US agencies court Anthropic AI for cyber defense despite Pentagon ban

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

The US Treasury Department’s technology team is seeking to gain access to Anthropic PBC’s Mythos AI model so it can begin hunting for vulnerabilities, according to a person familiar with the situation.

Treasury Chief Information Officer Sam Corcos was aiming to gain access to the model, which Anthropic has been releasing to a limited number of institutions, as soon as this week, the person said, asking not to be identified because the information isn’t public.

Corcos briefed the Treasury’s cybersecurity team on the technology last week and directed it to prepare for the eventual threats from powerful AI systems, the person said.

The Treasury Department is seeking access from Anthropic despite the Pentagon labeling the artificial intelligence company a US supply chain risk earlier this year. The government made the declaration after a dispute with Anthropic over how its AI technology may be used by the military, and set a six-month period for the company to hand over AI services to another provider.

Moreover, other federal agencies and government officials are quietly sidestepping Defense Secretary Pete Hegseth’s ban on working with artificial intelligence startup Anthropic, as intrigue and anxiety around the company’s powerful new AI model continues to grow.

In recent days, staff from at least two large federal agencies have reached out to Anthropic to express interest in integrating Claude Mythos into their cyber defense efforts, according to a former senior US technology official with direct knowledge of the discussions.

The Commerce Department’s Center for AI Standards and Innovation — tasked with evaluating US and foreign AI models for potential risks and opportunities — is actively testing Mythos’ hacking prowess, according to four people familiar, including one current and one former cybersecurity official; a former Trump administration official; and a former senior national security official.

And staff on at least three congressional committees have held or requested briefings from Anthropic over the last week to learn more about Mythos’ cyber scanning capabilities, according to three congressional aides working on AI policy. (Margi Murphy and Rachel Metz / Bloomberg and John Sakellariadis and Brendan Bordelon / Politico)

Related: Semafor, PYMNTS.com, American Banker, Axios, Bloomberg Reuters, Mashable

OpenAI is letting a select group of users access a new artificial intelligence model that’s meant to be more adept at spotting software security vulnerabilities, one week after rival Anthropic PBC announced a limited release of an AI tool called Mythos.

The ChatGPT maker said that it’s beginning to roll out GPT-5.4-Cyber, which is aimed at finding issues in software so organizations can fix them. GPT-5.4-Cyber also places fewer constraints on the ways users can probe the model for that task, OpenAI said. The model will be offered to some participants of OpenAI’s Trusted Access for Cyber program, which the company rolled out in February to let certain customers and cybersecurity professionals try its most capable offerings.

OpenAI plans to increase the number of participants in the early access program. Initially, it will let hundreds of users test out the new model, before expanding that to thousands in the coming weeks. (Rachel Metz / Bloomberg)

Related: OpenAI, XDA Developers, New York Times, PYMNTS.com, CNET, Constellation Research, iClarified, SiliconANGLE, Implicator.ai, DataBreachToday.com, Financial Times, Simon Willison's Weblog, Axios, DNYUZ, Hacker News, r/singularity, The Information, Gizmodo, 9to5Mac, Reuters, 

A pro-Russian cyber group tried to disrupt operations at a Swedish thermal power plant last year, ​the Swedish government said, adding that ‌Russian hybrid attacks had become more frequent and serious.

Carl-Oskar Bohlin, minister for civil defense, said the group had targeted a power ​plant in western Sweden during the spring of 2025, ​but that the attack had been unsuccessful. Bohlin ⁠did not name the plant.

"The Security Police handled ​the case and were able to identify the actor behind ​it, who had connections to Russian intelligence and security services," Bohlin told a news conference.

"Fortunately, no serious consequences occurred due to a ​built-in protection mechanism," the minister said. (Johan Ahlander / Reuters)

Related: Brussels Signal, The Local, Bloomberg, Energy Watch

Microsoft issued its April 2026 Patch Tuesday bulletin with security updates for 167 flaws, including 2 zero-day vulnerabilities.

This Patch Tuesday also addresses eight "Critical" vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw.

One of the zero days which is actively being exploited is CVE-2026-32201 - Microsoft SharePoint Server Spoofing Vulnerability.

The number of flaws does not include Mariner, Azure, and Bing flaws that were fixed by Microsoft earlier this month. There were also 80 Microsoft Edge/Chromium flaws that were fixed by Google.

"Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network," explains Microsoft.

"An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability)," continued Microsoft. (Lawrence Abrams / Bleeping Computer)

Related: Sans Internet Storm Center, Tenable Blog, Cyber Security News, Computer Weekly, Krebs on Security, Neowin, Windows Central, IT Wire, Security Affairs, Security Week, Forbes, Windows Central, Thurrott, Notebookcheck, Arctic Wolf, Cisco Talos, Ask Woody, Bleeping Computer, Infosecurity Magazine, CyberScoop

A fake version of Ledger Live distributed via Apple’s App Store has been linked to at least $9.5 million in crypto theft, with victims now coming forward describing devastating losses, including entire retirement funds wiped out “in an instant.”

One victim, posting on X under the handle @glove, said he lost 5.9 BTC – his entire savings accumulated over a decade – after downloading what he believed was the official Ledger app while setting up a new computer.

“I lost my retirement fund in a hack/scam… All my BTC gone in an instant,” he wrote.

Blockchain investigator ZachXBT later traced the stolen 5.92 BTC, showing it was rapidly funneled through a series of transactions into KuCoin deposit addresses, consistent with a broader laundering pattern identified across the incident.

Apple and KuCoin did not immediately respond to requests for comment.

X user @glove wasn't the only victim. The phishing campaign, active between April 7 and April 13, impacted more than 50 suspected victims across Bitcoin, Ethereum-compatible networks, Tron, Solana, and XRP.

Three of the largest victims lost seven-figure sums, with $3.23 million in USDT being stolen on April 9, $2.08 million of USDC on April 11 and $1.95 million in BTC, ETH and stETH being drained on April 8.

Stolen funds were routed through more than 150 KuCoin deposit addresses and tied to “AudiA6,” a centralized crypto mixing service known for charging high fees to obfuscate illicit flows.

Apple removed the fake Ledger Live app from the App Store, but questions remain about how it passed review and how long it was available. (Oliver Knight / CoinDesk)

Related:TheStreet, MacRumors, BleepingComputer, crypto.news,  Stereogum, Cointelegraph, Decrypt, iPhone in Canada, 9to5Mac, The Block, Ledger, Web3IsGoingJustGreat, The Block, 9to5Mac, Decrypt, Bleeping Computer, incrypted, Apple Insider

Education company McGraw-Hill confirmed that hackers exploited a Salesforce misconfiguration and accessed its internal data.

The company assured that the breach did not affect its Salesforce accounts, customer databases, or internal systems, and that the amount of exposed data is limited and non-sensitive.

“McGraw-Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on its platform. This activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment that has impacted multiple organizations that work with Salesforce," a McGraw-Hill spokesperson said.

"Importantly, this did not involve unauthorized access to McGraw-Hill’s Salesforce accounts, customer databases, courseware, or internal systems,” the company representative added.

McGraw-Hill further states that its investigation, with help from external cybersecurity experts, revealed that the exposed information does not contain Social Security numbers (SSNs), financial account information, or student data from its educational platforms. (Bill Toulas / Bleeping Computer)

Russia-linked hackers broke into more than 170 email accounts belonging to prosecutors and investigators across Ukraine during the last several ​months, according to data reviewed by Reuters, a campaign that shows how Moscow’s spies are keeping tabs on the Ukrainian officials tasked with rooting out corruption and Russian ‌collaborators.

The data was inadvertently exposed to the internet by the hackers and discovered by Ctrl-Alt-Intel, a collective of British and American cyber threat researchers. Ctrl-Alt-Intel said data left on the server - including logs of successful hacking operations and thousands of stolen emails - showed that the hackers compromised at least 284 inboxes between September 2024 and March 2026.

Most of the victims were in Ukraine; others are from neighboring NATO countries and the Balkans. The operation was first described last month in ​a Ctrl-Alt-Intel blog post. Reuters reviewed the underlying data and is publishing details of the hacks for the first time, including the identities of more than a dozen compromised European agencies ​and officials.

Ctrl-Alt-Intel said the mistake provided a rare opportunity to examine the workings of a Russian espionage campaign.

The hackers “just made a huge operational blunder,” Ctrl-Alt-Intel ⁠said. “They left their front door wide open.” (Raphael Satter / Reuters)

Related: The New Voice of Ukraine, Benzinga, Control-Alt-Intel

Standard Bank, Africa’s biggest bank by assets, has informed its business clients of a data breach that exposed their personal information.

“We are writing to inform you of a recent incident that involved unauthorised access to certain data within the Standard Bank of South Africa’s environment,” says the bank in an e-mail to clients.

“We believe in maintaining transparency with our clients, and as such, we are notifying you directly. Regrettably, your information was among the select data sets that may have been accessed.”

The announcement comes soon after Standard Bank subsidiary Liberty late last month also suffered a data breach which affected clients.

According to Standard Bank, its data breach exposed select client records, including “account numbers, limited account information, business names, and ID or registration numbers." (Admire Moyo / IT Web)

Related: Channel Africa, SABC News

The independent webXray California Privacy Audit of Microsoft, Meta, and Google web traffic in California found that the companies may be violating state regulations and racking up billions in fines because 55% of the sites it checked set ad cookies in a user’s browser even if they opted out of tracking.

webXray viewed web traffic on more than 7,000 popular websites in California in the month of March and found that most tech companies ignore when a user asks to opt out of cookie tracking. California has stringent and well-defined privacy legislation thanks to its California Consumer Privacy Act (CCPA), which allows users to, among other things, opt out of the sale of their personal information. There’s a system called Global Privacy Control (GPC), which includes a browser extension that indicates to a website when a user wants to opt out of tracking.

According to the webXray audit, Google failed to let users opt out 87 percent of the time. “Googleʼs failure to honor the GPC opt-out signal is easy to find in network traffic. When a browser using GPC connects to Googleʼs servers it encodes the opt-out signal by sending the code ‘sec-gpc: 1.’ This means Google should not return cookies,” the audit said. “However, when Googleʼs server responds to the network request with the opt-out, it explicitly responds with a command to create an advertising cookie named IDE using the ‘set-cookie’ command. This non-compliance is easy to spot, hiding in plain sight.”

The audit said that Microsoft fails to opt out users in the same way and has a failure rate of 50 percent in the web traffic webXray viewed. Meta’s failure rate was 69 percent and a bit more comprehensive. “Meta instructs publishers to install the following tracking code on their websites. The code contains no check for globally standard opt-out signals—it loads unconditionally, fires a tracking event, and sets a cookie regardless of the consumerʼs privacy preferences,” the audit said. It showed a copy of Meta’s tracking data, which contains no GPC check at all. (Matthew Gault / 404 Media)

Related: PC Perspective, KQED

A review by NBC News discovered that Elon Musk’s artificial intelligence software, Grok, continues to generate sexualized images of people without their consent, despite his company’s pledge months ago to halt abusive deepfakes after a public backlash and government investigations.

NBC News found dozens of AI-generated sexual images and videos depicting real people posted publicly on Musk’s social media app, X, over the past month. The images show women whose likenesses were edited by the AI chatbot to put them in more revealing clothing, such as towels, sports bras, skintight Spider-Woman outfits, or bunny costumes. Many of the women are female pop stars or actors.

The Grok software, created by Musk’s company xAI, made the images at the request of users who tried to break through the undressing restrictions the service put in place in January. Grok, via its X account, or the users, then posted the images to X.

The images are similar to ones that sparked a firestorm of criticism in January, when Musk’s companies freely allowed people to undress others simply by uploading photos and typing prompts such as “put her in a bikini.” Musk’s companies had cheered on the idea, promoting the “spicy mode” of his AI chatbot. The flood of fake images, including some of children, prompted government investigations on five continents. (David Ingram / NBC News)

Related: The Financial Express

Telegram has failed to eradicate Xinbi Guarantee, an anarchic, Chinese-language bazaar offering money laundering services to crypto scammers, products like electrified batons and tasers for those same scammers' human trafficking operations, and even at times other assorted criminal services ranging from harassment-for-hire to teen prostitution.

The full extent of Telegram's failure to eradicate the scam marketplace was put to the test late last month when the UK government officially sanctioned Xinbi Guarantee and designated it a facilitator of human trafficking. Yet now, nearly three weeks later, Telegram still hasn't removed Xinbi's accounts on its service, facilitating more than half a billion dollars’ worth of illicit deals in the time just since those sanctions were put in place.

According to cryptocurrency tracing firm Elliptic, Xinbi Guarantee carried out $505 million in transactions in the 19 days after the British government's sanctions and added tens of thousands more users to reach nearly half a million buyers and sellers in total. Elliptic says it has seen no signs that Telegram has taken any action to ban the market or its accounts. “Xinbi is still going strong,” says Elliptic's cofounder and chief scientist, Tom Robinson. “They're on track to become the largest market of this kind that's ever existed.”

Telegram's apparent refusal to remove the black market—just one in an industry of Chinese-language black markets that operates on Telegram in full public view—represents an appalling lack of accountability, says Gary Warner, a security researcher who has tracked Xinbi Guarantee as director of intelligence at the cybersecurity firm DarkTower. “It boggles my mind,” Warner says. “There's literally no legitimate company in the world that hosts this level of criminal activity and is so open about it. There's nothing that even comes close.” (Andy Greenberg / Wired)

The European Union has unveiled an app to confirm users’ age online, setting the standard for verification technology as more countries consider laws banning young teenagers from social media.

“Online platforms can easily rely on our age verification app, so there are no more excuses,” European Commission President Ursula von der Leyen said on Wednesday. “Europe offers a free and easy-to-use solution that can shield our children from harmful and illegal content.”

The software was originally pitched as a way to prevent children from accessing obscene or harmful content online, and comes as many EU members are debating restricting social media for minors. EU member states France and Greece have announced plans to pass measures banning younger teens from social media, pointing to studies on the sites’ addictiveness and harmful effects on minors.

The open-source tool will require users to show legal identification, such as a passport, at setup and will work on phones, tablets, and personal computers. It will also help coordinate age verification requirements across the EU, Von der Leyen said. (Gian Volpicelli / Bloomberg)

Related: Belga News Agency, Politico, European Commission, Reuters, AFP

Best Thing of the Day: The Sharpest Witted Tech Writer Tackles Cyber

For those of you who don't read the marvelous Today in Tabs publication written by the great tech journalist Rusty Foster, you're in for a treat with his most recent issue, which tackles, of course, Anthropic's Mythos and other high-profile cyber stories.

Worst Thing of the Day: Killing the Internet Archive

According to Originality AI analysis, 23 major news sites currently block ia_archiverbot, the Wayback Machine’s web crawler. USA Today Co. operates over 200 media outlets, making its blocking decision particularly devastating.

Bonus Worst Thing of the Day: Making the US Government Less Safe in the Long Run

The Cybersecurity and Infrastructure Security Agency has informed participants of the federal government’s Scholarship for Service program that it has canceled this year’s summer internship programs due to the current funding issues at the Department of Homeland Security.

Closing Thought