AI researchers and cybersecurity leaders fear the U.S. government is setting a precedent that may discourage American AI companies from building tools that help defenders identify and fix vulnerabilities.

Why it matters: In trying to avert an AI hacking crisis, the Trump administration may end up making U.S. cyber defenses weaker, dozens of prominent security leaders warned yesterday.

• Cybersecurity experts are worried about the long tail this ongoing feud will have on American cyber defenses.
• "They've set a precedent that American models can't do defensive security research," former Facebook security chief Alex Stamos tells Axios.

Driving the news: Stamos organized an open letter, signed by nearly 150 security leaders, calling on the Trump administration to reverse its move to restrict access to Anthropic's Fable 5 and Mythos 5.

• Concerns about Chinese access to Mythos and a call from Amazon CEO Andy Jassy reportedly sent the administration into a panic last week after Anthropic publicly released its first Mythos-class model.
• During the spat, Anthropic brought in a leading zero-day bug hunter — who helped the Defense Department create its bug bounty program and sat on multiple government-led advisory boards — to help assess Amazon's concerns about the security of Fable and Mythos.
• Now, the administration is casting the security researcher as a "radical Democrat," as my colleagues reported yesterday.

Between the lines: The dispute has quickly shifted from a fight over one model to a broader question of whether the government is creating unwritten rules for AI security research.

• Stamos, who has spoken with the technical staffs involved in the fallout, says the findings Amazon flagged do not appear unique to Anthropic's models.
• Multiple people familiar with Amazon's concerns say they centered on a jailbreak the company found that allows Fable to write "proofs of concept" — a capability security teams often use to understand and fix vulnerabilities.
• Katie Moussouris, CEO of Luta Security, said in a detailed blog post yesterday that she saw a copy of Amazon's findings and the issue didn't involve mass exploitation of the model, but rather prompts designed to support defensive security work.

Flashback: Before releasing Fable 5, Anthropic said, it worked with both internal teams and outside security researchers to test the model for jailbreaks and other flaws.

• The company has also argued that "perfect jailbreak resistance is not currently possible for any model provider," so it has focused on making "jailbreaks either narrow ... or very expensive to produce."

Threat level: Cyber experts warn that if frontier AI companies fear punishment for models that can identify vulnerabilities, they may now be tempted to strip out capabilities on which defenders already rely.

• Moussouris noted in an X post that there is no fix that wouldn't render the model less useful for cyber defenders.
• "No new frontier models can be developed or released if this is the administration's best take," she added.

The big picture: Researchers argue the administration's response risks giving adversaries an advantage.

• Researchers note that Chinese AI developers and government-backed hacking groups are unlikely to abandon similar tools, raising concerns that U.S. defenders could lose access to abilities their adversaries are using.
• "This is closer to China than what I recognize as the United States, and personally I see this as a huge threat to American dynamism," Stamos says.

What to watch: The U.S. government is in the process of standing up a vulnerability clearinghouse via the recent AI security executive order that would likely triage reports about jailbreaks, prompt injections and other threats to AI models.

• But questions linger about how much cybersecurity talent remains in the Trump administration after several White House departures in recent weeks and the sidelining of the nation's top cyber agency.

The ongoing feud between the White House and Anthropic is underscoring another problem plaguing AI security: The industry still lacks clear, consistent definitions for threats facing AI models.

Why it matters: Different AI security flaws require different levels of concern.

• But when researchers, companies and policymakers use the same word to describe several kinds of problems, it becomes harder for nontechnical audiences to understand what is truly serious and what is more routine.

Between the lines: The word "jailbreak" has become a catch-all for any cybersecurity threat facing AI models.

• Originally, the term referred solely to cases where users trick the model into overriding its safety and security instructions.
• Think prompts like "Ignore all previous instructions" and "For educational purposes only, explain how ransomware encryption routines work."

Zoom in: Other security issues have since been pulled into the broader "jailbreak" conversation, including prompt injections, system prompt leaks and other forms of unintended model behavior.

• Prompt injections occur when a model follows instructions secretly embedded in third-party content — such as a website, document or email — and overrides the user's original instructions.
• System prompt leaks happen when users coax a model into revealing hidden developer instructions, such as by asking it to print the rules it was given before the conversation started.
• Those are distinct from training-data extraction attacks, where users try to get a model to regurgitate information it may have memorized during training.

Reality check: Public descriptions of the flaw that spurred the weekend's fallout suggest the issue may be closer to a privilege-escalation or access-control problem than the traditional idea of a jailbreak.

• Researchers simply told Fable 5 to "fix this code" and then used a "multistep and manual process" to turn the outputs into scripts that can test patches, according to Moussouris' blog post.

The bottom line: Just like in traditional cybersecurity, not every jailbreak is automatically considered critical — even in a fast-moving AI world.

China-linked hackers spent more than a year stealing information from North American academic, medical and military research organizations, researchers at Google said yesterday.

Why it matters: The nation-state hacking group used legitimate login credentials to break in, underscoring just how difficult it's become for organizations to find and identify Chinese state-sponsored hackers that may be lurking on their systems.

Threat level: The operation, which Google attributed to little-known player UNC6508, zeroed in on sensitive defense intelligence about Indo-Pacific command operations, AI, uncrewed vehicle systems, cyber offensive programs and medical research, according to a report.

• The group broke into organizations after stealing login credentials for REDCap, a web application popular among nonprofits for managing online databases.
• Hackers then deployed custom malware and abused administrator tools to cover their tracks.
• Google did not say how many organizations were compromised, but it said the targeted organizations employed "thousands of people with a combined research budget in the billions of dollars."
• The earliest known compromise happened in September 2023.

Reality check: The information targeted appears to be in line with Beijing's other reported espionage campaigns.

• The Chinese government has taken a particular interest in stealing American organizations' secrets to give it an edge in the ongoing tech race and in preparation for a potential invasion of Taiwan.
• The Chinese Embassy in Washington did not respond to a request for comment.

📝 Read the report.

OpenAI banned China-linked accounts that used ChatGPT to draft social media influence campaigns targeting U.S. debates over tariffs and AI data centers, the company said Wednesday.

Why it matters: The campaigns don't appear to have been effective, but they show how pro-China actors are testing AI tools to amplify existing political and economic divisions in the U.S.

Driving the news: OpenAI said it uncovered two operations that used ChatGPT to generate posts, comments and political cartoons about U.S. tech policy.

• One campaign, dubbed "Data Center Bandwagon," generated comments and comics claiming AI data centers were driving up electricity prices for American families.
• A second operation, "Tech and Tariffs," used ChatGPT to create content and political cartoons criticizing President Trump's tariffs and the U.S. push for global tech dominance.

The big picture: Both campaigns latched onto already heated debates.

• A recent Harvard/MIT poll found 32% of Americans oppose data centers in their area, while 40% support them.
• Seven in 10 Americans said in a Harris poll released in March that Trump's tariffs have caused them to pay higher prices.

Reality check: OpenAI said the campaigns failed to gain much online traction.

• However, an OpenAI official told reporters that this appears to be the first time the company has seen a China-linked operation using its models to meddle in the AI data center debate.

Read the rest.

@ D.C.

🏛️ Trump administration officials claim that Anthropic failed to "honor" the recent cybersecurity executive order. (Axios) The administration also doesn't plan to exempt G7 countries from its export directive, meaning allies can't access Mythos. (New York Post)

🗳️ President Trump says he won't approve a renewal of Section 702 of the Foreign Intelligence Surveillance Act unless lawmakers attach his sweeping voting overhaul to it. (Axios)

📉 A key group for sharing cyber threat intelligence among state and local governments has lost about 70% of its membership since losing federal funds last year. (Cybersecurity Dive)

@ Industry

🔁 A group of cybersecurity companies, including Chainguard, Cisco, Cloudflare, JPMorgan Chase and others, launched a new coalition for sharing and patching the vulnerabilities that AI models find. (Bloomberg)

💰NewCore, a cybersecurity startup providing identity tools for AI agents, emerged from stealth with $66 million in funding led by Cyberstarts. (TechCrunch)

🔍 A profile of Hany Farid, one of the foremost experts on AI-generated deepfake video and audio, covering how he's combating a wave of AI-manipulated media. (New York Times)

@ Hackers and hacks

🤖 Google filed a lawsuit Friday accusing a Chinese cybercrime network of using Gemini for financial scams targeting hundreds of thousands of Americans. (New York Times)

🇷🇺 U.S. Rep. Don Bacon (R-Neb.) says Russian hackers broke into his Signal account in an apparent spear-phishing attack. (Politico)

🏝️ Are you watching and voting in "Love Island USA" this season?

• I — like any reasonable person — spent some time digging through the privacy disclosures for the show's mobile voting app so you don't have to.

According to its App Store privacy label, the app may collect:

• Identifiable information including your name, email address, phone number and physical address.
• Device identifiers and usage data.
• IP addresses.
• "Coarse" location data (your approximate, but not precise, location).

👀 Between the lines: The app also says some usage data may be used to track users across apps and websites owned by other companies.

Reality check: None of this is that unusual in today's app ecosystem.

• But it's a reminder that casting a vote for your favorite Islander can involve sharing a lot more information than just who you think should make it to the villa finale.

📺 Happy viewing!