Cyber Briefing – May 14, 2026
TODAY’S TOP 5
CHINA GAINS MAJOR EDGE AMID IRAN WAR: A confidential U.S. intelligence analysis details how China is exploiting the war in Iran to maximize its advantage over the United States across military, economic, diplomatic and other fields, said two U.S. officials who have read the report, The Washington Post reports. The assessment, the officials said, was produced this week for the chairman of the Joint Chiefs of Staff, Gen. Dan Caine, and has raised alarm within the Pentagon about the geopolitical costs of Washington’s standoff with Tehran as President Donald Trump entered high-stakes talks with Chinese President Xi Jinping in Beijing today. Produced by the Joint Staff’s intelligence directorate, the report uses what’s known as a “DIME” framework to assess China’s response to the Iran conflict via four instruments of state power: diplomatic, informational, military and economic.
- Xi warned Trump of a potential conflict if the Taiwan issue is mismanaged, in blunt remarks that punctured an otherwise cordial start to the first trip to China by a sitting U.S. president in nearly a decade, Bloomberg reports. The two leaders spoke for nearly two-and-a-half hours at the Great Hall of the People today, after a welcome ceremony in central Beijing that included honor guards, a formal procession and dozens of children waving flags and cheering enthusiastically. While that meeting was still underway, China released a readout of Xi’s remarks that thrust self-ruled Taiwan into the spotlight. “The Taiwan issue is the most important issue in China-U.S. relations,” Xi said, according to the official Xinhua News Agency. “If mishandled, the two nations will experience collision or even clashes, pushing the entire China-U.S. relationship into a highly dangerous situation.”
- For decades, making it in the U.S. was the ultimate sign of success for China’s best and brightest. Now, many of them are coming home — and the reverse brain drain is fueling Beijing’s efforts to edge out the U.S. in artificial intelligence, robotics and medical research, The Wall Street Journal reports. There is an unprecedented jostling for AI talent among the richest companies and global superpowers that has skyrocketed tech researchers to NBA and Hollywood levels of wealth and spurred a cutthroat recruitment blitz across the industry. It’s not just American CEOs attempting to entice researchers with lavish job offers. (Meta’s Mark Zuckerberg was dangling $100 million pay packages last year.) Recent examples of high-profile AI talent poached by top Chinese tech companies include Wu Yonghui, a former vice president of research at Google who helped develop Gemini and now heads research for TikTok-parent ByteDance’s AI arm, and Yao Shunyu, a former OpenAI researcher who was named Tencent Holdings’ chief AI scientist.
- The walls that once kept Chinese electric vehicles out of the western economies are quickly developing some major cracks, E&E News reports. That’s made the U.S. auto industry and lawmakers nervous that President Donald Trump’s trip to Beijing for a Thursday summit with Chinese President Xi Jinping could accelerate the entry of cheap EVs, wiping out the nascent U.S. EV sector at a time when fuel costs are soaring because of the U.S. war against Iran and rising car prices are souring public sentiment.
- Model extraction, where an actor uses legitimate access to an application programming interface (API) to systematically harvest output from a proprietary ‘teacher’ AI system to train a ‘student’ model, is a widely used and legitimate technique. Frontier AI labs — companies developing the most advanced AI models — routinely distil their models into smaller, cheaper versions for commercial deployment, occasionally licensing others to do the same. The February disclosures, alongside the White House memorandum, signal a shift in how distillation attacks are framed: from isolated acts of commercial espionage to coordinated campaigns with direct implications for the broader U.S.-China strategic competition over AI, Virpratap Vikram Singh writes at the International Institute for Strategic Studies.
CHINA AND ENERGY SUPPLY CHAINS: The United States is in the early stages of a generational energy buildout driven by AI demand and accelerated by hundreds of billions of dollars in public and private investment. Central to this buildout is the digitization of the grid itself: the batteries, power electronics and embedded software that will give America’s electrical infrastructure a digital nervous system capable of the flexibility, responsiveness and adaptive threat management that aging analog systems cannot provide. Deployed well, this digitization will be the foundation for a grid architecture that is more dynamic and more defensible than what it replaces, Phoebe Benich, Dr. Emma Stewart and Harry Krejsa write in a Carnegie Mellon University and Foundation for Defense of Democracies report. Yet even as we race to realize this modernization and expansion, we are dependent on the United States’ principal strategic competitor for the tools to build it. The People’s Republic of China dominates much of what many experts call the “electrotech stack” — the integrated set of hardware and software components central to this buildout that are transforming electricity from a physical flow into something that also can be digitally generated, stored, and directed. That dependence is not only creating a supply vulnerability, but also threatening to undermine the very security advantages that a modernized grid is supposed to deliver.
- Bitdefender Labs tracked a multi-wave intrusion targeting an Azerbaijani oil and gas company from late December 2025 through late February 2026. This research documents expansion of Chinese APT activity against South Caucasus energy infrastructure, attributed with moderate-to-high confidence to FamousSparrow (overlapping with the Earth Estries threat ecosystem). This targeting extends the known FamousSparrow victimology into a region where Azerbaijan’s role in European energy security has materially increased following the 2024 expiration of Russia’s Ukraine gas transit agreement and 2026 Strait of Hormuz disruptions.
- A new wave of cyberattacks has been hitting organizations across Japan and the Asia-Pacific area. These attacks, which began in late September 2025, have been linked by security experts at Darktrace to a China-linked group known as Twill Typhoon, which is using clever tricks to hide its activity by pretending to be well-known services like Apple and Yahoo, Hackread reports. This particular attack was first discovered when several computers started connecting to fake websites designed to look like content delivery networks (CDNs). According to researchers, who disclosed these findings in a report published today, one finance company was targeted in April 2026, where the hackers stayed inside their system for 11 days using addresses like yahoo-cdn.it.com.
LAWMAKERS DIG INTO MYTHOS: The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities, CyberScoop reports. Wednesday brought a closed-door briefing for the House Homeland Security Committee from Anthropic. The chairman of the panel’s cybersecurity subcommittee said he is planning to hold a hearing on the topic. And committee Democrats are requesting a classified briefing with Anthropic. A committee aide who attended the briefing said it included a live demonstration of Mythos, “allowing members to see firsthand how advanced AI can identify and reason through software vulnerabilities. What we saw reinforced the urgency of ensuring that federal agencies, including our civilian cyber defenders, can responsibly access and deploy the most advanced U.S. models to find and patch vulnerabilities before foreign adversaries or criminal actors exploit them.”
- The AI Security Institute released its latest results from GPT-5.5 and Claude Mythos Preview. Since describing their pre-deployment testing of Mythos Preview, AISI received access to a newer checkpoint. This checkpoint delivered stronger cyber results than the previous version, including the first completion of both of AISI’s cyber ranges.
‘STEEPEST GROWTH’ IN ENERGY CONSUMPTION: Annual U.S. electricity consumption will grow more than 55% by 2050, “with the steepest growth concentrated in the current decade,” the National Electrical Manufacturers Association said in a new forecast, Utility Dive reports. The pace of potential growth is quickening as data center expansion plans continue to be announced. NEMA’s analysis is an update to a report it published in April 2025, which forecast 50% consumption growth in the next quarter century. The solution to meeting the new demand lies with grid enhancing technologies, demand response and behind-the-meter resources, the manufacturers group said. Electricity’s overall share of final energy delivered in the U.S. is expected to grow from 18% to 28% by 2050, it said.
- Data centers continue to drive load growth and utility spending outside California and the Northeast, but the triple threat of physics, policy and politics is beginning to constrain some of the industry’s highest aspirations, Utility Dive reports. Executives from American Electric Power, FirstEnergy, PPL and Vistra were among those who highlighted issues in the PJM Interconnection that are slowing resource development, including uncertainty surrounding the grid operator’s backstop procurement process for data centers. Outside of PJM, the CEO of Eversource flatly declared he is “not interested” in data centers, as they are “only going to drive up the price of energy.”
- Seven in 10 Americans oppose constructing data centers for artificial intelligence in their local area, including nearly half, 48%, who are strongly opposed. Barely a quarter favor these projects, with 7% strongly in favor. These results, from a March 2-18 Gallup survey, represent the first time Gallup has asked about data center construction, a topic that has met fierce opposition from local residents in many parts of the country. These data centers house computing equipment that helps power AI technology used by businesses, universities and other institutions. The centers cover large areas of land, require extensive amounts of electricity to operate and need substantial water to cool the equipment, raising concerns about their impact on the environment and local electric bills.
HOW TERRORISTS EXPLOIT MUSIC STREAMING PLATFORMS: A terrorist attack in New Orleans left 15 people dead and more than 30 wounded on January 1, 2025. The perpetrator was an American citizen inspired by ISIS. His online activity on Facebook and audio-sharing platform SoundCloud confirmed his affinity for the terrorist group — he had liked songs and posted his own audio content promoting extremist jihadi views. While audio-sharing sites generally attract less attention than social media and messaging services as an avenue for spreading terrorist ideology, these platforms are used by extremists to spread their messages globally, Sophie McDowall, Ahmad Sharawi and Stefan Videnovic write at FDD. Favorable recommendation algorithms and the ease with which users can upload and repost audio content enable widespread dissemination of extremist rhetoric. The data show the extent of the self-radicalization threat — of the 16 mass-casualty Islamist-inspired attacks in the United States since 2006, social media radicalization played a role in half.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
Cyber defense is entering a machine-speed era. With Mythos and Project Glasswing bringing AI-driven vulnerability discovery and exploit development into the center of the cyber conversation, CrowdStrike’s Drew Bagley says organizations need to prepare for a world where vulnerabilities can be found, chained and exploited faster than traditional patching cycles can handle. Bagley joins Frank Cilluffo on the latest episode of Cyber Focus to explain why this shift is not just about one model, one company or one headline-grabbing project. It points to a broader change in how attackers and defenders will operate: exploit stacks may make once-latent vulnerabilities newly dangerous, critical infrastructure operators may face risks they cannot patch away and unmanaged AI agents inside organizations may become another source of exposure. The answer, Bagley argues, is not panic or patching alone, but continuous discovery, continuous remediation, visibility across the kill chain, AI-powered defense and resilience planning built for a world moving faster than human-speed cyber.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Biothreats
Map: The states monitoring hantavirus exposures after cruise ship outbreak
Several states have confirmed they are either monitoring at least one resident for possible exposure to hantavirus or have at least one resident now in quarantine after being aboard the MV Hondius cruise ship. In one state, health officials have confirmed both scenarios. Earlier this week, 18 passengers from the MV Hondius — 17 Americans and one British dual national — were repatriated from Spain to Nebraska after potentially being exposed to the rare, sometimes deadly virus. Sixteen of those patients are now at the National Quarantine Center, the only one of its kind in the U.S., at the University of Nebraska. Two, including one who was experiencing mild symptoms, were transported to Emory University in Atlanta, Georgia. (THEHILL.COM)
Breaches
Murray County, Tenn., government hit by cyberattack, several offices operating with limits
Murray County Government was impacted by a cyberattack on Wednesday, May 13, causing limited functionality across several county offices. Officials say all first responders, public safety operations, and 911 services remain fully operational. The Murray County Tax Commissioner, Tax Assessor, Probate Court, and Juvenile Court offices will remain closed until the county’s network systems are restored. (LOCAL3NEWS.COM)
Researchers probed for cybersecurity data breach
Prosecutors have expanded an investigation into an alleged data breach at Taiwan’s National Institute of Cyber Security, accusing a senior research official of orchestrating an alleged mass collection and sharing of confidential internal documents containing national security-related information. The institute, which is overseen by the Ministry of Digital Affairs, operates as an independent administrative body tasked with advancing the nation’s cybersecurity capabilities, and helping government agencies respond to major cyberthreats. The breach was discovered when the institute’s main frame malfunctioned earlier this year. (TAIPEITIMES.COM)
Cybercrime
Suspected darknet ‘Dream Market’ admin nabbed in international sting
The suspected main administrator of one of the darknet’s largest illicit marketplaces has been arrested in Germany nearly seven years after the site was shut down. The German man now faces charges in his home country and in federal court in Atlanta for his part in facilitating the sale of heroin, cocaine, and fentanyl. Federal prosecutors say Owe Martin Andresen, 49, operated as the main administrator for Dream Market under the moniker “Speedstepper.” (FOX5ATLANTA.COM)
Health care
OpenLoop health data breach affects 716,000 individuals
On March 24, The HIPAA Journal reported on a data breach at the telehealth platform provider Open Loop Health (see below). The data breach had been reported to regulators, but it can take weeks for the incident to be added to the HHS Office for Civil Rights breach portal and for the scale of the breach to become clear. While the data breach was reported to OCR on March 17, it has only recently been added to the breach portal. That listing shows that the protected health information of up to 716,000 individuals was compromised in the incident. (HIPAAJOURNAL.COM)
Supply chain
TeamPCP claims sale of Mistral AI repositories amid Mini Shai-Hulud attack
Only days after the Mini Shai-Hulud supply chain attack targeted npm and PyPI packages associated with French artificial intelligence company Mistral AI, a threat actor using the TeamPCP identity is now claiming to sell what appear to be internal company repositories and source code on a hacking forum. The forum post, published a few hours ago under the TeamPCP name, advertises roughly 5GB of alleged internal repositories connected to both “mistralai” and “mistral-solutions.” The actor claims the archive contains around 450 repositories covering training systems, fine-tuning projects, benchmarking tools, dashboards, inference infrastructure, experiments, and future AI projects. (HACKREAD.COM)
Transportation
Waymo recalls its 3,800-unit robotaxi fleet over flood risk
Waymo will recall 3,791 robotaxis across the U.S. after federal regulators identified a software flaw that could cause the vehicles to drive onto flooded roads. The National Highway Traffic Safety Administration (NHTSA) said in an announcement that the recall affects both fifth- and sixth-generation systems; Waymo will implement tightened weather-related operational constraints and map updates as interim measures while a full software remedy is developed. The NHTSA filing marks a rare moment of disclosure for a company that typically avoids the exact size of its US fleet figures. By logging every vehicle affected by the software defect, Waymo has in effect published a near-complete count of its active US operations, spanning deployments across Phoenix, San Francisco, Los Angeles, Austin, San Antonio and Atlanta. (AUTOMOTIVEWORLD.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
Amazon quick security flaw allowed restricted users to access AI chat agents
A newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and interact with AI chat agents, despite explicit administrative denial. The issue, discovered by Fog Security researcher Jason Kao, exposes a critical gap between user interface restrictions and backend enforcement in modern AI-integrated cloud services. The vulnerability stemmed from missing server-side authorization checks in Amazon Quick’s Chat Agent API. (GBHACKERS.COM)
Microsoft’s new agentic security system MDASH uncovers four critical Windows RCE flaws
Microsoft Corp. today detailed a new artificial intelligence-powered vulnerability discovery system that uncovered 16 previously unknown flaws in Windows networking and authentication components, including four critical remote code execution bugs patched in this month’s Patch Tuesday release. The system, code-named MDASH for multimodel agentic scanning harness, was built by Microsoft’s Autonomous Code Security team in collaboration with the company’s Windows Attack Research and Protection group. MDASH orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to find, debate and prove exploitable bugs from end to end. (SILICONANGLE.COM)
LatAm vibe hackers generate custom hacking tools on the fly
Threat actors in Latin America have begun to use AI agents to facilitate their entire attack chains, from assisting with initial access to generating penetration tools on the fly — and organizations need to prepare accordingly. Trend Micro’s TrendAI Research team published research concerning two threat actors in the region using AI agents — and specifically vibe-coded hacking, or “vibe-hacking” — to compromise government organizations and other entities. (DARKREADING.COM)
Drones
UAE building massive ‘cope cages’ to protect energy facilities from Iranian drone attacks
Forced to defend against thousands of Iranian drone and missile attacks before and after the ceasefire in the now-paused U.S.-Israel war on Iran, the United Arab Emirates (UAE) appears to have taken a play from Russia and its war with Ukraine in an attempt to secure some of its energy facilities with massive metal ‘cope cages.’ An image posted on X by Israel’s I24 News outlet shows what it claims is caging around oil tanks near Dubai International Airport. In the far-right section of the photo, what appears to be a more complete metal enclosure of some of the fuel tanks can be seen, while in the foreground, construction looks to be taking place on caging for additional tanks. (TWZ.COM)
Hezbollah’s unjammable drones pose new threat to Israel
Israeli troops are confronting a new threat in their fight against Hezbollah in southern Lebanon: camera-equipped explosive drones that feed live video back to their operators via a fiber-optic tether to evade detection and traditional signal-jamming defenses. The unmanned, first-person-view vehicles, cheap to build from commercially available components, have helped the militants rearm despite the loss of a sponsor in Syria and the U.S.-Israeli war on Iran. Since Israel and Hezbollah agreed to a ceasefire last month, the weapons have killed at least four Israeli personnel. (WASHINGTONPOST.COM)
Malware
Hackers hijack HWMonitor to sideload malicious DLL
Hackers are once again exploiting user trust in legitimate software, this time abusing the popular CPUID HWMonitor utility to deliver a stealthy remote access trojan. The malicious archive mimics a legitimate installer, highlighting how trusted tools remain a powerful lure for initial access. The weaponized ZIP archive, distributed via a fake download link, contains the genuine HWMonitor executable alongside a malicious DLL named CRYPTBASE.dll. This setup enables a classic DLL sideloading attack, where the legitimate binary unintentionally loads attacker-controlled code from its local directory instead of the Windows system path. (GBHACKERS.COM)
Vulnerabilities
New Fragnesia Linux kernel LPE grants root access via page cache corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel’s XFRM ESP-in-TCP subsystem. It was discovered by researcher William Bowling of the V12 security team. (THEHACKERNEWS.COM)
Avada Builder flaws expose one million WordPress sites
Two newly disclosed vulnerabilities in the Avada Builder WordPress plugin have placed around one million sites at risk of arbitrary file read and SQL injection attacks. According to analysis from Wordfence published on May 12, the flaws were reported by independent researcher Rafie Muhammad through the Wordfence Bug Bounty Program on March 21. The first issue, tracked as CVE-2026-4782, is an arbitrary file read flaw rated 6.5 on the Common Vulnerability Scoring System (CVSS). (INFOSECURITY-MAGAZINE.COM)
High-severity vulnerability patched in VMware Fusion
The flaw, tracked as CVE-2026-41702 and rated ‘important’ by the vendor, was reported by Mathieu Farrell. An advisory describes CVE-2026-41702 as a time-of-check time-of-use (TOCTOU) flaw that “occurs during an operation performed by a SETUID binary.” “A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed,” the advisory explains. (SECURITYWEEK.COM)
18-year-old NGINX rewrite module flaw enables unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a denial-of-service (DoS) with crafted requests. It has been codenamed NGINX Rift. “NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module,” F5 said in an advisory released Wednesday. (THEHACKERNEWS.COM)
Zero-days
Researcher drops YellowKey, GreenPlasma Windows zero-days
A disgruntled security researcher this week publicly disclosed two zero-day vulnerabilities in Windows that enable BitLocker bypass and privilege escalation. BitLocker, Windows’ built-in full-volume encryption feature, relies on TPM (Trusted Platform Module) to deliver hardware-based security, protecting users’ data from unauthorized access if the device is stolen or lost. On Tuesday, a cybersecurity researcher known as Chaotic Eclipse and Nightmare Eclipse published proof-of-concept (PoC) code that allows an attacker with physical access to a machine running Windows 11 to bypass BitLocker and gain unrestricted access to the storage volume. The exploit has been dubbed YellowKey. (SECURITYWEEK.COM)

ADVERSARIES
China
New York man convicted after opening Chinese police station
A federal jury convicted a U.S. citizen on Wednesday of acting as an unregistered foreign agent for his part in establishing a police station in New York on behalf of Chinese authorities, the government’s second win this week alleging Americans secretly worked for Beijing. The Brooklyn jury found Lu Jianwang guilty on one of two federal counts related to acting as an unregistered foreign agent of China and one count of obstructing justice by destroying evidence. Prosecutors said Lu conspired with officials in China’s Ministry of Public Security to open a police station in a Manhattan Chinatown community center where he held a leadership role. (WSJ.COM)
Iran
Iranian hackers targeted major South Korean electronics maker
The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. Among the victims are a major South Korean electronics manufacturer, government agencies, an international airport in the Middle East, industrial manufacturers in Asia, and educational institutions. Researchers at Symantec say that the threat actor “spent a week inside the network of a major South Korean electronics manufacturer in February 2026.” (BLEEPINGCOMPUTER.COM)
Russia
Russian attacks on Polish water utilities use fear as a weapon
A spate of pro-Russian hacktivists attacks against Polish water facilities have illuminated a debate about the best way to defend water utilities and other critical service providers below the cyber poverty line, meaning they face a threat that they cannot afford to defend against. None of the five known intrusions impacted the water supply of the targeted facilities, but the hacks – confirmed by Warsaw’s Internal Security Agency as pro-Russian incidents – are part of Kremlin campaign of hybrid warfare against NATO’s Eastern flank. Some of the attacks had been reported by local cybersecurity news outlets or publicly referenced by Polish officials. (GOVINFOSECURITY.COM)

GOVERNMENT AND INDUSTRY
Artificial intelligence
States move to formalize AI governance as adoption expands, report finds
As state agencies continue experimenting with generative artificial intelligence tools, a growing number are building formal governance frameworks to manage the technology’s risks and opportunities, according to a report published last month by the UC Berkeley School of Information. Eric Hysen, a former chief information officer of the Department of Homeland Security, argues in the report that AI governance is quickly becoming a core part of states’ IT operations, rather than a standalone policy exercise. The report found that 43 states have established some AI governance, but with wide variations in scope, structure and transparency. (STATESCOOP.COM)
Most organizations now use AI agents for sensitive security tasks
The majority (93%) of global organizations use or plan to use AI agents for security tasks such as password resets and VPN access despite the potential for serious breaches and data leaks, according to Semperis. The security vendor polled 1100 organizations in the US, UK France, Germany, Spain, Italy, Singapore and Australia to produce its State of Identity Security in the AI Era study. As well as using agents for sensitive security work, or planning to within 12 months, the majority (92%) of respondents admitted AI is installed on at least some local machines with access to SSH and encryption keys, further exposing them to security risk. (INFOSECURITY-MAGAZINE.COM)
Dominating AI requires understanding AI
OPINION: A fundamental tension previously defined the artificial intelligence (AI) policy landscape: Proposals for the government to oversee testing and evaluation of frontier AI models were regarded as antithetical to rapid development and diffusion of the latest and greatest AI. This perceived trade-off split AI stakeholders into two camps: so-called doomers and accelerationists. The former lobbied for variants of predeployment testing of models by the government or some third party. The latter, including the Trump administration, advocated for American “global dominance” through limited government intervention until evidence indicated that existing law proved unable to steer AI efforts toward the nation’s broader economic and national security goals. That era of AI policy looks like it has come to an end. (LAWFAREMEDIA.ORG)
Data
OMB plans to make IT contract data collection public, per federal CIO
The Office of Management and Budget plans to make public at least some of the technology contract data it’s collecting from agencies, per the government’s top IT official. Under a March memo, certain chief information officers are required to update OMB each month on contracts they or their subordinates have approved. That same memo also mandates data collection about pricing and agency use of services from vendors themselves. The memo received some positive reception as a possible method to better inform procurement decisions, but a common critique was that it provided no assurances the information would ever be transparently published. (FEDSCOOP.COM)
Defense
Marine Corps mandates ‘Basic AI’ training course for all troops
All active-duty Marines and reservists must complete a new Basic AI Course before the end of the calendar year, according to a MARADMIN message released May 8. The announcement comes amid a broader push by the Marine Corps, and the Defense Department writ large, to accelerate the adoption of artificial intelligence capabilities for warfighting and back-office functions. One of the strategic goals outlined in the Corps’ AI implementation plan, released last year, is to develop an “AI competent workforce.” (DEFENSESCOOP.COM)
West Pointers can be trained to better evaluate, appreciate AI, study finds
Although Americans generally trust AI less than, say, Chinese people, they are often willing to accept a chatbot’s wrong answers. As Pentagon leaders push broader use of such tools, a new paper offers some reassuring news: West Point cadets can be trained to be more appropriately skeptical of AI’s output — while remaining broadly optimistic about its potential. Researchers from Georgetown University, the University of Pennsylvania, and the U.S. Military Academy published a paper last week comparing 236 West Point cadets to a demographically similar sample of 702 members of the public. The paper explores automation bias — humans’ tendency to over-rely on automation — and algorithm aversion, an inclination to “prematurely distrust automated outputs in ways that increase the risk of accidents or mistakes.” (DEFENSEONE.COM)
Cyber operations aren’t slow — our thinking is
OPINION: In cyber, 30 minutes might as well be 30 seconds. As a cyber operator, I have lived moments like that more times than I can count over 20 years — hostage recoveries, counter-terrorism missions, combat operations, and embassy evacuations. In every case, lives hung in the balance and time determined the outcome. Too often, what throttled U.S. Cyber Command’s ability to contribute wasn’t skill or technology. It was a force design inherited from the National Security Agency’s intelligence culture — one built around patience, not speed, where operations unfolded over months and years rather than minutes. Breaking through that inheritance requires three things: Understanding why the current model is too slow, rethinking how the force is built and trained, and pushing authority down to where it can actually be used. (WARONTHEROCKS.COM)
Drones
DHS plans experiment running ‘reconnaissance’ drones along the U.S.-Canada border
The U.S. Department of Homeland Security, in collaboration with the Defense Research and Development Canada, is looking to send autonomous drones and vehicles along the US-Canada border this fall, testing which products can stream surveillance video and sensor data between the two countries using commercial 5G networks. A new DHS call for participants frames the experiment, known as ACE-CASPER, as a multiday exercise “simulating a national emergency response scenario,” with drones and ground vehicles relaying live feeds to a bi-national command-and-control center as they cross the border. Vehicle autonomy, the document notes, is secondary to its primary aim: demonstrating “resilient, persistent 5G communications.” (WIRED.COM)
Military snipers are being put out of a job by drones
A Ukrainian special-forces sniper claimed a world record in late 2023 with a shot that hit a Russian officer almost 2½ miles away. These days Vyacheslav Kovalskiy has a new job: supporting drone pilots. He hasn’t been out to shoot in more than a year and a half. Small drones that are cheap and can be rigged with explosives have changed the face of warfare in Ukraine, pushing some traditional military roles down the billing. Spotters who call in artillery strikes are no longer needed. Tank crews have lost their swagger as their vehicles are top targets for aerial craft. (WSJ.COM)
Health care
GAO: VA should fully implement federal security requirements and improve performance reporting
The Government Accountability Office reviewed security at VA medical facilities. Most of the 74,700 crimes committed at these facilities in FYs 2024 and 2025 were nonviolent. These crimes included disorderly conduct, theft, and drug offenses. In covert tests, VA staff didn’t detect a prohibited weapon that our investigators carried into 30 facilities—two of which had metal detectors. In 25 of 26 covert tests, VA staff didn’t confront an investigator appearing to drink alcohol in plain view, which is generally prohibited at VA facilities. GAO recommended ways for VA to address security at its medical facilities. This could help provide a safer environment for veterans and staff. (GAO.GOV)
Utah moves ahead with AI-powered Rx refills despite pushback
The state of Utah is forging ahead with a pilot program that allows patients with chronic conditions to autonomously refill medication prescriptions using an artificial intelligence-powered telehealth platform despite opposition from its state medical licensing board. The state in January launched the pilot, “a first of its kind in the U.S.,” with Doctronic, a New York-based telehealth company that touts itself as being an “AI doctor.” Under the Utah pilot, the Doctronic AI platform can legally refill 190 common medications for chronic health conditions. (HEALTHCAREINFOSECURITY.COM)
Leadership
Senate confirms Raman to lead NIST
The Senate confirmed Arvind Raman as the next director of the National Institute of Standards and Technology (NIST) and under secretary of commerce for standards and technology on Tuesday. Raman’s nomination was confirmed by the Senate under a resolution including nearly 50 different nominations for positions across federal agencies and federal judiciary branches. He was nominated by Trump in October 2025. During his Senate confirmation hearing in March, Raman advanced largely on a party line vote of 16-12. (MERITALK.COM)
Nuclear
Nuclear Regulatory Commission updates processes to meet new demands
Federal efforts to accelerate nuclear energy development are starting to pay off, government and industry experts say, as the Nuclear Regulatory Commission works through mandated updates to licensing processes and its mission. The commission is responding to two actions: a 2024 law directing the NRC to develop processes that expedite the review and licensing of nuclear reactors and fuels, and a series of executive orders on nuclear energy from President Donald Trump almost a year ago, including one ordering structural and cultural changes at the NRC. In the past month, new NRC Chairman Ho Nieh has made the rounds on the Hill and elsewhere to describe a “sea change” within the agency that he says will enable increased efficiency in nuclear energy development without losing focus on safety issues. (ROLLCALL.COM)
Ransomware
Over half of CISOs would consider paying ransom to hackers
In the event of being hit by a ransomware attack, over half of cybersecurity leaders would consider paying the ransom demand to cybercriminals to end the incident and restore systems faster, according to newly released figures. Published on May 13, the report by Absolute Security suggested that 58% of CISOs would realistically think about paying the ransom, if that is what it took to help restore systems encrypted in a ransomware attack. The research suggested that CISOs in the US are more likely to consider paying a ransom demand, at 63%, than their counterparts in the UK, at just 47%. (INFOSECURITY-MAGAZINE.COM)
Regulations
UK moves to shield security researchers in cybercrime law overhaul
The British government announced Wednesday it will rewrite key cybercrime laws after years of warnings that outdated legislation was hindering security researchers and weakening the country’s cyber defenses. The proposed reforms, outlined in briefing documents published alongside the King’s Speech opening a new parliamentary session, would update the Computer Misuse Act 1990 as part of a broader national security package focused on cybercrime and digital threats. While the nature of the rewrite has not been set out, in opposition the Labour Party had proposed a legal amendment that would have introduced a public interest defense for hackers. This was not passed at the time. (THERECORD.MEDIA)
EU could propose social media ban for children this summer, von der Leyen says
European Commission President Ursula von der Leyen said on Tuesday the EU could propose a bloc-wide social media ban for children as early as this summer, amid mounting pressure from member states to strengthen online protections for minors. Support for stricter controls has grown in recent months, with France, Spain, Greece and Denmark leading calls for measures to shield children from what governments describe as addictive online platforms. (EURONEWS.COM)
Space
7,800 interceptors in space at core of $1.2 trillion Golden Dome cost estimate
It could cost nearly $1.2 trillion to develop, field, and operate a new missile defense shield like the one the Trump administration proposes to establish under its Golden Dome initiative, according to a new estimate. Deploying and sustaining a constellation of 7,800 space-based anti-missile interceptors accounts for more than 60 percent of that projected price tag. This puts a particular spotlight on the potential costs of what is arguably viewed as the most critical and controversial aspect of the Golden Dome plan. At the same time, even with this grand investment, the ability of the space-based interceptor layer would only be able to engage 10 targets simultaneously, according to the Congressional Budget Office (CBO). (TWZ.COM)
NASA provides some details about Artemis III, but hard decisions remain
NASA announced Wednesday that it will fly the Artemis III mission in low-Earth orbit and that it continues to target 2027 for this stepping-stone flight that will help land humans on the Moon. The space agency chose the orbit close to Earth — as opposed to a higher orbit — because it would preserve the final remaining Interim Cryogenic Propulsion Stage for launching the Artemis IV landing mission later this decade. Instead, NASA will use a “spacer” to simulate the mass and overall dimensions of an upper stage but without propulsive capabilities. (ARSTECHNICA.COM)
LEGISLATIVE UPDATES
Senators warn against ‘unilateral changes’ to Taiwan policy
As President Donald Trump arrives in China, a group of bipartisan senators is writing to Secretary of State Marco Rubio to pledge their support for the Taiwan Relations Act allowing defense weapons sales to the self-governing island amid rising threats from Beijing. They’re also warning against “unilateral changes to this policy” or “any new declaratory policy on Taiwan.” The letter, spearheaded by Sens. Michael Bennet (D-Colo.) and John Curtis (R-Utah) and shared first with Semafor, reminds Rubio that he “consistently demonstrated strong support” for US-Taiwan relations when he served on Capitol Hill. (SEMAFOR.COM)
Congress confronts new questions about U.S. stockpiles, Iran firepower
Defense Secretary Pete Hegseth’s appearance before House and Senate appropriators on Tuesday hasn’t settled the debate in Congress over two mounting questions about the Iran war: whether U.S. stockpiles are dangerously low and how much firepower Tehran maintains. Democratic lawmakers on Wednesday remained dubious of Hegseth’s claims that the U.S. military’s weapons stockpiles remain strong more than two months into the war, with the Pentagon chief this week on the attack to refute anyone who says otherwise. (THEHILL.COM)
Senate’s crypto drama comes to a head
The Senate Banking Committee will at last mark up its long-awaited overhaul of cryptocurrency regulation on Thursday morning following months of debate over divisive issues like stablecoin rewards, illicit finance, and ethics language. Despite aggressive lobbying by unlikely bedfellows including banks, unions, and cops, Republicans already amassed enough support to advance their latest text without Democrats on Wednesday, when Sen. John Kennedy (R-La.) ultimately fell in line. (SEMAFOR.COM)
ALERTS AND ADVISORIES
Cross-sector alert on copper wire theft from electric vehicle charging stations
Electric vehicle (EV) charging station wires are made with copper, making the cables a target for thieves who want to sell the copper wires for profit. The damage to EV charging stations from copper wire theft is costly to repair and, when experienced at a large scale, can threaten public safety and disrupt transportation, energy systems, and other critical infrastructure. This Cross-Sector Alert provides information on the safety concerns with a damaged EV charging station and how to identify and respond to copper wire theft from EV charging stations. The alert is for law enforcement, first responders, recycling centers, and other entities that work with EV charging stations. (CISA.GOV)
Software bill of materials for AI – minimum elements
A software bill of materials (SBOM) acts as an “ingredients list” for software that better positions organizations to understand their supply chains and make risk-informed decisions about how to protect their critical systems. The guidance builds on CISA’s previous work with federal and international partners to establish a shared vision for a software bill of materials and provides recommendations on minimum elements that should be included in an SBOM for AI. Because AI systems are software systems, these recommendations should be considered in addition to the general minimum elements for an SBOM. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
ENERGY: The grid was historically planned by utilities and regulators and financed by ratepayers. Now, rapid load growth from data centers, electrification, and reshored manufacturing has large customers stuck in interconnection queues and pushing for reform. Join the CSIS Energy Security and Climate Change Program on May 15 for a conversation with Travis Fisher and Daniel Palken on competing visions of the U.S. power grid and its policy future.
RUSSIA: Russia’s growing influence and engagement in Africa is a significant and often overlooked dimension of global great power competition. Join the Center for a New American Security (CNAS) on May 18 for a virtual panel discussion on this topic to mark the release of a new report, Beyond the Sahel: Russia’s Toolbox for Influence in Africa, by Kate Johnston and Valeria Allende, with Isabel Dlabach. This report looks at Russia’s activities in key states in Africa—Egypt, Ethiopia, Nigeria, and South Africa.
SECURITY POLICY: Congressman Michael McCaul has been at the center of Congress’s foreign policy debates over the past two decades, first as chairman of the House Homeland Security Committee and later as the chairman of the House Foreign Affairs Committee. As Chairman Emeritus McCaul prepares to leave Congress and begin a new chapter of his service to the nation, please join Mariano-Florentino (Tino) Cuéllar, president of the Carnegie Endowment for International Peace, for a May 20 conversation with the congressman reflecting on his legacy on Capitol Hill, his views on the future of American global leadership, and the lessons that his career offers to the next generation of policymakers.
AI AND MENTAL HEALTH: AI is becoming a go-to source of mental health support for young people. But is it safe? In this May 27 Policy Lab, RAND’s Ryan McBain examines both the promise and the risks of this growing trend — and what it might take to ensure chatbots are safe for adolescents.
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS