The executive order instructs the National Security Agency, Department of Defense and other agencies to create a benchmarking standard to determine the degree to which AI models are a cyber risk that may impact national security, but stresses that it is not a "mandatory governmental licensing, preclearance, or permitting requirement" for developers.
Senior Correspondent at CPO Magazine
Scott Ikeda is a technology futurist and writer for more than 15 years. He travels extensively throughout Asia and writes about the impact of technology on the communities he visits. Over the last 5 years, Scott has grown increasingly focused on the future landscape of big data, surveillance, cybersecurity and the right to privacy.
On June 2, Anthropic confirmed that it will be adding 150 new organizations across some 15 countries to the "Project Glasswing" access to Mythos AI Preview and that ENISA will be among these.
The back-and-forth over public disclosure policy does have substantial "gray area" and nuance. As Microsoft points out, the zero-day vulnerabilities that Chaotic Eclipse provided a "road map" to threat actors and some were almost immediately put to use in real-world attacks. On the other side of the coin, security researchers have long complained of unresponsive and heavy-handed communications from Microsoft.
The European Central Bank (ECB) has concluded a weeks-long inspection of Euro banks with a warning: preparedness for the AI security risk is not adequate, and more spending on cybersecurity will be required to get up to speed.
On May 19 GitHub confirmed the security breach across its social media channels, verifying that there was unauthorized access to internal repositories and stating that it was monitoring the situation for further activity. It also said that it had no evidence that information stored in customer repositories or internal information about customers was compromised.
For the first time in its publication history of nearly 20 years, Verizon's annual Data Breach Investigations Report (DBIR) is tracking vulnerability exploitation as the leading initial access method for attackers. Stolen credentials had been the #1 method for the entirety of the report's history up to this year.
A critical vulnerability discovered by AI spans most of the history of NGINX, which was first made available in 2004. The web server is frequently used as a load balancer and cache for static content, and some recent estimates find that about 20 to 30% of the world's busiest websites make use of it.
Though it is not yet a matter of official policy, inside sources indicate CISA is weighing a three-day deadline for fixing critical vulnerabilities in federal government systems that have been observed being exploited elsewhere.
While Anthropic has attempted to contain the leak damage with takedown requests, the AI agent's code unsurprisingly spread like wildfire and is now essentially available to anyone willing to look for it. One early development has been promises of the source code as bait via malicious advertisements, but a number of other security and business competition risks loom.
A group of hackers widely believed to be supported by Iran's government breached a personal email account belonging to FBI director Kash Patel, which contained material dating from 2010 to 2019. The hackers claimed this was in retaliation for recent FBI operations against them.










