas have been the subject of congressional hearings, national security papers and White House executive orders.

Releasing a limited version of the model in Fable 5 represents an attempt to split the difference between those two desires. Anthropic said it would release follow up benchmarks and assets for the model.

So what can Fable 5 do? 

Anthropic said it’s possible the restrictions built into Fable will make it harder for the model to fulfill both malicious and legitimate user requests.

“Because we have prioritized safety, we’ve deliberately tuned the safeguards to be cautious, and they are still stricter than would be ideal—for example, sometimes benign requests will trigger our classifiers,” the company wrote. “We recognize that this will be frustrating to some users, and our aim is to reduce false positives as we update and refine the safeguards after launch.”

If Fable 5 draws its cybersecurity and biology answers entirely from Claude Opus 4.8, it will still provide users with impressive – though not unique – dual use cybersecurity capabilities.

According to the system card published for Opus 4.8, the model is a slight improvement on previous models like 4.7 in the realm of cybersecurity but was “generally much less capable than Mythos Preview.”

Opus 4.8 was tested on its ability to write complete end-to-end exploits and build exploit primitives that provide attackers with the ability to execute arbitrary code. It averaged a score just 5 out of 16 in proficiency, compared to Mythos Preview which scored closer to 10.

Without safety guardrails in place, Opus 4.8 can still reproduce nearly 80% of previously discovered vulnerabilities in real open-source software projects when given a high level description of the weakness. The system card said Anthropic’s unspecified safeguards whittle this success rate down to 1%.

Another test assessing Opus’ ability to develop exploits for the popular Firefox browser found that, again without guardrails, the model could identify a full working exploit 8.8% of the time and a partial working exploit 68.8% of the time.

The company also said that members of Project Glasswing – a consortium of public and private businesses given access to a preview version of Mythos – will be able to upgrade to the latest full model, Claude Mythos 5, to continue their work. Access to Mythos 5 will be expanded over time “through a more systematic trusted-access program” including federal agencies.

The post Anthropic’s new model is Mythos on a leash appeared first on CyberScoop.

AI models such as Anthropic’s Claude Mythos and OpenAI’s Daybreak represent a fundamental inflection point in security. These advances are not only reshaping technology but also redefining trust, risk, and the relationship between humans and intelligent systems. As innovation accelerates, AI governance and responsible deployment are becoming strategic priorities for every organization.

Historically, governments have played a stabilizing role during moments of transformational technological change. Yet the pace and scale of the AI era demand a new model, one built on partnership rather than control, balancing societal responsibility with the need to sustain innovation and global competitiveness.

The White House’s executive order on AI governance signals that collaboration between the industry and policymakers will increasingly shape the future landscape. Proposed frameworks that promote transparency and responsible development point toward a more coordinated approach to risk management.

Effective governance of AI models should balance clear safeguards with the speed of innovation, aligning organizations, policy makers, and technology leaders around a shared goal: advancing AI in ways that strengthen trust, security, and long-term value. The path forward is not defined by heavy-handed oversight, but by building an ecosystem of accountability.

Three key points substantiate this approach.

First, the industry should recognize Anthropic’s release of Mythos as an example of responsible innovation. Company leaders recognized the model’s risks and deliberately delayed broader deployment, allowing early testing to surface vulnerabilities before widespread adoption.

The broader lesson extends beyond a single model release. Responsible leadership means prioritizing decisions that build trust and enable sustained innovation. As AI capabilities accelerate, the most successful organizations that lead will be those that weave accountability through their ambitious pursuits, rather than treating them as competing priorities.

Second, innovation rarely thrives under rigid frameworks. History has shown that many compliance regimes, while well-intentioned, incentivize organizations to optimize for requirements rather than outcomes. Security is strengthened through systems designed for resilience and trust, which goes beyond mere compliance.

Third, slowing U.S.-based AI innovation risks weakening long-term competitiveness. The U.S. remains a leader in AI but maintaining that position will require balancing responsible safeguards with continued investment and progress. Overly restrictive approaches risk slowing domestic advancement while other nations continue accelerating development and capability.

An effective AI governance approach would encourage further responsible AI model development, as demonstrated by Anthropic. It would avoid direct government regulation and instead enforce accountability for companies that are irresponsible with AI development.

Hopefully, the partnership and collaboration between government entities and industry will continue beyond the White House order. Policymakers and industry leaders should create incentives that reward AI vendors for considering societal implications before releasing new solutions. This framework would highlight responsible providers as models for the industry while imposing meaningful consequences based on demonstrated societal harm that direct affects business and technology decisions.  

AI models such as Mythos and Daybreak underscore a broader reality: the future of AI will be shaped by the trust around innovation, not merely by its development pace. The next era of AI leadership will require a new model of collaboration between industry and policymakers that maintains the speed and adaptability that innovation demands while establishing meaningful accountability for real-world outcomes.

The objective should be to guide progress responsibly. The organizations and nations that lead in the AI era will be those that demonstrate how innovation and accountability work together to strengthen trust, security, and long-term value creation.

Art Gilliland is CEO of Delinea, a cybersecurity company focused on human, machine and AI identity protection.

The post The AI security race needs accountability, not overregulation appeared first on CyberScoop.

Government agencies, cybersecurity companies and threat researchers are pouring resources into studying how fast-developing AI tools can be wielded by malicious actors to hack into victim organizations.

But as agentic AI becomes more embedded in business infrastructure, there’s also a high possibility that a breach could be caused by an insider guiding the tool, whether maliciously or due to lack of security controls.

In research shared exclusively with CyberScoop, DTEX researchers detail how a common workflow in Anthropic’s Claude Cowork used in corporate environments offers convenience for AI agent deployment but grants near-total access to the system.

Claude Cowork includes tools that let users remotely control their agents. One particular tool, known as Dispatch, relays commands from a user’s phone to their desktop Claude agent. It also includes a plugin for communicating with Salesforce AI agents that access and transfer data.

DTEX researchers tested two scenarios. The first prompted Claude to summarize information from Salesforce and paste it into a draft Outlook email. The second tasked the agent with archiving selected files and transferring them via the Cowork app.

In both cases, researchers used simple, single-turn prompts and spent between 10-30 minutes preparing to exfil  the data.

Alex Desmond, director of insider threat intelligence and innovation at DTEX, told CyberScoop that both improvements in frontier models and deeper integration of AI tools into IT network operations have reduced the time defenders have to react to a breach.

“In cyberattacks, you talk about the kind of execution time of adversaries coming in and dropping ransomware, we’re now seeing the kill chain drop to 30 and 10 minutes depending on what they’re doing,” Desmond said. “Six months ago, that was a couple of hours.”

But that speed, when paired with direct access to business networks or cloud services, can also create an insider threat nightmare for organizations that must monitor for both malicious actors and potential mistakes from legitimate employees using the technology.

Over the past few years, western IT and cybersecurity businesses have been inundated with job applicants secretly working on behalf of the North Korean government. Their salaries are used to evade international sanctions and fund Pyongyang’s nuclear program, but it also positions the individuals to access or steal sensitive data or assets from these companies. 

“You’ve got a nation-state actor getting into an environment legitimately,” Desmond said. “Now if you gave them access to AI tools on top of that…you’re like ‘here’s the keys to everything and here’s this awesome tool that’s just going to make your job – stealing our data – easier.’”

Tests by DTEX confirmed that the agents indeed had access to sensitive systems, applications and data – including the ability to download SharePoint corporate data, production documentation in OneDrive, access to Outlook email, Salesforce data (and all the data it can access), and any other files on the user’s endpoint device. For each of these applications, Claude Cowork has a dedicated plugin or API to share externally if prompted.  

To be clear, DTEX’s research does not involve exploiting a software bug or configuration vulnerability, and it doesn’t come with a CVE. It’s more of an IT governance and visibility problem. Businesses are racing to integrate AI tools into their workflow and pushing employees to use the technology while failing to put in place the kind of security controls, access policies and monitoring required to spot problems.

For instance, it may not be possible to determine how a data breach or leakage involving an AI agent actually occurred if an organization is not logging and auditing its prompts – or whether the incident was the result of an agent running amok or responding to potentially malicious instructions.

While network and cloud monitoring can identify when data is being accessed or downloaded from SharePoint, that may not be a strong enough signal to stand out for defenders.

“If a user’s normal workflow is to pull sensitive files down to work locally all the time, you don’t have endpoint monitoring and you introduce an AI agent, it then just has access to all that data” along with the ability to exfiltrate it,” Desmond said.

The post Your AI agent could become your biggest insider threat  appeared first on CyberScoop.

Troy West was in Warsaw when his dinner was interrupted by his phone. But he was happy about it.

West, associate director of cybersecurity for autonomous offensive security company XBOW, had just learned that a trial version of the company’s platform had found a vulnerability that led to a full takedown of a development environment used by Moderna, the pharmaceutical company primarily known for its work related to mRNA vaccines.

It was, by most measures, exactly the kind of outcome a security team dreads. But for West and Farzan Karimi, Moderna’s deputy CISO, it was something closer to a proof of concept. XBOW’s product had done in hours what a human penetration tester could not — and it had done so with a level of persistence and creativity that neither of them had fully anticipated.

The episode is one data point in a much larger shift now rippling through the cybersecurity industry: The artificial intelligence models discovering vulnerabilities are moving faster than the teams that have to patch them.

Across recent conversations and presentations, industry experts said the tools are getting sharper, the attack surface is getting larger, and the gap between finding a problem and fixing it is not closing fast enough. For now, most organizations are caught between the speed of discovery and the slowness of remediation, with vendors across the industry rushing to position their products as the way through.

A shift in scale 

The inflection point came with Claude Mythos. When Anthropic announced the highly guarded model, security executives at major enterprise technology companies took notice in a way they had not with prior frontier releases. 

Zscaler was among the early organizations given access to the model, and CEO Jay Chaudhry told CyberScoop that he directed his team to use it to probe the company’s own applications.

“Are we finding some serious stuff? Yes, indeed,” Chaudhry told CyberScoop at Gartner’s Security & Risk Management Summit. He was careful to note that the findings were not necessarily more severe than those produced by other models. The issue, he said, was volume. 

“There aren’t enough resources and cycles to fix all those,” he said. 

The reason Mythos changed the calculus, according to Tom Gillis, general manager for infrastructure and security products at Cisco, comes down to code complexity. Legacy network infrastructure was built on tens of millions of lines of code developed over decades, and earlier AI models lacked the context window and reasoning capacity to comprehend it in full.

“The models couldn’t understand the entirety of it before,” he told CyberScoop. “Now they can. That’s why they’re finding all these vulnerabilities.”

The problem runs deeper than application code. Firewalls and network switches often run for decades without updates or reboots, and many have never been patched in any meaningful way. The combination of aging infrastructure and newly capable AI models has created what Gillis described as a meaningful and accelerating shift in attacker capability that the industry’s existing operational rhythms were not built to absorb.

An opportunity in existing technology 

Cisco’s answer to the oncoming vulnerability deluge is a technology it calls Live Protect, a compensated control built on eBPF, a Linux feature that lets security software operate at the kernel level to block threats without rewriting system code.

“It’s a pinpoint, laser-fine control that can shield a vulnerability on a production system,” Gillis said. “We’re not touching or modifying the binaries of that production system.”

The intent is to shrink the window between discovering a vulnerability and the next scheduled patch, allowing IT teams to fix issues without taking systems offline.

“This is a finger in the dike that plugs a hole until you get to new change control windows,” he said, acknowledging that some customers may be tempted to treat the shields as a permanent solution. 

The product has been shipping since October, but customer urgency shifted noticeably after Mythos. “Customers are like, ‘Oh, good story, Tom. I’ll think about it.’ Now it’s like, ‘Oh my God, turn this thing on right now.’”

He also noted that eBPF is open source, and said he expects the broader industry to follow. 

“While I’m very proud of Cisco leading the market with these compensated controls, I know my competitors have to do this.”

The bot that broke everything 

But shielding vulnerabilities only works if you know they exist. Karimi, the Moderna deputy CISO, faced a different problem: His vulnerability management system was surfacing hundreds of high-severity findings with no reliable way to know which ones an attacker could actually exploit. His team had skilled red-teamers, but they were finite resources. What he needed was something that could test continuously, everywhere.

“We have some very senior red-teamers and pen-testers in our organization that are pointed in a specific direction,” Karimi said during a presentation at the Gartner summit. “XBOW is covering different attack stories for us.”

West, who leads offensive security for XBOW, describes the platform as a response to a structural problem in how offensive security has traditionally worked. Human testers scope an engagement, run it, write a report, and move on. The window between tests is where risk accumulates.

“Historically you have exploit developers spending time finding the right vulnerabilities, writing the exploits, finding if those exploits are reachable, and then finding a way to chain them all together,” West said. “That takes a long time.”

Given the realities, Karimi decided to put XBOW through a trial, which produced two notable findings.

In the first, XBOW identified a web application firewall bypass on a company application built on the Spring Boot framework. The bypass involved encoding a single character (a capital “A”) as its percent-encoded URL equivalent (A), which the WAF interpreted as a legitimate request, allowing the bot unfettered access. 

The second finding, which was the cause for West’s dinner interruption, was more consequential. West had provided XBOW with access to the source code of an internal application called Orders, used by Moderna’s research partners to procure drug substances, but no login credentials. The platform identified a valid API key embedded in the source code, used it to authenticate, and then began probing the application’s APIs for SQL injection vulnerabilities.

What happened next was not entirely planned. One of those APIs handled a malformed SQL injection attempt in an unexpected way, dumping garbage data into a shared routing application that other services depended on.

“Not only was it able to kick that Orders app I showed you, but it somehow kicked over the entire ecosystem of apps,” West said.

Human pen-testers who reviewed the findings afterward confirmed they were valid, and said they would not have found them on their own. Karimi said despite the outage, his team recognized the value immediately.

“If we’re able to demonstrate where you could have an outage in a safe testing environment, that’s a great signal,” he said.

The broader value, Karimi argued, is in forcing prioritization when bugs are discovered. “If you have exploit proofs, you can provide that plus-one modifier and really point your developers to remediate the top tier of real risk that’s been validated.”

But he does worry about the volume of bugs that will be surfaced by these tools. 

“How do we now handle the volume of bugs that have gone up due to AI-driven scale?” he said. “That’s a whole other problem space.”

A broader reckoning

Across these conversations, a consistent theme was that even as defenders are trying to get arms around the forthcoming wave of bugs, it’s going to be a tremendously uphill battle. That mirrors what some of the industry’s top leaders have been saying for months. 

It also mirrors what the model developers themselves have consistently been warning about. In its announcement about expanding access to Mythos, Anthropic admitted the timeline for a publicly available tool similar to its cybersecurity-focused model is shortening, and there are no guarantees it will be released with safeguards. 

“In that world, cyberattacks could occur much more often, and in much more unpredictable forms,” the blog post reads.

Gillis was blunter about what happens to organizations that don’t move. 

“Some people will be slow to change,” he said. “But the consequence of not making that change is gonna be front-page news. It’s a massive, massive compromise. You know, like, ‘you gave up every credit card number.’ Bummer.”

The post Inside the race to adapt to an AI-powered security world appeared first on CyberScoop.

Anthropic is broadening access to its Project Glasswing program, adding approximately 150 organizations in 15 countries, the company announced Tuesday, as its restricted Claude Mythos Preview model has already surfaced more than 10,000 high- or critical-severity software vulnerabilities since the program launched in early April.

The expansion follows an initial cohort of roughly 50 partners that were announced when Anthropic first unveiled the initiative. Those members included technology companies such as Amazon Web Services, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, among others.  

According to the announcement, the new group covers sectors that were underrepresented in the first wave, including power, water, healthcare, communications, and hardware. Many of the new partners are vendors whose codebases underpin critical infrastructure systems.

The company did not give any further details on what companies or organizations were part of the new cohort.  Sources tell CyberScoop that NetSkope and Rubrik, which specialize in cloud security and data management, is part of the group given access in this latest round.

The scale of what Mythos Preview has already found is drawing attention across the security industry. Cloudflare identified 2,000 bugs across its critical-path systems, including 400 rated high or critical, with a false-positive rate the company described as better than that of human testers. Mozilla found and fixed 271 vulnerabilities in Firefox 150 while testing the model, more than 10 times the number found in a previous Firefox version using an earlier Anthropic model. Several other partners reported that their rates of bug discovery increased more than tenfold after deploying the model. 

Anthropic also used Mythos to scan more than 1,000 open-source projects, flagging 23,019 potential vulnerabilities, 6,202 of them estimated as high or critical. Of 1,752 high- or critical-rated findings independently reviewed, over 90% were confirmed as valid. 

The findings have shifted what Anthropic describes as the central issue in cybersecurity. Despite the enhanced ability to discover flaws, the company admits there are challenges with verifying, disclosing, and patching them before attackers can take advantage.

“The bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them,” the company said in its blog post. 

That bottleneck has broader implications. A joint report from the Cloud Security Alliance, the SANS Institute, and OWASP concluded that organizations are “likely to be overwhelmed” in the near term by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them.

Anthropic has said it will not release Mythos-class models to the general public, citing the absence of safeguards sufficient to prevent serious misuse. In the interim, it has released Claude Security, a product using its publicly available Claude Opus 4.8 model that has been used to patch more than 2,100 vulnerabilities in three weeks. 

The program’s expansion comes as the Trump administration signed a scaled-back executive order on AI security. The order, which was signed hours after Anthropic’s announcement, sets up a voluntary framework requiring AI developers to submit advanced models to a government review up 30 days before public release.

The post Anthropic expanding access to Project Glasswing appeared first on CyberScoop.

The White House has updated rules for federal agencies to keep logs of significant cyber activities in their networks, touting it as a measure to cut back on red tape and focus on how cybersecurity risks have evolved.

The Office of Management and Budget memorandum, released Friday, replaces a 2021 memo signed by then-President Joe Biden. It continues revisions that President Donald Trump has made to federal cybersecurity guidance under his predecessor.

The new memo, M-26-14, nods at the intentions of the earlier memo, M-21-31, saying that “Implementation of that memorandum improved foundational capabilities across agencies” to establish standards for logging and improve agencies’ record-keeping for the purposes of detecting and responding to cyberattacks.

“However, some requirements, such as the retention of vast quantities of logging data without clear utility, proved neither operationally feasible nor cost-effective for most agencies,” last week’s updated memo states. “To address these inefficiencies and the evolving cyber threat environment, this memorandum directs agencies to employ a risk-based, prioritized logging approach.”

There have been calls for the idea of updating the 2021 memo, and one observer praised the new version to CyberScoop. Another analyst, however, questioned how much harm the Trump administration might do by rescinding the earlier memo before having all of the new memo’s directives in place.

One directive is for the Cybersecurity and Infrastructure Security Agency to develop a “logging reference architecture” within 90 days that prioritizes the objectives of conducting continuous event monitoring and enabling investigations of forensic analysis after a known or suspected compromise.

Agencies would have another 90 days to submit a logging plan that adheres to those principles. The memo also establishes a new model for measuring agency progress in implementation. Multiple government watchdogs have concluded that agencies weren’t meeting the prior memo’s benchmarks.

The new memo “sharpens focus on real-time threat detection and the ability to investigate and recover after a cyber attack,” John Harmon, regional vice president of cyber solutions at Elastic, told CyberScoop. “It gives agencies the flexibility to build logging architectures that fit their specific mission.”

Harmon also praised the memo’s recognition of artificial intelligence risks to cybersecurity, and the revised maturity model.

But Nick Leiserson, senior vice president for policy at the Institute for Security and Technology think tank, said the timing of the replacement memo and the rescinding of the previous memo will give agencies a reason not to budget and prioritize logging for a period of time that adds up to six months or more.

“Moving from that to nothing is not ideal, and that’s essentially what this is doing,” Leiserson, who served in the Biden administration’s Office of the National Cyber Director, told CyberScoop. “This is saying ‘We’re rescinding 21-31 right now’ You won’t have any new guidance for at least 90 days, when CISA publishes this logging reference architecture, and it’s not clear to me why you would disaggregate that and not have the two of those things come out at the same time.”

The post White House charts new course for federal agencies and cybersecurity logging appeared first on CyberScoop.

Anthropic said its month-old Project Glasswing initiative has uncovered more than 10,000 high- or critical-severity software vulnerabilities across systemically important code, a finding the company says has shifted the central problem in cybersecurity from discovering flaws to verifying and patching them.

The findings, drawn from partner reports and independent evaluations, mark one of the first large-scale accountings of what a frontier AI model can do when pointed at widely used code, and of the bottlenecks that emerge once it does.

Several partners reported that their rates of bug discovery had increased more than tenfold. Cloudflare identified 2,000 bugs across its critical-path systems, including 400 rated high or critical, with a false-positive rate the company said it considered better than that of human testers. At one unnamed partner bank, the model was credited with helping detect and prevent a fraudulent $1.5 million wire transfer initiated after a customer’s email account was compromised and followed up with spoofed phone calls.

External evaluations cited in the update tracked with the results Anthropic released. The United Kingdom’s AI Security Institute found that Mythos Preview was the first model to solve both of its cyber ranges — simulations of multistep cyberattacks — from end to end. Mozilla said it found and fixed 271 vulnerabilities in Firefox 150 while testing the model, more than 10 times the number found in Firefox 148 using an earlier Anthropic model. AI-powered security platform XBOW called the model a significant step up over existing systems on its web exploit benchmark.

Anthropic also used Mythos to scan more than 1,000 open-source projects. The model has flagged 23,019 potential vulnerabilities, 6,202 of them estimated as high or critical. Of 1,752 high- or critical-rated findings reviewed by six independent security research firms or by Anthropic itself, over 90% were confirmed as valid, and over 62% were confirmed to be high or critical.

The company did note that while it’s good at finding vulnerabilities, there is still a gap in having people fix every issue. 

“The bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them,” the report states. 

Open-source maintainers have also been contending with a wave of low-quality, AI-generated bug reports, and Anthropic said it tries to reproduce and assess each issue before reporting it. At maintainers’ request, it has sometimes disclosed bugs without further vetting, reporting 1,129 such cases, of which the model estimated 175 to be high or critical.

Anthropic said it has not released Mythos-class models publicly because no company, including itself, has developed safeguards to prevent serious misuse. In the interim, it has released Claude Security in public beta for enterprise customers, which it said has been used to patch more than 2,100 vulnerabilities in three weeks using the publicly available Claude Opus 4.7, and has begun a Cyber Verification Program for security professionals.

The company said it plans to expand Project Glasswing with additional partners, including U.S. and allied governments, before any broader release of the underlying model.

“Glasswing helps the most systemically important cyber defenders gain an asymmetric advantage. However, there is an urgent need for as many organizations as possible to shore up their cyber defenses,” the report states. “We hope that our generally available models, and the new tools, resources, and research we’re providing to accompany them, will support those organizations to improve their cybersecurity posture.”

The post Anthropic: Mythos finds more than 10,000 software flaws in first month appeared first on CyberScoop.

As defenders get their hands on newer AI models with more powerful cybersecurity capabilities like Anthropic’s Mythos and OpenAI’s Daybreak, organizations are being told to prepare for a flood of new vulnerability reports.

But for bug bounty programs across the nation, that day may already be here, as yesterday’s frontier models and today’s open-source AI tools have dramatically increased the volume of bug reports flowing into companies around their own products or on larger bounty platforms online.

GitHub, one of the world’s largest online code repositories, said it is tightening its definition of a “complete” bug report after a significant increase in AI-assisted submissions over the past year.

Although the influx has had some benefits, many reports are submitted without proof of concept, are reliant on unrealistic attack scenarios or cover issues already listed as ineligible. As a result, the company is having difficulty separating signal from noise.

“This isn’t unique to GitHub,” wrote Jarom Brown, senior product security engineer at GitHub. “Programs across the industry are grappling with the same challenge, and some have shut down entirely.”

Brown said GitHub does not want to ban the use of AI generated reports entirely, calling it a “force multiplier” for security in the right context. But in a world where it’s never been easier to use AI to generate theoretical bugs, the company wants researchers to go the extra mile to confirm that their discoveries can actually be exploited in real-world conditions.

What we need is the same standard we’ve always expected: validation,” Brown wrote. “An AI-assisted finding that’s been verified, reproduced, and submitted with a working proof of concept is a great submission. An unvalidated output submitted as-is without reproduction or demonstrated impact is not.”

Grant Bourzikas, chief security officer at Cloudflare, said triaging bugs and proving they can be exploited  has always been one of the hardest parts of vulnerability research, and AI vulnerability scanners and code have “made it worse.”

For instance, code written in C and C++ programming languages are vulnerable to a range of exploits – like buffer overflows and out-of-bounds reading and writing – that don’t exist in memory safe languages like Rust. AI tools scanning software written in memory unsafe programming languages are far more likely to generate false positives.

But one of the biggest flaws continues to be that AI tools are also designed to give the user what they’re asking for, even when it’s not there. This leads to the generation of bug reports filled with speculation and qualifiers around exploitability that require human follow up.

“That’s a reasonable bias for an exploratory tool,” Bourzikas wrote. “It’s a ruinous one for a triage queue, where every speculative finding spends human attention and tokens to dismiss, and that cost compounds across thousands of findings.”

Cloudflare recently shared results from testing Mythos on 50 of its own code repositories, looking for exploits. Bourzikas called Mythos “a different kind of tool doing a different kind of work” from other frontier models, and that it made significant progress in reducing false positives.

For example, he pointed to two Mythos capabilities that stood out compared to other models: chaining exploits together and generating its own proof-of-concept code to confirm exploitability.

Older models could spot many of the same bugs, but they often couldn’t figure out how to exploit them effectively, or show that the issue could be exploited in real world conditions.

Others have argued that the gap in bug hunting capabilities between newer frontier AI models and older ones, or open source models available today is not as large as advertised. 

Swedish software developer Daniel Stenberg, lead developer for curl, an open source file transfer tool used around the world, recently wrote about his experience with Mythos Preview. Like others, he has also seen a higher volume of AI-fueled bug reports over the past year, but said the flood of low-quality reports has tapered off significantly since March as models have improved.

Curl is mature and polished by the standards of most software: Stenberg estimates each line of code has been rewritten or altered at least four times, and he said he has used both human and AI tools in the past to implement hundreds of bug fixes over Curl’s existence.

That makes it a unique testing ground for the enhanced capabilities of Mythos, which was reportedly so powerful at finding vulnerabilities that Anthropic opted not to release it to the general public.

After gaining access to Mythos, Stenberg received the results of a scan of 178,000 lines of curl code. Ultimately, the scan flagged five “confirmed” vulnerabilities. Further exploration by human researchers found that 4 of the bugs were false positives or had no security impact. The one remaining bug Mythos found? A low-severity flaw that will be fixed in a regular June update.

Even as he praised the impact of AI on cybersecurity generally, Stenberg concluded that for all the hype, Mythos is only “a bit better” than previously released models.

“My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing,” he wrote. “I see no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before Mythos.”

The post AI might cut false positives, but it won’t stop the slop  appeared first on CyberScoop.

The Federal Trade Commission is set to begin enforcing a key provision of the Take Down Act on May 19, requiring websites and online services to remove nonconsensual deepfake media within 48 hours after a victim’s notice—or risk fines and FTC investigation.

The law, passed by Congress last year, allowed law enforcement to immediately prosecute individuals who create and post such content online. But platforms and websites that host the material were given a yearlong runway to build out their reporting and takedown system. Under the enforcement regime taking effect, businesses that fail to remove flagged media within the 48-hour notification window could face fines and an investigation from the FTC.

This week, FTC Chair Andrew Ferguson sent letters to private-sector companies detailing how the commission intends to police compliance once enforcement begins. The FTC set a maximum civil penalty of – $53,088 per violation for companies that don’t take down content as required, and Ferguson’s letter outlines other requirements, including that companies make it easy and convenient for users to submit takedown requests.

“We stand ready to monitor compliance, investigate violations, and enforce the Take It Down Act,” Ferguson said in a statement. “Protecting the vulnerable—especially children—from this harmful abuse is a top priority for this agency and this administration.”

Ferguson’s letter sheds new light on how the FTC will enforce content takedowns under the law.  Both nonconsensual intimate imagery posted online using real photos of other individuals as well as AI-generated or modified “digital forgeries” would be considered violations.

Companies must also make it easy for victims without accounts to report potential violations, details their reporting and removal program on their website “in plain language” and provide “clear and conspicuous” notice to users about how to request removals.

According to the FTC, the law covers websites, apps, social media, image or video sharing services and gaming platforms. Ferguson’s letters were addressed to a who’s who of tech and social media companies, including Amazon, Alphabet, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok and X.

Earlier this year, Grok, the AI service that X users have access to, was used to flood the social media site with nonconsensual, sexualized deepfakes of real people. Elon Musk, X’s owner, initially brushed off critics but has since been hit with multiple criminal and civil investigations stemming from the incident, as well as lawsuits and calls from some world leaders to ban the app entirely.

 The FTC is also recommending that companies implement hashing technologies “to prevent the reappearance of intimate content you already removed from your platform” and share their findings with nonprofits like the National Center for Missing and Exploited Children and StopNCII.org to track across other parts of the internet.

Becca Branum, director of the Free Expression Project at the Center for Democracy and Technology, told CyberScoop that some elements of the FTC’s approach – like requiring clear and simple reporting options for victims – aligns with best practices established by civil society groups.

But she also said the FTC’s role under the Take It Down Act is materially different from anything the commission has done before. The sheer scale of enforcement and monitoring will require human and technical resources on par with those of major social media companies.

“I’m very concerned about the FTC and its ability to fairly enforce this law,” said Branum. “They are now in the business of regulating content moderation. That is hard work and not something they’re used to doing.”

Some legal and privacy experts pointed to the large financial penalties set by the FTC as a sign that policymakers are looking to put real teeth behind enforcement. Those penalties could pile up quickly if a business is hosting or publishing multiple copies of the same flagged media and declines to remove it within two days.

“For covered platforms, compliance with the Act is critical given the FTC’s emphasis on enforcement – reflecting White House priorities – and potential civil penalties up to $53,088 per violation,” wrote privacy attorneys Duane Pozza and Ian Barlow.

But Branum said the hefty fines also emphasize “just how much incentive will be in place for platforms to take anything that comes down the complaint line.”

While the Take It Down Act is designed to force companies to investigate claims and remove violating content, the regulatory and financial incentives push them to simply remove almost all content reported by default. That approach, which many of the same tech companies have taken under laws like the Digital Millenium Copyright Act, can be exploited by bad faith actors seeking to shut down legal speech or content online.

“If you think there’s any given post [where] if you ask an attorney is it worth $53,000 for me to keep this post up, the answer is always going to be taken it down,” Branum said. “I can’t imagine any service wanting to risk that type of fine on edge cases or anything they can’t verify or account for within 48 hours.”

The post Here’s how the FTC plans to enforce the Take It Down Act appeared first on CyberScoop.

Advanced artificial intelligence models will “fundamentally change warfare as we know it,” a top cyber official at the Defense Department said Thursday, saying it represents “not evolutionary warfare, but revolutionary warfare.”

Paul Lyons, principal deputy assistant secretary for cyber policy, said the development of frontier AI models like Mythos amounted to a “watershed moment,” speaking at Rubrik’s  Federal Cyber Resilience Breakfast produced by FedScoop.

Such models will “change both offense and defensive posture within the Department of War to something that’s close to you for critical infrastructure,” he said. “This is the ability to hunt and speed across the domain and outside the fence line in critical dependencies with water, power, compute.”

The advent of the technology is forcing the department to address difficult questions, but it’s a great opportunity as well for the United States given that it’s being developed by American companies, Lyons said. It’s something his department is optimistic about, he said.

“To be blunt, we’re trying to figure out, what authorities do we need? How do you leverage that within both decisionmaking and employment?” he said. “We have the right people looking at the speed, scale and complexity of cyber and how it’s going to be affected through the advent of AI.”

The Pentagon labeled Mythos a “supply chain risk” after its creator, Anthropic, resisted commands from the department to use its Claude model in ways the firm opposed. The department has nonetheless been using Mythos to hunt for cyber vulnerabilities.

Lyons said that cyber warfare overall has become more mature, as recent conflicts have shown.

“We saw it in spades in Venezuela, where you can layer cyber to create conditions that are favorable to the warfighter, that lower risk to mission, lower risk to force that where paired with both no kinetic and kinetic effects, can increase lethality,” he said. “We see it in Iran today.”

President Donald Trump’s cyber strategy places an emphasis on taking the battle to the malicious hackers, something Lyons said was a vital approach.

“America’s posture in cyber defense has been largely a defensive posture,” he said. “That’s a losing strategy for America. America has to dominate the full spectrum of cyber operations.”

The post Pentagon cyber official calls advanced AI ‘revolutionary warfare’ appeared first on CyberScoop.

Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks.

The AISI, which conducts pre-deployment evaluations of frontier AI models on behalf of the British government, said both Claude Mythos Preview and GPT-5.5 have substantially exceeded the doubling trend the institute had been tracking since late 2024. Whether the results represent an isolated capability jump or the start of a new, faster trajectory remains unclear.

The AISI estimated earlier this year that frontier models’ 80% reliability cyber time horizon — a measure of how long a task takes a human expert, used as a proxy for AI autonomy — had been doubling approximately every five months. That was itself roughly half the eight-month doubling time the institute estimated in November 2025. Now Mythos Preview and GPT-5.5 have since outperformed any trend lines the institute has measured.

“Frontier AI’s autonomous cyber and software capability is advancing quickly: the length of cyber tasks that frontier models can complete autonomously has doubled on the order of months, not years,” the AISI wrote.

The clearest evidence of the capability jump came from the AISI’s cyber ranges, its structured simulations of multi-stage attacks against small, undefended enterprise networks. A newer checkpoint of Claude Mythos Preview became the first model to complete both of the institute’s ranges. It solved “The Last Ones,” a 32-step simulated corporate network attack, in 6 of 10 attempts, and completed “Cooling Tower” — previously unsolved by any model — in 3 of 10 attempts. GPT-5.5 solved “The Last Ones” in 3 of 10 attempts.

Palo Alto Networks reached similar conclusions through its own testing. The company said it began testing Claude Mythos in April as a launch partner for Anthropic’s Project Glasswing, and has since tested Claude Opus 4.7 and OpenAI’s GPT-5.5-Cyber as part of OpenAI‘s Trusted Access for Cyber program.

“The latest models are extraordinarily capable at finding vulnerabilities and changing them into critical exploit paths in near-real-time,” Palo Alto Networks wrote.

The company released security advisories covering 26 CVEs representing 75 issues — compared to a typical monthly volume of fewer than five CVEs — that were identified through AI model scanning across more than 130 products. All important vulnerabilities in its SaaS products had been patched, with patches available for all customer-operated products.

The AISI was careful to note the limits of its data. The estimates are based on a relatively small number of models, and the hardest tasks in the test suite have the least amount of human comparison data. Even so, the institute said the overall trend holds up: dropping any single model from the analysis barely moves the needle, shifting the estimated doubling time by less than a month in either direction. Separate research from METR, a nonprofit that tracks how quickly AI handles software tasks, arrived at a nearly identical figure — a doubling time of approximately four months since late 2024.

“No single benchmark result should be read as a precise measure of AI capability,” the AISI wrote. “Regardless, the direction of change and rapid growth have been consistent across the models, methodological choices and independent data we examined.”

Palo Alto Networks outlined four immediate priorities for enterprises as these models continue to grow in usage: First, find and fix vulnerabilities in code and applications before attackers do. Second, shrink the attack surface and use AI to spot security misconfigurations. Third, deploy detection and response tools across all systems, using machine learning to catch threats in real time. Fourth, build security operations fast enough to respond in minutes, because AI-powered attacks may soon unfold that quickly.

The AISI said it is developing more demanding evaluations, including new cyber ranges and the addition of active cyber defenses, to better reflect real-world conditions as model capabilities continue to advance.

The post Researchers say AI just broke every benchmark for autonomous cyber capability appeared first on CyberScoop.

The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities.

Wednesday brought a closed-door briefing for the House Homeland Security Committee from Anthropic. The chairman of the panel’s cybersecurity subcommittee said he is planning to hold a hearing on the topic. And committee Democrats are requesting a classified briefing with Anthropic.

A committee aide who attended the briefing said it included a live demonstration of Mythos, “allowing members to see firsthand how advanced AI can identify and reason through software vulnerabilities. What we saw reinforced the urgency of ensuring that federal agencies, including our civilian cyber defenders, can responsibly access and deploy the most advanced U.S. models to find and patch vulnerabilities before foreign adversaries or criminal actors exploit them.”

A number of key lawmakers, including top committee Democrat Bennie Thompson of Mississippi and GOP cyber subcommittee chair Andy Ogles of Tennessee, told CyberScoop they weren’t able to attend Wednesday’s briefing. A second source who attended said it was a “productive” meeting.

“Members on both sides were focused on preserving U.S. advantage in AI, which basically came down to preserving our edge on compute power,” the source said. “They were also asking questions about whether the federal government was using Mythos, including about where CISA is and the impact of the supply chain risk designation.”

The Hill reported that Wednesday’s briefing was led on the Anthropic side by Logan Graham, from the company’s frontier red team, and Josh Tilstra, from the firm’s national security programs and policy team. It follows another recent closed briefing with Anthropic and OpenAI for the House Homeland Security Committee.

Ogles told CyberScoop he plans to hold a hearing of his subcommittee related to Mythos, but wasn’t able to attend Wednesday’s briefing due to scheduling conflicts. The top Democrat on Ogle’s subcommittee, Delia Ramirez of Illinois, also was unable to join due to prior commitments, but she was set to receive a rundown from staff about Wednesday’s briefing, her office said.

There’s a divide on which federal agencies are using Mythos thus far. For example: CISA reportedly isn’t, but the National Security Agency is. 

The federal divide on its use follows a Department of Defense blacklist that labeled the company a “supply chain risk” after Anthropic resisted pressure from the Pentagon to use its Claude AI model in ways the company opposed. The department says it has been using Mythos to identify cyber vulnerabilities despite the blacklist.

A turf battle is brewing within the Trump administration over testing of AI models, The Washington Post reported this week. Connecticut Rep. Jim Himes, the top Democrat on the House Intelligence Committee, said this week that it would be ‘insane” for U.S. spy agencies not to have early access to advanced AI models.

The Mythos briefing came one day after OpenAI announced its own cybersecurity initiative.

The committee aide said that “as the PRC aggressively works to close the AI innovation gap with the United States, the committee remains focused on ensuring that America’s AI leadership translates into a durable national security advantage, not a temporary lead that adversaries can copy, steal, or rapidly commoditize.”

Updated 5/13/26: to include comment from a committee aide who attended the briefing.

The post Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks appeared first on CyberScoop.

OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle.

The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows, and GPT-5.5-Cyber, a more permissive variant intended for specialized use cases such as authorized red-teaming and penetration testing. Each tier carries different safeguard levels and access controls, with the most capable tier paired with stronger identity verification and account-level oversight.

“For cyber defense, it means seeing risk earlier, acting sooner, and helping make software resilient by design,” a company blog post reads. 

OpenAI did not respond to CyberScoop’s request for further comment. 

Daybreak arrives weeks after Anthropic unveiled Project Glasswing, built around Claude Mythos Preview, a cybersecurity-focused AI system Anthropic has described as capable of autonomously identifying software vulnerabilities at scale. Anthropic has kept access to Mythos tightly restricted, citing both safety concerns and national security considerations, and has not made the model commercially available.

A tiered approach to access

The structure of Daybreak reflects a deliberate effort to calibrate access against the risk these models present. The standard GPT-5.5 model is available for general enterprise and developer work. GPT-5.5 with Trusted Access for Cyber is aimed at security professionals engaged in defensive workflows, including vulnerability triage, malware analysis, detection engineering, and patch validation. GPT-5.5-Cyber, the highest-capability tier, is currently in preview and reserved for specialized workflows under controlled conditions.

OpenAI has framed the access controls as a response to the dual-use nature of the underlying technology. The same AI capabilities that allow defenders to understand relationships across codebases, identify subtle vulnerabilities, and accelerate remediation could be misused, the company acknowledged. The platform pairs expanded capability with what OpenAI describes as trust, verification, proportional safeguards, and accountability.

“We don’t think it’s practical or appropriate to centrally decide who gets to defend themselves,” the company said in a prior blog post related to the Trusted Access for Cyber program. “Instead, we aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, and accountability.”

Industry partners and government discussions

Several major technology and cybersecurity companies are already working within the Trusted Access for Cyber framework, including Cisco, Oracle, CrowdStrike, Palo Alto Networks, Cloudflare, Fortinet, Akamai, and Zscaler.

Anthony Grieco, Cisco’s chief security and trust officer, described the technology as a “force multiplier for defenders,” noting that models like GPT-5.5 are changing the pace of security operations, from incident investigation to proactive exposure reduction. He added that the value of the technology lies not in the model alone but in the enterprise framework built around it.

At the federal level, the Trump administration is weighing how Anthropic’s Mythos will be used to protect government networks, with Federal CIO Greg Barbaccia telling CyberScoop last month he sees its potential to strengthen federal cyber defenses and the significant uncertainties that remain about how it would perform in real-world conditions.

Elsewhere, the European Commission is in discussions with OpenAI about potential access to its advanced AI models for identifying cybersecurity vulnerabilities. 

Other industry experts told CyberScoop that while these models are very good at finding vulnerabilities, that’s only part of the puzzle when it comes to an enterprise security plan. 

“The question that determines breach impact is not how fast you find the vulnerability. It’s how far a compromised identity can move before anyone knows it’s compromised,” said Doug Merritt, chairman & CEO, Aviatrix, a cloud security company. “That’s an infrastructure problem — what is each workload allowed to reach, on every path, independent of whether the breach has been detected? No patching tool answers that. Containment does.”

Jared Atkinson, CTO of SpecterOps, an identity management company, says defenders need to focus on what attackers can reach once inside, while still working to identify vulnerabilities faster.

“AI will accelerate portions of offensive security operations, but it does not fundamentally change the underlying problem defenders face. Most organizations still struggle to see and manage the attack paths that connect initial access to critical systems and data,” he said. “As these tools mature, visibility into identity exposure and post-compromise attack paths becomes increasingly urgent.”

A widening competition

The competitive cybersecurity dynamic between Anthropic and OpenAI has been building for months. OpenAI publicly announced the Trusted Access for Cyber program before Anthropic’s Glasswing rollout and has since expanded it to thousands of individuals and organizations. In April, the company released GPT-5.4 Cyber, a model variant specifically optimized for cybersecurity tasks, including testing and vulnerability research, governed by Know-Your-Customer and identity verification requirements.

Cybersecurity experts in the United States and United Kingdom have described Claude Mythos as a meaningful improvement over previous frontier models in identifying cybersecurity vulnerabilities, though debate continues over its practical impact on information security. GPT-5.4 Cyber has similarly been fine-tuned for testing and vulnerability research, with OpenAI indicating it intends to make iterative improvements as the program matures.

OpenAI’s stated intent is to expand access to Daybreak’s most capable models over time, working alongside industry and government partners as it deploys what it describes as “increasingly more cyber-capable models” through an iterative deployment approach. The company has indicated it is cautious about exercising too much centralized control over which sectors or industries participate in the program.

CEO Sam Altman framed the initiative in broad terms. “AI is already good and about to get super good at cybersecurity,” he wrote on X. “We’d like to start working with as many companies as possible now to help them continuously secure themselves.”

The post Daybreak is OpenAI’s answer to the AI arms race in cybersecurity appeared first on CyberScoop.

The Senate’s top Democrat called on the Department of Homeland Security Friday to work closely with state and local governments to defend against artificial intelligence-strengthened hacks. 

Senate Minority Leader Chuck Schumer, D-N.Y., wrote to DHS Secretary Markwayne Mullin to make sure state, local, tribal and territorial (SLTT) governments aren’t left behind as AI models advance, posing new hacking threats.

“There is a race between cybersecurity defenders and AI-enabled hacking — and there’s no time to waste,” Schumer wrote.

“While the White House has reportedly begun hosting meetings about its internal security priorities following these frontier AI cyber breakthroughs, it is glaringly obvious that the Department of Homeland Security needs an updated plan for coordinating these efforts with [state, local, tribal and territorial] governments and implementing procedures to reduce the risk of disruptive cyberattacks enabled by frontier AI,” he stated.

Schumer said he was worried about the capabilities of DHS and its Cybersecurity and Infrastructure Security Agency to carry out that coordination, given federal funding cuts to the Multistate Information Sharing and Analysis Center, and the lack of a Senate-confirmed CISA director for the duration of the second Trump administration.

Schumer wants a plan from DHS by July 1 on coordinating with state and local governments on a range of questions, such as how to identify top AI talent, carry out rapid patching and conduct risk assessments.

“AI is changing the cyber battlefield fast — and we cannot let hackers get there first,” Schumer said in comments accompanying the letter. “Hospitals, power grids, water systems, schools, elections, and emergency services cannot be left exposed while criminal gangs and state-backed hackers race to exploit new AI tools. DHS must immediately help states and localities find and fix vulnerabilities before Americans are hit with outages, disruptions, and attacks that could put lives and livelihoods at risk.”

CISA is using AI to help on the defensive side internally, agency officials recently said.

The post Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments appeared first on CyberScoop.