Intelligence agencies for the United States, Canada, UK, Australia and New Zealand are warning that advanced AI models capable of wreaking havoc in the cyber domain are “months away” from being publicly available.

In a joint statement, the Five Eyes alliance say they expect the kind of advanced hacking capabilities provided by frontier models like Anthropic’s Fable 5 and OpenAI’s Daybreak to become broadly available the public within the year, despite efforts by AI companies to withhold them or restrict their access.

“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the agencies said. “The timeline is not years, it is months.”

The statement, which included signatures from NSA’s Director of the Cybersecurity Directorate David Imbordino and acting CISA Director Nick Andersen, does not specifically cite secret or classified sources or methods to reach this conclusion.

But much of the underlying justification provided by the intelligence agencies also aligns with what public cybersecurity and AI experts have been warning about for months.

AI models capable of exploiting cybersecurity weaknesses are already available today through multiple channels: older commercial models, open-source versions, or foreign and black-market sources. And while newer models like Mythos are reportedly significantly more powerful for cybersecurity-related tasks, the breakneck pace of frontier model development often means that yesterday’s restricted frontier AI is tomorrow’s free, open-source AI.

Representative Andrew Garbarino, R-N.Y., Chair of the House Homeland Security Committee, said the warning from intelligence agencies “underscores what the Committee has repeatedly heard through roundtables, briefings, and hearings with industry leaders: China is just months, if not now weeks, away from achieving frontier AI capabilities comparable to those of the United States.”

“This threat reinforces the urgency of ensuring that federal agencies and critical infrastructure operators can responsibly leverage advanced U.S. models, and receive the guidance and support necessary to do so, to find vulnerabilities before adversaries can exploit them,” said Garbarino in a statement.”

The agencies flag legacy systems, sluggish patching loops, unnecessary internet connectivity, weak identity and access controls, and a lack of pre-incident planning by organizations as key weaknesses that AI will excel at exploiting.

“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the agencies wrote. “We must act before and be prepared to adapt and withstand evolving threats.”

Since large language models burst onto the scene, open-source models have run about 6-8 months behind the largest frontier AI companies.

To give an idea of how quickly the field develops: the capabilities described in the Amazon threat intelligence report that convinced the Trump administration to place export controls on Fable 5 could already be accomplished through older models like Claude Opus and Claude Sonnet, as well as open-source Chinese models.

Anthropic shut down access to their Fable 5 and Mythos 5 models as a result, and despite releasing a statement that they believe the White House decision was a “misunderstanding” the dispute remains resolved.

Programs like Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber Program provide AI systems to organizations for cyberdefense.  The goal is to give defenders a head start in finding and fixing vulnerabilities before AI systems can exploit them routinely in the coming years.

However, for all the fear surrounding the new technology, the recommended guidance is largely the same as it has been for decades. Governments, businesses and leaders must stop treating the digital security of their work as an afterthought or compliance issue.

“Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the agencies wrote. “Those that do not will face growing operational and strategic disadvantage.”

06/23/2026: This story was updated to include comment from Rep. Andrew Garbarino, R-N.Y.

The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected appeared first on CyberScoop.

The Trump administration issued a revised executive order Tuesday focused on artificial intelligence, offering a significantly pared-back vision for the federal government’s role vetting AI systems compared with a draft version that was spiked weeks ago.

The order keeps in place the administration’s largely voluntary framework for companies to engage with the federal government around testing new models before release, but appears to considerably weaken or loosen provisions that had been opposed by industry.

Under the order, AI companies would voluntarily provide the federal government access to frontier models before release, but now it will be for “up to” 30 days instead of the 90-day timeline included in previous drafts.

It also explicitly states that nothing in the program will be construed as mandatory or part of a federal licensing or permitting regime, and gives AI companies significant influence to help define what models would and would not be covered under for testing.

It also states that all federal testing and access to the models would be subject to “confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements.”

Section one of the order highlights the central friction that has plagued the Trump administration’s AI policy since assuming power: While the White House increasingly sees national security implications in the rapid release of frontier models from the private sector, it has also been one of the loudest critics of regulating the technology for fear it could harm American businesses.

“The United States continues to lead the world in Artificial Intelligence (AI) because of the enormous talent and innovation of our AI industry, and because we refuse to stifle this innovation with overly burdensome regulation,” the order reads.

That argument was bolstered in recent days as industry members and top advisers to Trump, like tech investor and AI czar David Sacks, lobbied against previous draft language, arguing it would put too much of a regulatory burden on U.S. businesses.

On X, Sacks called the revised EO, including changes reducing the government’s access from 90 days to up to 30 days “a game changer” because it would allow frontier labs to comply without delaying new model releases. He also said the discussions he’s had with the White House indicate that not all new model releases would be subject to even that level of scrutiny.

The White House characterization that the order is not a program for conducting oversight of all new AI models “is completely consistent with the discussions that I have participated in, where it was agreed that the EO is intended to apply only to models that represent a meaningful step-change in cyber capabilities (eg Mythos), not to incremental version numbers of existing models,” Sacks wrote.

The order also puts the Department of Treasury at the head of a new interagency cybersecurity clearinghouse on AI, where the private sector, critical infrastructure operators and federal agencies voluntarily collaborate to coordinate and deconflict scanning for software vulnerabilities, discovery and validation and remediation activities, like patching.

Treasury, the Cybersecurity and Infrastructure Security Agency, the NSA, the Office of the National Cyber Director and other agencies would also be responsible for developing classified benchmarks that would be used to identify or flag the kind of advanced cyber and hacking capabilities that agencies are interested in testing.  

Questions linger over implementation, politicization

Consisting of less than 1200 words, the directive is vague in many areas about exactly how implementation will work.

“On frontier capability access, vulnerability discovery for critical infrastructure, and sharing with trusted partners, many questions remain,” wrote American Enterprise Institute fellow Ryan Fedasiuk.

Senator Mark Warner, D-Va., said the order would help the White House “begin to grapple” with the threats that new frontier models and their hacking capabilities pose to critical infrastructure and praised certain provisions, like putting the NSA in charge of classified testing of new models. But he was also sharply critical of the administration’s about face on the need for federal scrutiny of emerging AI technologies.

“Once again, the Trump administration has belatedly discovered the need to redo something it hastily dismantled in its first year,” Warner said in a statement. “While this course correction – a rehash of proposals contained in the last administration’s 2023 executive order, bipartisan congressional legislation, and each of the last three years of intel authorization bills the Senate Intel Committee has passed – can begin to grapple with widespread impacts that new frontier models will have on our critical infrastructure, it can’t undo the years wasted on dismantling some of the most vital pillars of our nation’s cybersecurity response, including key information sharing initiatives and the federal agency established to protect the security of U.S. critical infrastructure.”

Warner also said he will be “watchful” for indications the administration may politicize any testing regime, for instance, such as using the partnerships “to pressure U.S. firms into making changes to their products or Terms of Service to suit partisan or legally questionable objectives of the president and his allies.”

The administration’s lighter touch approach around voluntary testing yielded approval from some experts who have traditionally been more in favor of regulation, but who also expressed similar worries about the downsides of putting the federal government in charge of vetting AI models.

Samir Jain of the Center for Democracy and Technology, said that while AI models pose real cybersecurity threats to critical services, the order “attempts to avoid the deeply concerning implications of a mandatory licensing regime for release of new models.”

“Testing and benchmarking programs are important to promote cybersecurity and address other risks,” Jain said in a statement. “However, the EO should not become a mechanism for the Administration to punish companies for political or other arbitrary reasons, and so we will be closely monitoring the details of its implementation as they emerge.”

You can read the full order on the White House’s website.

The post Trump administration releases scaled-back AI executive order appeared first on CyberScoop.

President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing. 

Speaking to reporters in the Oval Office Thursday, Trump said he opted to delay the order “because I didn’t like certain aspects of it” and expressed concerns that it could harm U.S. AI industry competition with countries like China. 

According to multiple sources, a draft version of the order circulating in the last 24 hours would have set up a voluntary testing regime between the U.S. federal government and frontier AI companies that would allow the government to study new models for 90 days before they’re publicly released. In addition to the government, the draft order would also facilitate access to the models for cybersecurity testers in critical infrastructure sectors, like finance and healthcare.

The draft order empowered the National Security Agency to conduct classified evaluations of frontier AI models, while the Department of the Treasury would have set up a new information sharing agreement between AI companies and cybersecurity defenders in critical infrastructure.

Other agencies, like the Office of the National Cyber Director, the Cybersecurity and Infrastructure Security Agency and the National Institute for Standards and Technology, would also be involved in defining which models are covered under the vetting regime.

In some sense, the order would formalize an already cooperative relationship between AI companies and governments like the U.S. and UK, where tech-focused agencies and regulators have already been provided access to previous models ahead of their release for testing and evaluation. 

A former federal official who has seen the latest draft circulated before Thursday’s announcement told CyberScoop that based on their conversations with the administration, the order was intended to facilitate more robust testing from government agencies compared to evaluations conducted for previous models. They said that is in part a reflection of the federal government’s maturing understanding of AI technology over the past five years.

“In the past there has been containerized optionality for the intelligence community and others to take a look at things, but it was really a lot of hand holding [from AI companies] and self-explanation of what they expect this thing to do,” said the official, granted anonymity to discuss sensitive conversations with the administration. “And now the government is coming forward and saying now we feel we’re prepared enough for you to just give us your tool…and we’ll go from there.”

But it also represents a stark pivot by the Trump administration, which came into office openly dismissive of AI safety policies and arguing that they would inhibit U.S. industry. Trump’s latest comments in delaying the order echo those same attitudes. 

The former official said that while the Trump White House doesn’t view its mission as telling AI companies “don’t develop AI that can do X, which was perceived to be the previous administration’s role,” they also acknowledged the administration’s early rhetoric on AI regulation has painted them into a corner. 

“I think the biggest challenge the administration has is that their tone was ‘no institution of guardrails’ and they don’t have a better word for making sure that the capabilities of emergent frontier models don’t disrupt security than to say ‘let’s test it and institute guardrails,’” the official said.  

While debate about how best to regulate AI-related harms continues, most agree there are genuine national security concerns around the technology.

Ram Shankar Siva Kumar, founder of Microsoft’s AI red team, told CyberScoop that in 2019, his staff consisted of himself and a few other security and machine learning specialists. Now a much larger staff of technologists are supported by specialists in psychology, linguistics, bioweapons and other fields.

“Because of frontier harms, what we have done has really morphed,” Siva Kumar said.

The United States, along with Israel, Russia, Ukraine and others have already deployed AI in targeted military operations or integrated the technology into their larger command and control structure. AI is being used to supercharge drone warfare, global hacking campaigns, and sophisticated surveillance and targeting of military personnel and civilians, imbuing the engineering choices of frontier AI companies with life and death consequences.

Some congressional members who previously opposed allowing AI to make autonomous kill decisions on the battlefield have been reconsidering their position.

Rep. Don Beyer, D-Va., who co-chaired the Congressional AI Caucus and was appointed to a bipartisan AI task force in 2024. said that while he thinks “we need to guard against dehumanizing” those decisions, he also worries that adversarial countries will use the same technology against the United States.

“It’s like if we say that Americans have to have a human in the loop and the Chinese don’t have to have a human in a loop, the non-human one will beat the human one every time,” Beyer said at an AI conference in Washington D.C. earlier this month.  

Meanwhile, experts have been increasingly concerned about the technology’s impact on cybersecurity, as current models are remarkably good at finding software bugs and vulnerabilities, while newer models like Anthropic’s Mythos and OpenAI’s Daybreak are capable of chaining together multiple exploits to conduct more sophisticated attacks.

While state-sponsored hackers are experimenting with the technology and using it to gain targeted efficiencies in their hacking operations, cybersecurity experts in the private sector and law enforcement agencies say the technology has mostly benefitted cybercriminals and scammers.

The post Trump postpones executive order focused on AI security  appeared first on CyberScoop.

Cybersecurity agencies from the United States, Australia, Canada, New Zealand and the United Kingdom jointly published guidance Friday urging organizations to treat autonomous artificial intelligence systems as a core cybersecurity concern, warning that the technology is already being deployed in critical infrastructure and defense sectors with insufficient safeguards.

The guidance focuses on agentic AI — software built on large language models that can plan, make decisions and take actions autonomously. In order for this software to function it needs to connect to external tools, databases, memory stores and automated workflows, allowing it to execute multi-step tasks without human review at each stage.

The guidance was co-authored by the U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Australian Signals Directorate’s Australian Cyber Security Centre, the Canadian Centre for Cyber Security, New Zealand’s National Cyber Security Centre and the United Kingdom’s National Cyber Security Centre.

The agencies’ central message is that agentic AI does not require an entirely new security discipline. Organizations should fold these systems into the cybersecurity frameworks and governance structures they already maintain, applying established principles such as zero trust, defense-in-depth and least-privilege access.

The document identifies five broad categories of risk. The first is privilege: When agents are granted too much access, a single compromise can cause far more damage than a typical software vulnerability. The second covers design and configuration flaws, where poor setup creates security gaps before a system even goes live.

The third category covers behavioral risks, or cases where an agent pursues a goal in ways its designers never intended or predicted. The fourth is structural risk, where interconnected networks of agents can trigger failures that spread across an organization’s systems.

The fifth category is accountability. Agentic systems make decisions through processes that are difficult to inspect and generate logs that are hard to parse, making it difficult to trace what went wrong and why. The agencies also note that when these systems fail, the consequences can be concrete: altered files, changed access controls and deleted audit trails.

The guidance also flags prompt injection, where instructions embedded inside data can hijack an agent’s behavior to perform malicious tasks. Prompt injection has been a lingering problem with large language models, with some companies admitting that the problem may never be solved. 

Identity management gets significant attention throughout the document. The agencies recommend that each agent carry a verified, cryptographically secured identity, use short-lived credentials and encrypt all communications with other agents and services. For high-impact actions, a human should have to sign off, and the guidance is explicit that deciding which actions require that approval is a job for system designers, not the agent.

The agencies admit the security field has not fully caught up with agentic AI. Some risks unique to these systems are not yet covered by existing frameworks, and the guidance calls for more research and collaboration as the technology takes on a growing number of operational roles.

“Until security practices, evaluation methods and standards mature, organisations should assume that agentic AI systems may behave unexpectedly and plan deployments accordingly, prioritising resilience, reversibility and risk containment over efficiency gains,” the guidance reads. 

You can read the full guidance below.

The post US government, allies publish guidance on how to safely deploy AI agents appeared first on CyberScoop.

A joint report from the Cloud Security Alliance (CSA), the SANS Institute and the Open Worldwide Application Security Project (OWASP) concludes that in the near term, organizations are “likely to be overwhelmed” by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them.

While those organizations can use AI tools to speed up their own defenses, attackers “still face a heavier relative burden due to the inherent limitations of patching. This in turn leads to “asymmetric benefits” for attackers who can afford to adopt the technology without the same caution and bureaucracy as a multi-billion dollar business.

“The cost and capability floor to exploit discovery is dropping, the time between disclosure and weaponization is compressing toward zero, and capabilities that previously required nation-state resources are now becoming broadly accessible,” wrote Robert Lee, SANS Institute’s Chief AI Officer, Gadi Evron, CEO of Knostic and Rich Mogull, chief analyst at CSA, who served as the primary authors.

The report marks one of the first comprehensive responses to the capabilities of Claude Mythos from the U.S., boasting cybersecurity luminaries who have set policy at the highest levels as contributing authors, including Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, Rob Joyce, a former top White House and NSA cybersecurity official, and Chris Inglis, former National Cyber Director.

It also includes private sector stalwarts like Heather Adkins, Google’s CISO, Katie Moussouris, CEO of Luta Security, and Sounil Yu, chief technology officer at Knostic. Another seventy CISOs, CTOs and other security executives are named as editors and reviewers.

Also this week, the UK’s AI Security Institute (AISI) detailed the results of tests it performed on a preview version of Claude Mythos, calling it a “step up” from past Anthropic models in the cybersecurity arena and able to “execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously.”

Using a mix of Capture the Flag exercises and cyber range testing, AISI researchers found that Mythos not only raised the ceiling of technical non-experts and apprentice-level users, it narrowed the overall gap in hacking proficiency between the two. In other words, there’s becoming less of a distinction between the capabilities of amateur “script kiddies” and mid-level hackers with technical knowledge.

Before April 2025, no Large Language Model could complete a single expert-level CTF problem. Mythos successfully solved nearly three quarters (73%) of them.

In cyber range tests – which are meant to simulate more complex, multi-chain attacks – the results were uneven, but also represented meaningful progress over prior Claude models.

Mythos was subjected to a 32-step attack playbook modeled on corporate networks, spanning initial network access to full network takeover. In three of the 10 simulations, the model completed an average of 24 of the 32 steps. Older versions of Claude and other frontier models never averaged more than 16.

Mythos flunked its test against a simulated operational technology cooling tower, but researchers noted that this doesn’t mean AI is bad at exploiting OT: the model actually faltered during the IT section of the exercise.

UK researchers were more measured in their analysis of Mythos, noting that their testing indicates it is “at least capable” of autonomously taking down smaller, weakly defended enterprise networks.

But they also note their cyber ranges lack security features – like active defenders and defensive tooling – that would be common in many real-world networks and present additional obstacles, nor did they penalize the model for triggering security alerts.

“This means we cannot say for sure whether Mythos Preview would be able to attack well-defended systems,” the researchers concluded.

Technical debt coming due

Both the US and UK reports agree that large language models are broadly moving in a similar direction of lowering the technical barrier. The US authors call for organizations to more quickly adopt AI for cyber defense while overhauling their incident response playbooks and corporate policies to account for more automated defense postures.

For its part, Anthropic has said it is not selling Mythos commercially, and last week it announced the model would be made available to Project Glasswing, a consortium of major tech companies that will use it to root out and patch vulnerabilities in commonly used products and services.

But other experts have warned that businesses and governments are not well-positioned to either absorb the influx of expected vulnerability exploitation or deftly harness AI tools of their own to counter them.

Casey Ellis, CTO and founder of Bugcrowd, wrote that recent advances in AI cyber tools has succeeded largely by “living in the places we stopped looking a decade ago.”

While the cybersecurity community has spent years focusing on application security, vulnerability triage and other “top layer” security problems, AI tools and apex level hacking groups have been feasting on vulnerabilities in forgotten firmware, or routers whose manufacturers long went out of business.

This reality that tools like Mythos can endlessly weaponize the massive technical debt of large organizations has taken the traditional defender’s dilemma and “the knob that used to go to ten and turned it to seven hundred,” Ellis wrote.

Additionally, corporations and governments run on consensus-building, multiple layers of hierarchy and legal compliance. While those are all necessary when handing your cybersecurity over to automated tooling, it can also lead to a slower process and more asymmetry against defenders in the short term.

“Integration into actual production becomes the battlezone,” wrote Ellis. “Lag is real. Bureaucracy is real. Supply chains are real.”

The post Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos appeared first on CyberScoop.

Flights canceled. Emergency rooms shut down. Centuries-old companies shuttered.

Ransomware and other similar cyberattacks have become so routine that even those serious human and economic consequences are often overlooked or easily forgotten.

This lack of focus is dangerous.

As former leaders of FBI and CISA cyber units, we’ve seen cybercrime ripple through communities – disrupting critical services, destroying jobs, and sometimes costing lives. Today’s ransomware numbers tell a stark story. The Department of Homeland Security reported more than 5,600 publicly-disclosed ransomware attacks worldwide in 2024, nearly half of them in the United States. The FBI found that ransomware incidents increased nearly nine percent year over year, with almost half targeting critical infrastructure. Attacks on these organizations pose the greatest threat to national security and public safety.

Despite this trend, we’re cautiously optimistic about the administration’s new National Cyber Strategy. It focuses on protecting critical infrastructure and stopping ransomware and cybercrime—threats it correctly elevates to top-tier national security threats.

But success requires sustained action across government and industry. Adversaries are evolving faster than defenses: ransomware attacks now average $2.73 million per incident, driving annual losses into the billions. Attackers have compressed their operations from weeks to hours, disabling Endpoint Detection and Response (EDR) tools and leaving defenders almost no time to stop an attack.

Basic cyber hygiene still matters. But it’s no longer sufficient. Attackers steal valid credentials, exploit known vulnerabilities, disable tools, and move laterally at machine speed, now accelerated by AI. They need a stunningly low level of technical expertise to do so, and AI tools are increasing the speed and scale of their actions.

Our defenses must keep pace with evolving threats. Protecting national security requires immediate action. Automating cyber threat information sharing offers clear benefits, but government agencies need significant structural and technological upgrades before they can effectively share data. This requires sustained investment and oversight.

The government does not have to do this alone. Industry and academia possess tools that could mean the difference between progress and revisiting this same conversation four, eight, or twelve years from now. Forums like CISA’s Joint Cyber Defense Collaborative (JCDC), the National Cyber Investigative Joint Task Force (NCIJTF), and NSA’s Cyber Collaboration Center (CCC) have demonstrated that information fusion and joint operational planning can work. But overlapping missions and unclear playbooks leave companies guessing what to share, when to share it, and with whom. These forums and underlying collaboration mechanisms must be resourced, deconflicted, and made predictable.

Despite the noble efforts of government agencies to share behind-the-scenes and interact with industry with one voice, the current structure remains fragile and dependent on personal relationships. We simply cannot afford this fragility or inefficiency, particularly in an era of constrained government cyber resources and escalating threats.

Effective protection of critical infrastructure requires focused collaboration. The administration’s strategy rightly emphasizes this, but narrowing this focus will not be easy. For years, the government has tried to cover sixteen sectors and hundreds of thousands of entities equally—an impossible task. Equal attention for all is unrealistic. Looking back, we wish we had prioritized more strategically during our time in government.

Prioritization is politically difficult, but operationally necessary. When everything is critical, nothing truly is. For the most important critical infrastructure, we must focus on resilience—ensuring systems can withstand attacks and recover quickly—rather than assuming we can prevent every breach.

The government can take concrete steps now to disrupt the ransomware ecosystem. Ransomware has cost American lives; designating certain ransomware actors and their enablers as Foreign Terrorist Organizations could unlock more powerful sanctions, diplomatic action, and intelligence operations. Sensible regulation holding cryptocurrency exchanges accountable for knowingly laundering ransomware proceeds could weaken criminal business models while strengthening legitimate digital asset markets in the U.S. and allied nations.

The technology and cybersecurity industry has responsibilities, as well. Industry must share actionable intelligence where legally permitted, pressure-test government programs with candid feedback, and support reauthorization of the Cybersecurity Information Sharing Act of 2015.

We all must do our part. Every day that passes without us confronting these critical questions is a gift to our adversaries. This will only be exacerbated by advancements in AI. We are hopeful that the release of this administration’s National Cyber Strategy will spark much-needed debate and decisions about the role of the government and industry in advancing our nation’s cybersecurity and resilience.

Cynthia Kaiser is senior vice president of Halcyon’s Ransomware Research Center. She was formerly Deputy Director of the FBI’s cyber division.

Matt Hartman serves as chief strategy officer at Merlin Group, where he is focused on identifying, accelerating, and scaling the delivery of transformative cyber technologies to the public sector and critical industries. Prior to this role, Matt spent the last five years serving as the senior career cybersecurity official at the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security.

The post We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it. appeared first on CyberScoop.

Lawrence Hoffman // As I previously mentioned I’m on vacation this week and next. As I like to go for long cross-country drives I’ve not had much time to keep […]

The post Lawrence’s List 070116 appeared first on Black Hills Information Security, Inc..