Read Time: 9 minutes

Brought to you by:

Howdy friends!

Out west a few weeks - speaking at some events. One of the major topics people are asking about is of course the Mythos and Fable restrictions from dot gov. I had to get creative with my live streaming locations this week including the basement of a museum and a book store that was closed today. In search of good wifi and a quiet corner.

As a native New Yorker it certainly has been hard to avoid getting caught up in the energy of the Knicks victory. Between that and the World Cup it is straight up emotional for me watching people come together in community like that. It’s something we all crave and I’m glad this time crowds chanting on the streets is for joy.

I’ll be at AI Engineering World’s Fair next week and I’m looking forward to talking to the group there as it will largely be out of the infosec echo chamber. (I mean… not that AI engineering isn’t it’s own echo chamber, but at least it’s not MY echo chamber).

ICYMI

🖊️ Something I wrote: This will accelerate the open weight models reaching “Mythos tier” capabilities.

🎧️ Something I heard: LowLevel’s take on the Mythos/Fable situation

🎤 Something I said: I talked to the hackers that found a nation state 0day

🔖 Something I read: Absolute tragedy for the Austin tech scene - Josh, the founder/CEO of Capital Factory killed in a plane crash

Vulnerable News

An Open Letter On Transparent AI Cyber Protections (and More Mythos Madness)

The Mythos conversation has gotten a little ridiculous. At this point, every cybersecurity discussion starts and ends with Mythos, Fable, Project Glasswing and the coming “AI vulnerability apocalypse”.

I've joked that people are treating Mythos like a skeleton key for the internet. I interviewed HD Moore about it, and that's essentially how he described the concern: a model that isn't just good at finding vulnerabilities but is also capable of reliably writing exploit code. That's the capability jump everyone is focused on, not vulnerability discovery by itself. AI has been helping find bugs for a while. The concern is what happens when exploit development becomes dramatically easier and more accessible.

Anthropic's guardrails were so aggressive at launch that researchers were reporting they could barely discuss cybersecurity topics without triggering safety controls. That's what sparked the "Free Mythos" movement. If these models truly represent a step-function increase in capability, some people argue that locking them away behind a small group of approved users creates an unfair and potentially harmful asymmetry. Katie Moussouris and others have gone further, arguing that concentrating access among a privileged few may actually create more risk than it reduces.

Even if Anthropic, OpenAI, and others successfully gate frontier models today, it's hard to see how that remains sustainable. Alex Stamos and others are pointing out that open-source models are advancing rapidly and could reach comparable capabilities in less than a year. If that's true, then much of the current debate becomes temporary by definition. All of the discussions about trusted access programs, Glasswing participants, and restricted model availability may ultimately be overtaken by open models that anyone can download and run. If the capability is coming regardless, the question shifts from containment to preparation.

That's why I keep coming back to the same conclusion. While everyone is debating Mythos, the security industry still has the same problems it had yesterday. We're still seeing supply chain compromises, credential theft, phishing campaigns, malicious browser extensions, and years-old security failures succeeding every day. The AI super hacker hasn't replaced those threats. Cybersecurity didn't suddenly become obsolete. If Mythos-class models eventually make exploitation easier, we'll adapt and deal with that too. But for now, defenders still have vulnerabilities to patch, identities to protect, and incidents to respond to. The vulnerability apocalypse may or may not arrive. In the meantime, cybersecurity still looks a lot like cybersecurity. (read more here, here, and here)

Deepfake attacks surged 50x. Are your security defenses ready?*

We’ve seen deepfake attacks surge 50x, yet 85% of CISOs say they lack GenAI-ready incident response plans. Workforce security is no longer about if you'll be targeted, but whether you're prepared.

Persona verifies employees, contractors, and vendors in seconds — automating identity checks to eliminate manual work and stop impersonation attacks before they spread. Integrate Persona's Workforce IDV solution with your existing security tech stack to verify who’s actually behind every login, device, and network. (read more)

*Sponsored

Accenture Shells Out $4.18B On Three Companies in Big Industrial Cybersecurity Push

This is one of those deals that makes the entire cybersecurity industry stand up and pay attention. Accenture is acquiring a majority stake in Dragos and bringing runZero and NetRise under the same umbrella, creating a combined OT and asset intelligence powerhouse. What makes this story fun for me personally is that these aren't random companies. runZero founder HD Moore is a longtime industry legend who was literally just on my YouTube channel. NetRise founder Tom Pace is someone I run into at the gym. These are companies built by people who have spent years grinding in the security community, and now they're part of a deal valued at roughly $4.2 billion. That's a massive validation not just for the companies involved, but for the broader cybersecurity startup ecosystem. (also both Austin founders!)

I don’t normally cheerlead investment round raises or acquisitions but this one is too close to home and too good for the security community. The founder/creator of Metasploit winning is just a win for all of us. Way to go HD, Tom, Rob and all your teams. (read more)

FortiBleed Leak Exposes Fortinet VPN Credentials for 73,000 Devices

The latest Fortinet stories are a perfect example of why I struggle to get excited about AI-generated exploits, when the industry is still drowning in known vulnerabilities. Researchers uncovered what appears to be a massive credential dump affecting roughly 73,000 Fortinet VPN devices.

The dataset reportedly contains usernames, email addresses, and plaintext passwords, along with organizational details that could help attackers prioritize targets. Some researchers who reviewed the data say they've been able to verify at least some of the credentials as authentic. The most concerning detail is that the information appears to have come from exported FortiGate configurations, raising obvious questions about how attackers obtained them in the first place. Unclear by my money is on an 0day.

At the same time, Fortinet is once again dealing with active exploitation of recently disclosed vulnerabilities. Researchers observed attackers exploiting critical FortiSandbox flaws shortly after patches became available, while older Fortinet vulnerabilities continue to be abused years after disclosure. (read more here and here)

Google Exposes China Espionage Group That’s Been Lurking in Networks Undetected Since 2023

This is the kind of story that actually keeps me up at night, not because it's particularly novel, but because it reinforces something we've been hearing for years from U.S. intelligence agencies and law enforcement. The FBI has repeatedly warned that Chinese threat actors are sitting inside critical infrastructure environments, maintaining access, and in many cases not doing anything immediately disruptive. Google's reporting traces activity back to at least September 2023, with attackers establishing persistence, deploying credential theft tools, upgrading malware, and maintaining access over long periods of time.

What stands out in Google's report is that the tradecraft itself isn't especially exotic. The malware capabilities look familiar: credential harvesting, backdoors, command-and-control infrastructure and data exfiltration. The operators clearly invested heavily in operational security, routing traffic through compromised routers, residential proxy networks, VPS infrastructure and U.S.-based systems to make attribution and detection more difficult.

The part that surprises me is the dwell time. If the earliest known compromises date back to 2023, how do organizations fail to notice activity for that long? Some of that is undoubtedly a testament to the attackers' opsec. But some of it is also the reality that many critical infrastructure operators don't have massive security budgets, dedicated threat hunting teams, or twenty-four-hour security operations centers. These aren't always Fortune 100 companies with unlimited resources. They're often organizations running essential services while trying to manage increasingly complex threats with limited personnel and funding.

Chinese espionage groups aren't succeeding because they have some mythical capability that nobody else possesses. They're succeeding because they're patient, disciplined, and often operating against organizations that can't afford perfect security. (read more here and here)

80% of Organizations Are Sitting on Access They Forgot Existed*

Every company has it. Former employees, old service accounts, permissions that were supposed to be temporary and never got cleaned up.

Opal Security analysed provisioning data across thousands of systems and found that 80% were exposed through stale entitlements. As AI agents start requesting access to more systems, those forgotten permissions can turn into a much bigger problem.

See what AI-ready security teams are doing differently in Opal's 2026 report. (read more)

*Sponsored

Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign

This is one of the more clever ClickFix-style campaigns I've seen lately because it abuses something people already trust: shared AI chats. Researchers found attackers buying ads that redirected victims to publicly shared Claude AI conversations. The victim thinks they're clicking on a helpful AI-generated guide, maybe instructions for installing software or fixing a common problem, but the shared chat has been crafted to display malicious commands. The user follows what appears to be legitimate AI advice, opens a terminal window, pastes the commands, and unknowingly downloads malware. (read more)

Texas Government Data Breach Allowed Hackers to Steal 3 Million Driver’s Licenses and Passports

This Texas breach immediately gets my attention because of the type of data involved. A lot of breach disclosures talk about names, email addresses, phone numbers, and physical addresses being exposed, and honestly, I've become a little numb to those at this point because so much of that information is already floating around online. Driver's licenses and passport data are different. That's identity theft gold. According to reports, attackers accessed data tied to roughly three million records through a Texas government system used to manage licenses and permits. When you start talking about government-issued identity documents, you're talking about the exact kind of information criminals need to convincingly impersonate someone in the real world.

The reason this hits home for me is that I've dealt with identity theft myself. In my case, someone created a physical copy of my driver's license with their photo attached and tried to finance a Corvette in my name. (read more)

I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.

A researcher nearly became the most chaotic villain in sports history. By registering as a FIFA football agent - just uploading your ID to a public portal - you'd get added to FIFA's Microsoft Entra tenant. From there, while the frontend apps dutifully showed "access denied" pages, the backend APIs didn't check anything. The Football Data Platform handed over live RTMP stream keys, camera feeds, and full broadcast controls for every World Cup match. They confirmed it was live by pulling a tactical camera feed into VLC. Every match. Every camera angle. One click from killing a live broadcast. (read more)

152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic

Researchers at Socket uncovered a network of 152 Chrome extensions masquerading as anime-themed live wallpapers that collectively accumulated more than 105,000 installs. Under the hood, they were doing far more than changing your browser background. Built from a shared codebase and distributed across dozens of publisher accounts, the extensions generated fraudulent web traffic, manipulated search activity, performed ad fraud, and included anti-forensics techniques designed to make analysis more difficult.

Chrome extensions are just a thing I’ll never be able to stop talking about. (read more)

Nintendo, Third-Party Program Hit By Cyberattack for $2M Ransom

The interesting part of this story isn't really Nintendo, but the third-party risk angle. According to reports, a ransomware group is demanding $2 million after compromising TinyPulse, a service Nintendo used for internal employee surveys. The attackers claim to have stolen roughly 859 megabytes of data, including employee names, email addresses, survey responses, bank statements, and W-9 forms. Nintendo says its own systems were not compromised and that no customer financial data was accessed. Instead, the exposure appears limited to information held by the third-party provider, much of which Nintendo says is several years old. (read more)

Miscellaneous mattjay

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay