Chinese APT Owned an Auth Stack for a Decade; Amazon's Jassy Triggered the Anthropic Shutdown
Chinese hackers quietly controlled an enterprise authentication stack for a decade while the Anthropic model ban finally got an origin story: Amazon's own CEO may have set it in motion. Splunk's critical unauthenticated RCE rounds out a dense day for defenders.
Security
The standout threat intelligence story: a Chinese state-linked actor hijacked a target organization's authentication infrastructure and maintained covert access for approximately ten years, per BleepingComputer. What makes this unusual isn't just the duration—it's the attack surface. The threat actor seized control of the authentication stack itself, not merely harvested credentials. That meant every privileged session, every password reset, and every administrative action on what appears to have been an isolated network was potentially visible to the attacker throughout the entire window. Air-gapped and isolated networks are supposed to represent the hard target; owning the auth layer eliminates the need to breach the perimeter repeatedly and provides a permanent, trusted vantage point from which to observe all administrative activity. The decade-long persistence, combined with the sophistication required to own auth on an isolated network, marks this as a mature, patient, state-backed program. Attribution to a specific group and the target's industry weren't disclosed in available reporting.
More immediately actionable: Splunk has patched CVE-2026-20253, a critical vulnerability in Splunk Enterprise that allows unauthenticated file operations and remote code execution. No valid session or credential required—a network-exposed Splunk instance is a direct, unauthenticated pivot point. The SIEM has wide network access and deep logging visibility by design, which makes it a high-value lateral movement target. Patch immediately; in the absence of confirmed active exploitation, treat any critical unauthenticated RCE in a core infrastructure component as exploited until proven otherwise.
Rounding out security: a former Iowa school district IT administrator was sentenced to 21 months in federal prison for a sustained post-employment attack on his former employer—deleted accounts, disrupted classroom operations, tens of thousands in damages. File it as a reference point for how insider threat and revoked-access prosecutions land in practice.
AI
The Fable 5 and Mythos 5 shutdown (covered here as breaking news Friday evening) now has an origin story. Both the Wall Street Journal and The Information report that Amazon CEO Andy Jassy raised security concerns about Anthropic's models in direct conversations with US government officials, and that Amazon's own cybersecurity research contributed to the export control directive that followed. TechCrunch's reporting adds that internal Amazon analysis flagged the models before the government acted. The competitive tension here is structural: Amazon is Anthropic's largest investor and simultaneously runs the Bedrock platform, which sells competing frontier models. Whether Jassy's concerns reflected genuine national security judgment, competitive positioning, or both, the practical result is that Anthropic's two most capable models went dark globally—including for Anthropic's own employees. The government has indicated it won't extend the directive to other AI labs at this time, per The Information—that narrows the immediate blast radius but leaves the underlying mechanism fully intact.
OpenAI is now under investigation by multiple state attorneys general, covering ad practices, health data handling, and an apparently broad range of other conduct. The states involved haven't been publicly identified. Two major governance actions against frontier labs within 48 hours signals that the period of hands-off regulatory treatment may be closing.
KPMG pulled a published report on AI adoption after it was found to contain apparent hallucinations. A major consultancy publishing AI-fabricated statistics about AI, and then retracting them publicly, is a meaningful credibility event—not just for KPMG but for any organization publishing AI-assisted research without rigorous fact-checking. The gap between "AI-assisted with review" and actual human review is wider than most enterprise processes currently acknowledge.
From the UK: a Derbyshire police officer is under investigation for allegedly using AI to fabricate evidence across multiple cases. This is distinct from the usual concerns about AI bias in policing or deepfake evidence presentation—this is an officer allegedly using generative AI as a tool to manufacture case materials from scratch. The criminal justice and procedural implications extend well beyond one constabulary.
Tech
Meta is reportedly dismantling its $2 billion Manus acquisition after Beijing ordered the deal reversed. US export controls block Anthropic's models from foreign access; China orders a US company to unwind an AI acquisition. Governments on both sides are now treating model access and AI firm ownership as direct geopolitical levers—not background policy considerations.
The Anthropic episode is also reshaping AI strategy debates in India, where tech and policy leaders are using the sudden cutoff as a concrete argument for sovereign AI investment. Building mission-critical workflows on models that a foreign government can order offline is now a documented risk, not a hypothetical.
Worth flagging separately: the US has banned the use of differential privacy techniques in Census data. Differential privacy adds calibrated statistical noise to published datasets to prevent re-identification of individuals—it has been the gold standard for government statistical releases that need to be both useful and privacy-preserving. The reversal trades individual privacy protections for data fidelity, and the privacy research community is pushing back hard on the decision.
The through-line: AI model access is now a geopolitical instrument, and the domestic regulatory consensus is moving faster than most organizations' risk frameworks have accounted for.
Also yesterday
- 400+ AUR Packages Hijacked to Deploy Credential Stealer and eBPF Rootkit
- US Government Forces Anthropic to Shut Down Fable 5 and Mythos 5 — Migrate Now
- 21 Zero-Days in FFmpeg: Audit Your Media Processing Stack Now
- Chinese hackers hijack auth flow, spy on isolated network for a decade
- Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
- Ex-school district employee jailed for hacks on former employer
- Amazon CEO's Talks with U.S. Officials Triggered Crackdown on Anthropic Models
- Amazon’s Jassy Raised Concerns About Anthropic Model Before Trump Crackdown
- Amazon CEO reportedly raised Anthropic model concerns before government crackdown
- Exclusive: U.S. Government Unlikely to Extend Anthropic Export Control to Other AI Companies
- OpenAI faces investigation from state attorneys general
- KPMG pulls report on AI usage due to apparent hallucinations
- Police officer investigated for using AI to 'create evidence' in multiple cases
- Meta reportedly moves to unwind $2B Manus deal after Beijing’s demand
- As Anthropic suspends access to new models, India debates its AI future
- US bans differential privacy in Census data
Synthesized by Claude · sanity-checked before publish.