AI watch: Chinese competition, government adoption, and new regulations pressure AI leaders

Canada details offensive cyber ops, US cloud providers challenge Korean security rules, KDDI confirms breach affecting millions, Judge keeps Weiss hacking case alive, BonkDAO loses $20m in governance attack, Crypto wallet flaw exposed millions to theft, Ctrl Wallet shutters after incident, much more

Share
AI watch: Chinese competition, government adoption, and new regulations pressure AI leaders
Image by kp yamu Jayanath from Pixabay

Metacurity is the cybersecurity industry's daily reality check—independent, agenda-free coverage that cuts through vendor hype, social media noise, and recycled talking points to explain what matters and why.

Trusted by thousands of cybersecurity professionals, including many of the industry's most influential security leaders, Metacurity delivers the context, analysis, and perspective that busy readers don't have time to assemble themselves.

If you find value in that work, please consider becoming a paid subscriber. Metacurity remains independent because its readers choose to support it.

Yesterday's artificial intelligence news ranged from government deployment of frontier models to growing competition from Chinese AI providers, fresh scrutiny of Anthropic's security practices, and new state-level regulation of advanced AI systems.

Reuters reported that the Cybersecurity and Infrastructure Security Agency (CISA) is using Anthropic's Mythos model to audit government software repositories for vulnerabilities. The deployment marks another step in the federal government's growing use of advanced AI systems for cybersecurity and operational tasks and comes despite months of debate over the role of frontier AI models in sensitive government environments.

Anthropic also released new research into the inner workings of its Claude models. Researchers identified what they describe as an internal conceptual workspace called "J-Space," where Claude appears to organize and manipulate information before generating responses. The company said the research could improve understanding of how advanced AI systems reason and help researchers monitor increasingly capable models, though it stopped short of suggesting the findings indicate machine consciousness.

Meanwhile, Chinese AI developers continue to gain traction with US companies seeking lower-cost alternatives to OpenAI and Anthropic. CNBC reported that Chinese-developed models such as DeepSeek and Z.ai's GLM 5.2 have accounted for more than 30% of weekly token usage on OpenRouter since February, reaching as high as 46% during some weeks.

AI startup Lindy recently moved all of its traffic from Anthropic's Claude models to DeepSeek, saying the shift would save millions of dollars. Industry observers estimate that many Chinese models now cost 60% to 90% less than leading US offerings while narrowing the performance gap.

The growing success of Chinese AI models is drawing increased attention from Beijing. Reuters reported that Chinese authorities are considering restrictions on overseas access to some of the country's most advanced AI models and discussing stronger penalties for AI intellectual property leaks. The discussions, which reportedly involve companies including Alibaba, ByteDance, and Z.ai, suggest that Beijing is increasingly viewing advanced AI models as strategic national assets, mirroring concerns in Washington over the security implications of frontier AI systems.

The growing pressure from lower-cost competitors appears to be fueling an increasingly aggressive battle for customers. According to The Wall Street Journal, OpenAI and Anthropic are offering startups hundreds of thousands—and in some cases millions—of dollars in free computing credits and discounts. Anthropic recently increased credits available to Y Combinator startups from $30,000 to $500,000, while OpenAI has offered startup packages worth as much as $2 million in credits. The incentives reflect efforts by both companies to secure long-term customers as competition intensifies.

Anthropic also faced criticism after a web developer known as Thereallo disclosed a hidden tracking mechanism embedded in Claude Code that was designed to identify users potentially connected to Chinese AI laboratories and unauthorized resellers. According to Thereallo, the code used prompt steganography to quietly embed markers that could reveal information such as a user's time zone, proxy usage, and potential connection to Chinese AI labs that Anthropic has accused of conducting model distillation attacks. After the feature was exposed, Anthropic removed it. Company engineer Thariq Shihipar described the code as an experiment intended to combat unauthorized resellers and model distillation, a process in which competitors use outputs from advanced AI systems to train rival models.

The controversy quickly spilled into the broader US-China AI rivalry. Alibaba has ordered employees to stop using Claude Code beginning July 10 and instead use the company's internal coding assistant, Qoder. The decision followed reports about the tracking mechanism and comes amid growing tensions over Anthropic's claims that Chinese firms are using distillation techniques to accelerate development of competing AI models.

State lawmakers also continued efforts to establish guardrails for advanced AI systems. Illinois Gov. J.B. Pritzker signed Senate Bill 315, creating new transparency, auditing, and incident-reporting requirements for advanced AI developers. The law requires covered companies to publish safety frameworks, evaluate catastrophic risks, disclose serious incidents within 24 hours, and undergo third-party audits. Violations can result in fines of up to $3 million per infraction. The legislation follows similar efforts in California and New York and reflects growing state-level interest in AI regulation as federal lawmakers continue to debate broader oversight proposals.

Regulatory scrutiny of AI also intensified in the financial sector. A review commissioned by Britain's Financial Conduct Authority warned that growing consumer reliance on large language models for financial advice could create new risks because tools such as ChatGPT, Claude, and Gemini operate outside traditional financial regulations. The report also highlighted concerns about the concentration of AI services among a small number of technology providers and urged regulators to consider whether existing frameworks are sufficient for increasingly autonomous AI systems. (Raphael Satter / Reuters, Ina Fried, Madison Mills / Axios, Kai Nicol-Schwarz / CNBC, Kate Clark, Berber Jin and Angel Au-Yeung / Wall Street Journal, Ashley Belanger / Ars Technica, Adam Harrington, Chris Tye, Natalie McMillan, Jenna Schweikert / CBS News, Kamina Bashir / BeInCrypto,  Phoebe Seers / Reuters, Fanny Potkin / Reuters)

Related: Anthropic, Anthropic, The Rundown AI, The Indian ExpressVentureBeatImplicator.aiAxiosGizmodoAnthropic on YouTube, RuntimeWire, Hacker Newsr/ClaudeAIr/LocalLLaMAr/singularity, Nikkei, The State of Illinois NewsroomGizmodoWashington Examiner, The HillChicago Sun TimesThe Deep ViewThe VergeBloomberg Lawillinoissenatedemocrats.com, ABC7, Technology.org, FirstPost, Benzinga, The Reallo, Hacker News, Gigazine, Databreach Today, The Information, Times of IndiaBloomberg, Quartz, Financial Times

In its annual report, Canada's Communications Security Establishment Canada (CSE) said it conducted a handful of state-authorized hacks last year in order to disrupt the operations of drug traffickers, violent extremists, and a ransomware gang.

The disclosures underscore some of the main national security threats that face Canada and its closest allies, ranging from the import of illegal drugs to cyberattacks. The spy agency, CSE, is tasked with collecting foreign intelligence, defending government systems, and disrupting online adversaries.

The report says the CSE last year carried out three foreign “active cyber operations” — the term the agency uses to describe its cyberattacks on overseas operations that threaten Canadian national security and public safety.

One of the operations, per the report, targeted cybercriminals outside of Canada who were brokering the sale of chemicals used to create the synthetic opioid fentanyl. The CSE collected intelligence on the brokers, then conducted an operation that “disrupted and diminished their ability to operate,” the report said.

Another active operation involved the collection of signals intelligence — data produced from electronics and internet-connected devices — on an overseas extremist group that was spreading violent ideology and recruiting members, including in Canada.

The report said the agency analyzed the group’s organization, reach, and potential vulnerabilities to conduct an operation that “successfully undermined the group’s credibility and limited their ability to radicalize and recruit new members.”

Another operation involved disrupting a ransomware-as-a-service operation that let hackers rent access to a ransomware gang’s infrastructure to launch destructive extortion attacks. The CSE said its signals intelligence unit identified how the gang worked against the healthcare, transportation, and business sectors in Canada, then used an active cyber operation that “rendered the group’s infrastructure inoperable.” The operation also deleted much of the data on the gang’s servers.

The agency said it undertook concurrent “technical disruptions” against 10 of the most significant ransomware gangs targeting Canada to “make parts of their infrastructure unusable.” (Zack Whittaker / TechCrunch)

Related: Government of Canada, The Record, Heise Online, SC Media

Major US cloud providers are urging Washington to push back against South Korea’s planned overhaul of the security approval system for cloud providers serving its government agencies, arguing that the changes could unfairly shut them out of the market and violate the South Korea-US Fair Trade Act.

The dispute threatens to broaden an already escalating conflict over South Korea’s digital regulations targeting US technology companies following the July 1 release of a US House Judiciary Committee report which accused the country of “discriminatory attacks” against Korean online retail giant Coupang, which is incorporated in the US. The report states that the South Korean government has unfairly treated the e-commerce giant following its user data breach in November of last year.

Big Tech companies recently met with Michael G. DeSombre, assistant secretary of state for East Asian and Pacific Affairs, and David Wilezol, deputy assistant secretary for Japan, Korea and Mongolia, at the US Department of State's Bureau of East Asian and Pacific Affairs to discuss South Korea's planned overhaul of public cloud security regulations, according to sources in Washington's diplomatic and technology circles.

The Science Ministry and the NIS announced on April 20 a plan to overhaul the Cloud Security Assurance Program (CSAP) for the public sector by consolidating certification procedures and authority under the NIS.

Under the revised framework, the existing CSAP system will become a private sector certification while the NIS will hold final authority over public sector access. (Korea JoongAng Daily)

Japanese telco KDDI said it has confirmed the email addresses of about 12.23 million users and the passwords for some 7.61 million users were subject to unauthorized access in a breach of its email system for internet service providers.

According to a report on the cyberattack submitted to the communications ministry, the telecommunications operator said it has not confirmed any secondary damage stemming from the data breach. Affected users are expected to complete password changes and take other necessary measures within the next several days.

The company said last month that up to 14.22 million sets of email addresses and passwords may have been compromised.

KDDI confirmed the cyberattack on June 17. It said the cyberattack exploited vulnerabilities in third-party software used in the email system.

The company has implemented protective measures such as ramping up the detection of fraudulent access attempts to its servers. It plans to use artificial intelligence to analyze software design specifications and programs to identify potential issues comprehensively. (The Japan Times)

Related: Nippon.com

US District Court Judge David Lawson refused to dismiss several charges in the computer hacking indictment against former University of Michigan football co-offensive coordinator Matt Weiss, less than one week after throwing out digital evidence seized by investigators.

The judge preserves a high-profile criminal case set for trial Sept. 22 in federal court in Detroit that has further tarnished the scandal-plagued UM athletics department. The case is being closely watched by dozens of current and former college students who said their private information was hacked by Weiss, who is facing numerous lawsuits across the country.

Weiss had asked the judge to dismiss several counts of the indictment, saying some were duplicitous or charged the same crime in several different counts or that the alleged crimes did not happen in the eastern half of Michigan. (Robert Snell / The Detroit News)

Related: Detroit Free Press

BonkDAO was the target of a malicious governance proposal resulting in an estimated $20M worth of BONK tokens being drained from the BonkDAO treasury, according to BONK Inu's X page.

An attacker pushed through a suspicious governance proposal that allowed the treasury to be drained. The stolen BONK has started moving toward exchanges, which has put downward pressure on the BONK price.

The token is down over 9%, according to The Block’s price page.

In response to the attack, South Korean exchange Upbit posted a message alerting users that deposits and withdrawals for BONK have been "temporarily suspended." (Daniel Kuhn / The Block)

Related: The Record, Decrypt, Yahoo FinanceBitcoin NewsThe Crypto Times, Cointelegraph

Web3 security firm Coinspect disclosed the Ill Bloom vulnerability, a crypto wallet flaw that created weak recovery phrases on multiple blockchains.

Attackers exploited the weakness on May 27, draining 431 wallets for about $3.1 million.

Coinspect traced the flaw to an insecure pseudorandom number generator used during wallet creation. The weakness spans multiple chains, including Bitcoin (BTC), Ethereum (ETH), and Solana (SOL).

According to Coinspect, the faulty generator produced recovery phrases with far less cryptographic strength than intended. As a result, attackers can regenerate the whole range of possible phrases and sweep any funded address.

The researchers reproduced the attack end-to-end. They derived every address the weak phrases could produce and matched them against funded wallets on public blockchains. Affected addresses date back to 2018, and most trace to lesser-known mobile crypto wallets.

Users are asked to review their historical wallet addresses. Hardware wallet users remain unaffected. (Phil Haunhorst / BeInCrypto)

Related: Tech Times, Cointelegraph, Cryptobriefing, Crypto News

Non-custodial multichain cryptocurrency wallet Ctrl Wallet will shut down its services, weeks after a security exploit, and told users to withdraw their assets within the next month.

Ctrl Wallet reported a security issue on June 23 affecting some Cardano wallets on the platform and said it entered a temporary "maintenance mode" to protect user assets until its engineering team restores full functionality.

The wallet's operators announced that starting Aug. 3, 2026, sending, receiving, swapping funds and all other actions within the app will be unavailable, except for exporting users' recovery phrases.

The app will be removed from both app and browser extension stores, while downloads will be halted immediately, Ctrl Wallet said in a blog post.

Ahead of the Aug. 3 deadline, users can transfer their assets from Ctrl Wallet to another exchange or crypto wallet. After that, users will only be able to import their recovery phrase into another compatible wallet provider. Ctrl Wallet “strongly” recommended that users export their assets before Aug. 3. (Zoltan Vardai / Cointelegraph)

County offices in Pennington County, SD, were shut down in the face of a cyber incident.

The Pennington County Sheriff’s Office says investigators are taking their time and being thorough to protect people’s personal information.

“That’s our highest priority. Keeping public safety services up and running obviously has been a big priority for us over the weekend, and also keeping people’s private information protected.” Pennington County Sheriff Brian Mueller said.

The shutdown on some services is impacting the entire county, which is home to over 115,000 people.

Individuals were voicing their frustrations and the inconvenience that this data breach and security network issues have caused them in getting the things done they needed to get done. (Samantha Armstrong, Tyler Louder / Keloland)

Related: KOTA, KBHB, NewsCenter1, Rapid City Journal

Researchers at Check Point discovered a new cyber threat group linked to the Iranian government they call Cavern Manticore that has been targeting Israeli government and IT organizations since early 2026.

The group shares technical overlaps with MuddyWater and Lyceum, two threat groups with attributed links to Iran’s Ministry of Intelligence and Security (MOIS).

Check Point researchers also observed the group deploying a previously undocumented modular command-and-control (C2) infrastructure.

“The adversary’s ability to gain access to organizations in the defense and government sectors during the US military campaign ‘Operation Epic Fury’ demonstrates both a high operational tempo and a disciplined approach to target selection,” the researchers wrote. (Kevin Poireault / Infosecurity Magazine)

Related: Check Point, The Jerusalem Post, SC Media, Cyber Press, Voice of Emirates, Cyber Security News

Source: Check Point.

Data on more than 2.3 million people associated with Moody Bible Institute (MBI) has been exposed online after ShinyHunters targeted the Christian college.

MBI first disclosed the attack in June, and the extortion crew later leaked the stolen data. Have I Been Pwned has since added the cache to its breach notification database, putting a figure on the number of exposed accounts.

MBI is one of many victims of ShinyHunters' pay-or-leak attacks in 2026, and while the organization has not explicitly commented on whether it negotiated with the criminals, the leak suggests that the group's extortion demands were not met.

Broadly consistent with ShinyHunters' claims, the MBI data made available for download on June 23 includes names, genders, dates of birth, physical and email addresses, phone numbers, and marital statuses. (Connor Jones / The Register)

Related: HaveIBeenPwned, SC Media, Cyber Security News, Cyber Press

Medical equipment company AdaptHealth said in an SEC filing that it is investigating a cybersecurity incident in which a "threat actor" gained unauthorized access to some ​company systems and stole data, including patient information and passwords ‌tied to insurance billing.

The company said it determined on June 27 the incident was material because of the nature and potential volume of data ​at risk, though it has not affected its operations ​or ability to service patients.

The attacker ⁠accessed certain cloud-based business applications, including internal patient management systems ​and document storage platforms, the company said in a regulatory filing.

AdaptHealth ​said it received a communication from the "threat actor" on June 15, claiming to have obtained data from its systems, and later confirmed that certain data ​had been exfiltrated.

The affected data includes passwords associated with insurance ​billing, as well as certain personally identifiable information and protected health information of ‌patients. ⁠The company said it does not collect Social Security numbers in the affected systems and does not store individual financial account or payment card information there.

The incident stemmed from a successful social ​engineering attack that ​compromised a user ⁠session linked to a third-party contractor, AdaptHealth said. (Puyaan Singh / Reuters)

Related: SEC, HIPAA Journal, The Register, Databreach Today

The justices denied requests by the challengers to lift a lower court's decision that had allowed the law to take effect while litigation continues over whether it violates the US Constitution's First Amendment, which protects against government abridgment of free ​speech. (Andrew Chung / Reuters)

Related: Courthouse News Service, CNNPoliticoWall Street JournalWashington ExaminerNPRCCIAMS NOWNewserBloomberg LawAssociated PressAl JazeeraWashington PostNew York TimesSCOTUSblog, USA Today

Researchers at Palo Alto Networks' Unit 42 report that threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks.

The campaign combines phishing emails, Microsoft Teams voice calls, legitimate remote management tools, and a Node.js-based malware loader to compromise victims' computers.

This latest campaign follows a growing number of attacks abusing Microsoft Teams to breach corporate networks. (Lawrence Abrams / Bleeping Computer)

Related: GitHub

Researchers at Kaspersky report that a previously unknown advanced persistent threat (APT) group is targeting government agencies and critical infrastructure organizations in multiple countries with an extensive, sophisticated malware toolkit designed to steal credentials, sensitive documents, and other high-value data.

The campaign, which Kaspersky tracks as "Armored Likho," has so far claimed victims in Russia, Brazil, and Kazakhstan. The attacks have included both financially motivated campaigns targeted at individuals and cyber-espionage operations against organizations in those countries.

Kaspersky observed the group launching attacks through spear-phishing emails masquerading as official government communications or social assistance communications and documents. Kaspersky found the emails to contain archive files with either malicious executables or Windows shortcut files disguised as documents such as psychological tests, humanitarian aid applications, or debt clearance certificates. (Jai Vijayan / Dark Reading)

Related: Securelist, Security Affairs

Will Thomas, senior advisor at Team Cymru, reports that a phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals.

The operation is abusing the legitimate cloud-based PeopleForce human resources platform and a domain associated with the Salesforce Marketing Cloud service before redirecting the recipient to a malicious landing page.

To further instill trust and increase the chances of success, the threat actor is using the names and pictures of real recruiters at impersonated companies.

Thomas analyzed the campaign and discovered that the phishing email pretends to be from “a recruiter looking to hire people for marketing roles.”

BleepingComputer has found that the operation has been running for at least five months and initially used Outlook email addresses with the name of the impersonated company.

One phishing email, posing as a message from Adidas recruiter Paulina Manzo, asked the recipient to schedule a conversation about a potential role at the company. (Ionut Ilascu / Bleeping Computer)

Related: GitHub Gist

Phishing email trying to steal Gmail password. Source: Sergiu George.

Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel.

ColdFusion is a commercial web app development platform designed to help build and deploy enterprise-grade websites. The CVE-2026-48282 security flaw affects ColdFusion versions 2025.9, 2023.20, and earlier, and can be exploited by attackers without privileges to gain remote code execution on unpatched systems.

Internet security watchdog Shadowserver now tracks nearly 800 Adobe ColdFusion instances exposed online, but there is no information on how many are honeypots or have been secured against attacks targeting the CVE-2026-48282 flaw.

Adobe released security updates to address the vulnerability, saying that it posed a high risk of exploitation and urging admins to deploy patches immediately. (Sergiu Gatlan / Bleeping Computer)

Related: Government of Canada, Security Affairs

Adobe ColdFusion instances exposed online. Source: ShadowServer.

BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication.

The first vulnerability, tracked as CVE-2026-40138, affects the company's RS remote desktop and assistance platform (versions 25.3.2 or earlier) and the PRA enterprise cybersecurity solution (versions 25.3.2 or earlier). This vulnerability stems from an improper authentication weakness in the authentication subsystem, and successful exploitation enables attackers without privileges to bypass access controls and access targeted appliances, including accounts with elevated privileges.

The second one (CVE-2026-40139) patched this week stems from improper processing of BeyondTrust RS authentication requests, enabling unauthenticated remote attackers to gain unauthorized access to vulnerable instances.

In both cases, BeyondTrust noted that exploitation also requires a specific authentication configuration to be enabled, but it didn't share further details.

BeyondTrust has also released security updates for two high-severity security issues (CVE-2026-40140 and CVE-2026-40141) that can be exploited to trigger denial-of-service or access restricted resources on unpatched RS and PRA instances. (Sergiu Gatlan / Bleeping Computer)

Related: Beyond Trust, Cyber Security News, GBHackers


AI is not a cybersecurity strategy.

Organizations with strong security programs will use AI to move faster. Organizations with weak security programs will use AI to create bigger, faster failures.

That's why I wrote The NIST 2.0 Cybersecurity Framework: Practical Risk Management Using Real-World Incidents. The book moves beyond compliance checklists and theory to show how real organizations succeed—or fail—when security fundamentals break down.

If you're trying to build a resilient security program in the age of AI, this book provides a practical roadmap grounded in actual incidents and operational experience.


Independent security researcher Ronald Lovelace discovered that multiple US Army internet subdomains were defaced in a 404 hijacking campaign with messages denigrating Donald Trump and US Ambassador to Türkiye Tom Barrack, called to “FREE KURDISTAN,”  with another line reading “Kurdish sr was here.”

One of the websites, oil.army.mil, belongs to the Army’s Open Innovation Lab, a test bed for software and cyber capabilities established in 2020. The other belongs to the Artificial Intelligence Integration Center, established in 2019 to integrate AI technologies into the Army and train personnel on emerging technologies.

Lovelace said the affected sites run on WordPress and Microsoft cloud infrastructure. It’s not clear how long the subdomains have been compromised or whether other subdomains are affected. 

“It raises the severity a decent amount because it shows it’s a bit deeper than just one single path” that’s being corrupted, Lovelace said. (Derek B. Johnson / CyberScoop)

Related: SC Media

Screenshot of 404 error pages for oil.army.mil, defaced with pro-Kurdistan comments and insults to President Donald Trump and White House advisor Tom Barrack. Source: US Army website via CyberScoop.

The Department of Homeland Security inspector general is investigating whether DHS ran afoul of laws and regulations when it forced senior staff to accept new roles – in some cases to support the Trump administration’s immigration crackdown – under former Homeland Security Secretary Kristi Noem.

In a July 1 notice, DHS Inspector General Joseph Cuffari announced his office was initiating a review of DHS senior executive service reassignments that occurred between Jan. 25, 2025, and March 24, 2026. That aligns with Noem’s time as homeland security secretary, before current Secretary Markwayne Mullin replaced her.

The review is aimed at determining “whether such reassignments were conducted in accordance with federal laws, regulations, and policies,” Cuffari wrote. In the notice, he tells DHS Chief Human Capital Officer Roland Edwards that IG staff will begin initial fieldwork this month.

The review comes after DHS sent “management directed reassignments” (MDRs) to hundreds of employees last year and in early 2026. In some cases, staff received short-notice reassignments hundreds of miles from their existing duty station, to fill jobs that were outside their area of expertise.

Democrat lawmakers have raised concerns about DHS diverting hundreds of cybersecurity and disaster response staff to support the Trump administration’s immigration enforcement agenda. (Justin Doubleday / Federal News Network)

Related: Office of the Inspector General

Best Thing of the Day: Finally, RSS Is Coming Back Around

If you're sick of algorithms, EFF recommends the ancient (in internet terms) technology of RSS to keep track of what's going on.

Bonus Best Thing of the Day: Oh Please Wish This Into Existence

Meta says that four states are seeking $1.4 ​trillion in penalties over accusations the company designed its Facebook and Instagram platforms to addict young users and misled the ‌public about their safety.

Worst Thing of the Day: I Shudder to Think How Frequent This Kind of Thing Is

Lamar Roman, a Florida cop, tracked and chased a woman he met and harassed on the set of the AppleTV+ show Bad Monkey by illegally looking up her vehicle information on DAVID, a Florida Department of Motor Vehicles database for law enforcement.

Closing Thought

Read more