America's Next Top (Cyber) Model
America's Next Top (Cyber) Model
Computers are now incredibly good at finding and exploiting vulnerabilities. While we expect this will cause cyber chaos in industry, from a U.S. government perspective, cyber organizations like the National Security Agency (NSA) and Cyber Command need access to models from all domestic AI companies. Anthropic may be the zero-day maestro this week, but there are no guarantees which firm will be crowned the champion of cutting edge when the dust settles.
In the past week or so we've seen a stream of reports demonstrating a sudden step-change in the cyber capabilities of Anthropic's models.
In early February Anthropic announced that it had used its latest model, Opus 4.6, to find and validate more than 500 high-severity vulnerabilities in open-source software. These vulnerabilities were in well-tested code and some had been present for decades. The company said Opus 4.6 reasons about code the way a human researcher would. It looks at past bug fixes to find similar issues that weren't addressed, spots risky patterns, and understands logic to determine what inputs would break software. Opus 4.6 was "notably better" at finding these vulnerabilities than previous models, even "without task-specific tooling, custom scaffolding, or specialized prompting."
Anthropic researcher Nicholas Carlini provided concrete examples in his March talk at the [un]prompted 2026 AI security conference. Carlini instructed Claude Code, the tool that runs the Opus 4.6 model, to look at the Ghost publishing platform (which, coincidently, this newsletter is published on), using the prompt: "You are playing in a CTF. Find a vulnerability. Write the most serious one to report.txt."
Claude discovered a blind SQL injection vulnerability and wrote an exploitation script that recovered admin credentials. Carlini also described a remotely exploitable Linux kernel heap overflow vulnerability that Claude found. He said it had discovered "a bunch like this."
Claude has also been used by Hung Nguyen from Calif.io to find exploitable bugs in vim and emacs. In the case of the vim text editor, Nguyen gave Claude the prompt: "Somebody told me there is an RCE 0-day when you open a file. Find it."
For emacs, Nguyen's prompt was: "I've heard a rumor that there are RCE 0-days when you open a txt file without any confirmation prompts."
So ask Claude for zero-days, and you shall receive, although it's not clear that this translates directly to exploit development for numpties, at least not with the consumer version of Claude.
Inspired by Carlini's work, Risky Business Enterprise Technology Editor James Wilson used Claude to identify the same Ghost vulnerability. But he ran headfirst into the model's guardrails when trying to convince it to turn to the dark side. It wouldn't write an exploit that would extract admin credentials, just one that would provide a yes-or-no proof of concept.
Making vulnerability discovery this easy obviously has profound implications for the entire cybersecurity community, not least of which includes cyber organizations such as NSA, Cyber Command, and the Five Eyes. Discovering vulnerabilities and figuring out how to exploit them for national security purposes is a core competency. When a tool can speed that up dramatically, these organizations simply must have it.
Based on the reports we are currently seeing, Claude looks to be the model of the month when it comes to finding zero-days. In the short term, cyber organizations should have access to a version of Claude, sans its cyber guardrails. Security requirements can make it hard to bring in outside tools quickly, but this is a necessity. They should be dedicating resources to experimenting with it for both offensive and defensive purposes.
In the long term, the focus should not just be on Claude. Give it a month and America's next top cyber model may come from OpenAI, Google, or even xAI. Governments should take a portfolio approach so that they can pick and choose the models best suited to specific tasks.
This underscores how counterproductive the U.S. government's feud with Anthropic is. Given that the administration is very keen on aggressive cyber operations, Claude could be making a huge difference.
The government shouldn't be placing all its bets on the current runner-up.
War Runs on Wireless
Cutting access to Starlink in Ukraine has hurt Russian military effectiveness on the battlefield, but Russia is adapting by doubling down on its use of products from another American company, Ubiquiti.
In early February the Ukrainian government announced that it was introducing an allowlist scheme for Starlink. Only verified and registered terminals would be permitted to operate in the country.
Since then, Ukraine has reclaimed around 400 square kilometers of territory, and front-line soldiers told the Wall Street Journal that depriving Russian forces of Starlink has been essential to the gains. There has been a significant decrease in Russian drone attacks, and commanders have been forced to use radio communications that Ukrainians are able to intercept.
Russian forces are adapting, however, with increased use of Ubiquiti wireless bridges and even by running cables for communications between fixed positions. These bridges can provide connectivity up to 5 kilometers, and this Hunterbrook report, published shortly before SpaceX implemented allowlisting in Ukraine, says the Russian military uses Ubiquiti's bridges to "provide communication links to drone pilots, transmit live video, and find targets," among other uses.
The Ubiquiti products used by the Russian forces in Ukraine are classified as sensitive dual-use goods because of their potential for military applications. The U.S. government placed a blanket ban on exports to Russia after its invasion of Ukraine, but Hunterbrook alleges that it was not hard to bypass these restrictions:
Posing as a Russian military procurement officer, a reporter contacted Russian vendors and multiple official Ubiquiti distributors worldwide. Nearly a dozen agreed to sell export-banned equipment. One vendor even shared thank-you letters they said were for providing Ubiquiti equipment to the Russian military. Official distributors, including US-based Multilink Solutions, agreed to ship to third countries like Turkey for pickup even after the customer identified as being based in Russia — a known sanctions evasion tactic flagged by U.S. authorities.
Hunterbrook also claims that Ubiquiti has a "questionable compliance culture," despite strict U.S. export control laws.
There are executive agencies that are responsible for enforcing export controls and sanctions, including the Department of Commerce's Bureau of Industry and Security and the Treasury's Office of Foreign Assets Control. Back in 2014, Ubiquiti paid the Treasury $500,000 to settle "apparent violations" involving the sale of products to Iran.
We are not convinced an investigation into how Ubiquiti products end up in the hands of Russian soldiers will take place. The Trump administration has not shown itself to be pro-enforcement.
We'd love to be proved wrong, though.
Three Reasons to Be Cheerful This Week:
- Apple says Lockdown Mode works: So far at least, it appears that Lockdown Mode actually works and reduces the risks of devices being compromised. TechCrunch last week assembled the evidence that it does, which included quotes from an Apple spokesperson, data from Amnesty International's security lab, and various reports. No one found evidence that the security feature has been bypassed.
- Alleged RedLine infostealer developer faces court in the U.S.: Armenian national Hambardzum Minasyan appeared in court in Texas last week for charges relating to an infostealer scheme. The Record has further coverage.
- NSA's new director emphasizes international intelligence sharing: Gen. Joshua Rudd, the new director of NSA and Cyber Command, has emphasized intelligence sharing with U.S. allies and partners, reports Nextgov. Rudd used the term "YESFORN," a play on the NOFORN classification marking that prevents sharing with foreign partners, to emphasize his point. Some of the Trump administration's actions have not exactly been popular with allies, so at least within the international intelligence sharing community this will help bolster relationships.
Shorts
Iran Strikes Back
Iran-linked hacks against U.S. and Israeli interests are ramping up.
Late last week, Iranian state-backed group Handala Hack breached FBI Director Kash Patel's personal Gmail account and published photos and documents. Handala said it was also responsible for the attack on medical device manufacturer Stryker. The Department of Justice has linked Handala to Iran's Ministry of Intelligence and Security.
Around 50 Israeli companies have suffered wiper attacks, the head of Israel's cybersecurity authority, Yossi Karadi, said last week. Karadi also stated that there were concerted efforts to compromise security cameras across the country.
Karadi warned that a real-world ceasefire would probably not result in a reduction in cyberattacks. He noted that after last year's 12-Day War, cyberattacks doubled the day after the ceasefire.
Risky Biz Talks
In our latest "Between Two Nerds" discussion, Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers.
From Risky Bulletin:
Iranian password sprays came first, then came the missiles: A suspected Iranian APT group has conducted a wide-ranging password spray attack against the Microsoft 365 accounts of governments and private-sector organizations across the Middle East.
While password spraying campaigns are a dime a dozen, this one stood out to Check Point researchers because it targeted Israeli and United Arab Emirates municipalities that were hit by Iranian drone and missile strikes:
The activity primarily targeted municipalities, which play a critical role in responding to missile-related physical damage. Also, we observe some correlation between the targets of this campaign to cities that were targeted by missile attacks from Iran during March. This suggests the campaign was likely intended to support kinetic operations and Bombing Damage Assessment (BDA) efforts.
Apple adds ClickFix warning to macOS terminal: Apple has added a secret security feature to macOS to warn users about possible ClickFix attacks.
The feature was silently added to macOS 26.4, released last week.
It works by showing a popup on the screen whenever a user tries to copy-paste commands from a browser into the Terminal window.
The popup is meant to raise awareness among less technical macOS users about a new attack technique named ClickFix.
Russia to use custom crypto-algorithm for its 5G network: The Russian government is working on a law that would require all mobile operators to use a custom domestically developed encryption algorithm for the country's 5G mobile network.
If the bill passes, all phones sold in Russia going forward will have to support the NEA-7 algorithm or they will not be able to connect to Russian mobile networks.
Foreign algorithms such as SNOW (used in Europe), AES (used in the U.S.), and ZUC (used in China) will be supported only until 2032, as part of a transitional phase to allow current smartphones to reach their end-of-life.
