Today's Cybersecurity Pulse
Anthropic CEO meets White House over federal access to Mythos AI
Anthropic CEO Dario Amodei will meet White House chief of staff Susie Wiles to discuss government access to the company's Mythos AI model, which can discover and exploit zero‑day vulnerabilities. The meeting follows a Pentagon‑imposed blacklist after Amodei refused to lift safety restrictions, while Treasury, intelligence agencies and CISA are already testing the model.
Also developing:
By the numbers: Artemis raises $70M in combined seed and Series A round
Why Fed and Treasury Leaders Powell, Bessent Just Rushed Into a Critical Cyber-Risk Meeting
U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called an urgent meeting with major bank CEOs to warn about AI‑driven cyber risk from Anthropic’s new Mythos model. Anthropic disclosed that Mythos has identified thousands of high‑severity, largely unpatched vulnerabilities across every major operating system and web browser, and can exploit zero‑days. The government has simultaneously barred Anthropic products from federal use while restricting Mythos access to a select group of infrastructure partners under Project Glasswing. The episode signals that regulators view frontier AI as a systemic threat to financial stability.
Your Push Notifications Aren’t Safe From the FBI
The FBI revealed that push‑notification data can survive app removal, allowing encrypted Signal messages to be recovered from a phone’s internal cache. Anthropic announced its Claude Mythos Preview model, limited to a handful of leading tech and finance firms for...
Proof Thwarts $100K Deepfake Scam in Maryland Land Deal, Raising Alarm for PropTech Security
Proof, a transaction‑security platform, intercepted a $100,000 deepfake fraud attempt during a remote notarization of a Maryland vacant‑land sale. The incident underscores a 40% year‑over‑year rise in AI‑driven scams and signals new risk vectors for PropTech firms and title insurers.
US Treasury Warns of AI Cyber Risk as Insurers Accelerate AI Underwriting
US Treasury Secretary Scott Bessent convened top bank CEOs to discuss AI‑driven cyber threats from Anthropic’s Mythos model, as insurers worldwide roll out dozens of AI tools for underwriting and claims. The juxtaposition of regulatory alarm and rapid AI adoption...
Handala Hackers Shift Focus to Water, Energy and Tourism, Raising CIO Cyber‑Risk Alarm
Iran‑linked hacker collective Handala announced a new campaign against water, energy and tourism infrastructure, following high‑profile attacks on medical‑tech firm Stryker and FBI director Kash Patel. The shift intensifies cyber‑risk concerns for CIOs tasked with protecting critical‑infrastructure supply chains.
Sberbank Tightens Card Controls for Russian Pensioners Amid Scam Surge
Sberbank announced new fraud‑prevention rules for pensioner cards effective May 2026, tightening scrutiny of atypical transactions and giving users more online controls. The move targets a rise in phone‑scam attempts that have cost elderly customers millions.
Anthropic's Mythos AI Model Triggers Security Alarm as Limited Release Sparks Fear of Weaponization
Anthropic unveiled Mythos, an AI system that can autonomously locate and exploit software vulnerabilities, but restricted access to about 40 vetted companies. Security experts warn the model could be weaponized, while U.S. Treasury and Federal Reserve officials convened to assess...
Mythos AI Exposes Critical Flaws Across All OSes
Anthropic's Mythos AI Uncovered Serious Security Holes in Every Major OS and Browser by @EddyTheGent https://t.co/Wz76Q174Y8 https://t.co/kUAhNoKC9j
AI Security Officials Test Anthropic Cyber Threat as Bank of England to Convene Chiefs
UK officials have tested Anthropic’s new AI model, Claude Mythos, which successfully completed a full cyber‑range simulation, revealing its ability to locate unknown vulnerabilities. The AI Security Institute labeled it the most capable cyber‑focused model ever evaluated, prompting the Bank...
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Citizen Lab uncovered that law‑enforcement agencies worldwide are deploying Webloc, an advertising‑based geolocation platform originally built by Israeli firm Cobwebs Technologies and now sold by its successor Penlink. The system harvests identifiers, location coordinates and profile data from up to...
OpenAI MYTHOS, Gemini Agents & Anthropic’s New Strategy Explained
OpenAI unveiled MYTHOS, a restricted AI model built on GPT‑5.3 Codex aimed at cybersecurity and available only to vetted partners. The same Codex platform is being reshaped into a “super app” that bundles chat, automation, native image/video rendering, background task...
New IDS Enhance SCADA Cybersecurity Protection
New intrusion detection systems boost protection of SCADA systems against cyber threats #energysky -- via pv magazine global: https://t.co/110epGR3u2
Mac Users, Update Your ChatGPT App Immediately: OpenAI Issues Urgent Security Warning
OpenAI issued an urgent security warning after a supply‑chain attack compromised the third‑party Axios library used in its macOS ChatGPT app. The company found no evidence that user data was accessed or its systems altered, but it is revoking the...
Intruder Launches Container Image Scanning on Cloud Platform for Enterprises
Intruder has rolled out container image scanning across its cloud security platform, covering AWS Elastic Container Registry, Google Cloud Artifact Registry and Azure Container Registry. The feature, available on all tiers, runs daily scans and surfaces vulnerabilities alongside existing attack‑surface...
Banks Are Warned About Anthropic’s New, Powerful A.I. Technology
U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened senior executives from Bank of America, Citi and Wells Fargo to flag cyber‑risk from Anthropic’s new AI model, Claude Mythos Preview. The model can uncover software vulnerabilities that human developers miss,...
ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
ShinyHunters claims to have breached Rockstar Games' Snowflake data warehouse by exploiting compromised Anodot authentication tokens. The group posted a deadline of April 14, demanding payment to avoid public exposure of the data. Anodot recently disclosed a breach that exposed tokens,...
Oracle Unveils AI Database with Platinum‑Tier Availability and New Quantum‑Resistant Security
Oracle announced its AI Database 26ai on Exadata, delivering Platinum‑tier availability with disaster failover under 30 seconds and introducing Diamond‑tier availability for ultra‑critical workloads. The release also adds security features aimed at AI‑driven breaches and quantum‑computing threats, a move that...
SIEM Alert Fatigue Has Five Root Causes. Tuning Fixes Zero of Them.
Enterprises now face an average of 4,400 SIEM alerts per day, with large firms seeing 10,000 or more across dozens of tools. Analysts investigate only about 37% of those alerts, leaving the rest triaged superficially or ignored. Traditional SIEM tuning...
White House Races to Head Off Threats From Powerful AI Tools
The White House has assembled an interagency task force, led by National Cyber Director Sean Cairncross, to pre‑empt cybersecurity threats from emerging AI models. Officials are focusing on identifying vulnerabilities in critical infrastructure before releases from leading labs such as...
AI Agent Credentials Live in the Same Box as Untrusted Code. Two New Architectures Show Where the Blast Radius Actually...
At RSAC 2026, four security leaders warned that AI agents still operate in monolithic containers where credentials sit alongside executable code, creating a massive blast radius. New architectures from Anthropic and Nvidia aim to impose zero‑trust controls: Anthropic’s Managed Agents split...
Google Ads Agencies Hit With Scam Client Leads
Google Ads agencies are facing a surge of phishing scams that masquerade as high‑value client inquiries. Scammers craft spoofed emails and newly registered domains to trick agencies into granting access to My Client Center (MCC) accounts. Google’s product liaison, Ginny...
Circle Must Act Fast to Prevent Massive Hack Losses
Agreed & hope Circle reconsiders their stance quickly since it's a big error that will lead to many millions more USD lost in hacks before they change their mind. Even as a "competitor" with $frxUSD, we have 24/7 comm channels...
Persistent Systems Launches Fraud Detection Service
Persistent Systems unveiled a Merchant Risk Management and Fraud Detection solution built on the Databricks Data Intelligence platform. The service leverages Agentic AI to vet merchants during onboarding and continuously monitor transactions, chargebacks, and external risk signals in real time....
Children’s Minnesota Staff Email Account Compromised
Children’s Minnesota disclosed that a staff email account was compromised on April 9. An unauthorized actor accessed the account and sent phishing emails with subjects like “Sponsorship Document.” The hospital warned recipients not to click links or open attachments and advised...
Anthropic’s New AI Model Triggered an Emergency Banking Meeting. It’s a Reason to Buy Cybersecurity Stocks.
Anthropic unveiled Claude Mythos, an AI model that can locate zero‑day vulnerabilities with minimal prompting, prompting alarm among regulators. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an emergency meeting of the Big‑8 systemically important banks to assess...
Claude Mythos Preview Just Dropped. And It's Sort of Scary.
Anthropic unveiled Claude Mythos, an AI‑driven tool that discovers and exploits zero‑day vulnerabilities across Windows, macOS, Linux, Chrome and Safari. The service claims to complete penetration testing in hours for $99, versus traditional engagements that cost $5K‑$50K and take weeks....
US Treasury to Offer Free Cybersecurity Intelligence to Crypto Firms
The U.S. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection announced a new initiative that will provide cryptocurrency firms with free access to the same cyber threat intelligence shared with traditional banks. Eligible digital‑asset companies and industry groups must meet...
Android Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
Infoblox Threat Intel, in partnership with Vietnamese NGO Chong Lua Dao, confirmed the first direct link between a Cambodian forced‑labour scam compound and an Android banking trojan operating in 21 countries. Trafficked workers at the K99 Triumph City facility in...
Visibility Is the only Way to Fix the Public’s Growing Security Debt
Government agencies are grappling with a massive security debt, with 78% of public organizations leaving vulnerabilities unpatched for over a year. On average, it takes more than 300 days to remediate half of their software flaws, far exceeding private‑sector benchmarks....
Hacker Faux Pas Uncloaks North Korean IT Worker Scheme
A hacker unintentionally ran infostealer malware on their own system, exposing a North Korean IT‑worker scam. The breach leaked data from a state‑run payment server, including 390 accounts, chat logs and cryptocurrency transaction details. Independent analyst ZachXBT estimates the operation...
Report: US Accounts for Most PLCs Subjected to Iranian Targeting
A CyberScoop report finds that nearly 3,900 of the 5,219 internet‑exposed Rockwell Automation/Allen‑Bradley programmable logic controllers (PLCs) used in critical‑infrastructure are located in the United States, representing about 75% of the total. Roughly half of these vulnerable devices are linked...
HPE Accelerates Quantum Readiness Ahead of Q-Day
Hewlett Packard Enterprise (HPE) is positioning itself as a leader in quantum readiness ahead of the industry‑wide “Q‑day” when quantum computers could break current cryptography. The company announced its Quantum Scaling Alliance, a full‑stack partnership aimed at marrying quantum processors...
Florida Launches Probe Into OpenAI as Company Eyes Massive IPO
Florida Attorney General Ashley Moody Uthmeier announced a state‑level investigation into OpenAI, citing national‑security and public‑safety risks as the AI firm prepares for a potential IPO that could value it at up to $1 trillion. The probe will issue subpoenas to...
Hims Breach Exposes the Most Sensitive Kinds of PHI
Hims & Hers Health disclosed a data breach that compromised customer support tickets accessed through a third‑party platform. The breach, attributed to the ShinyHunters group, exposed names, email addresses and sensitive medical information such as erectile dysfunction and mental‑health conditions. Hackers...
CISA Flags Second Ivanti EPMM Flaw as Actively Exploited, Urges Immediate Patch
The Cybersecurity and Infrastructure Security Agency (CISA) added a second critical Ivanti Endpoint Manager Mobile vulnerability, CVE‑2026‑1340, to its Known Exploited Vulnerabilities catalog. The flaw, a code‑injection bug with a 9.8 CVSS score, is being leveraged in the wild, and...
Eight Things You Should Never Share With an AI Chatbot
A Stanford review of privacy policies for the leading AI chatbots—Claude, Gemini, ChatGPT and others—found that all six companies retain user prompts by default and often use them to train future models. Data can be stored indefinitely, merged with other...
Fordham 33 (Report 2): Top 5 Takeaways: Data Governance, Privacy, & Cybersecurity in an AI World
The Fordham Law data governance session highlighted how AI is upending traditional data‑management practices, demanding full traceability and new vendor oversight. Panelists compared stark regulatory splits, noting the EU’s aggressive AI legislation versus Japan’s relaxed consent rules for training data....
Hospitals Are Becoming Hackers’ Favorite Target, but Downtime Simply Isn’t an Option
Hospitals, especially rural and community facilities, are facing a surge in ransomware attacks that threaten critical electronic health record (EHR) systems. The lack of in‑house IT expertise makes downtime unacceptable, forcing providers to seek resilient, managed solutions. CloudWave is helping...
Google Is Now Rolling Out End-to-End Encryption for (Some) Gmail Users
Google announced that client‑side encryption (CSE), its form of end‑to‑end encryption, is now rolling out to Gmail’s iOS and Android apps. Previously limited to desktop, CSE lets Workspace users encrypt email bodies on mobile without third‑party tools. The feature requires...
Bank of Canada, Major Lenders Meet on Anthropic AI Cyber Risk
On Friday, the Bank of Canada gathered senior executives from the nation’s largest banks and financial firms to discuss cybersecurity risks associated with Anthropic PBC’s newly released AI model, Mythos. The meeting mirrors a U.S. initiative earlier in the week, where...
Five Slices of Swiss Cheese Between Your Agent and Everyone Else
The blog applies James Reason’s Swiss‑cheese safety model to AI‑agent platforms, arguing that a single security layer is insufficient when agents can execute arbitrary code. KiloClaw implements five independent tenant‑isolation slices—authentication, application, network, process, and storage—each built on distinct technologies...
FBI: Real Estate Cyberfraud Rises with More AI, Crypto Scams
The FBI’s Internet Crime Complaint Center reported that real‑estate cybercrime losses surged to $275 million in 2025, a 59 percent rise from the previous year. AI‑enabled scams and cryptocurrency fraud accounted for a growing share of the losses, with 115 AI‑related incidents...
Quantum Threat Looms: Crypto’s Upcoming Q-Day Explained
So.. is q-day coming and is crypto cooked? definitely maybe. if you, like me, are not an expert in quantum computing and how it puts ALL blockchains at risk + want to know what changed in the last couple of weeks, then...
GPT‑5.4's Hacking Prowess Heightens Security Urgency
GPT5.4 is apparently very effective at hacking as well. Makes proactively using these models to secure the world more urgent and important than we knew.
Cynomi Unveils CISO AI Agents, Go-To-Market Academy As CEO Pushes To Become ‘AI-First Company’
Cynomi announced a major platform upgrade that adds AI‑driven CISO, auditor, analyst and communicator agents, effectively creating a virtual security team for managed service providers (MSPs). Simultaneously, the company launched a Go‑to‑Market Academy to help partners package, price and sell...
Concern: Chinese Hackers May Steal Advanced Orality Detection Tech
Yo @AnthropicAI I’m worried that Chinese hackers will steal our most advanced orality detection technology
Treasury Pushes Anthropic, DoD Flags It as Risk
So the Treasury Department is encouraging banks to use and test Anthropic to prepare for new vulnerabilities… While the Department of War claims Anthropic is a “supply chain risk” for DoW and all their contractors…. Make that make sense https://t.co/vkDB1ezk88 https://t.co/jZD9h5yQVo
0.03% of XRP Quantum Vulnerable vs 33% of BTC
New research, citing Google’s recent quantum‑computing paper, finds that only 0.03% of XRP’s circulating supply is vulnerable to a quantum attack, compared with roughly 33% of Bitcoin. The breakthrough reduces the qubit threshold for breaking Bitcoin’s ECC‑256 encryption to under...
Bypassing LLM Supervisor Agents Through Indirect Prompt Injection
Security researchers discovered that LLM supervisor agents that only scan user messages can be bypassed by indirect prompt injection, where malicious instructions are hidden in trusted data such as user profile fields. In a test of a multi‑model customer‑service chatbot,...
The State of AI Security in 2026
The 2026 Threat Detection Report warns that AI is now a force multiplier for cyber attackers, with large‑language models automating 80‑90% of espionage operations. While the attack techniques remain familiar—credential theft, data exfiltration—the speed and scale have surged, prompting a...