NSA Is Using Anthropic's Mythos AI for Offensive Cyber Operations

Yesterday's security feed delivered a trio of attacks that weaponize trust — in software distribution, in payment processors, and in password managers — while the NSA reportedly put an Anthropic AI model to work in offensive cyber operations.

Security

The Windows version of Hola Browser was compromised in a supply chain attack that shipped an undeclared cryptominer alongside the legitimate installer. Users who downloaded or updated the browser silently handed over compute cycles to the attacker. Hola has a prior history of selling user bandwidth through its VPN proxy — this second trust violation in its short history suggests the software is a persistent risk surface worth dropping entirely.

A new Magecart campaign found a sharper approach to card skimming: route the payload and exfiltrated data through Stripe's own API infrastructure. By piggybacking on a domain that legitimate checkouts also call, the campaign makes network-layer detection significantly harder — the same trusted third party processing the payment becomes the exfiltration channel. Security teams running allow-list policies on payment processors should review their Stripe traffic baseline.

Dashlane published an explanation of how attackers managed to download encrypted password vaults. The attack wasn't a single sophisticated breach — it was volume. By targeting a large number of accounts simultaneously, attackers improved their statistical odds of landing users with weak master passwords. The vaults remain encrypted, but that encryption is only as strong as the passphrase protecting it. For any user with a reused or dictionary-weak master password, the vault download is a countdown clock. If you use Dashlane, verify your master password strength and enable MFA now.

Also: DentaQuest disclosed a breach affecting 2.6 million accounts — the standard mix of names, addresses, and benefits data.

AI

The most significant disclosure of the day: the Financial Times reports the NSA is using Anthropic's Mythos for cyber operations. The framing — "cyber attacks" rather than defensive analysis — puts this squarely in offensive territory. It signals that frontier AI models are now considered operationally mature enough for intelligence community deployment, and that the distance between "research-grade AI" and "military-grade tool" has quietly closed.

The timing creates an uncomfortable contrast: Anthropic simultaneously open-sourced a reference harness for AI-powered vulnerability discovery, positioned explicitly as a defensive research tool. The lab that built its identity around responsible AI development is now supplying both offensive government operations and public defensive tooling at the same time. That dual-use reality is no longer hypothetical — it's in production.

An Estonian government benchmark evaluated dozens of LLMs on resistance to Russian strategic narratives, finding significant variance across models. Full rankings aren't yet public, but the existence of the benchmark is the real story: governments are formally scoring AI systems on information-warfare resilience as a procurement criterion alongside capability benchmarks. That's a meaningful shift in how the public sector thinks about model evaluation.

Inside Microsoft, Satya Nadella reportedly directly rebuked an executive's plan to engineer user "addiction" to AI agents. Details are sparse, but the escalation to CEO-level intervention illustrates a real commercial pressure: engagement-over-utility is a tempting optimization target when AI product revenue is still being defined.

Tech

The Supreme Court issued an 8-1 ruling against AT&T and Verizon over FCC fines for selling customer location data to brokers. The carriers had argued they were entitled to a jury trial; the court disagreed. The fine amounts are modest relative to carrier revenues, but the ruling closes a procedural escape route that had extended years of delayed accountability.

Meta shipped facial recognition on its smart glasses, allowing the device to identify people in the wearer's field of view in real time. Privacy researchers flagged this risk when the hardware was announced; the gap between capability and consumer deployment closed faster than most expected. There is no obvious visual indicator for subjects being scanned.

South Korea is mandating that online communities scan every uploaded image using AI censorship tools. The stated purpose is detecting illegal content, but the required infrastructure — real-time AI analysis of every image at scale — is a surveillance architecture regardless of the stated intent. The compliance burden will fall hardest on smaller platforms.

Helion raised $465M to build a fusion power plant for Microsoft, targeting a 2028 completion date. Fusion timelines have a long history of slipping, but the Microsoft offtake agreement adds accountability that most fusion announcements lack — there is a contractual delivery expectation attached to this one.

Valve confirmed its Steam Machine and Steam Frame VR headset are launching this summer, with Verified programs now live for both platforms — the most specific commitment Valve has made after years of delays.

The common thread: AI capabilities being built for security research are already deployed in offensive government operations, while ordinary users bear the risk of supply chains and hardware they cannot meaningfully audit.

Also yesterday

• CISA, FBI, and NSA Warn of Active Attacks on Internet-Exposed Fuel Tank Monitors
• Chinese Hackers Deploy Previously Undocumented Atlas RAT Against European Targets
• CISA Flags Actively Exploited Magento RCE CVE-2026-45247 — Patch Now
• Cisco Unified CM Exploit Goes Public — Unauthenticated Root Access via CVE-2026-20230