Cyber Briefing – May 4, 2026
TODAY’S TOP 5
DEFENSE PACTS WITH AI COMPANIES: The Defense Department has completed agreements with eight technology companies, including many of the industry’s biggest, to use their artificial-intelligence capabilities in classified settings, boosting the Pentagon’s efforts to gain access to cutting-edge AI tools, The Wall Street Journal reports. The department said Friday it was now capable of using in classified settings the technology and models from ChatGPT maker OpenAI, Alphabet’s Google, Elon Musk’s SpaceX, Microsoft, Amazon, Oracle, Nvidia and a startup, Reflection AI. SpaceX owns Musk’s AI company, xAI. While some of the companies, including OpenAI and SpaceX, had initial deals with the Pentagon agreeing to have their AI tools used by the military in all lawful scenarios, completing the contracts is an important step toward embedding them in day-to-day operations. The deals show how much of Silicon Valley is agreeing to the Defense Department’s terms in a way that Anthropic didn’t when it rejected the Pentagon’s contract earlier this year in what spiraled into a monthslong feud. The deals also highlight how the Pentagon is racing to incorporate AI into its systems.
- Department of Defense CTO Emil Michael on Friday said Anthropic is still a supply chain risk, but that Mythos, the company’s artificial intelligence model with advanced cyber capabilities, is a “separate national security moment.” Michael told CNBC’s “Squawk Box” on Friday, “I think the Mythos issue that’s being dealt with government-wide, not just at Department War, is a separate national security moment where we have to make sure that our networks are hardened up, because that model has capabilities that are particular to finding cyber vulnerabilities and patching them.”
- The United States has “a tight time window to adapt” to the “civilizational” challenge of AI, according to a former senior Pentagon thinker who’s joining Anthropic as a “strategist-in-residence,” Defense One reports. James Baker led the Defense Department’s Office of Net Assessment — often referred to as the “Pentagon’s Think Tank” — from 2015 to 2025, when it was temporarily closed by the Trump administration. At Anthropic — the AI company now amid a six-month withdrawal from federal service, as ordered by President Trump — Baker will to lead analysis of how AI is affecting U.S. institutions and competition with China, the company announced Friday.
- A recent cyber wargame with senior tech industry executives has the U.S. Army considering more autonomy for AI “agents,” especially in wartime, including development of a “risk continuum” policy for when it might have to let agentic AI watchdogs off the leash, Breaking Defense reports. “Should the degree of human involvement vary based on the situation we’re in?” Brandon Pugh, principal cyber advisor to Army Secretary Daniel Driscoll, told reporters. “If we’re facing a slew of cybersecurity attacks against us in a time of conflict, perhaps there’s a different risk appetite than in normal peacetime.” Officially called “AI Table Top Exercise 2.0” (AI TTX), last week’s wargame deliberately presented its participants with a dire scenario: It’s 2027, and a crisis in the Indo-Pacific has escalated into a cyber war against U.S. military networks. Participants included executives from 14 tech companies as well as the inter-service U.S. Cyber Command.
- At Small Wars Journal, USAR Capt. Scott Pleasants examines how artificial intelligence may be weaponized to manipulate trusted information systems, accelerate cyber operations and destabilize civilian infrastructure. Drawing on recent cyber incidents — including attacks on critical infrastructure, supply chains and national energy systems — he highlights how AI-enabled threats could affect governance, public trust and stability operations. Particular attention is given to the implications for Civil Affairs forces, which operate at the intersection of governance, infrastructure and civilian populations.
AN AGI RIDEOUT STRATEGY TO REDUCE STRATEGIC RISKS: An all-out race toward artificial general intelligence (AGI), driven by expectations that the first state to achieve AGI will enjoy an overwhelming and enduring first-mover advantage over its geopolitical rivals, poses serious national security risks for the United States. Drawing inspiration from strategic developments that stabilized the superpower nuclear rivalry during the Cold War, David R. Frelinger and Karl P. Mueller describe at RAND an AGI Rideout strategy that seeks to deter artificial intelligence (AI)–fueled conflict and avoid disrupting U.S. technological progress by increasing the resilience of the AI ecosystem and developing capabilities to counter rapidly evolving adversary AI-enabled military capabilities that could lead to aggression and escalation. AGI Rideout is not a strategy for winning the race to advanced AI or restricting the pace of progress toward it. Instead, the authors argue that the United States should prioritize measures to avoid strategic disaster on the path toward AGI, regardless of the course it takes, and maximize decisionmakers’ long-term options in a world with advanced AI.
- As AI development concentrates in the United States and China — the two countries command over 90 percent of global computing power — middle powers face mounting pressure to align with one ecosystem or the other. From a geo-economic perspective, the choice for middle powers can appear stark: secure access through alignment or risk falling behind. Given the scale and speed of AI development, presumably middle powers may be best served by bandwagoning with a greater power, Darcie Draudt-Véjares and Seungjoo Lee write at the Carnegie Endowment for International Peace. South Korea illustrates this distinction, both in industrial and geopolitical terms. As an advanced industrial middle power with a key position in global technology supply chains, it has long navigated asymmetric relationships by anchoring its security in the United States while sustaining essential economic ties with China.
- Across the country, states are leveraging AI to transform the administration of public services. AI has moved from a one-time modernization tool to an institutional journey that spans agencies and departments. The new Code for America’s 2026 Government AI Landscape Assessment builds upon last year’s analysis while taking a closer look at how AI is being used to help eligible people find, apply for, and receive benefits. This new research, based on an updated rubric for 2026, includes an interactive visualization that illustrates where states stand on their AI journeys across four key stages.
NEXT CISA NOMINEE?: Tom Parker, a security services lead at IBM with some two decades of experience in the cybersecurity industry, has emerged as a potential contender to lead the Cybersecurity and Infrastructure Security Agency after the most recent nominee withdrew himself from consideration for the role, according to five people familiar with the matter, Nextgov/FCW reports. Parker does not have prior government experience. As of now, he is the preferred choice for the Trump administration, one of the people said. Homeland Security Secretary Markwayne Mullin has been favoring a CISA director with only private sector experience, another one of the people said. All sources spoke on the condition of anonymity because they weren’t authorized to publicly communicate details concerning the administration’s thinking. Some of the people cautioned that the process is fluid and that the White House may go in a different direction.
- Lt. Gen. Douglas A. Schiess has been nominated by President Donald Trump to become the next Chief of Space Operations, the top uniformed leader in the U.S. Space Force. The decision was published in a congressional notice posted April 30, Air and Space Forces Magazine reports. If confirmed by the Senate, Schiess would become the third Chief of Space Operations and succeed Gen. B. Chance Saltzman in the job later this year. Saltzman took charge of the Space Force in September 2022, just three years after the service was created. Service chiefs are appointed to four-year terms but serve “at the pleasure of the president,” meaning their time in the role can sometimes be longer or shorter.
CHINA’S WAR WOLVES FROM COMMERCIAL TECH TO COMBAT POWER: China is not just modernizing its military. It is reimagining how future wars will be fought. The People’s Liberation Army’s (PLA’s) embrace of “intelligentized warfare” reflects a systematic effort to integrate artificial intelligence (AI), robotics, and unmanned systems into frontline operations. Robotic quadrupeds — often described in Chinese reporting as “robotic wolves” — sit at the center of this shift. These robots are not propaganda props. They offer a clear window into how China is converting commercial innovation into combat power, Craig Singleton and Jack Burnham write at FDD. The PLA’s robotics strategy matters because Taiwan is the most plausible test case for many of these cutting-edge systems. A cross-strait conflict would force the PLA to confront its hardest operational problems: contested littorals, dense urban terrain, degraded communications environments, and the threat of high casualties in the opening phase of combat. Semi-autonomous and autonomous platforms could shape whether the PLA sustains operational momentum or stalls when it matters most.
- As President Trump tries to sort out his next steps on the Iran war, China is taking its own actions to ensure that it benefits from whatever outcome eventually emerges, The New York Times reports. China is prodding Iranian officials to negotiate with the United States, while also quietly allowing its companies to give Iran commercial support that could help Iran’s military if Mr. Trump dives back into a full-blown war. The Chinese government has not taken a strong position on the war. It has multiple goals and acts with caution, so it is hedging, officials and analysts say.
WILL DRONES REALLY WIN THE NEXT WAR?: Western defense establishments, perhaps facing industry pressure or falling prey to narratives about drone dominance, appear to be doubling down on propeller-based unmanned aerial systems for both offensive and counter-drone operations, despite physical ceilings that adversaries can exploit and outmaneuver. If NATO’s adversaries achieve meaningful progress in scaling production of turbojet drones and solid-fuel missiles, thus driving down their per-unit cost — while laser technologies mature into a credible defense against the full spectrum of aerial threats — propeller drones will no longer be the versatile, game-changing platform they are made out to be in today’s media coverage, Vitaliy Goncharuk writes at War on the Rocks. In the wars of the near future, they will be neither decisive in offense nor sufficient in defense.
| OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE |
| WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions |
CYBER FOCUS PODCAST
(Watch on YouTube or click the player above)
America is asking more from its critical infrastructure just as adversaries are finding more ways to target it. AI, data centers, electrification and next-generation energy systems all depend on operational technology — the control systems that keep power, water, transportation and industry moving. As that backbone grows more connected, the stakes of securing it grow even higher. In this episode of Cyber Focus, Frank Cilluffo speaks with Zach Tudor, Associate Laboratory Director at Idaho National Laboratory, about how INL tests and secures critical infrastructure at scale. Tudor explains why resilience must guide infrastructure defense, what Ukraine and China reveal about the risks facing critical infrastructure, and why cyber-informed engineering is essential as new technologies move into energy, nuclear, wireless and industrial systems. The conversation also covers AI’s role in control environments, the workforce needed to secure future infrastructure and the challenge of moving faster before a major event forces action.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
Trellix discloses the breach of a code repository
Trellix revealed a breach that allowed unauthorized access to part of its source code repository. The company said it quickly launched an investigation with forensic experts and notified law enforcement. While the exact data accessed remains unclear, Trellix stated there is no evidence that its source code has been altered or exploited. “Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it. We have also notified law enforcement.” reads the update published by the security firm. (SECURITYAFFAIRS.COM)
Education
Edtech firm Instructure discloses data breach amid hacker leak threats
Education technology company Instructure over the weekend scrambled to restore services affected by a cyberattack that also resulted in a data breach. Based in Salt Lake City, Utah, the edtech firm is best known for Canvas, one of the most widely used learning platforms across educational institutions and other organizations. Disclosed on April 30, the cyberattack was blamed for “disruption to tools relying on API keys” and was largely addressed by Sunday, May 3, when access to the Canvas Data 2 platform was restored. (SECURITYWEEK.COM)
Social media
30,000 Facebook accounts hacked via Google AppSheet phishing campaign
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000 Facebook accounts are estimated to have been hacked as part of the campaign. “What we found wasn’t a single phishing kit,” security researcher Shaked Chen wrote in a report. (THEHACKERNEWS.COM)
Telegram Mini Apps abused for crypto scams, Android malware delivery
Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. A new report by CTM360 says the platform, dubbed FEMITBOT, is based on a string found in API responses and uses Telegram bots and embedded Mini Apps to create convincing, app-like experiences directly within the messaging platform. Telegram Mini Apps are lightweight web applications that run inside Telegram’s built-in browser, enabling services such as payments, account access, and interactive tools without requiring users to leave the app. (BLEEPINGCOMPUTER.COM)
Supply chain
Poisoned RubyGems and Go modules exploit CI pipelines for credential theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account “BufferZoneCorp,” which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of writing, the packages have been yanked from RubyGems, and the Go modules have been blocked. (THEHACKERNEWS.COM)
Zero-day
Over 40,000 servers compromised in ongoing cPanel exploitation
More than 40,000 servers have likely been compromised as attackers ramp up exploitation of a recently patched cPanel zero-day. As part of the ongoing campaign, non-profit organization The Shadowserver Foundation says threat actors are exploiting CVE-2026-41940, a critical authentication-bypass vulnerability in cPanel & WebHost Manager (WHM), a server and site management platform. Disclosed on April 28, the security defect provides unauthenticated attackers with administrative access to cPanel, allowing them to take over the host system and compromise all configurations, databases, and websites the platform manages. (SECURITYWEEK.COM)
WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit
THREATS
Artificial intelligence
British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery
Britain’s cyber agency warned Friday that organizations should prepare for a surge of urgent software updates as artificial intelligence accelerates the discovery of security flaws, raising the risk of widespread exploitation. In a blog post, Ollie Whitehouse, chief technology officer at the National Cyber Security Centre (NCSC), said the use of AI tools “by sufficiently-skilled and knowledgeable individuals” is increasing the likelihood that vulnerabilities will be identified and exploited at scale. Whitehouse said that as large numbers of previously hidden flaws are uncovered in quick succession, companies and governments will be forced to update systems at speed. (THERECORD.MEDIA)
If AI’s so smart, why does it keep deleting production databases?
The deletion of a company’s entire database at the hands of an AI agent should not be seen as an outlier, but rather a possible outcome for any organization. “It took 9 seconds,” wrote Jer Crane, founder of PocketOS, which provides AI-powered management tools to car rental companies. In an article posted to X, he explained how an AI coding agent (Cursor running Anthropic’s Claude Opus 4.6) deleted the company’s production database as well as “all volume-level backups in a single API call to Railway, our infrastructure provider.” PocketOS provides AI-powered management tools to car rental companies. (DARKREADING.COM)
Phishing
Phishing attacks are evolving as cyber criminals ramp up ‘multi-channel’ campaigns over email and Microsoft Teams
Security researchers have issued a warning over a “seismic shift” in how threat actors are conducting phishing campaigns, with traditional email-based attacks no longer the primary vector. KnowBe4’s Phishing Threat Trends Report found hackers are leveraging new “touchpoints” when targeting victims, with calendar invites and messaging tools now frequently used. Indeed, across the last year, the company recorded a 49% increase in calendar invite-based phishing attacks, while Jack Chapman, SVP of Threat Intelligence at KnowBe4, said the report shows “the inbox is no longer the only frontline for coordinated social engineering attacks.” (ITPRO.COM)
ConsentFix v3 attacks target Azure with automated OAuth abuse
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums as an improved technique that automates attacks against Microsoft Azure. The first version of ConsentFix was presented by Push Security last December as a variation of ClickFix for OAuth phishing attacks, which tricks victims into completing a legitimate Microsoft login flow via the Azure CLI. Using social engineering, the attacker fooled victims into pasting a localhost URL containing an OAuth authorization code that can be used to obtain tokens and hijack the account without passwords, despite multi-factor authentication (MFA). (BLEEPINGCOMPUTER.COM)
Ransomware
Paying ransom won’t help as VECT 2.0 ransomware destroys data irreversibly
A major coding error in the VECT 2.0 ransomware is permanently destroying victim data, leaving no way for files to be recovered even if the ransom is paid. New findings from Check Point Research (CPR) and Halcyon reveal that while the hackers behind the project tried to build a professional-looking tool, their basic mistakes have turned this ransomware into a wiper that simply ruins data. “Vect is a Ransomware-as-a-Service (RaaS) operation whose encryption implementation for Windows, Linux, and ESXI variants contains critical flaws that may render decryption and ransom payment ineffective for data recovery,” Halcyon researchers explained. (HACKREAD.COM)
Vulnerabilities
New Apache MINA vulnerabilities open door to remote code execution attacks
The Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized code remotely. The development team has successfully patched these issues in the newly released Apache MINA versions 2.2.7 and 2.1.12. Apache MINA is a widely used framework for building high-performance network applications. Interestingly, these vulnerabilities were initially intended to be resolved in a previous update. (GBHACKERS.COM)

ADVERSARIES
China
China
45,000 attacks, 5,300-plus backdoors tied to China-linked cybercrime operation
The SOCRadar Threat Research Team has discovered a massive, automated cybercrime setup linked to threat actors based in China. This operation uses a central backend called Paperclip and an agent-based workflow system known as OpenClaw. Using these tools, the hackers run their campaigns like a business, with a step-by-step workflow that starts with Planning, followed by Review, Dispatch, Recon, Scan, Validate, and ends with a Report on the stolen data. The details of this research were shared with Hackread.com. (HACKREAD.COM)
Great power conflict concerns spurs stockpiling
Beijing is ramping up stockpiles in energy, food, minerals and other strategic materials. Officials and high-level experts explicitly tie the need for a new national energy security system to deepening great power competition with the United States, not just a more volatile external environment. The 15th Five-Year Plan went beyond previous plans in its discussion of self-reliance and stockpile projects, and also for the first time in the Xi era refers to building up a “strategic hinterland.” As a net energy importer, Beijing is keen to expand and protect “strategic corridors” for ensuring continued access to energy and other materials in the event of a conflict or emergency. Opening up to One Belt One Road partner countries is seen as key to this strategy. (JAMESTOWN.ORG)
The political limits of China’s AI diffusion ambitions
OPINION: In a 2025 ruling, a Chinese court ruled that replacing a worker with AI is not valid grounds for dismissal and that firms must first attempt contract renegotiation, retraining, or internal reassignment. Beijing’s labor bureau subsequently published the decision as a “model case,” the Chinese judicial system’s rough equivalent to stare decisis in the United States, signaling how similar disputes should be handled. The case is emblematic of a shift in how Chinese policymakers are preparing for the possibility of AI-driven labor displacement and may foreshadow slowed diffusion of AI in China in favor of worker protections and economic stability. (LAWFAREMEDIA.ORG)
How open-source, real-time data can defeat China at the edge of Its influence
OPINION: China’s advantages include central planning and financing of large-scale projects and copious human resources to throw at a problem. Centralization plus people means Chinese influence efforts have scope and depth. To counter this, the United States should lean into its own strengths of innovation and a belief that humans know themselves and their needs better than any outside force. The United States can use technology to empower policymakers in Washington and people residing far from national capitals, at the edge of China’s influence, to chart their own course, rather than put up with China’s restrictions and exploitation. (CSIS.ORG)
Is China’s military as strong as it looks?
LISTEN: The People’s Liberation Army (PLA) has undergone a dramatic transformation in the 21st century, evolving into a technologically advanced and highly lethal force. Xi Jinping’s sweeping purges of senior officers are aimed less at corruption itself than at ensuring absolute political control of the PLA. His deep incisions in the military mark an unprecedented period of upheaval. (BROOKINGS.EDU)
Iran
‘Shock and share’: Iran makes social media a key front in war against America
Sassy comebacks, sarcastic insults and glossy AI-generated videos have all been key tools in Iran’s retaliation against the United States, as social media has become a key front in the more than two-month war. The battle playing out online demonstrates the Islamic Republic’s investment in communications and technology as a key part of its arsenal. The purpose, according to some experts, is to flood the information space with content that undermines the U.S. position and President Trump. “Sharp power is kind of purposely trying to destabilize your opponent by making them look bad, or by using their own systems against them,” said Priya Doshi, the Hurst senior professorial lecturer in strategic communications with American University. (THEHILL.COM)
North Korea
76% of all crypto stolen in 2026 is now in North Korea
The overwhelming majority of stolen cryptocurrency today is being used to fund the Democratic People’s Republic of Korea (DPRK). Crypto theft is rampant because it’s easy. The system, bereft of institutional safeguards by design, requires that individual participants secure their own assets — a task for which most are not particularly well-suited. The result: entire national GDPs worth of financial theft every year. Even just in 2025, in the US alone, including only known and reported cases, the FBI found that Americans lost more than $11 billion in crypto-focused scams run by cybercriminals such as gangsters in Southeast Asia. (DARKREADING.COM)
Russia
Cyber spies target Russian aviation firms to steal satellite and GPS data
The group, known as HeartlessSoul, has been active since at least September 2025 and has carried out cyberattacks designed to infiltrate Russian organizations and individual users, researchers at Russian cybersecurity firm Kaspersky said. The attackers appear particularly interested in obtaining geographic information system (GIS) data — specialized file formats that can reveal detailed information about infrastructure such as roads, engineering networks, terrain and potentially strategic facilities. Such files are commonly used by engineering, government and industrial organizations and can contain detailed mapping data. (THERECORD.MEDIA)

GOVERNMENT AND INDUSTRY
Artificial intelligence
Study: AI models that consider user’s feeling are more likely to make errors
In human-to-human communication, the desire to be empathetic or polite often conflicts with the need to be truthful — hence terms like “being brutally honest” for situations where you value the truth over sparing someone’s feelings. Now, new research suggests that large language models can sometimes show a similar tendency when specifically trained to present a “warmer” tone for the user. In a new paper published in Nature, researchers from Oxford University’s Internet Institute found that specially tuned AI models tend to mimic the human tendency to occasionally “soften difficult truths” when necessary “to preserve bonds and avoid conflict.” These warmer models are also more likely to validate a user’s expressed incorrect beliefs, the researchers found, especially when the user shares that they’re feeling sad. (ARSTECHNICA.COM)
Mythos, not the Iran war, is the most significant geopolitical warning of our time
OPINION: We are living through a transformation of similar magnitude to the Second Industrial Revolution of the late nineteenth and early twentieth centuries. That said, the AI Revolution is moving far faster with far less time for global leaders to adapt, so the perils are greater — notwithstanding AI’s considerable promise. The Industrial Revolution rewired history. It shifted power from agriculture to industry, from landed aristocracies to barons of manufacturing, and from empires to nation-states that could produce, mobilize, and innovate at scale. Out of that upheaval rose capitalism and communism, mass politics and mass warfare, and eventually the cataclysms of two world wars. (ATLANTICCOUNCIL.ORG)
Defense
Acting Navy Secretary Hung Cao’s early I&S shakeup sparks questions, concerns
Questions are swirling after the Navy’s new acting secretary, Hung Cao, initiated what some are calling “disruptive” changes in the sea service’s intelligence and security apparatus during his first week in charge. The swift reforms and an unexpected personnel shift have sparked uncertainty about the path ahead for the Navy’s I&S enterprise, according to several sources who were granted anonymity to speak freely about the fluid situation. They told DefenseScoop that Cao fired Chief of Naval Intelligence Rob Townley this week and canceled an ongoing reorganization effort that was launched months ago by former Navy Secretary John Phelan to elevate certain I&S functions to his direct purview, before his abrupt ouster. (DEFENSESCOOP.COM)
U.S. Army tests fresh drones, 3D printers at ‘Balikatan’ drill in the Philippines
As an American reconnaissance drone hummed overhead, soldiers of the U.S. and Philippine armies stormed forward through the jungle terrain, laying down suppressive fire on enemy positions. Finishing off the foe’s stubborn resistance, a Kestrel first-person-view (FPV) drone carrying an explosive payload slammed into the enemy bunker. Afterwards, sweating profusely in the 97ºF heat, the Americans and Filipinos secured the area. This jungle patrol in the thickly vegetated training area of Fort Magsaysay, located 75 miles north of Manila, was just one of many events taking place across the Philippines in Exercise Balikatan 2026. (DEFENSENEWS.COM)
Navy tracking efficiency gains as part of AI training efforts
The Department of the Navy is one the biggest users of the Defense Department’s GenAI.mil platform. The Navy designated the generative artificial intelligence tool as an enterprise service in just five days after evaluating it. It also told all employees to use it for controlled unclassified information and Impact Level 5 (IL5) data by April 30. But just giving sailors, marines and civilians access to the large language models and saying “use it” without any training is not a recipe for success. The DoN is ensuring its employees are gaining real benefits of the AI tools by mandating training and then measuring how that training is turning into mission outcomes. (FEDERALNEWSNETWORK.COM)
Synthesized command and control: A new way human choices can guide AI warfighting
OPINION: As the U.S. military races to adapt to ever-larger amounts of increasingly advanced, and iteratively autonomous AI, how do humans stay in control? The standard answer is that no machine can exercise lethal force without human approval — but this solution is as obvious as it is wrong. By the time an AI asks its human overseer to approve or veto a specific strike, it’s already far too late in the flow and tempo of the interactive dynamic of human-machine teaming. Having a human make only the final decision could allow algorithms to make significantly impactful decisions well before that, from positioning forces to prioritizing targets, in ways that unacceptably constrain human choices. (BREAKINGDEFENSE.COM)
Drones
Dutch startup Intelic sets up drone marketplace for European militaries
Dutch defense-technology startup Intelic said it set up a European military drone marketplace that brings together drone manufacturers from nine European countries, in a bid to speed up procurement by allowing militaries to compare various available unmanned systems. With the European drone market fragmented, the new marketplace will “significantly shorten” the process of buying mission-ready drones, Intelic said in a statement today. The company said defense ministries can use the platform, called BASE, to shop for drones from different manufacturers that can work together via its Nexus command-and-control software. (DEFENSENEWS.COM)
Emergency services
FEMA workers who sounded alarm over nation’s disaster preparedness reinstated after 8 months
The Federal Emergency Management Agency has moved to address staffing issues that triggered concern and uncertainty among and about its workforce, including reinstating employees put on leave for publicly opposing agency policies, and extending contracts for some workers whose terms were set to expire soon. The changes come as FEMA prepares for the 2026 Atlantic hurricane season and the FIFA World Cup, both beginning in June. Fourteen FEMA employees who signed a public letter of dissent last August sounding alarms about the agency’s capacity to respond to disasters were told by email Wednesday that an investigation into the matter was closed and they were to return to work Thursday after being on paid administrative leave for eight months, according to two FEMA staff members. (APNEWS.COM)
Energy
Pennsylvania moves to shift grid costs to data centers
Pennsylvania, an epicenter of the data center boom, is finalizing a new framework to make the energy-hungry facilities shoulder more of their costs to the electrical grid. The Pennsylvania Public Utility Commission on Thursday voted 5-0 to advance a new model tariff for large-load customers — essentially setting new guidance for how the commonwealth’s utilities can ensure the public doesn’t pay for data center infrastructure. With billions of dollars in grid upgrades planned, regulators and utilities are concerned about those costs shifting onto smaller customers if data centers don’t materialize or if they demand less power than expected. To address that, the new framework includes collateral requirements, up-front fees and contractual cost obligations. (EENEWS.NET)
Southern Co. electricity sales soar on 42% data center growth
Southern Company reported 2.3% year-over-year growth in retail electricity sales across its utilities for the first quarter of this year, driven predominantly by data centers. Overall, data centers used 42% more power compared to the first quarter of 2025, according to company officials and Southern’s quarterly report to the Securities and Exchange Commission. The company has 28 large load projects representing 11 GW under contract, up slightly from 26 projects at 10 GW at the end of 2025, it said. (UTILITYDIVE.COM)
Health care
In Harvard study, AI offered more accurate emergency room diagnoses than two human doctors
A new study examines how large language models perform in a variety of medical contexts, including real emergency room cases — where at least one model seemed to be more accurate than human doctors. The study was published this week in Science and comes from a research team led by physicians and computer scientists at Harvard Medical School and Beth Israel Deaconess Medical Center. The researchers said they conducted a variety of experiments to measure how OpenAI’s models compared to human physicians. (TECHCRUNCH.COM)
ICS/OT
Cybersecurity experts unimpressed with CISA OT guidance
New guidance from the U.S. Cybersecurity and Infrastructure Security Agency on adapting zero trust security principles for operational technology is fine as far as it goes, but is pretty high-level and ignores or fudges a couple of key questions, say executives and experts. “This is a great guide that takes the right direction, but it dodges the hardest question, which is who pays for it?” said Tatyana Bolton, executive director of the Operational Technology Cybersecurity Coalition, an industry group that represents OT equipment makers, owners and operators and security vendors. (GOVTECH.COM)
Space
Space Force wraps decades-long GPS upgrade — and the next one is on tap
After decades of development, a rocket switch in March, and a last-minute weather delay, the U.S. Space Force finally launched the last satellite of the world’s most modern GPS system into orbit. The final GPS III space vehicle, known as SV-10, broke through the Florida skies and into the heavens aboard a SpaceX Falcon 9 rocket last month. The new satellite offers position data three times more accurate and eight times more jamproof than previous ones, according to the Space Force. For civilians, it means more precise road directions and better food delivery. For troops, it means more sophisticated targeting and higher-security communications in austere environments. (DEFENSEONE.COM)
Transportation
GAO: FAA could strengthen regional pilot pipeline by establishing timelines for training initiatives
Some small communities saw cuts in airline service after the pandemic — partly due to a shortage of pilots. Larger airlines that needed pilots were hiring them from regional carriers. A 2024 law requires the Federal Aviation Administration to establish 2 training initiatives to help boost the pilot workforce. FAA officials said the agency has made progress on the initiatives. But it hasn’t released any information publicly — even though both initiatives need aviation schools, commercial airlines, and others outside the agency to support them. We recommended FAA establish timelines for the initiatives and communicate them to Congress and others. (GAO.GOV)
See how the robotaxi industry is taking off across the U.S.
After nearly a decadelong cycle of hype, disappointment and then renewed hype, self-driving taxis are starting to roll onto streets in a rapidly growing number of cities across the U.S. Today, driverless vehicles from Waymo, Tesla, Zoox and a small army of lesser-known companies are trundling the streets of California, Texas and several other states. A boom in the 2010s saw the creation of dozens of hyped startups promising to eliminate car ownership. But the high cost of developing the technology, the technical challenges of navigating crowded streets autonomously and the complex regulatory environment meant many went out of business. High-profile accidents also drew increased scrutiny on the safety of driverless vehicles. (WSJ.COM)
MORE: California police can start ticketing driverless cars this July (NEWSNATIONNOW.COM)
Workforce
U.S. imposes AI skills requirement on CyberCorps pipeline
The CyberCorps scholarship program, a recruitment pipeline designed to move qualifying students into government cybersecurity jobs, is overhauling recruitment standards to require that applicants demonstrate skills at the intersection of AI and cybersecurity, according to an email obtained by Nextgov/FCW. New scholars will no longer be accepted into a legacy version of the CyberCorps program without “a description on how they will develop competencies at the intersection of cybersecurity and AI,” according to an email sent Wednesday by the Office of Personnel Management and the National Science Foundation, which says the changes are “effective immediately.” (NEXTGOV.COM)
Just 34% of cyber pros plan to stick with their current employer
Declining job satisfaction means that only one in three (34%) cybersecurity professionals plan to stay with their current employer, increasing the pressure on CISOs’ talent retention strategies. And according to a survey of 500 cybersecurity professionals by IANS and Artico Search, while salary remains important it is not the primary driver of retention. Flexible work models correlate strongly with satisfaction and retention, however. Hybrid work arrangements, particularly those that require only one to two days onsite per week, also tend to reduce the desire for talented cybersecurity staffers to jump ship, according to IANS’s Cybersecurity Talent Report. (CSOONLINE.COM)
LEGISLATIVE UPDATES
Senate Judiciary advances bill that would bar minors from interacting with AI companions
The Senate Judiciary Committee on Thursday advanced a bill that would bar artificial intelligence companies from letting children use AI companions. The bill, known as the GUARD Act, also requires that AI chatbots advise users of all ages that they are not human and lack professional credentials. It also makes it a crime for AI companions to knowingly ask kids for sexual content or to produce it. The legislation, introduced by lead sponsor Sen. Josh Hawley (R-Mo.), was marked up by the committee in a unanimous bipartisan vote. (THERECORD.MEDIA)
Senators take another swing at bill to codify federal AI resource
A bipartisan congressional push to codify a National Science Foundation-based artificial intelligence research enabler continued with the reintroduction in the Senate of the CREATE AI Act. The bill (S.4441) from Sens. Martin Heinrich (D-N.M.), Todd Young (R-Ind.), Mike Rounds (R-S.D.) and Cory Booker (D-N.J.) would establish the National Artificial Intelligence Research Resource (NAIRR) that would give AI researchers, educators and students more access to tools, data and other information to help develop new systems. Heinrich, founder and co-chair of the Senate AI Caucus, said in a press release that the NAIRR would go a long way toward “democratizing access to AI,” ensuring that American workers are prepared for the future and primed to lead “rapid advancements” with the emerging technology that boost the U.S. economy. (FEDSCOOP.COM)
ALERTS AND ADVISORIES
Careful adoption of agentic AI services
The authoring agencies developed this guidance to support government, critical infrastructure and industry stakeholders in understanding the key security challenges and risks posed by agentic AI. It provides practical guidance to help organizations that design, develop, deploy and operate agentic AI systems, to make informed risk assessments and mitigations. The guidance concludes with actionable recommendations to help organizations prepare for and defend against emerging and future agentic AI threats. (MEDIA.DEFENSE.GOV)
CISA adds one known exploited vulnerability to catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-31431 Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)
Events
TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION
ENERGY: From grid reliability to energy security and industrial competitiveness, batteries are increasingly central to U.S. strategic priorities. Please join the CSIS Energy Security and Climate Change Program for a timely May 4 panel discussion on the expanding role of battery technologies—and what it will take to meet rising demand in an evolving market and policy environment. Speakers from the Department of Energy, J.P. Morgan, and Google will bring a breadth of perspectives to bear on the opportunities and challenges ahead.
RUSSIA: On May 4, the Atlantic Council’s Eurasia Center will host a discussion examining the most recent developments in Russia’s war against Ukraine. On May 8, the Atlantic Council’s Eurasia Center and the New Eurasian Strategies Centre will co-host an expert discussion on Russia’s economic, military, and domestic pressures and their implications for Moscow’s war against Ukraine.
TRANSPORTATION: With new technology comes questions about data privacy, security and accountability with high stakes for businesses and consumers. On May 5, as part of the seventeenth annual A. Alfred Taubman Forum on Public Policy, Governance Studies at Brookings will host a webinar to discuss the benefits and implications of connected cars.
AI AND IRAN: The conflict in Iran reveals urgent lessons about AI as a weapon of war and statecraft. Led by one of Washington’s top experts on Iranian strategy, military doctrine, and the IRGC, this May 6 FDD panel provides an assessment of how the Iranian regime has used autonomous systems and machine learning to expand its reach; how AI tools have supercharged propaganda campaigns and cyber-enabled information warfare; and in the financial realm, how emerging technologies have enabled large-scale fraud and illicit funding of Tehran’s proxies.
NUCLEAR: To explore Chernobyl’s enduring legacy, the Carnegie Endowment for International Peace invites you for a May 7 panel discussion with Adam Higginbotham, journalist and author of the New York Times bestseller Midnight in Chernobyl; Mariana Budjeryn, senior researcher at MIT’s Center for Nuclear Security Policy and author of Inheriting the Bomb; and Corey Hinderstein, vice president for studies at Carnegie and former principal deputy administrator for the National Nuclear Security Administration. Ukraine’s ambassador to the United States, Olga Stefanishyna, will deliver opening remarks.
CHINA: In Defending Taiwan, Eyck Freymann offers a comprehensive strategy to deter war and sustain peace. With Jason Hsu, Freymann will discuss in a May 11 Hudson event how the United States and its partners can adapt to China’s evolving strategy and develop a coherent plan to prevent conflict while safeguarding Taiwan’s future.
EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”
BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS