Anthropic Accuses Alibaba of Stealing Claude as Cisco SD-WAN Root Exploit Detailed

Adversarial extraction — of router root access, criminal infrastructure, and AI model weights — defines today's digest.

Security

Mandiant has published a detailed post-mortem on the Cisco Catalyst SD-WAN zero-day (CVE-2026-20245) under active exploitation. The mechanism is straightforward and damaging: attackers leveraged the flaw to create rogue root accounts directly on targeted devices, bypassing normal authentication entirely. If you run Cisco Catalyst SD-WAN at the edge, this is not a patch-when-convenient situation. CISA simultaneously flagged a separate actively exploited critical flaw in Lantronix EDS5000 Series serial-to-IP converters — the kind of OT-adjacent device that tends to sit unpatched on industrial networks for years. Two exploited critical vulnerabilities announced the same day is a useful reminder that the attack surface extends well beyond cloud.

On the law enforcement front, Operation Endgame landed a coordinated two-pronged takedown, simultaneously dismantling a pair of widely used cybercrime "assembly line" tools. Endgame has become a recurring, multi-agency operation that treats malware-as-a-service infrastructure the way narcotics enforcement treats supply chains — hit the loaders, droppers, and distribution infrastructure rather than just the end perpetrators. Each successive wave disrupts more of the commodity tooling underpinning ransomware and fraud campaigns.

Researchers also documented a novel browser sandbox escape in the wild: a malicious Microsoft Edge extension dubbed 'Edgecution' abused Edge's Native Messaging API as a bridge between the browser sandbox and the host OS, ultimately deploying a Python-based backdoor and ransomware payload. Native Messaging is a legitimate extension capability, but it's also a well-documented escape vector. The fact that it's being actively weaponized for ransomware delivery should prompt any enterprise running Edge extensions to audit what Native Messaging hosts are registered on their endpoints.

AI

The biggest story is Anthropic's allegation that Alibaba illicitly extracted Claude AI model capabilities. Details remain sparse but the accusation is significant on multiple levels: it puts a concrete face on the model-extraction threat labs have theorized about for years, it lands squarely in the middle of the US-China tech confrontation, and it raises uncomfortable questions about the limits of API rate-limiting and output filtering as security controls. If the extraction method was systematic enough to produce a usable derivative, the implications reach every lab selling API access.

The AI silicon race continued with OpenAI and Broadcom announcing a custom chip designed specifically for LLM inference at scale. OpenAI joining the custom-silicon club — alongside Google's TPUs, Amazon's Trainium, and Microsoft's Maia — is the logical endpoint of the inference-cost arms race: at OpenAI's volume, marginal per-token efficiency gains translate to nine-figure annual savings. The chip won't ship imminently, but the announcement signals that OpenAI is done being fully dependent on Nvidia for inference.

Google is continuing to lose senior AI researchers to competitors. Jonas Adler and Alexander Pritzel are the latest departures, heading to Anthropic — following Noam Shazeer and Nobel laureate John Jumper. Losing researchers at that caliber is a compounding institutional knowledge loss that infrastructure advantages can only partially compensate for.

Cerebras delivered its first public-company earnings report and immediately cratered: the chipmaker forecast a narrower gross margin than investors expected, and the CEO's attempt to walk back the language didn't help. The wafer-scale architecture is genuinely technically differentiated, but public markets are unforgiving for AI infrastructure companies that undershoot the growth narrative. Contrast that with Intel-backed SambaNova reportedly in talks to quintuple its valuation to $10 billion — private markets are still pricing AI chip bets aggressively, even as public ones punish any miss.

And in a sign of where enterprise AI adoption actually stands: companies are scrambling to stop employees from burning through token budgets on small tasks. The tokenmaxxing era is giving way to token rationing, cost dashboards, and per-team budgets. The economics of AI at enterprise scale are not yet solved.

Tech

Europe is actively resisting Washington's push to restrict older-generation deep ultraviolet lithography tool exports to China, with ASML's CEO making clear the MATCH Act would put off limits gear first shipped roughly a decade ago. The EU's pushback is partly economic — ASML's DUV revenue from China is substantial — but it's also a structural disagreement about whether export controls at this tier achieve strategic goals or merely redirect Chinese procurement while harming European manufacturers.

The FCC is advancing a plan to require ID verification for prepaid burner phones, which privacy advocates and domestic violence organizations are calling a serious mistake. The stated rationale is fraud prevention; the practical effect would be eliminating one of the few remaining anonymous communication options available to people in dangerous situations.

Microsoft's Majorana 1 quantum chip — subject of a high-profile "breakthrough" announcement in early 2025 — is now facing a formal challenge published in Nature, questioning whether the fundamental physical properties underpinning the topological qubit claims were actually demonstrated. If the critique holds, it's a significant reputational problem for a program Microsoft has treated as one of its most ambitious long-term bets.

GTA VI will cost $79.99, and physical copies will ship without a disc — just a code in a box. The price is above the $69.99 ceiling that defined last generation, but the disc-free physical edition is the more structurally significant move: it eliminates resale and makes the "physical" edition functionally identical to a digital purchase with cardboard attached.

Finally, a new site is publicly naming companies without passkey support — 24% of the most popular websites currently fall into that category. The shame approach is a blunt instrument, but it has a track record for nudging adoption.

The thread connecting today's biggest stories is adversarial extraction at every layer: firmware root access via unpatched SD-WAN, browser sandbox escapes enabling ransomware, alleged model capability theft at the AI layer, and the geopolitical contest over who can build the hardware those models run on.