The first fully autonomous AI ransomware attack has been confirmed, a DHS information-sharing platform was breached, and median breach costs have doubled since 2019. Today's briefing covers JadePuffer, FatFs IoT flaws, the NetNut botnet takedown, Scattered Spider's latest arrest, and more.
Audio is available on Spreaker — see link below.
Anthropic's Fable five and Mythos five models are back online after the Trump administration lifted its AI export controls this week. But here's the immediate problem: users aren't getting the same models back.
While the AI policy debate plays out at the policy level, something significantly more dangerous emerged on the operational side. The first fully documented agentic AI ransomware attack has been confirmed.
Separately, seven high-severity vulnerabilities were disclosed in FatFs, a filesystem library embedded in millions of IoT devices. Cameras, drones, crypto wallets, industrial controllers, all potentially exposed.
Google disrupted the NetNut botnet this week, a network of more than two million compromised Android devices used as residential proxies. The operation, linked to Israeli firm Alarum Technologies, was running across three hundred and sixteen threat clusters in June alone, primarily for password-spray attacks and lateral movement.
There's an uncomfortable irony in the same week that DHS launched ANCHOR-CI, its new cross-sector critical infrastructure coordination body designed to replace the shuttered CIPAC. The announcement signals a genuine attempt to rebuild federal cybersecurity coordination after significant staffing losses.
Two more data points that belong together. Breach costs have doubled since twenty nineteen.
The watchpoints coming out of this cycle are clear. Whether Anthropic's model degradation is permanent will tell us something important about how export-control negotiations actually shape AI capability, not just access.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.