Anthropic watch: Dispute widens as customers, allies and investors react

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

Each day, Metacurity is read by thousands of cyber leaders, including some of the industry's top CISOs, security architects, practitioners, vendors, analysts, and journalists.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

Anthropic remained in negotiations with the Trump administration on Wednesday as a week-long standoff over the company's most advanced artificial intelligence models expanded into a broader debate about AI security, export controls and the risks of relying on US technology providers.

The dispute began Friday when White House officials instructed Anthropic to disable access to its recently released Fable 5 and Mythos 5 models, citing national security concerns. According to The New York Times, company executives were given less than 90 minutes to comply.

Nearly a week later, the company's roughly 3,000 employees reportedly still do not have a clear understanding of what prompted the action. Internal messages reviewed by the Times showed workers receiving shifting explanations, including concerns about foreign access to the models and allegations that serious vulnerabilities had been discovered in the systems.

The uncertainty has left Anthropic employees questioning whether the administration is singling out the company. According to the report, some workers privately expressed concern that the standoff could affect Anthropic's plans to go public eventually.

Anthropic said this week that it would continue working with government officials and reaffirmed its commitment to cooperating with the administration. President Donald Trump, speaking at the G7 summit in France, described discussions with the company as "going fine," though no resolution has been announced.

At the center of the dispute are Fable 5 and Mythos 5, Anthropic's newest AI systems for cybersecurity applications. Anthropic previously described Mythos as powerful enough to trigger a cybersecurity "reckoning" because of its ability to identify software vulnerabilities and assist security researchers. The company initially restricted access to Mythos while releasing Fable 5, a more tightly controlled version equipped with additional safeguards.

The controversy appears to have intensified after Amazon researchers identified techniques for persuading Fable 5 to reveal details about vulnerable software code. According to the Times, Amazon shared its findings with Anthropic and later discussed the research with administration officials during previously scheduled meetings.

Government officials who reviewed the research reportedly viewed the results as alarming. At the same time, security researchers and industry observers have questioned whether the capabilities described by Amazon differ meaningfully from those available in competing frontier AI systems.

The administration's concerns appear to extend beyond Amazon's findings. One government official told the Times that the issues involve broader national security questions, including concerns about some of the organizations with which Anthropic works, though those concerns reportedly were not clearly communicated to the company.

The fallout is already affecting major corporate users. According to the Financial Times, JPMorgan Chase has restricted employees in Hong Kong from using Anthropic's models, following a similar move by Goldman Sachs. The banks' decisions suggest that uncertainty surrounding US restrictions on advanced AI systems is beginning to influence enterprise AI deployment policies in markets subject to heightened geopolitical scrutiny.

WIRED reported that federal officials also want Anthropic to address jailbreak techniques capable of bypassing model safeguards before access is restored. Security researchers interviewed by the publication warned that completely eliminating jailbreaks may be technically impossible for current frontier AI systems.

The administration has also reportedly scrutinized Anthropic's relationships with certain customers and partners. According to WIRED, Anthropic was ordered to revoke access to Mythos for South Korean telecommunications giant SK Telecom before broader restrictions were imposed on foreign users. Officials reportedly raised concerns about the company's connections to China, though details remain unclear.

At the G7 summit this week, political leaders and technology executives raised concerns that abrupt restrictions on access to advanced AI systems could undermine confidence in US technology providers. Anthropic Chief Executive Dario Amodei, OpenAI Chief Executive Sam Altman and Google DeepMind Chief Executive Demis Hassabis all participated in discussions about AI governance and international cooperation.

French President Emmanuel Macron and other officials warned that foreign governments and businesses may become increasingly wary of relying on systems that can be restricted or withdrawn through US government action.

The controversy is also prompting investors to reassess the risks surrounding frontier AI companies. Bloomberg reported that the administration's intervention has raised concerns that political and national security considerations could increasingly influence the availability of advanced AI models, creating a new category of risk for companies whose valuations depend on global access and adoption. Analysts told the publication that the episode could mark the beginning of a shift in which frontier AI systems are treated less like commercial software and more like strategic national assets subject to government oversight.

For Anthropic, the immediate question is whether negotiations can restore access to Fable 5 and Mythos 5. For the broader AI industry, the larger question may be whether customers, governments, and investors conclude that access to leading American AI systems has become subject to political and geopolitical risk. (Hugo Lowell / Wired, Louise Matsakis and Maxwell Zeff / Wired, Sheera Frenkel, Julian E. Barnes and Dustin Volz / New York Times, Madhumita Murgia, Tim Bradshaw, and Leila Abboud / Financial Times, Amrith Ramkumar, Sam Schechner and Noemie Bisserbe / Wall Street Journal, Jan-Patrick Barnert, Michael Msika, Matthew Griffin, and Abhishek Vishnoi / Bloomberg, Owen Walker and Arjun Neil Alim / Financial Times)

Related: Don't Worry About the Vase, Mediaite, r/technology, UPI, Gizmodo, The Chosun Daily, Bloomberg, The Elec, r/Anthropic, Gizmodo, The Hill, Bloomberg, Hacker News, r/politics, Slashdot, Washington Post, TechCrunch, Benzinga, Wall Street Journal, Business Insider, CNBC, Digit, Sky News, People Matters, The Deep View, Implicator.ai, Reuters, Business Standard, New York Post, Business Today, Semafor, The Economic Times, CNBC, Barchart.com, Raw Story, Reuters, Business Insider, New York Times, Newsweek, Associated Press, Associated Press, Bloomberg, Bloomberg, TechCrunch, Reuters

A surveillance firm in Bulgaria called Circles sold controversial surveillance technology to governments in countries with records of repression, enabling authorities to track mobile phones and eavesdrop on private communications, according to documents obtained by Human Rights Watch.

 Circles offered tools capable of spying on phone calls, messages, and internet activity. The documents — a trove of Bulgarian export records covering sales by Circles between 2018 and 2023 — show that the Bulgarian government approved Circles' transactions with law enforcement and intelligence agencies in countries including Azerbaijan, Bahrain, El Salvador, Guatemala, Jordan, Malaysia, Morocco, Panama, Serbia and the United Arab Emirates.

The findings raise fresh questions about how European Union export controls meant to curb the sale of powerful spy tools are being enforced.

Many of Circles’ customers are in countries ranked either “not free” or “partly free” by Freedom House, the nonprofit that tracks political rights and civil liberties worldwide. Human Rights Watch said the records provide evidence that European companies are still supplying surveillance capabilities to governments that could use them against critics, journalists and political opponents despite EU regulations introduced in 2021 to rein in such exports.

“Bulgaria shouldn’t be licensing surveillance exports to countries that have well-documented histories of using these tools to harm rights,” Zach Campbell, a senior researcher at Human Rights Watch, said in an interview. (Ryan Gallagher / Bloomberg)

Related: Human Rights Watch

The Russian-speaking ransomware operation known as The Gentlemen has reportedly claimed responsibility on the dark web for a cyber attack that shut down two regional Queensland sugar mills for a week.

The Racecourse and Farleigh mills have not been fully operational since June 10.

Farleigh mill undertook a manual crush of cane harvested before the attack, and both mills have run steam trials in preparation for a staged restart of operations.

Cyber security expert Andrew Philp said while he could confirm The Gentlemen made the claim via a website hosted on the dark web, the attacker could not be independently verified. (Aimee Mitchell, Bryn Wakefield and Yasmine Wright Gittins / ABC.net.au)

Related: Cyber Daily, The Register

Australian Clinical Labs said that a cyber incident at an ​external IT service provider used ‌by its SunDoctors unit led to unauthorized access to a limited portion of systems, with ​some data taken.

SunDoctors' investigation found that most of the ⁠affected data consisted of basic contact ​details and some health information, largely ​related to skin cancer checks and testing, the pathological services provider said, adding that there was ​no evidence that the information had ​been disclosed online.

The breach occurred at an external ‌IT ⁠provider used by SunDoctors, which the clinical testing group had first flagged in April.

The probe could not identify which ​individuals were ​affected, so ⁠SunDoctors decided to notify a broader group of around 280,000 ​people that their information may ​have ⁠been accessed. (Shruti ​Agarwal / Reuters)

Related: InfoTechLead

Security researcher Bob Diachenko discovered a data leak dubbed "FortiBleed" that has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide.

The exposed data was first discovered by security researcher Bob Diachenko, who says he found a server containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords.

According to screenshots and information shared by Diachenko, the database contains entries for Chevron, Samsung, Foxconn, Comcast, AT&T, Mercedes-Benz, Toyota, Sinopec, State Grid, and many others.

"Massive Fortinet/FortiGate bruteforce/active exploitation campaign uncovered in action," Diachenko posted on LinkedIn.

"Thousands of top vendors instances are listed in the files like this (see screenshot). This one alone has 21,634 domain names - from Chevron to Fortinet itself. All - with potentially working passwords to the FortiGate appliances obtained through various means."

The exposed data also included comments listing each organization's industry, revenue, and number of employees, likely for planning attacks. (Lawrence Abrams / Bleeping Computer)

Related: TechCrunch,  IFIN, InfoStealers, Reuters, SOCRadar® Cyber, Dark Reading, CyberScoop, heise online News, Volodymyr "Bob" Diachenko on LinkedIn, SecurityWeek, Cyber Security News, Hackread, Cyber Daily, The Register

Personal information, including email addresses of 5,000 first-round qualifiers in the nationwide startup competition “Startup for All,” organized by the Korean Ministry of SMEs and Startups, has been confirmed to have leaked externally.

According to the Ministry of SMEs and Startups on the 18th, the data breach began on the morning of the 15th at 9 a.m. when the profiles of the 5,000 first-round qualifiers were publicly disclosed on the competition’s website. While nicknames were publicly visible, participants could choose to keep their email addresses and self-introductions private. However, attempts to access even these non-public details followed the profile disclosure.

The Ministry of SMEs and Startups detected anomalies through user inquiries posted on the platform around 3 p.m. the same day and blocked unauthorized access routes one hour later, at 4 p.m. The following day, on the morning of the 16th, a complaint was received from a user stating, “I received a promotional email from an AI solution company using my non-publicly registered email address.”

The investigation confirmed that the breach occurred through 9 IP addresses. The leaked information included email addresses, summaries of ideas, and evaluation comments. As of now, there have been no confirmed cases of real names, mobile phone numbers, or detailed business ideas submitted in applications being accessed or leaked.

Immediately after identifying the breach at 4 p.m. on the 15th, the Ministry of SMEs and Startups blocked all access routes. On the evening of the 16th at 6 p.m., additional security features were implemented to prevent external AI-based automated data collection attempts. Currently, an emergency security inspection is underway across the entire system to determine if further leaks occurred and to trace how the information was used.

Notifications to affected individuals were issued at noon on the 18th, three days after the incident. The Ministry of SMEs and Startups individually informed the victims and posted an announcement on the platform. At 1 p.m. the same day, the agency reported the breach to the Korea Internet & Security Agency (KISA) and established a victim support center. It is also collaborating with external institutions, including the National Cyber Security Center, to investigate and analyze the security incident. (Hwang kyu-rag / The Chosun Daily)

Related: Seoul Economic Daily, Asia Business Daily, Digital Today, Khan, Maeil Business

Everyone is racing to adopt AI. But if your security foundation is weak, AI won’t save you — it will amplify the risk.

That’s the core message behind my just-published new book, The NIST 2.0 Cybersecurity Framework: Practical Risk Management Using Real-World Incidents. Rather than treating cybersecurity as a compliance exercise, the book shows how organizations can build resilient security programs grounded in real operational failures and lessons learned.

Wiley is currently offering Metacurity readers a 20% discount with code ENG20. Don't wait! Order your copy today! Email me to find out about bulk purchases for your organization or special customized print runs for your team.

Canada’s spy service obtained a judge’s permission to disrupt cyberthreats from foreign adversaries who infected digital devices with malware.

A Federal Court ruling made public this week says the Canadian Security Intelligence Service requested a warrant to “remove the compromised devices from Canada” to shield sensitive systems from attack.

Justice Catherine Kane’s ruling provides a glimpse into CSIS’s efforts to neutralize the threat posed by infected servers, home office routers and everyday devices connected to the internet, such as TVs, security cameras and doorbells.

The malware causes these digital items to operate as a network of infected devices, known as a botnet.

CSIS requested and received a warrant in the spring of 2024 to neutralize two known botnets using threat reduction measures.

The ruling says the proposed measures likely amounted to criminal offenses, meaning CSIS needed a judge’s authorization to proceed.

The court issued a warrant valid for 120 days and subsequently renewed it for an additional 120 days.

Although the initial warrant was approved over two years ago, the Federal Court produced classified reasons in February of this year and released a redacted version of the ruling this week. (Jim Bronskill / The Canadian Press)

Related: The Spectator

Researchers at Check Point discovered a sophisticated social‑engineering campaign is leveraging AI‑generated YouTube narrators, ghost accounts across multiple platforms, and manipulated reputation signals to distribute a Rust‑based clipboard hijacker that steals cryptocurrency by replacing wallet addresses on victims’ clipboards.

The operation centers on a WordPress phishing hub that advertises “sniper” bots, crash‑game predictors and other get‑rich‑quick tools aimed at crypto traders and gamblers, and uses a coordinated ecosystem of fake engagement to create the illusion of legitimacy.

The actor’s distribution chain begins with a polished phishing page maintained under the handle @JoseCmanXD, which links to GitHub and SourceForge repositories and a dedicated YouTube channel.

On GitHub, the operator runs at least six accounts that inter‑contribute and star one another’s repositories, producing thousands of apparent downloads and inflated star/fork counts consistent with previously documented “Ghost Network” activity.

SourceForge project pages show similarly manipulated download numbers and overwhelmingly positive reviews, with a suspicious majority of downloads attributed to Android devices despite the author offering only Windows and macOS builds, an indicator of download‑farm inflation.

YouTube plays a central role in amplifying trust. Videos mimic authentic tutorials showing desktop demonstrations while an AI‑generated narrator speaks from an on‑screen avatar.

View counts exhibit sharp, inorganic spikes, and highly positive, likely coordinated replies dominate the comment sections. These signals push victims toward the phishing hub and the repositories, reinforcing perceived popularity and effectiveness of the promoted “tools.” (Mayura Kathir / GBHackers)

Related: Check Point

Prince George County’s government in Virginia was hit by a cyber attack, with references to the county appearing on “a website associated with cybercriminal activity.”

On Friday, June 12, Prince George officials announced that the county was experiencing a network outage impacting phone and internet services across its offices. Emergency lines like 911 remained available, but things like online payment services were down.

This outage was the result of a “cybersecurity incident,” according to a June 17 press release from the county.

The county did not say if there were any other impacts from this attack, such as a data breach. However, officials did say that “references to Prince George County have appeared on a website associated with cybercriminal activity.” (Ryan Nadeau / WRIC)

Related: WWBT, 12OnYourSide

Researchers at Huntress report that millions of UK shoppers were exposed to a fake Boots promotion after hackers sent emails offering a free beauty sample pack through a large phishing campaign.

The emails appeared to come from Boots and encouraged recipients to complete a short survey in exchange for a beauty sample package and promotional benefits.

The campaign relied on familiar branding to make the message appear legitimate while directing users to a cloned website designed for information collection.

The operation used a fake customer survey to collect personal details while directing victims toward a fraudulent checkout process requesting sensitive information.

The campaign involved 8,894,920 email addresses and infrastructure connected to Romanian-speaking threat actors.

The fake page requested details including names, email addresses, dates of birth, phone numbers, and home addresses before reaching payment information.

Huntress found that the phishing content was hosted on a compromised Bolivian government website belonging to IPELC (the Pluranational Institute for the Study of Languages and Cultures), rather than an attacker-controlled domain.

The email campaign was sent using Gammadyne Mailer, a legitimate bulk mailing app that attackers installed on a compromised UK business terminal server.(Efosa Udinmwen / TechRadar)

Related: Huntress, Retail Gazette, TechRound, IT Security Guru

Amazon Web Services is announcing a new set of AI agents for businesses, developers, and individual users, capable of everything from fixing security vulnerabilities to triaging email.

The agents, unveiled at the AWS Summit in New York, reflect an attempt to maximize autonomy while ultimately keeping humans in control of how much the AI does on its own.

It’s part of a broader industry push into agents, with Google, Microsoft, Anthropic, OpenAI and others developing AI that can do more work and increasingly complete tasks on their own.

A new security agent, dubbed AWS Continuum, starts in a supervised “learn mode” and earns the right to act alone only as customers grant it permission, category by category.

The Amazon Quick AI assistant will now let users build their own background agents in plain language to handle tasks like following up on stalled business deals or flagging regulatory changes.

Amazon gave Quick a redesigned activity feed that triages email, messages, and calendar items into one prioritized view; new links to services including Adobe, Figma, Snowflake, and WhatsApp; and the ability to tap multiple connected services to answer a single question.

On the developer side, AWS is also pushing its coding agents to take on more of the grunt work, checking and testing new code before it ships and cleaning up old code, while leaving the final decision to merge or deploy in the hands of humans. A new iPhone app for Kiro, the company’s AI coding assistant, will let developers start and monitor that work from their phones.

Deepak Singh, the AWS VP who leads the Kiro team, said the overarching idea is to take the background work AI has piled onto people — reviewing code, triaging security findings, keeping software current — and let agents handle it with minimal human intervention. (Todd Bishop / GeekWire)

Related: About Amazon, VentureBeat, Amazon Web Services, Amazon Web Services, Kiro, Amazon Web Services, The Information, Tech Times, DevOps.com, SiliconANGLE, CIO Dive, The New Stack, Amazon Web Services, Constellation Research, The Register, CRN

Richard Horne, the chief executive of the National Cyber Security Centre (NCSC), said more than 200 cyber incidents have hit the UK’s critical national infrastructure over the past year, and state-linked assailants were behind three-quarters of the attacks, according to the state cybersecurity body.

He said hostile states such as Russia, China and Iran were increasingly targeting systems behind the UK’s key services.

Examples of critical national infrastructure include the UK’s nuclear deterrent, power plants, hospitals and airports.

Horne said the UK was engaged in an “ongoing contest with capable adversaries”.

“This contest is not confined to a compact space. It is not like a wrestling match in a closely defined territory, as some have suggested,” he said in a speech at the Royal United Services Institute.

Horne said the NCSC responded to more than 200 cyber incidents affecting the UK’s critical national infrastructure and its “supporting ecosystem” in the year to May, with about 75% of those “believed to be linked to state actors."

Horne said advances in AI were likely to accelerate the threat, exposing cyber-flaws in national infrastructure, with 2028 likely to be the year when such a threat crystallized. (Dan Milmo / The Guardian)

Related: Infosecurity Magazine, NCSC, The Record, The Independent

Dream, an Israeli artificial intelligence company that provides AI and cybersecurity services to governments and critical infrastructure operators, has raised $260 million in a new funding round.

Bicycle Capital and Group 11 led the round, with the participation of Bain Capital Ventures, Antler, and Tru Arrow Partners. (Galit Altstein / Bloomberg)

Related: Jerusalem Post, Crypto Briefing

Twenty, an Arlington, VA-based cyber warfare startup, raised $100M in a Series B funding round.

Caffeinated Capital and Tim Junio, with participation from General Catalyst and In-Q-Tel. (Colin Demarest / Axios)

Related: Reuters, The SaaS News, CityBiz, PR Newswire, FinSMEs

NeuralTrust, a platform for securing AI agents, has raised a $20 million seed financing round.

Alstin Capital led the round with participation from VentureFriends, Seaya, Kibo Ventures, Banc Sabadell, EA Ventures Plug and Play Fund, and Finaves, the venture capital fund of IESE Business School. NeuralTrust also receives public support from the European Innovation Council and Spain’s State Research Agency (AEI). (Tamara Djurickovic / Tech.eu)

Related:  NeuralTrust, FinSMEs, Tech Funding News

EigenQ, whose core business includes making cybersecurity systems that will protect networks and devices from future ​attacks by powerful quantum computers, will go public through a merger with blank-check company Silicon Valley ​Acquisition in a deal valuing the firm at ‌about $3 billion.

The company's main process, called post-quantum ​cryptography, is designed to replace current encryption methods ⁠with algorithms that remain secure even against quantum ​computing capabilities, ensuring long-term protection of sensitive data and ​digital infrastructure. (Harshita Mary Varghese / Reuters)

Related: Forbes, The Quantum Insider

Best Thing of the Day: Would You Call This Dual-Use Unemployment?

Cybercriminals are worried that the rise of AI tools and large language models (LLMs) could result in them losing their jobs.

Worst Thing of the Day: So What If Your Life Depends on Our Being Accurate

The British government is planning to introduce facial age estimation when vetting asylum seekers, even knowing that it is highly flawed.

Bonus Worst Thing of the Day: Breaking the Law to Persecute Immigrants

Immigration and Customs Enforcement (ICE) appears to be purchasing records related to immigrants’ tax identifiers from a data broker, potentially skirting a court order that banned ICE from sourcing such information.

Closing Thought