cybersecurity7 articles
An Executive's Inbox Was Silently Plundered for Five Months. Here's What That Tells Us About AI-Assisted Attacks
A stock exchange executive had their Outlook mailbox compromised for five months without anyone noticing. Five months.
Prize-winning hacker thinks AI might make her obsolete — and she's not wrong to worry
Valentina Palmiotti ("Chompie"), the top individual performer at the Pwn2Own Berlin hacking competition, warns that powerful AI tools like Claude Mythos may soon make human ethical hackers obsolete, having already won $70,000 in prizes herself. While AI currently helps hackers work faster, she believes emerging models will quickly take over the discovery of common vulnerabilities, leaving only the most elite human researchers competitive. Despite concerns about AI aiding criminal hackers, Chompie remains cautiously optimistic that AI will ultimately benefit cybersecurity defenders more than attackers — provided powerful tools are released responsibly.
Anthropic Plans Public Release of Mythos Bug-Hunter, Admits Nobody Has the Safeguards to Do It Yet
Anthropic has announced plans to eventually make its Mythos AI model — which excels at finding security vulnerabilities in code — publicly available, but only once sufficient safeguards are developed, which the company admits do not yet exist. In the meantime, access is being expanded through its "Project Glasswing" programme to additional partners, including allied governments. Mythos has already identified over 23,000 flaws across 1,000+ open-source projects, though the volume of discoveries is straining an already overloaded security ecosystem, with many maintainers struggling to keep pace with the volume of reported vulnerabilities.
Anthropic's Claude Mythos Is Finding Bugs Faster Than Anyone Can Fix Them
Anthropic's Claude Mythos Preview AI model, working with around 50 partners through Project Glasswing, identified over 10,000 critical security vulnerabilities in system-critical software within just one month, with some partners reporting a tenfold increase in bug discovery rates. However, the pace of discovery far outstrips the ability of organizations to verify and patch the flaws, with only 97 of 23,019 open-source vulnerabilities found having been fixed so far. Anthropic warns this creates a dangerous transition period where AI models can rapidly find and potentially exploit vulnerabilities faster than defenders can respond, and acknowledges that no company currently has safeguards strong enough to prevent misuse of such capabilities.
Your App Is Under Attack Before Lunch on Launch Day
Digital.ai's *2026 App Security Threat Report* reveals that AI — particularly agentic AI — has dramatically accelerated and broadened app-based cyberattacks, with the proportion of monitored apps under attack rising from 55% in 2022 to 87% in 2026. AI has lowered the technical barriers for attackers, closing the historic security gap between iOS and Android, enabling sophisticated attacks within hours of an app's release, and driving steep rises in attack rates across previously complex-to-exploit sectors like automotive and medical devices. The report concludes that defenders can no longer treat any app or sector as a lower-priority target, and must adopt their own agentic AI defences to counter the increasingly sophisticated and fast-moving threat landscape.
Five Reasons Your Cybersecurity Strategy Is Already Behind
Cybercriminals in 2025 have become increasingly sophisticated, using AI, automation, and corporate-style structures to launch faster, larger-scale attacks, with governments, finance, and technology sectors among the most targeted. Enterprises face a complex cybersecurity landscape shaped by five key factors: rising user expectations, financial pressures, complex multi-vendor IT infrastructure, unpredictable geopolitics, and evolving cyber threats. To counter these challenges, HPE advocates for a "self-driving network" approach that uses AI-driven platforms and built-in security capabilities — such as zero trust enforcement and automated threat monitoring — to provide dynamic, comprehensive protection.
Grafana Labs Got Its GitHub Raided. It's Not Paying Up.
Grafana Labs has disclosed that an unauthorized attacker obtained a token to access its GitHub environment and stole its codebase, subsequently threatening to release the code unless a ransom was paid. The company refused to pay, citing FBI guidance and the fact that no customer data or operational systems were affected. The incident's impact may be limited, as much of Grafana's code is already open source, though it remains unclear exactly what proprietary code was taken.