Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.As the debate continues among researchers and practitioners about the potential impact of new AI models on cybersecurity, Mozilla announced on Tuesday that it utilized early access to Anthropic’s Mythos Preview to identify and rectify 271 vulnerabilities in its latest Firefox 150 browser release. Concurrently, a moderately successful group of North Korean hackers was identified, using AI for a range of activities from coding malware to creating counterfeit company websites, pilfering up to $12 million in a span of three months.
Researchers have finally deciphered a disruptive malware known as Fast16, which predates Stuxnet and may have been utilized to target Iran’s nuclear program. Created in 2005, it is believed to have been deployed by the US or one of its allies.
Meta is facing a lawsuit from the Consumer Federation of America, a nonprofit organization, over scam advertisements on Facebook and Instagram, and for allegedly deceiving consumers about the company’s efforts to combat them. A US surveillance program that allows the FBI to access Americans’ communications without a warrant is due for renewal, but lawmakers are at an impasse regarding the next steps. A new bill has been proposed to address growing concerns among lawmakers, but it lacks substance.
WIRED has conducted an in-depth investigation into the longstanding feud behind the prominent privacy and security-conscious mobile operating system, GrapheneOS. Additionally, we have examined the peculiar story of how China spied on US figure skater Alysa Liu and her father.
Anthropic’s Mythos Preview AI model, a tool renowned for its ability to detect security vulnerabilities in software and networks, has been so powerful that its release has been carefully controlled by its creator. However, a group of amateur detectives on Discord discovered their own relatively simple methods—without the need for AI hacking—to gain unauthorized access to Mythos itself.
Despite Anthropic’s attempts to regulate who can use Mythos Preview, a group of Discord users managed to access the tool through some relatively simple detective work. They analyzed data from a recent breach of Mercor, an AI training startup that collaborates with developers, and made an educated guess about the model’s online location based on Anthropic’s format for other models. This phrase has led many to speculate that it refers to a web URL, according to Bloomberg, which first reported the story.
The individual also reportedly leveraged permissions they already had to access other Anthropic models, due to their work for an Anthropic contracting firm. As a result of their investigation, they allegedly gained access to not only Mythos but also other unreleased Anthropic AI models. Fortunately, according to Bloomberg, the group that accessed Mythos has so far only used it to build simple websites—a decision made to avoid detection by Anthropic—rather than to hack the planet
