cybersecurity

Anthropic launches Claude Fable 5 with advanced safety safeguards

Anthropic has launched Claude Fable 5, a new general-purpose AI model, alongside Claude Mythos 5, a more capable version reserved for selected cyber defence and infrastructure partners.

The company described Fable 5 as its most capable generally available model to date, with strong performance across software engineering, knowledge work, vision and scientific research. Anthropic said the model’s advanced capabilities pose misuse risks, particularly in cybersecurity and research biology.

To reduce those risks, Fable 5 includes additional safety classifiers designed to detect potential misuse, including attempts to bypass safeguards. When certain high-risk requests are detected, users may receive a response from Anthropic’s next-most-capable model, Claude Opus 4.8, rather than Fable 5.

Anthropic said the safeguards have been tuned conservatively and may sometimes block benign requests. According to the company, the fallback mechanism is triggered in less than 5% of sessions on average.

Claude Mythos 5 uses the same underlying model as Fable 5, but with some safeguards lifted in specific areas. Anthropic said it will initially deploy Mythos 5 through Project Glasswing, in collaboration with the US government, for a limited group of cyber defenders and critical software infrastructure providers.

The launch highlights a growing model governance approach in which access to frontier AI capabilities is tiered according to use case and risk. Anthropic said it plans to expand trusted access to Mythos 5 while continuing to refine safeguards for broader public use.

Why does it matter?

The release shows how frontier AI providers are increasingly linking capability deployment to access controls, model routing and domain-specific safeguards. As advanced systems become more useful for software engineering, cybersecurity and scientific research, companies face pressure to provide broad access while limiting misuse in dual-use areas. Anthropic’s split between Fable 5 and Mythos 5 reflects a wider governance question: who should receive access to the most capable AI systems, under what conditions, and with what oversight.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Study warns of self-replicating AI malware using real-time reasoning

Cybersecurity researchers have demonstrated an AI-powered computer worm capable of identifying vulnerabilities, generating attack strategies and spreading autonomously across networks. The study suggests that advances in AI agents could enable a new class of adaptive cyber threats capable of operating with minimal or no direct human intervention.

The research, conducted by teams from the University of Toronto, Vector Institute, University of Cambridge, and ServiceNow, describes malware that uses large language models to tailor its behaviour to each target. Unlike traditional worms, the system can adapt its attack methods in real time instead of relying solely on pre-programmed exploits.

Testing in a controlled virtual environment showed the system could successfully compromise multiple machines and replicate across a simulated network over several days. The worm also operated without relying on cloud infrastructure, running AI models locally on infected systems and using those resources to support its operations.

Researchers warned that such capabilities could signal a shift towards what they describe as ‘autonomous generative adversaries’ and stressed the need for stronger detection systems, evaluation frameworks and governance mechanisms. While details were limited to reduce misuse risks, the authors said the findings reflect how rapidly AI-enabled cyber capabilities are evolving.

Why does it matter? 

The research signals a shift in cyber risk from static, signature-based malware to autonomous systems capable of reasoning, adapting, and scaling attacks without human input.

As AI models become more capable and widely deployed, the line between tool and autonomous threat blurs, increasing pressure on cybersecurity systems, patching cycles, and regulation to keep up with real-time, evolving attacks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Canada warns of cyber threats targeting FIFA World Cup 2026

Canada’s Cyber Centre has warned that the FIFA World Cup 2026 will almost certainly attract cyber threat activity from cybercriminals, non-state actors and state-sponsored actors.

The tournament will run from 11 June to 19 July 2026 across Canada, the US and Mexico, with 104 matches in 16 cities. The Cyber Centre said the event’s global visibility, complex supporting infrastructure and broad ecosystem of suppliers and services create a large attack surface.

According to the bulletin, cybercriminals are expected to exploit public interest in the tournament through phishing, social engineering, ticket scams, fraudulent travel offers, fake livestreaming services, malicious apps and other forms of online fraud. The Cyber Centre cited research identifying more than 4,300 likely fraudulent domain registrations linked to the tournament as of August 2025.

Organisations connected to the event, including travel, hospitality, ticketing, broadcasting, telecommunications, utilities and transport providers, could also face ransomware, distributed denial-of-service attacks and website defacement. The Cyber Centre said attackers may target entities in the wider tournament ecosystem to maximise publicity, even when their targets are not part of the core World Cup infrastructure.

The bulletin also warned that threat actors are very likely to use the event for disinformation and influence activity, including campaigns involving AI-generated articles, images, videos and deepfakes. It found that there is roughly an even chance of disruptive state-sponsored cyber activity, depending on geopolitical tensions involving host nations or participating countries.

Canadian authorities urged fans, attendees, athletes, government officials and organisations linked to the tournament to strengthen cybersecurity practices and prepare for scams, disruptive attacks and information manipulation during the event.

Why does it matter?

The bulletin treats the World Cup as more than a sports event. It frames major tournaments as digitally dependent public safety environments involving ticketing systems, broadcasters, transport networks, hotels, mobile communications, local authorities and critical infrastructure. Cyber incidents during such events can cause financial loss, service disruption, data exposure, emergency communication risks and information manipulation, making cybersecurity part of event resilience and public trust.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UN Cybercrime Convention Protocol talks reveal competing visions

The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing.

The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences.

The United States questioned the exercise’s premise, arguing that discussions on a supplementary protocol are premature because the Convention has not yet entered into force and its implementation has not yet been tested. Washington called for the Committee first to address whether a protocol is needed at all before discussing its scope, objectives and structure.

Russia, by contrast, submitted a draft protocol text covering a broad range of offences, including terrorism financing, extremism, arms and drug trafficking, critical information infrastructure, unauthorised access to personal data and crimes involving AI. The proposal reflects a wider approach to criminalisation, including content-related offences that are likely to be contested by states concerned about overreach, legal certainty and human rights safeguards.

Other early submissions appear more cautious. Brazil, Nigeria, and Ecuador broadly support advancing the protocol process, while signalling the need to limit its scope and maintain attention to safeguards. Brazil warned against including offences where there is insufficient international consensus, while Ecuador proposed a structure that includes emerging offences, digital evidence, public-private cooperation, proportionality and human rights.

The early inputs point to a familiar divide in UN cybercrime negotiations: whether the treaty framework should remain focused on classical cybercrime, electronic evidence and criminal justice cooperation, or expand further into content-based offences, national security concerns and politically sensitive forms of online conduct.

Why does it matter?

A supplementary protocol could shape the evolution of the UN cybercrime framework after the adoption of the main Convention. If states use the protocol to add broad or content-related offences, the treaty system could move beyond core cybercrime and electronic evidence cooperation into areas with direct implications for freedom of expression, human rights safeguards, political speech, platform governance and state sovereignty. The early submissions suggest that those unresolved tensions are already resurfacing before the Convention has entered into force.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission welcomes the new G7 cybersecurity declaration

The European Commission has welcomed a new G7 Cybersecurity Working Group Declaration aimed at strengthening international cooperation in response to growing cyber threats.

Adopted under France’s G7 Presidency, the declaration calls for coordinated action to address cybersecurity challenges associated with quantum computing, AI, telecommunications infrastructure, and the protection of small and medium-sized enterprises (SMEs).

One of the declaration’s central priorities is accelerating the transition to post-quantum cryptography. As quantum computing capabilities continue to advance, governments and industry are being urged to accelerate preparations for new encryption standards capable of resisting future quantum attacks. The declaration describes migration to quantum-resistant encryption as an urgent cybersecurity priority that organisations should begin addressing now.

AI is another major focus of the declaration. The G7 declaration recognises that AI can both strengthen and threaten cybersecurity. Concerns include AI-enabled cyberattacks, model manipulation, data breaches, and software vulnerabilities.

The European Commission noted that it is preparing an action plan on AI and cybersecurity to help Member States and businesses address emerging risks while strengthening Europe’s cyber resilience.

The declaration also emphasises the importance of resilient telecommunications infrastructure and stronger protection for SMEs. Building on initiatives such as the NIS2 Directive and the Cyber Resilience Act, the EU said it will continue working with international partners to strengthen cybersecurity standards, protect critical infrastructure and support organisations facing increasingly sophisticated cyber threats.

Why does it matter?

The declaration reflects growing international recognition that cybersecurity challenges are increasingly transnational and require coordinated responses. Emerging technologies such as AI and quantum computing are creating new opportunities for innovation, but also introducing new vulnerabilities that could affect governments, businesses and critical infrastructure.

The emphasis on post-quantum cryptography is particularly significant, as organisations worldwide face the long-term challenge of protecting sensitive data against future quantum-enabled attacks. The declaration also highlights the growing importance of international cooperation in building cyber resilience and securing digital ecosystems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Anthropic offers ENISA access to advanced AI security model

Anthropic has invited the European Commission to facilitate access for ENISA, the EU agency for cybersecurity, to its cybersecurity-focused AI model Mythos, according to Bloomberg. The invitation followed a meeting between Anthropic and the Commission in San Francisco on 29 May. The EU must now establish a mechanism with appropriate security safeguards before access can be implemented; an ENISA official confirmed the agency does not currently have active access.

Anthropic unveiled Mythos in April, describing it as a model capable of identifying and exploiting cybersecurity vulnerabilities at a level that surpasses most human experts. Bloomberg reported on 2 June that ENISA was set to receive access to the model.

European Commission spokesperson Thomas Regnier welcomed the development, saying that access could help authorities build a clearer understanding of potential risks as increasingly capable AI models enter the market. The invitation follows calls from European policymakers and cybersecurity officials for greater access to advanced AI systems and for the development of comparable European capabilities.

Why does it matter?

The emergence of AI models capable of identifying software vulnerabilities at scale is reshaping cybersecurity risk assessments for governments, regulators and critical infrastructure operators. Access to such systems can help authorities better understand their capabilities, evaluate potential threats and develop appropriate safeguards.

For the EU, granting ENISA access to Mythos could support evidence-based policymaking and strengthen preparedness as increasingly powerful cybersecurity-focused AI models become available. The move also highlights a broader challenge: ensuring that public institutions can keep pace with rapidly advancing AI capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Supply chain attack compromises Red Hat software packages on npm

Security researchers at Aikido and JFrog identified malicious code in more than 30 software packages published through a verified Red Hat Cloud Services account on npm, the widely used software package repository for developers. The packages are used across cloud application development and are installed by developers and automated systems worldwide.

According to the researchers, the attackers did not initially target individual developers. Instead, evidence suggests they gained access to the automated pipeline used to publish Red Hat Cloud Services packages to npm. Evidence indicates they gained access to the automated pipeline that publishes Red Hat Cloud Services software to npm, allowing them to distribute modified packages through an officially trusted channel. Developers and organisations following standard security practice, only installing software from verified, trusted sources, would have had no reason to suspect these packages.

Systems that installed the affected packages from 1 June onward may have executed hidden malicious code capable of harvesting credentials and transmitting them to the attackers. That code collected a wide range of credentials from the affected machine: access keys for Amazon, Google, and Microsoft cloud services; tokens used in automated software pipelines; passwords stored in cloud-based vaults; and credentials for a range of developer tools. The collected data was then transmitted to the attackers.

Researchers said the malware attempted to disguise its outbound communications by mimicking requests to an Anthropic-related service address, potentially making malicious traffic less conspicuous in network logs. The specific path used does not correspond to any real Anthropic end point, but its appearance in network logs would be inconspicuous at organisations using Anthropic products. Network defenders should treat any automated process contacting that address as a potential indicator of compromise.

The malware also installs persistent background processes that survive system restarts, and embeds hooks into several widely used AI coding assistants and developer tools. Researchers also warned that the malware may delete files if compromised credentials are revoked before the malicious software is fully removed from the affected system. Organisations investigating this incident should remove all traces of the malware before revoking any compromised credentials.

Aikido and JFrog have published a list of affected package versions and recommend treating any system that installed them on or after 1 June 2026 as potentially compromised until investigated.

Why does it matter?

Software supply chain attacks are particularly difficult to defend against because they exploit trusted distribution channels rather than relying on phishing, malware downloads or other forms of user error. In this case, developers and organisations installing software from a verified source could have unknowingly introduced malicious code into their environments.

The incident also highlights growing concerns around the security of software publishing infrastructure. As organisations increasingly depend on open-source components and automated development pipelines, compromises affecting trusted repositories can have far-reaching consequences across cloud environments, development systems and critical digital services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

White House launches new AI security framework for frontier models

US President Donald Trump has signed an executive order aimed at advancing AI innovation while strengthening cybersecurity protections across government networks and critical infrastructure sectors.

The order directs federal agencies to strengthen cyber defences and expand the use of AI-powered security tools. Several federal departments have been given 30-day deadlines to begin implementing additional protections for national security systems, civilian government networks and critical infrastructure operators.

A central element of the initiative is the creation of an AI cybersecurity clearinghouse that will work with technology companies and infrastructure providers to identify software vulnerabilities, coordinate security research and support faster patch deployment.

Federal officials will also examine funding opportunities for projects focused on advanced AI vulnerability detection and expand cybersecurity recruitment programmes.

The executive order also introduces a voluntary framework for developers of advanced AI models. Under the framework, companies may choose to work with the government to determine whether their systems qualify as frontier AI models and provide secure early access for cybersecurity assessments prior to broader deployment.

Administration officials emphasised that the framework does not create mandatory licensing or government approval requirements for the release of new AI technologies.

Why does it matter? 

The order signals a US strategy of accelerating AI development while addressing emerging national security risks, reflecting growing competition among major economies to lead the next generation of advanced technologies.

Its emphasis on voluntary collaboration rather than strict regulation could influence how other countries approach AI governance, innovation and cybersecurity in the years ahead.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Greece approves major digital governance and interoperability reforms

The Greek Parliament has approved a bill from the Ministry of Digital Governance and Artificial Intelligence to expand digital public services, reduce bureaucracy, and strengthen cybersecurity.

The legislation implements the EU rules on the cross-border automated exchange of supporting documents through the once-only principle, allowing citizens and businesses to avoid repeatedly submitting the same documents to public authorities across the EU.

Greece’s new framework establishes technical and operational measures enabling public authorities to retrieve official documents securely and automatically, with the user’s consent. The system will operate through the European interoperability infrastructure and in line with the EU data protection requirements.

The General Secretariat for Information Systems and Digital Governance will oversee technical coordination and implementation.

Beyond cross-border services, the legislation introduces several domestic digital initiatives. These include a Defective Vehicle Recall Registry to notify vehicle owners about critical safety issues, upgrades to the MyStreet application with electric vehicle charging points and emergency gathering locations, and a customer relationship management platform on gov.gr that will allow citizens to track public service requests through a single interface.

The bill also includes measures to accelerate the launch of more than 800 new public-sector interoperability services and strengthen protections against online fraud. A National Malicious Website Blocking List will be established through Greece’s National Cybersecurity Authority to support faster blocking of phishing websites, scam portals, and malicious online services.

Why does it matter?

The legislation shows how EU interoperability rules are being translated into national digital government reforms. Greece is combining the once-only principle for cross-border public services with domestic service integration, citizen-facing digital tools, and cybersecurity measures against online fraud. The result is a broader shift towards public administration built around automated document exchange, consent-based data retrieval, and shared digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

GCHQ outlines AI-driven cyber defence programme for protecting critical infrastructure

The UK’s signals intelligence agency GCHQ has announced plans to develop an AI-powered national cyber defence capability that would use autonomous software agents to identify and respond to cyber threats at machine speed. Speaking publicly, GCHQ director Anne Keast-Butler described the initiative as a ‘blueprint for a new national cyber defence capability’ to be operational within five years.

The programme would apply agentic AI to monitor and protect critical sectors including energy, water, healthcare, transport, and financial services. According to Keast-Butler, advances in AI are accelerating the discovery of software vulnerabilities, increasing pressure on defenders to identify and mitigate risks more quickly.

UK Security Minister Dan Jarvis had previously outlined the national cyber shield concept in April, noting that protecting critical infrastructure in an AI-enabled environment would require approaches beyond standard commercial security products. The Cabinet Office has since approached AI companies to contribute to the development of these capabilities.

GCHQ is separately integrating AI into its intelligence analysis workflows, including language translation and large-scale data processing.

Alongside the cyber defence announcement, Keast-Butler addressed two further technical priorities. On quantum computing, she noted that post-quantum encryption is now an active planning requirement rather than a future consideration, pointing to National Cyber Security Centre guidance on transitioning to quantum-resistant algorithms. On space, she observed that the volume of orbital infrastructure has grown substantially — over 10,000 new objects launched in three years — with GCHQ working to secure space-based systems that underpin data transmission globally.

GCHQ’s Mathematics directorate is developing new cryptographic methods suited to the post-quantum environment, building on the agency’s role in pioneering public-key cryptography in the 1970s.

Taken together, the announcements sketch a broader shift in how GCHQ positions its role. The announcements suggest a broader role for GCHQ, combining intelligence, cybersecurity, cryptography and infrastructure protection as part of the UK’s wider digital resilience strategy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.