Cyber Briefing – May 6, 2026

FEDS TO TEST SOME AI MODELS BEFORE RELEASE: The U.S. Commerce Department’s national standards agency will run tests on new artificial intelligence models from Google, Microsoft and Elon Musk’s xAI before they are released, in a step toward greater oversight of Silicon Valley by the Trump administration, The Washington Post reports. The agreement between the Commerce Department and the tech companies builds on a deal struck in 2024 by the Biden administration for prerelease testing of AI technology from start-ups OpenAI and Anthropic. The companies have agreed to provide early access to their technology to the National Institute of Standards and Technology’s Center for AI Standards and Innovation. The center will “conduct pre-deployment evaluations and targeted research to better assess frontier AI capabilities and advance the state of AI security,” it said in an announcement Tuesday.

• The federal government is circulating draft policy documents that contain language clarifying the government’s ability to use private sector technology without outside stipulations for how they do so, two sources familiar with their development told Nextgov/FCW. The White House is mulling an executive order that would create a working group for AI models before they are deployed, according to a person familiar with the matter. The New York Times first reported the administration’s consideration of the order. It’s not clear if the contracting language is a separate initiative or would be a provision embedded into a forthcoming directive.

• It’s unclear what legal authority would allow the president to accomplish these goals – specifically, mandating labs to undergo a vetting process and then sharing any essential information related to countering any detected risks with other parts of the government. However, existing authorities would allow for a voluntary “kick the tires” testing period, Dean W. Ball and Kevin Frazier write at Lawfare. This would help labs avoid popular backlash for knowingly introducing models that may threaten critical systems and public well-being and perhaps subvert more onerous, formal requirements.

• Private defenses alone cannot change the incentive structure for Chinese AI labs, which reap substantial benefits and incur minimal costs from distillation campaigns, Joe Khawam writes at Just Security. Only U.S. government action can impose costs at the scale needed to change this calculus. April developments build on that argument. While they do not yet impose costs, they lay the groundwork for doing so. DAAMTA would create an assessment and reporting process. Together, the OSTP memo and DAAMTA would support detection and defense and create a path toward deterrence measures. The question is whether that groundwork will produce concrete actions that pressure the Chinese AI labs and their facilitators. 

CISA TELLS CI TO PREPARE FOR CYBER OUTAGES: The Cybersecurity and Infrastructure Security Agency – fresh out of the longest shutdown in government history and ready to begin hiring again after shedding staff for the past year – is out with new cybersecurity crisis planning guidance for critical infrastructure organizations, Federal News Network reports. CISA’s new “CI Fortify” initiative notably pushes water utilities, the transportation sector and other critical infrastructure organizations to plan for a “geopolitical crisis” involving cyberattacks that could sever their connections to internet, telecommunications and other technology services. CISA’s guidance features two primary emergency planning objectives: “isolation” and “recovery” to mitigate threats. The former involves “proactively disconnecting from third-party and business networks” to safeguard operational technology, such as industrial control systems, from cyber attack during a crisis. CISA says organizations should be prepared to sustain “essential operations” rather than completely shutting down.

• “In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering — at a minimum — crucial services. They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise,” CISA Acting Director Nick Andersen said in the agency’s announcement.

• Counterterrorism efforts have long been focused on tracking networks, targeting leadership, and disrupting ideology. While attention remains fixed on communications, financing, and battlefield activity, a more fundamental driver of instability is unfolding in plain sight, Russell D. Howard, Alicia Ellis and Sarah Shoer write at Small Wars Journal. The next front line of conflict is less about hidden compounds or urban battlefields and more about the systems people rely on in everyday life: water, food and the infrastructure that moves them. Where wells run dry, crops fail or supply chains fracture, instability takes root well before violence becomes visible. Understanding future conflict requires looking past ideology and focusing instead on what populations depend on to survive.
  
• CISA has gotten “by far” the biggest gains from artificial intelligence automation in its security operations unit to help analysts sift through threats, but it’s also proven valuable elsewhere within the agency, CISA officials said Tuesday, CyberScoop reports. It’s “really allowing those analysts to do triage very fast, so they focus on what matters versus the noise,” Tammy Barbour, acting chief of application management at CISA, said. “They’re able to do a lot of real-time, quick looks before events happen in most places.” Barbour, speaking at the UiPath FUSION Public Sector event hosted by Scoop News Group, said automation has also been a boon to CISA’s Technology Operations Center.

IG FLAGS DHS MOBILE DEVICE SECURITY FAULTS: The Department of Homeland Security has fallen short of compliance requirements and existing standards when it comes to managing, securing and deploying mobile devices within its CIO and intelligence office, according to the agency’s latest inspector general report. The watchdog’s audit found that mobile apps with vulnerabilities were installed, appropriate security settings were skipped over, high-risk app restrictions were ignored and device infrastructure was insufficient, FedScoop reports. The lagging security standards were widespread, according to the DHS OIG. More than three-quarters of the 650 mobile apps installed on the intelligence office’s mobile devices posed security risks, were explicitly prohibited or allowed prohibited activities. Some of these apps were associated with foreign adversaries, pertained to outside employment or were outright banned by the National Defense Authorization Act. 

CHINA IS STILL SUPPLYING DRONE FACTORIES IN IRAN AND RUSSIA: On March 5, as the U.S. and Israeli militaries hammered Iranian targets and Tehran launched attacks at Tel Aviv and Gulf countries that host American bases, an email blast emanated from a server located in China. “We are deeply shocked and outraged by the aggression against Iran, and our hearts are with you,” read the message from Xiamen Victory Technology. The company offered to sell German-designed engines used to power one-way attack drones, The Wall Street Journal reports. The U.S. has prohibited the sale of those engines, known as the Limbach L550, to Iran and Russia. It has been an important component in Iran’s Shahed-136 exploding drone, a version of which Russia has also been using extensively in Ukraine. Victory Technology featured an image of a Shahed-style drone on its website’s product page, alongside the slogan “Innovating Aviation Engine Solutions.” The open wartime marketing by a small, obscure Chinese company points to a growing source of frustration for Washington: its struggle to staunch the flow of so-called dual-use goods — items with both civilian and military uses — to adversaries.

• Lithuania, a NATO state bordering Russia and Belarus, bought 48 Merops interceptors from American manufacturer Perennial Autonomy on April 22, becoming the latest NATO country to buy into the $15,000 per-shot counter-drone system. The pilot purchase, made without competitive bidding, follows earlier Merops deployments and training with Polish and Romanian forces along NATO’s eastern flank, Defense News reports. The system is an example of a new crop of drone countermeasures marketed under an ultra-low-cost mantra that promises to even out a longstanding imbalance in air defense: Intercepting aerial threats like drones is exponentially more expensive than launching them.

WHY IRAN HASN’T HIT THE HOMELAND YET: Two months after the Revolutionary Guards’ threat, authorities have yet to report a single homeland plot specifically tied to Iran. Lone offenders appear to have carried out attacks on their own, some clearly angered by the war, but authorities have yet to establish links between these plots and Iranian intelligence or security agencies, their terrorist proxies, or criminals hired as cutouts to carry out attacks. This is surprising, not only because of the explicit Revolutionary Guard threat to target the homeland, but because Iranian-linked plots have been thwarted elsewhere around the world since the war began and because Iran has a track record of plotting attacks in the United States, Matthew Levitt writes at War on the Rocks. Indeed, Iran and its proxies have spent years investing in what U.S. counterterrorism officials describe as a “homeland option” in the United States.tion by a powerful adversary, Joseph Webster and Tony Jing write at the Atlantic Council.

OSINT YOU NEED TO START YOUR DAY: The Cyber Briefing is brought to you by the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. SUBSCRIBE

WE WANT TO HEAR FROM YOU: What would you like to see in your morning briefing? Reach out to Executive Editor Bridget Johnson with your comments and suggestions

(Watch on YouTube or click the player above)

NEW: Most people think secure messaging begins and ends with encryption. Signal CTO Ehren Kret says that is only part of the picture. On the latest episode of Cyber Focus, host Frank Cilluffo sits down with Kret to discuss what private communication really requires, from protecting message content to limiting what platforms can learn from metadata, identity, group membership and social graphs. Kret explains how Signal’s nonprofit model shapes its privacy-first design choices, why endpoint security remains a major challenge and how AI built into operating systems could create new risks for private communication. The conversation also explores post-quantum encryption, lawful access debates, phishing threats against messaging accounts and why the future of secure communication depends not only on better technology but on helping users understand what is and is not truly private.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

Biothreats

How a deadly hantavirus outbreak unfolded on a cruise ship for weeks before it was identified

A deadly outbreak of the rare hantavirus unfolded over the course of weeks on a cruise ship that sailed from Argentina toward Antarctica and then across the Atlantic Ocean, stopping at or near remote islands on the way as passengers and crew members fell sick, according to information from the cruise operator, the World Health Organization and ship tracking data. It shows nearly a month passed between when an elderly Dutch man fell sick and died in the South Atlantic and laboratory tests in South Africa — more than 3,500 kilometers (2,174 miles) away — confirmed hantavirus infections. (APNEWS.COM)

Breaches

Vimeo breach exposes data of 119,000 users

The data breach at Vimeo revealed in April has exposed the personal details of more than 119,000 people, according to breach tracking researchers. The online video platform, which hosts and streams content for hundreds of millions of users worldwide, said hackers gained unauthorized access to customer data through a breach linked to third-party analytics provider Anodot. The incident first came to light in April after ShinyHunters added Vimeo to its online “pay or leak” site, where cybercriminal groups publicly pressure companies to pay ransoms or face the release of stolen information. (COMPUTING.CO.UK)

10 years after OPM data breach, identity protection benefits for affected feds start to expire

A decade after the 2015 breach of the Office of Personnel Management exposed roughly 22 million records, identity theft protection services for affected federal workers and their families are beginning to expire, marking the end of a long-running federal response to one of the government’s most damaging cyber intrusions. Those who signed up for the MyIDCare program OPM established 10 years ago are receiving emails on a rolling basis informing them their services will expire 10 years to the day of their enrollment. The notices began going out to enrollees late last year and will continue through September, the end of the current fiscal year. (NEXTGOV.COM)

Cybercrime

Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison

A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his “cold case” negotiator role in the Russian Karakurt ransomware group. 35-year-old Deniss Zolotarjovs (Денисс Золотарёвс) of Moscow, Russia, was arrested in Georgia, Eastern Europe, in December 2023, and pleaded guilty in July 2025 to conspiracy to commit wire fraud and money laundering charges filed against him in August 2024 after he was transferred to U.S. custody. “Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline,” said Assistant Attorney General A. Tysen Duva. “He also used stolen children’s health information to increase his leverage to extort victim payments.” (BLEEPINGCOMPUTER.COM)

DDoS

Massive ‘low and slow’ DDoS attack hits platform with 2.45 billion requests in 5 hours

A new report from the Galileo threat research team at DataDome has detailed one of the most fragmented DDoS (Distributed Denial of Service) campaigns ever recorded. In mid-April, within just five hours, cybercriminals launched a stunning 2.45 billion malicious requests at a major user-generated content platform. This research, shared exclusively with Hackread.com, reflects a concerning change in how threat actors are now bypassing traditional security because instead of trying to breach defenses with brute force, the attackers used a sophisticated ‘low and slow’ approach. According to researchers, the campaign peaked at 205,344 requests per second (RPS), yet it managed to stay entirely under the radar of standard rate-limiting defences. (HACKREAD.COM)

Education

Major cyberattack against San Diego Community College District

The San Diego Community College District is responding to a major cyberattack affecting more than 90,000 students, forcing some system shutdowns across its campuses. District officials described the incident as a “failed attack,” saying no data appears to have been compromised. However, as a precaution, internet access and several key systems — including websites, email, web-based phones and student registration platforms — have been taken offline. The outage, which began Saturday, has disrupted operations at San Diego Miramar College, San Diego Mesa College and San Diego City College, along with the district’s continuing education campuses. (FOX5SANDIEGO.COM)

Supply chain

Government, scientific entities hit via Daemon Tools supply chain attack

Government, scientific, manufacturing, and retail organizations have been targeted with a sophisticated backdoor in an ongoing supply chain attack involving the Daemon Tools disk imaging software, Kaspersky reports. As part of the attack, Chinese-speaking attackers apparently injected malicious code into multiple Daemon Tools iterations that have been available for download via the software’s legitimate website. Daemon Tools versions 12.5.0.2421 to 12.5.0.2434, released since April 8, have been found to contain injected code, and the attack remains active, Kaspersky says. AVB Disc Soft, the company behind Daemon Tools, has been notified. (SECURITYWEEK.COM)

Transportation

Student’s hack prompts Taiwan High Speed Rail Corp review

The Ministry of Transportation and Communications yesterday pledged to submit a report on ways to harden the communication security of railway systems after a university student hacked into Taiwan High Speed Rail Corp’s (THSRC) radio communications system and disrupted operations of four high-speed rail trains last month. Investigation by the police and prosecutors found that the university student and radio enthusiast, surnamed Lin (林), first used a software-defined radio (SDR) filter to analyze THSRC signals, downloaded the data to a computer, cracked the parameters and then programmed the codes into his radio devices. (TAIPEITIMES.COM)

Trends

Fortinet flags ‘industrial scale’ cybercrime scale driven by continuous, machine-speed attacks and automated exploitation

Fortinet released its 2026 Global Threat Landscape Report from FortiGuard Labs, framing cybercrime in 2025 as an industrialized, system-level operation rather than a series of isolated campaigns. Drawing exclusively on FortiGuard telemetry, the report captures a threat environment defined by continuous, machine-speed activity, where exposure is persistently mapped, validated, and exploited without reliance on traditional campaign cycles or manual intervention. The data shows attackers operating across an end-to-end lifecycle, compressing timelines and scaling operations through automation and coordinated tooling. (INDUSTRIALCYBER.CO)

WATCH: White House National Cyber Director Sean Cairncross, CISA Acting Director Nick Andersen and more top leaders at the recent McCrary Cyber Summit

Artificial intelligence

Application security strategies are changing as AI-generated code floods the SDLC

AI coding tools have moved from experiment to daily development aid, helping software teams to draft functions, explain unfamiliar code, generate tests, and move through repetitive changes faster. For security teams, the harder question is how much AI-shaped code reaches a pull request before anyone validates its safety. A recent Stack Overflow survey found that 46% of developers distrust the accuracy of AI tool output, while 33% trust it. That concern becomes visible during a routine security review. For instance, a generated API handler may compile and pass a unit test while missing object-level authorization. Meanwhile, a suggested dependency may look legitimate while being abandoned, vulnerable, or suspiciously named. (HACKREAD.COM)

Brit mathematician lets AI agent loose with credit card – cue password leaks, CAPTCHA chaos and more

British mathematician Professor Hannah Fry has shared a cautionary experiment involving an AI agent, a set of tasks, and a bank card number Fry’s team gave it “to show us what it could do.” The prof gave the agent, which was built with OpenClaw, some real-world chores to highlight both its capabilities and the risks of granting that level of autonomy. “In the spirit of experimentation,” said Fry, “we decided to give our agent some agency and let it decide what its name should be.” (THEREGISTER.COM)

Authentication

One in eight workers has sold their corporate logins

A large share of UK employees have sold their corporate credentials over the past year, exposing their organization to cyber and financial crime, according to Cifas. The non-profit fraud prevention service revealed the findings in its latest Workplace Fraud Trends report, which is based on responses from 2000 UK employees working in companies with 1000+ staff. It found that 13% of respondents admitted selling their logins over the past 12 months, or knew someone who had. The same share (13%) claimed they thought the act of selling credentials was “justifiable” – rising even higher for senior managers (32%), directors (36%), C-suite executives (43%) and business owners (81%). (INFOSECURITY-MAGAZINE.COM)

Communications

CloudZ RAT potentially steals OTP messages using Pheno plugin

Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially one-time passwords (OTPs). CloudZ utilizes the custom Pheno plugin to hijack the established PC-to-phone bridge by abusing the Microsoft Phone Link application, allowing the plugin to continuously scan for active Phone Link processes and potentially intercept sensitive mobile data like SMS and OTPs without deploying malware on the phone. CloudZ evades detection by executing critical malicious functions dynamically in system memory and performing checks to avoid debuggers and sandbox environments. (BLOG.TALOSINTELLIGENCE.COM)

Detection

The cop on the corner is our first line of defense: Local police and the surveillance detection gap

OPINION: the threats arriving now are far subtler. State-sponsored reconnaissance, espionage, and pre-operational surveillance do not announce themselves with machine guns and manifestos — picture a graduate student flying a drone over a shipyard, a photographer lingering near a port crane, or a series of probing visits to a water treatment facility. If our patrol officers are catching terrorism by accident, they are almost certainly missing foreign adversary surveillance entirely. (WARONTHEROCKS.COM)

Malware

New stealthy Quasar Linux malware targets software developers

A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers’ systems with a mix of rootkit, backdoor, and credential-stealing capabilities. The malware kit is deployed in development and DevOps environments in npm, PyPI, GitHub, AWS, Docker, and Kubernetes. This could enable supply-chain attacks where the threat actor publishes malicious packages on code distribution platforms. Researchers at cybersecurity company Trend Micro analyzed the QLNX implant and found that “it dynamically compiles rootkit shared objects and PAM backdoor modules on the target host using gcc [GNU Compiler Collection].” (BLEEPINGCOMPUTER.COM)

Phishing

Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Phishing campaigns continue to improve sophistication and refinement in blending social engineering, delivery and hosting infrastructure, and authentication abuse to remain effective against evolving security controls. A large-scale credential theft campaign observed by Microsoft Defender Research exemplifies this trend, using code of conduct-themed lures, a multi-step attack chain, and legitimate email services to distribute fully authenticated messages from attacker-controlled domains. The campaign targeted tens of thousands of users, primarily in the United States, and directed them through several stages of CAPTCHA and intermediate staging pages designed to reinforce legitimacy while filtering out automated defenses. (MICROSOFT.COM)

Ransomware

Clipboard to encryption: The critical role of ClickFix in ransomware campaigns

Since March 2026, Halcyon has observed a surge across our customer networks in the use of a technique known as “ClickFix”, with most activity occurring in the Americas. Dubbed by Proofpoint researchers in June 2024, ClickFix started as a social engineering campaign wherein webpages presented fake errors and prompted a victim to click (or take actions) to fix the fake problems. Today, ClickFix has transitioned from a single campaign to an overall technique adopted by initial access brokers (IABs), advanced persistent threat (APTs), and ransomware groups for initial access. (HALCYON.AI)

Vulnerabilities

Salesforce marketing cloud vulnerability exposes email data risk

Salesforce Marketing Cloud (SFMC) recently patched a cluster of high‑impact vulnerabilities that could have allowed attackers to read and enumerate marketing emails and subscriber data across tenants, including Fortune 500 organizations. Modern enterprises rely on centralised marketing clouds to deliver branded, trackable campaigns at massive scale. SFMC (formerly ExactTarget) is one of the dominant platforms, powering dynamic emails through AMPScript, SSJS, and data views backed by large subscriber databases. (GBHACKERS.COM)

Palo Alto PAN-OS flaw under active exploitation enables remote code execution

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any untrusted network. The severity comes down to 8.7 if access to the portal is restricted to only trusted internal IP addresses. (THEHACKERNEWS.COM)

Oracle debuts monthly critical security patch updates

Starting this month, Oracle is supplementing the quarterly Critical Patch Update (CPU) fixes with monthly security releases focused on high-priority vulnerabilities. The first monthly Critical Security Patch Update (CSPU) will roll out on May 28, addressing critical-severity vulnerabilities in the company’s products. It will be followed by a second CSPU on June 16, and a third on August 18. In July, Oracle will release the usual quarterly CPU, which will contain both fixes for new security defects and the patches included in the prior CSPUs. (SECURITYWEEK.COM)

MetInfo CMS CVE-2026-29014 exploited for remote code execution attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. “MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code,” the NIST National Vulnerability Database (NVD) states. (THEHACKERNEWS.COM)

Argo CD ServerSideDiff flaw allows attackers to extract Kubernetes secrets

A critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisation and data-masking gap within the platform. According to the disclosure, this exposure primarily affects environments where the Server-Side Apply dry-run mechanism interacts improperly with specific application configurations. (GBHACKERS.COM)

China

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made malware families that have previously been used by other known China-nexus threat actors. Talos discovered a .NET-based backdoor we track as “NetDraft” that is a C#-based variant of the FinalDraft/SquidDoor malware family developed and operated by Jewelbug/REF7707/CL-STA-0049/LongNosedGoblin, a cluster of China-nexus APT actors. Furthermore, UAT-8302 also uses an updated version of the CloudSorcerer backdoor, a malware family used in attacks against Russian government entities in 2024. (BLOG.TALOSINTELLIGENCE.COM)

The U.S. and China have a common foe. Hint: It’s not the U.S.S.R.

OPINION: This summit comes at a similar transformational moment in world affairs, when there is a new shared threat to both China and America. It is a metastasizing disorder that could destabilize the world and harm both countries unless they figure out a way to simultaneously compete and collaborate against a growing list of challenges. These challenges can be successfully confronted only by their collective action — starting with the United States and China together creating guardrails against the malign uses of A.I., now that the latest models have demonstrated staggeringly powerful cyberattack capabilities. (NYTIMES.COM)

Iran

Iran-linked hackers target Oman ministries in webshell and data theft campaign

Iran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Ministry of Intelligence and Security (MOIS) nexus compromised a mailbox , but there are not enough unique artifacts for firm group-level attribution. An exposed RouterHosting VPS at 172.86.76[.]127 in the UAE hosted the entire toolkit for an active intrusion into Oman’s government networks, including webshells, Python exploit scripts, C2 code, logs, and exfiltrated data. (GBHACKERS.COM)

Artificial intelligence

Agency leader says AI is helping resource-strained workforce identify more fraud

An anti-fraud official from the Centers for Medicare and Medicaid Services said that artificial intelligence is enhancing her workforce’s capability to spot scams. “There’s a lot of fraud in the healthcare sector. The estimates on the conservative side are about $100 billion and, depending on who else you talk to, you can easily double or triple that with different calculations,” said Jeneen Iwugo — the acting director for the CMS Center for Program Integrity — at the UiPath Public Sector Summit on Tuesday. “I have a modest budget of $1 billion, so the size of the problem is much bigger than the budget I’m given to find it.” Specifically, Iwugo explained that AI tools are helping CPI’s roughly 500 employees better identify fraud across the four to five million claims they review every day. (NEXTGOV.COM)

Pennsylvania lawsuit alleges AI chatbots posed as doctors, therapists

Pennsylvania is suing an artificial intelligence company to stop it from misrepresenting its AI chatbots as licensed professionals who can provide medical advice. The lawsuit alleges Character.AI chatbots claimed to be licensed medical professionals, including psychiatrists, available to engage users in conversations about mental health symptoms. In one instance, a chatbot falsely stated it was licensed in Pennsylvania and provided a fake license number. (THEHILL.COM)

Data

FTC bans data broker Kochava from selling sensitive location info

Kochava had been found to be illegally obtaining and selling consumers’ yearly incomes, mobile device IDs, app usage and nearly real-time geolocation data within 10 meters, according to a 2023 FTC complaint. The FTC has said that Kochava sold precise geolocation data showing consumers visiting houses of worship and health care clinics without their consent or awareness, an alleged violation of a law barring companies from engaging in unfair and deceptive practices. (THERECORD.MEDIA)

Defense

Army’s 82nd Airborne Division supplying AI, C2 network support for Project Freedom

The U.S. military is fusing sensors, surveillance platforms and manned and unmanned air and watercraft into a networked, AI-enabled command and control architecture as part of a large-scale campaign to retain nonstop overwatch and localized control over the Strait of Hormuz early into Project Freedom, according to Chairman of the Joint Chiefs of Staff Gen. Dan Caine. During a Pentagon press conference Tuesday, the top U.S. military officer and Defense Secretary Pete Hegseth discussed ongoing operations to restore global shipping in and around that complex maritime chokepoint and counter associated threats from Iran. “Commercial vessels that transit through the area will see, hear — and frankly, feel — U.S. combat power around them on the sea, in the skies and on the radio,” Caine told reporters. (DEFENSESCOOP.COM)

Army turns to ‘hackathons’ to better connect dozens of weapons, systems

The Army is opening a new front in its battle to get contractors to make their weapons and systems easier to connect: “hackathons.” Later this month, the service will host some of its biggest vendors for the first of a series of one-day brainstorming sessions about how to integrate the command-and-control software for dozens of military systems. “Right to Integrate,” the service’s name for the effort, will ensure the Army’s battlefield and business systems can better share data and communicate, according to a Tuesday news release. “We’ve known for a long time that our systems, weapons, and sensors need to talk to each other so that we can dominate the battlefield,” Army Secretary Dan Driscoll said. (DEFENSEONE.COM)

Pentagon to lean on AI to achieve audit goals

The Pentagon for many years has repeatedly failed to pass a clean department-wide audit, but senior officials are hoping that new AI capabilities can help them get over the hump. The department is under pressure to achieve results. “We’ve got a mandate. Congress passed a law that says that we need to get a clean opinion by our FY28 agency-wide financial statements. If not, they’re going to start taking money from us, significant amounts of money,” Tom Harker, deputy CFO in the Department of Defense comptroller’s office, said Tuesday at the UiPath Fusion conference, presented by FedScoop. (DEFENSESCOOP.COM)

Defining cognitive warfare: An NDAA mandate response

OPINION: Operational practice of cognitive warfare tends to focus on the informational dimension: platforms, messages, dissemination, and reach. This mismatch has produced three recurring conceptual problems. (1) Message-Centric Framing: Cognitive warfare is treated as persuasion or messaging rather than as decision disruption; (2) Unidirectional Modeling: Influence activities are analyzed as actor-to-audience flows, underemphasizing attacker/defender adaptations and contested interactions; and (3) Engagement-Based Metrics: Success is evaluated through exposure, reach, or sentiment rather than decision performance. The NDAA mandate requires resolving this ambiguity. (SMALLWARSJOURNAL.COM)

Elections

How AI can help (and hurt) election officials

On his personal blog, OpenAI CEO Sam Altman mused that ChatGPT might already be “more powerful than any human who has ever lived.” Cause for celebration in some contexts, perhaps — but not if those hoping to disrupt electoral processes have ready access to such tools. Researchers say AI capabilities have doubled every seven months since 2019. By this metric, AI is more 675 times “better” today than it was during the run-up to the 2020 presidential election. This doesn’t necessarily mean new ways to interfere with elections, says Mike Moser, a consultant for the Election Security Exchange. The risks aren’t new, he says, but AI advancement, particularly the development of large language models, exacerbates them. (GOVERNING.COM)

Leadership

Leonel Garciga exits role as Army CIO

Leonel Garciga left his role as the Army’s chief information officer last week, the service announced Tuesday. His departure from the job had been anticipated. Federal News Network previously reported that he was expected to exit in June. Garciga, a Navy veteran who has served in the federal government across intelligence, information technology and engineering sectors for nearly three decades, was selected as the Army’s CIO in July 2023. (DEFENSESCOOP.COM)

Resilience

Australia launches cyber review board modeled on version disbanded in U.S.

Australia announced Monday it is establishing a board to conduct independent reviews following major cyberattacks, joining a small number of other jurisdictions that have created similar programs. The Cyber Incident Review Board will carry out no-fault, post-incident reviews of significant cyberattacks on Australian government and industry, focusing on systemic lessons rather than individual or corporate culpability. Tony Burke, the Australian home affairs and cybersecurity minister, announced seven appointments to the board, which is majority female — a rarity in a field that skews heavily male at senior levels. (THERECORD.MEDIA)

Social media

Meta turns to AI in age enforcement efforts

Meta announced Tuesday it will be utilizing artificial intelligence to help remove users younger than 13 years old from its platforms as the technology giant continues efforts to improve safety measures for kids amid scrutiny in state courts and Congress. In a blog post, Meta said it is developing advanced AI to “analyze entire profiles for contextual clues” like birthday celebrations or discussions about school grades in posts, bios, comments or captions to determine if a user is likely underage. Should it determine the account may be used by a minor younger than 13, the company said the profile will be deactivated and the account holder will be required to go through the system’s age-verification process to stop the account from being deleted. (THEHILL.COM)

Space

NATO needs policies, standards for sharing AI-enhanced geospatial intel: Official

The growing use of artificial intelligence to enhance monitoring of adversary activities poses huge interoperability challenges for NATO that require near-term agreements on policies and data standards, NATO’s top intelligence policy officer warned on Monday. Among the biggest concerns for Maj. Gen. Paul Lynch, a British Royal Marine serving as NATO deputy assistant secretary general for intelligence, is the potential for allied commanders to be faced with conflicting national intelligence reports. “We have decades of experience or common standards for air defense, maritime awareness, data formats. The question is whether we apply that same rigor to AI before the technology outpaces the frameworks, or after,” Lynch said at the US Geospatial Intelligence Foundation’s annual GEOINT Symposium. (BREAKINGDEFENSE.COM)

Careful adoption of agentic AI services

The authoring agencies developed this guidance to support government, critical infrastructure and industry stakeholders in understanding the key security challenges and risks posed by agentic AI. It provides practical guidance to help organizations that design, develop, deploy and operate agentic AI systems, to make informed risk assessments and mitigations. The guidance concludes with actionable recommendations to help organizations prepare for and defend against emerging and future agentic AI threats. (MEDIA.DEFENSE.GOV)

CISA adds one known exploited vulnerability to catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation: CVE-2026-31431 Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. (CISA.GOV)

TO BE INCLUDED IN THIS CALENDAR, SUBMIT YOUR SECURITY-FOCUSED EVENT FOR CONSIDERATION

AI AND IRAN: The conflict in Iran reveals urgent lessons about AI as a weapon of war and statecraft. Led by one of Washington’s top experts on Iranian strategy, military doctrine, and the IRGC, this May 6 FDD panel provides an assessment of how the Iranian regime has used autonomous systems and machine learning to expand its reach; how AI tools have supercharged propaganda campaigns and cyber-enabled information warfare; and in the financial realm, how emerging technologies have enabled large-scale fraud and illicit funding of Tehran’s proxies.

NUCLEAR: To explore Chernobyl’s enduring legacy, the Carnegie Endowment for International Peace invites you for a May 7 panel discussion with Adam Higginbotham, journalist and author of the New York Times bestseller Midnight in Chernobyl; Mariana Budjeryn, senior researcher at MIT’s Center for Nuclear Security Policy and author of Inheriting the Bomb; and Corey Hinderstein, vice president for studies at Carnegie and former principal deputy administrator for the National Nuclear Security Administration. Ukraine’s ambassador to the United States, Olga Stefanishyna, will deliver opening remarks. 

RUSSIA: On May 8, the Atlantic Council’s Eurasia Center and the New Eurasian Strategies Centre will co-host an expert discussion on Russia’s economic, military, and domestic pressures and their implications for Moscow’s war against Ukraine.

CHINA: In Defending Taiwan, Eyck Freymann offers a comprehensive strategy to deter war and sustain peace. With Jason Hsu, Freymann will discuss in a May 11 Hudson event how the United States and its partners can adapt to China’s evolving strategy and develop a coherent plan to prevent conflict while safeguarding Taiwan’s future.

EMERGING TECH: In an evolving geopolitical landscape, how can the US build on its experience in developing frontier technologies and globally competitive industries through investments in priority technologies for the 21st century? Join AEI’s Michael R. Strain for a May 13 conversation with experts from the Massachusetts Institute of Technology for a conversation on their new book “Priority Technologies: Ensuring US Security and Shared Prosperity (2026).”

BIOTHREATS: On June 4, the Bipartisan Commission on Biodefense at the Atlantic Council will host its latest meeting, which will discuss how non-federal governments approach biodefense. State, local, tribal, and territorial governments serve on the front lines of biodefense. As the biological threat continues to grow, those officials who tackle this topic on a daily basis require reinforcement. This meeting of the commission will discuss the impacts of changes in federal support for state, local, tribal, and territorial biodefense activities, as well as the biodefense roles, responsibilities, and investments of non-federal governments. The discussion will also touch upon the personnel, policies, and programs needed to bolster preparedness for future biological threats.

---

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | BLUESKY

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

SUBMIT A TIP