Anthropic restores Fable 5 and Mythos 5, launches Sonnet 5

China's Mythos rival fuels AI arms race. Taiwan probes claimed PChome hack, Alberta voter leak sparks lawsuit, Hackers breach DHS sharing network, Apple privacy feature exposes emails, Adobe fixes critical ColdFusion bugs, Crypto thieves stole $76m in June, much more

Share
Anthropic restores Fable 5 and Mythos 5, launches Sonnet 5
Anthropic says Fable 5 uses a larger cybersecurity "safety margin" that blocks more borderline requests to reduce the risk of harmful instructions reaching the model. Source: Anthropic.

Metacurity is the cybersecurity industry's daily reality check—independent, agenda-free coverage that cuts through vendor hype, social media noise, and recycled talking points to explain what matters and why.

Trusted by thousands of cybersecurity professionals, including many of the industry's most influential security leaders, Metacurity delivers the context, analysis, and perspective that busy readers don't have time to assemble themselves.

If you find value in that work, please consider becoming a paid subscriber. Metacurity remains independent because its readers choose to support it.

Anthropic packed several significant announcements into a single day, underscoring both the rapid pace of frontier model development and the increasingly close relationship between AI companies and governments.

The biggest development was the restoration of access to Fable 5 and Mythos 5 after the Trump administration lifted export controls that had sidelined the models since June 12. According to Politico, the reversal followed negotiations between Anthropic and the White House over security concerns that prompted the original restrictions. Anthropic said it would begin redeploying both models immediately after receiving notice from the Commerce Department that the controls had been lifted.

In a separate announcement, Anthropic detailed the safeguards it implemented as part of the redeployment. The company said it had improved its ability to detect and block jailbreak attempts, expanded monitoring efforts, and agreed to work more closely with the government on model evaluations, information sharing, and security standards. Anthropic acknowledged that preventing jailbreaks entirely is unlikely but said the new controls significantly reduce the risk of misuse.

Anthropic emphasized that one particularly important safety mechanism involves classifiers—smaller automated AI systems that, during an interaction, detect when the model is asked to perform a potentially harmful cybersecurity task (or produces potentially harmful outputs). When this occurs, the classifiers block the model from responding to requests. The ultimate goal of these classifiers is to prevent the model from engaging in uniquely dangerous behaviors.

To reduce mistakes, Anthropic deliberately set the safety classifiers to trigger on a set of requests that we know are likely benign. This “safety margin” approach means that a request has to look very clearly safe to avoid triggering the classifiers. Users experience the safety margin as a model refusing to respond to some reasonable, non-harmful requests.

Anthropic also launched Claude Sonnet 5, which it describes as its most agentic Sonnet model yet. The company is positioning the model as a workhorse for coding, research, and professional tasks, while Axios reported that Anthropic sees it as part of a broader push toward AI agents capable of carrying out increasingly complex assignments on behalf of users.

For cybersecurity teams, the announcements are notable because they affect both access to advanced AI capabilities and the tools available for day-to-day work. Mythos 5 has been described as one of Anthropic's strongest cybersecurity-focused models, while Sonnet 5 is aimed at the broader category of agentic workflows that many security teams are beginning to incorporate into research, coding, and operational tasks. (Sophia Cai, Cheyenne Haslett, Brendan Bordelon and John Hewitt Jones / Politico, Anthropic, Anthropic, Madison Mills / Axios)

Related: AxiosWall Street Journal,  WiredTestingCatalog AI NewsReutersThe InformationCNBCRuntimeWire, The Economic Times, SourcesThe Next WebThe DecoderAI NewsMashableNeowinAl JazeeraThe New Stackcrypto.newsRuntimeWireForbes, InfoRiskToday.com, Hacker Newsr/ClaudeCoder/singularityr/Anthropicr/ClaudeAILobsters, Slashdot, ReutersThe Hacker News, CNNWinCentral, UPI, Help Net Security, AxiosClaudeVentureBeatWinBuzzerAndroid AuthorityThe NeuronDigitTechCrunchImplicator.aiMacRumorsHealthcareInfoSecurity.com,  ZDNETSiliconANGLELatent.SpaceBleepingComputerSimon Willison's Weblog, The Deep View, TestingCatalog AI News, Hacker Newsr/clauder/singularityr/ClaudeAI, MacRumors Forums, 9to5 Mac, ClaudeDigitThe Mac ObserverMarkTechPost, iClarified, The Guardian, Financial Times, The Verge, Bleeping Computer

Source: @k8em0.bsky.social

Last week, billionaire founder of China's Qihoo 360 Zhou Hongyi said his engineers had developed an AI that can rival Anthropic’s Mythos model at finding and exploiting software vulnerabilities, tools he likened to “cyber nuclear weapons.”

In positioning Tulongfeng as a Mythos rival, 360 is fuelling an AI arms race between the US and China, one with major national security stakes. Unlike Anthropic, 360 has long had a good working relationship with the Chinese military.

Dakota Cary, a Georgetown University expert in Chinese espionage, tells Forbes the most concerning link between 360 and the Chinese state is its role in the National Information Security Vulnerability Database, which is run by Beijing’s national security service, the MSS. In previous research, Cary, who advises cybersecurity company SentinelOne on Chinese hacking, found that 360 was providing at least 35 vulnerabilities a year to the MSS via that database. That was a concern because other research has indicated the Chinese government has, at times, delayed public disclosure of vulnerabilities submitted to the program so they could later be used in clandestine cyberattacks.

Cary says that 360’s development of an LLM will likely increase the number of flaws it can uncover and pass to the regime. “It underlines just how fast the front lines of cyber operations are changing,” he says. “Any security service that can get their hands on these tools has to use them as quickly as possible.” (Thomas Brewster / Forbes)

Taiwan's Ministry of Digital Affairs’ Administration for Digital Industries said it will inspect systems after hackers claimed they had stolen data from Pi Mobile Technology, a subsidiary of PChome Online.

The agency said it is handling the case under the Personal Data Protection Act and will investigate whether any personal data was leaked, per CNA. It added that it will impose penalties if violations are found.

Hacker group Settra recently claimed it had breached PChome’s systems and obtained internal documents and user data. PChome said its preliminary review found no intrusion in its main website or core systems.

Pi Mobile said it has activated its cybersecurity incident response mechanism, hired a third-party forensic firm, and reported the case to regulators. It added that users would be notified once the scope of any potential data exposure is confirmed. (Michael Nakhiengchanh / Taiwan News)

Related: Moda.gov.tw, Tech News

Clint Docken, a retired Alberta lawyer, has launched a proposed class-action lawsuit alleging one of the largest privacy breaches in the province's history exposed the personal information of about 2.9 million voters.

His statement of claim, filed in the Court of King's Bench in Edmonton, alleges Alberta's list of electors was unlawfully accessed and distributed for purposes not authorized under the province's Elections Act. 

The lawsuit names Alberta's justice and solicitor general, chief electoral officer, Centurion Project Ltd., the Republican Party of Alberta, David Parker and unidentified defendants.

The document says the breach has exposed millions of Albertans to loss of privacy, misuse of personal information, identity-related risks, profiling, targeting, harassment, and significant distress from the loss of control over their personal information. (Jesmeen Gill / CBC News)

Related: The Globe and Mail, Edmonton Journal, The Canadian Press, CTV News, CP24, r/Alberta

A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter.

DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on the condition of anonymity because the incident is sensitive. The hackers’ affiliation and whether any documentation was pilfered from the system are both unclear.

The department’s Office of Intelligence and Analysis has conducted a damage assessment of the intrusion, which is believed to have occurred sometime between late May and early June, said one of the people. The hackers targeted HSIN servers and a SharePoint system used for collaboration efforts, the person added.

Approved users lean on the network to securely access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents and share mission-critical information needed to protect their communities, according to its website. HSIN carries unclassified but sensitive information shared among federal, state, local, territorial, tribal, international and private-sector partners. (David DiMolfetta / NextGov/FCW)

A vulnerability in Apple’s “Hide My Email” tool lets almost anyone discover a person’s real email address that is supposed to be hidden by the feature, and Apple has failed to fix it for more than a year, according to a security researcher and 404 Media’s own tests.

Hide My Email is part of Apple’s paid iCloud+ product. It lets users generate an anonymous email address which they can then use to sign up to services or email people with instead of their personal email. These email addresses are often two random words and a number ending in the @icloud.com domain.

404 Media is not revealing the exact details of the vulnerability because it can still be exploited as of Monday, when 404 Media verified the issue with one of our own hidden email addresses.

”Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” Tyler Murphy, the co-founder of EasyOptOuts, which discovered and reported the issue to Apple, told 404 Media. (Joseph Cox / 404 Media)

Related: r/apple

Adobe released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform.

All these vulnerabilities can be exploited in low-complexity attacks that don't require user interaction and were tagged with priority 1, indicating a high risk of being targeted.

"This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours)," Adobe says. (Sergiu Gatlan / Bleeping Computer)

Related: Adobe, Cyber Press, GBHackers

Crypto platforms lost roughly $75.87 million to 40 hacks in June 2026, according to security firm PeckShield.

The monthly total reinforces a familiar pattern for the sector, where bridges, smart contracts, and compromised keys remain the most common failure points.

According to PeckShield, June’s figure marks a 7.13% decline from May’s $81.7 million. The Humanity Protocol breach headlined June with over $30 million in losses. Attackers compromised private keys that had been backed up to a malware-infected developer machine. (Kamina Bashir / BeInCrypto)

Related: The Cryptonomist, Blockonomi

A new report from cybersecurity firm Omega Systems looking at the healthcare industry reveals that the vast majority of medical practices (85%) experienced “at least one operational disruption” linked to a third-party vendor, in most cases one seen as critical to operations.

All the same, 70% of leaders told Omega Systems that they are “confident in their vendors’ cybersecurity posture,” though most (63%) admitted they do not monitor their digital supply chains, meaning they are not keeping tabs on data security policies related to critical services such as the electronic health record.

It isn’t until something goes wrong that they pay attention, the cybersecurity group added. This visibility gap is even more concerning when you consider that 61% of provider groups who responded to a survey said they are expecting a “fatal cyberattack” to occur in the next five years that will cripple patient care operations.

Omega Systems said this trend points to a passive cybersecurity posture at healthcare organizations, where 62% are still treating issues related to data security compliance as a “technical line item rather than a patient-safety priority.”

“Fifty-two percent of practices have no managed security service provider (MSSP), and 39% manage cybersecurity entirely in-house,” the firm wrote in its analysis. “Thirty-five percent say this leaves their teams understaffed, and 23% describe their technology as antiquated.”

This is despite positive responses from practices that do partner with an outside MSSP. Of them, 42% have access to managed threat detection and 35% have deployed advanced firewalls. (Chad Van Alstin / HealthExec)

Related: Omega Systems, Omega Systems, Security Magazine

The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector.

The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program is meant to replace the function of the Critical Infrastructure Partnership Advisory Council.

CIPAC was a federal advisory body that allowed agencies like the FBI, the Cybersecurity and Infrastructure Security Agency, and the intelligence community to interact with key owners and operators of water, power, internet, and telecommunications to coordinate on cyberattacks and digital vulnerabilities.

ANCHOR will fulfill a similar role.

“ANCHOR-CI will provide forums through which cybersecurity, law enforcement, intelligence, national security, and other government representatives at the federal, state, local, tribal, and territorial levels may engage representatives of private sector entities and critical infrastructure owners and operators in reviewing the current threat environment, discussing potential vulnerabilities, and forming recommendations on securing a more resilient critical infrastructure and cyberspace,” DHS wrote in a federal register notice. (Derek B. Johnson / CyberScoop)

Related: Federal Register

CIA Director John Ratcliffe vowed to step up the agency’s efforts to deploy artificial intelligence and quantum computing, stressing that rapid developments in emerging technologies are changing the nature of geopolitics.

In rare public remarks on Tuesday, Ratcliffe promised to make organizational changes at the Central Intelligence Agency to increase its embrace of cutting-edge technology. He warned that the US must move quickly because the country’s rivals are also pursuing AI, likening its capabilities to “digital nuclear weapons” that are “rewriting the reality of conflict.”

“Worldwide advancement of AI tools will only continue to raise the stakes in our competition with all of America’s adversaries,” Ratcliffe said at a tech conference in Washington hosted by Amazon.com Inc.’s Web Services unit, which was the first major AI developer to strike a deal to provide the CIA with secure cloud computing. (Maggie Eastland / Bloomberg)

Related: NextGov/FCW


AI is not a cybersecurity strategy.

Organizations with strong security programs will use AI to move faster. Organizations with weak security programs will use AI to create bigger, faster failures.

That's why I wrote The NIST 2.0 Cybersecurity Framework: Practical Risk Management Using Real-World Incidents. The book moves beyond compliance checklists and theory to show how real organizations succeed—or fail—when security fundamentals break down.

If you're trying to build a resilient security program in the age of AI, this book provides a practical roadmap grounded in actual incidents and operational experience.

Wiley is offering Metacurity readers a 20% discount with code ENG20. Order your copy today, and contact me about bulk orders or customized editions for your organization.


With the background of a cyberattack earlier this month on the Central Bank of Libya and the alleged leaking on the dark web of some CBL data, the country's Internal Security Agency issued a statement warning against downloading leaked files attributed to the CBL because they contain malware.

The statement indicated that a technical examination and analysis of the leaked files, published on the dark web, revealed that several of them contain malware and hacking tools designed to target new victims and grant attackers unauthorized access to systems.

The Internal Security Agency cautioned all sovereign and governmental bodies, banks, and companies against downloading or opening any files from untrusted sources. It urged employees who have downloaded these files to immediately contact their respective cybersecurity teams.

The statement emphasized that some of this malware operates covertly to steal and encrypt data, and that sharing these documents for defamation purposes on social media platforms will subject the user to legal accountability. (Sami Zaptia / Libya Herald)

Related: The Libya Observer, Libya Update, The Libya Observer

The recent cyberattack on state-owned Latvijas valsts meži (LVM), or Latvia's State Forests, in which a hacker managed to breach the company’s IT systems and gain control over data, demonstrates that Latvia’s strategic infrastructure remains relatively vulnerable to such attacks, Minister for Smart Administration and Regional Development Edgars Tavars said.

The minister called on all government institutions to identify cybersecurity vulnerabilities within their own systems and learn from the incident. At the same time, Tavars expressed confidence that Latvia’s IT specialists are sufficiently skilled to prevent similar incidents in the future, provided they continue to carry out their work responsibly.

Tavars also reiterated that the electronic voter register, which is crucial for the upcoming parliamentary elections and had been developed by LVM, was transferred to the state before the cyberattack occurred and has not been compromised.

“At this point, there is certainly no reason to sound the alarm over the elections,” the minister said.

He also indicated that the government’s enhanced scrutiny of major IT procurement projects could remain in place even after the expiration of Prime Minister Andris Kulbergs’ current moratorium on large-scale IT procurements. (Baltic News Network)

Related: Inbox.eu

Belgian cybersecurity unicorn Aikido Security is acquiring Israeli cybersecurity company Root, which developed an AI platform for securing open-source components, for an estimated $70 million to $100 million.

Following the acquisition, Aikido will open a development center in Israel that will absorb all of Root’s employees and is expected to expand its local workforce further. (Meir Orbach / CTech)

Related: Help Net Security. SiliconANGLE

Most Bittersweet Thing of the Day: Take a Bow, Vint

Vinton Cerf will step down from his role as Google’s chief internet evangelist next week, marking the conclusion of one of the most influential careers in technology history.

Worst Thing of the Day: Say Goodbye to the Once Vaunted US Intel Community

Donald Trump’s budget chief, Russell Vought, director of the White House Office of Management and Budget (OMB) and head of the execrable Project 2025, has directly taken over managing the classified spending plans of major UD intelligence agencies, just as the administration works to shrink the spy community’s top office further.

Bonus Worst Thing of the Day: Again, Say Goodbye to the Once Vaunted US Intel Community

The Trump administration is demanding that American intelligence officials turn over the names of all foreign espionage targets, including suspected spies and potential recruits, to create a master list that some officials fear will be misused or compromise operations, according to people familiar with the matter.

Extra Bonus Worst Thing of the Day: Some People Never Learn Lessons

Trump officials have kept using Signal, even after the president suggested they stop in the wake of the disastrous Signalgate, possibly in violation of federal records-keeping laws.

Closing Thought

Read more