One of the biggest unknowns in AI security is also one of the most consequential: China's progress toward frontier AI models.

Why it matters: The world is only months away from AI models dramatically accelerating cyber threats, Five Eyes leaders warned yesterday.

• Yet preparations are being slowed by Washington infighting and industry-wide confusion over how to measure AI risk.

Driving the news: A new Chinese open-source model, GLM-5.2, rocked the internet this weekend with its ability to match the agentic capabilities of models like Anthropic's Opus 4.8 — garnering praise from Silicon Valley elites and raising questions about just how quickly China will close the gap.

• At the same time, the Trump administration is still debating the best way to release Anthropic's Fable 5 and Mythos 5 models over safety and national security concerns.

The big picture: The biggest disagreement in AI security right now isn't whether China is catching up — it's how quickly.

• Stanford's AI Index Report suggests Chinese models rapidly caught up in quality over the past year and have largely erased the U.S. advantage.
• Former White House AI czar David Sacks said just this month that the U.S. only has a six- to nine-month lead on China.
• But others argue that benchmark gains alone don't mean China has solved the compute and infrastructure challenges needed to truly compete at the frontier.

What they're saying: "It is quite possible they have things privately that are really, really good, and [it] is arrogant and foolish of us to think that just because we're American that we've got the best stuff," Alex Stamos, former Facebook security leader, told Axios last week.

• He added that Chinese military hackers are likely "laughing hilariously right now at the Americans fighting between themselves and cutting each other off left and right."

Threat level: Officials and lawmakers fear China could use powerful AI systems to beef up surveillance, cyber operations and military decision-making.

• China's embrace of open-source models could also make its AI ecosystem more economically attractive globally, particularly for companies seeking alternatives to expensive U.S. frontier models.

Between the lines: Much of the debate isn't about what Chinese models can do today. It's about the risk of being surprised tomorrow.

• One open-source security researcher, who requested anonymity because he was not authorized by his employer to speak publicly, told Axios he uses the frontier models to understand how capabilities like persuasion, social engineering and vulnerability discovery are evolving.
• He's worried that as Chinese models improve, restricting access to cutting-edge U.S. systems could leave defenders with fewer ways to anticipate what's coming next.

Yes, but: Not everyone believes China's progress represents an imminent threat to U.S. AI leadership.

• China lacks the "bleeding-edge chips" and vast amounts of data needed to develop a competitive frontier AI model, Pukar Hamal, founder and CEO of SecurityPal AI, told Axios.
• "Who has access to the most chips and most data? It's American companies, so far," he added.

Reality check: Researchers can already find many of the bugs that advanced models like Mythos are finding without using the models, which often are more costly and difficult to gain access to.

• AI-powered security firm Aisle claimed last week that its agentic capabilities are outperforming Mythos in several tests already.

What to watch: OpenAI just made its cyber model, GPT-5.5-Cyber, more permissive and capable. On key benchmarks, it outperforms Anthropic's Mythos 5 (read more on that below👇).

OpenAI rolled out a cybersecurity model that rivals the capabilities of Mythos — without nearly as much fanfare or political pushback as Anthropic received.

Why it matters: The seemingly straightforward model release raises questions about what actually triggered the Trump administration's concerns about Anthropic's Fable 5 and Mythos 5.

Catch up quick: Yesterday, OpenAI debuted an update to GPT-5.5-Cyber as part of a slew of announcements aimed at deepening its work with cybersecurity companies and researchers.

Yes, but: The new GPT-5.5-Cyber achieved an 85.6% score in CyberGym, an internal benchmark that measures whether an AI agent can reproduce known software vulnerabilities.

• In comparison, Mythos 5 scored 83.8% on the same evaluation.

Between the lines: It's unclear why OpenAI was able to move forward with this model release while Anthropic is stuck fighting export controls that bar it from allowing foreign nationals to use its models.

• The White House and OpenAI did not respond to requests for comment.

The intrigue: OpenAI also said it has expanded its partnerships with organizations in Australia, Canada, France, Germany, Japan, Poland, South Korea and the EU.

• Meanwhile, negotiating access to Mythos was a major talking point at last week's G7 Summit.

What to watch: Reports suggest that personality clashes between Anthropic and the Trump administration also prompted the export directive.

Cybercriminals are increasingly automating entire attack workflows — not just phishing emails — helping fuel a nearly 15-fold increase this year in phishing attacks that evade traditional identity verification tools.

Why it matters: The cybercriminal ecosystem is still making gains despite generally lacking the money and compute resources needed to access the most advanced AI systems.

Driving the news: Researchers at Huntress said today in a report shared first with Axios that they've observed a 1,380% increase in so-called device-code phishing attacks in the first four months of 2026 compared to the second half of 2025.

• The report links much of that activity to phishing-as-a-service platforms that package identity-theft infrastructure, phishing kits and AI-powered workflows into subscription offerings for other criminals.
• Across hundreds of incidents, no two phishing lures were identical, according to the report — suggesting threat actors used generative AI to personalize messages at scale.

Threat level: Previously, cybercriminals primarily used AI to make phishing messages more convincing or tailor them to specific victims.

• This is some of the first evidence that prominent cybercriminal groups are combining generative AI with automated workflows to industrialize phishing operations, according to Huntress.

What they're saying: "When you're automating this much of the operation, you don't have to be a systems engineer ... you don't have to figure out how to do data normalization," Huntress CEO Kyle Hanslovan told Axios.

• "You just don't have to know this, and as a result, it democratizes access to anybody."

How it works: Device-code phishing abuses a legitimate Microsoft authentication process designed for devices that can't easily accept passwords.

• Victims are directed to a real Microsoft login page and asked to enter a device code generated by the attacker. Once the victim completes the login and multifactor authentication process, the attacker receives the resulting access token.

The intrigue: The tools needed to intercept authentication tokens and manage the resulting access are now available through subscription-based phishing kits sold to cybercriminals.

• Such toolkits make it possible for attackers with "little to no technical skill" to launch sophisticated phishing campaigns, according to the report.

What to watch: Hanslovan argues that the combination of AI-generated content, automated workflows and subscription-based attack platforms is lowering barriers to entry for cybercriminals while accelerating the pace of attacks.

• "Their operations are getting so good," Hanslovan said. "I would actually choose to invest in organized cybercrime over most businesses."

The Aspen Institute is launching a new initiative to mobilize its national anti-scam strategy, released last year, the organization exclusively shared with Axios.

Why it matters: Scams are continuing to proliferate, creating more incentive for partnership models where companies can trade notes on what's working or not in their efforts to crack down.

Driving the news: Aspen's Financial Security Program is standing up a new Scam Prevention Initiative with several technology, financial services and retail companies.

• Founding members include Apple, Block, Capital One, Citizens Financial Group, Gen, Google, JPMorgan Chase, Match Group, Microsoft, PayPal, Target, Walmart and Zelle.
• The initiative creates a forum where members can coordinate the work they're pursuing to spot and counter scammers targeting Americans.

Between the lines: Aspen's new Scam Prevention Initiative joins a growing list of cross-sector efforts to crack down on scams, including fraudulent texts and robocalls.

• Eleven major technology and retail companies signed an accord earlier this year to share threat intelligence about scammers.
• "Over time, success should look like stronger coordination, better prevention outcomes, improved measurement and evidence that scam activity and consumer harm are being reduced," Kate Griffin, director of the Scam Prevention Initiative, told Axios.

Threat level: Americans lost nearly $21 billion from scams and online fraud last year, according to the FBI's annual Internet Crime Report.

What's next: One of the initiative's first steps will be to convene a dialogue on the scam prevention efforts each member is pursuing, Griffin told Axios.

• The initiative hopes to create a seamless way for companies to share internal data and insights with each other.

@ D.C.

⚛️ President Trump signed two executive orders yesterday to accelerate the federal government's transition to post-quantum encryption and provide financing to support the domestic quantum computing industry. (CyberScoop)

🔓 CISA now has full Mythos Preview access. (Nextgov)

🧾 ICE appears to be purchasing data related to immigrants' tax identifiers from a data broker. (404 Media)

@ Industry

🛑 Meta is pausing an internal and controversial employee-tracking program after the company left potentially sensitive data exposed internally. (Business Insider)

💸 Accenture is taking a majority stake in critical infrastructure security firm Dragos and acquiring NetRise and runZero in a combined $4.2 billion deal. (Wall Street Journal)

🛡️ Google DeepMind published a new road map for guarding against rogue AI agents, treating them more like potential insider threats than ordinary software tools. (Axios)

@ Hackers and hacks

🏟️ Hackers published data purportedly stolen from Madison Square Garden, including information about the New York Knicks. (404 Media)

🚨 Attackers are targeting a pair of critical vulnerabilities in a widely used Fortinet security product. (CyberScoop)

🕳️ An inside look at how researchers uncovered that millions of digital home devices are secretly now backdoors for global cyberattacks. (Wall Street Journal)

Ever wondered how much of your information is included in model training weights? Now you can find out!