Inside sources have told Reuters that the Cybersecurity and Infrastructure Security Agency (CISA) is actively using Anthropic's Mythos to uncover internal security vulnerabilities, despite a standing national security ban on the use of the company's products.
Senior Correspondent at CPO Magazine
Scott Ikeda is a technology futurist and writer for more than 15 years. He travels extensively throughout Asia and writes about the impact of technology on the communities he visits. Over the last 5 years, Scott has grown increasingly focused on the future landscape of big data, surveillance, cybersecurity and the right to privacy.
Apple generally does not release security updates in between iOS version updates. This practice may be changing, however, as AI hacking drives faster development of tools and quicker identification and exploitation of known vulnerabilities.
Starting next year, developers may need to demonstrate their security products are quantum-safe to receive a certification from France's lead cybersecurity agency.
A API vulnerability documented by independent security blogger "bobdahacker" created a path to replacing the FIFA World Cup matches playing out on televisions and devices all over the world with any video of the attacker's choosing.
With a digital ID, the actions of automated AI agents could be tracked, verified and audited. Agents that work as digital assistants and coding partners now often have broad permissions, from potentially opening an organization's gate to attackers to being trusted with individual purchases and financial moves. This act by Estonia is the first concrete government proposal of its nature.
The new “agentjacking” attack takes almost no real hacking ability to pull off. It's predicated on pulling a public credential that can readily be found in a web site's JavaScript source code, which can be used by anyone to get Sentry to accept an error event full of malicious instructions that is passed on to AI coding agents.
The Copilot vulnerability chain requires three steps, two of which are old-fashioned injections and request forgeries. But they are kicked off by using a P2P injection that convinces Copilot it is OK to serve up malicious links. The end result is that the AI assists with data theft from across the target’s Microsoft ecosystem.
A supposed data breach prompted coverage from a number of national media sources, as it claimed to involve popular social platform VRChat and some 2.5 million of its users. The fake notice went so far as to make up an accompanying fake disclosure statement from VRChat themselves.
The 2025 data breach of Coupang, the South Korean ecommerce giant often referred to as the country's equivalent of Amazon, is going to cost the company a total of about 624 billion won (the equivalent of about $411 million) in fines.
NSA primarily conducts intelligence gathering and hacking against foreign adversaries. It does raise questions about to what degree the government is now planning to embrace Mythos AI in cyber operations and would appear to be a powerful confirmation of the system's cyber capabilities.










