Big banks and federal agencies are working frantically to shore up their defenses against new advanced AI systems, but small towns, schools and utilities lack the staff and basic cyber defenses needed to fend off such threats, experts tell Axios.

Why it matters: Cybercriminals and nation-state hackers have long viewed state and local targets as gateways for their attacks.

• Many such organizations still struggle with basic cyber hygiene — including asset inventories, identity management and multifactor authentication — even as AI's advances dramatically accelerate the rate at which hackers can discover and exploit vulnerabilities.
• Even if state and local governments get access to tools like Mythos and GPT-5.5-Cyber, they likely won't have the personnel or funding to fix all of the security flaws the programs uncover.

Driving the news: Senate Minority Leader Chuck Schumer (D-N.Y.) wrote to Homeland Security Secretary Markwayne Mullin this month expressing concern about "the lack of an effective plan to coordinate with state, local, tribal, and territorial" governments on AI cyber threats.

• Senior security officials from more than a dozen states sent a letter to OpenAI, Anthropic, Microsoft and Google this month urgently seeking to be included in projects that test new frontier models' cyber capabilities.

The big picture: Cybersecurity leaders who work closely with state and local governments say many public-sector organizations are already struggling to inventory systems, patch vulnerabilities and hire security staff.

• Some rural municipalities and school districts don't even have dedicated cybersecurity personnel.
• In some cases, the IT leader might also be the school nurse or the town clerk's grandson, said Randy Rose, vice president of security operations and intelligence at the Center for Internet Security.

Threat level: Those shoddy defenses are now up against a world of AI-enabled hacking.

• "The timeline between when a vulnerability gets exposed and how you respond has shrunk," Rose told Axios. "That's something a lot of organizations aren't prepared for, and they're looking for help in that space."

By the numbers: 63% of state chief information security officers said they aren't confident their state can secure the data of government agencies and public universities, according to a survey released in April from the National Association of State Chief Information Officers (NASCIO) and Deloitte.

• 47% of state CISOs in the survey said they lack confidence in their ability to fend off AI-enabled attacks.
• "You could throw all the money in the world at it, buy every single tool, do all the things, and you could still have an attempt," Meredith Ward, deputy director of policy and research at NASCIO, told Axios. "Everything's changing so rapidly."

Between the lines: Preparedness for AI-fueled hacking threats varies across states and local governments, experts say.

• States that have spent years centralizing cybersecurity operations and building dedicated cyber offices are in a much stronger position.
• Critical infrastructure operators face a separate challenge: many industrial control systems were built decades ago without modern authentication or security protections in mind, Chris Grove, director of cybersecurity strategy at Nozomi Networks, told Axios.

Reality check: State and local entities aren't rushing to gain access to frontier cyber models because they lack the operational capacity to harness them.

• "If you have crappy cybersecurity and then you throw AI on top of it, you're going to have a whole lot of crappy cybersecurity problems to solve," Grove said.

The flip side: OpenAI recently briefed some state and local officials on its cyber-focused models, as Axios first reported.

• An Anthropic spokesperson told Axios that the company recently held a bipartisan briefing with the majority of states and the District of Columbia on supporting their critical cybersecurity efforts. Several of the attendees already use Claude Security Opus 4.7, per the spokesperson, and the company just pushed Claude Security into public beta, which is available to all customers.
• Meredith Burkart, senior director of government affairs at Halcyon and a former FBI cyber policy chief, told Axios that many state leaders are motivated by the challenge posed by the new tools.
• "Hearing the enthusiasm, and 'Let's roll up our sleeves, we have to do more of this,' is very heartening to me," she said.

What to watch: Congress is considering legislation that would reauthorize the State and Local Cybersecurity Grant Program, which provided $1 billion to various security-focused projects across the country.

• State officials and cybersecurity groups say the program has been especially important for helping local governments deploy shared cybersecurity services and basic defenses.
• "Local governments need the help," Ward said. "The bad actors, they don't care where the state border lines are. They don't care where the city border lines are. Everyone's the target."

Microsoft's digital crime investigators took down online infrastructure supporting a cybercriminal service that sold fraudulent code-signing certificates to ransomware gangs, the company said today.

Why it matters: The operation highlights how quickly cybercriminals are scaling the business of selling trusted-looking digital certificates, which make it easier for hackers to distribute malware that can evade security defenses.

• "They've made this operational and scalable by providing a mass service to cybercriminals and ransomware operators to essentially go out, get their code signed quickly ... then deploy whatever operations they want," Maurice Mason, principal cybercrime investigator at Microsoft's Digital Crimes Unit, told reporters.

Driving the news: Microsoft obtained a court order this month allowing the company to seize websites, domain names and other infrastructure tied to Fox Tempest.

• The group abused Microsoft's Artifact Signing service, a platform designed to help legitimate developers sign software, to generate certificates that made malware appear trustworthy to security systems, according to Microsoft.
• The company said malware signed through Fox Tempest's service was used by ransomware groups and cybercriminal operations including Rhysida, Akira, INC and Vanilla Tempest.
• The certificates allowed attackers to disguise malicious software as legitimate applications, helping malware bypass security filters and increasing the likelihood that victims would run infected files.
• The group targeted organizations in the U.S., France, India, China, Brazil, Germany, Japan, the U.K., Italy and Spain, according to Microsoft.
• The company coordinated the takedown with the FBI, Europol, and industry partners whose brands and services were being impersonated.

By the numbers: Microsoft estimates that Fox Tempest generated more than 1,000 certificates and operated hundreds of Microsoft Azure cloud tenants and subscriptions supporting the service.

Zoom in: Over Telegram, Microsoft investigators engaged directly with a longtime seller of Fox Tempest's code-signing certificates during the investigation, Mason said.

• During those conversations, the seller offered code-signing services for between $5,000 and $7,500 and directed prospective buyers to complete a Google Form detailing what service tier they wanted and how frequently they planned to use certificates.
• Microsoft investigators attempted to purchase another certificate after the court order was issued, but the seller responded that the service was no longer working properly and suggested they were shifting operations elsewhere.

Yes, but: Microsoft cautioned that disrupting one operation is unlikely to permanently stop cybercriminals from abusing code-signing services or adapting their tactics.

• "When you take that capability away, you're making it harder and more expensive for these criminals to operate," Steven Masada, global head of Microsoft's Digital Crimes Unit, told reporters. "But this isn't one and done. These actors will adapt."

Eight telecommunications companies are banding together to create a voluntary cyber information-sharing center called C2 ISAC, the group announced today.

Why it matters: Telecom providers sit at the center of global communications infrastructure, giving both nation-state attackers and cybercriminals opportunities to intercept communications, track users and pivot into other sectors.

Driving the news: C2 ISAC — short for the Communications Cybersecurity Information Sharing and Analysis Center — has been in the works for years, even before Chinese espionage group Salt Typhoon was found burrowed deep inside U.S. telecom infrastructure, Rich Baich, AT&T's chief information security officer, told Axios.

• Founding members include AT&T, Charter, Comcast, Cox, Lumen Technologies, T-Mobile, Verizon and Zayo.
• The group plans to share intelligence about cyber threats targeting telecom networks, along with defensive insights and best practices for responding to attacks.
• Valerie Moon, who held senior roles at the Cybersecurity and Infrastructure Security Agency and the FBI's cyber division, will join the group next month as its first executive director.

Between the lines: Security leaders at major telecom companies had already been sharing threat information for years — both informally and through broader information-sharing organizations that also focus on physical threats and natural disasters.

• However, the growing volume and sophistication of cyberattacks against telecom providers created urgency for a dedicated cyber-focused organization.
• "The government does not protect us holistically from a cyber standpoint," said Baich, who is also the center's board chair. "We, as private entities, need to collectively come together and defend ourselves."

Zoom in: Moon told Axios the group plans to build its information-sharing capabilities incrementally rather than trying to stand up an expansive platform all at once.

• "We want to be agile and we want to be able to hit the ground running," Moon said. "We start small, and we build on those successes, rather than trying to boil the ocean at once."

What's next: Now that the group is up and running, Baich said, the first item of business is establishing a clear channel for sharing threat information.

• The group is still hammering out details about what types of companies and organizations can join.

A group of more than 60 Trump allies is urging him to test the most powerful AI models before they're released, according to a letter shared first with Axios yesterday.

Why it matters: The letter — signed by Steve Bannon and conservative anti-AI activists Amy Kremer and Brendan Steinhauser — puts a vocal faction of the MAGA base at odds with the White House's hands-off approach to AI.

• Inside the White House, the prevailing view is that America will win the AI race by keeping regulation light and knocking down most state-level AI laws.
• Even administration officials who support testing models have backed away from the idea of government approvals.

Bannon, a first-term Trump official who hosts the influential "War Room" podcast, has been warning MAGA for more than a year about possible job devastation from AI.

• "This letter takes us next level," Bannon tells Axios. "The letter lays out [that] we must have mandatory testing and government approval."

What they're saying: The letter — organized by Humans First, a conservative group whose tagline is "technology should serve humans ... not replace them" — compares AI to nuclear systems and aviation:

• "The most powerful AI systems, which can now, or soon will be able to, assist in designing bioweapons, breaking into critical infrastructure, or manipulating financial markets, should be treated with the same seriousness and care."

What's next: As Axios recently reported, the White House is weighing several options to step up AI regulation as the most powerful models yet come online.

Read the letter.

@ D.C.

👀 A contractor for the Cybersecurity and Infrastructure Security Agency maintained a public GitHub repository that exposed credentials to several privileged AWS GovCloud accounts and internal agency systems. (KrebsOnSecurity)

🏛️ Some White House officials are concerned that national cyber director Sean Cairncross may not be equipped to lead the administration's Mythos response. (Politico)

🇨🇳 The Chinese government asked Anthropic for access to its Mythos model but was denied. (New York Times)

@ Industry

🤖 Anthropic is now allowing companies with access to Mythos to share information about the threats they find with others. (Wall Street Journal)

🧑🏻‍💻 Cybersecurity researchers are finding they still need plenty of human expertise to harness the capabilities of advanced AI models like Mythos. (Axios)

📲 WhatsApp launched an AI chat function based on its Private Processing scheme that allows users to talk privately with Meta AI. (Wired)

@ Hackers and hacks

⛽️ Officials suspect that Iran is behind a series of breaches of systems that monitor how much fuel is in storage tanks across the U.S. (CNN)

⚠️ Hackers infected infected 314 npm packages with malware today, nearly a week after the TeamPCP hacker gang open-sourced its credential-stealing worm so anyone can use it in their attacks. (The Register)

🍎 Researchers at Calif say they used Mythos to find new techniques to break into Apple's operating system and corrupt a Mac's memory. (Wall Street Journal)

📚 💿 Hit me with your best audiobook listens for a long car ride!

• 🎶 My most recent listen was Lena Dunham's "Famesick" — I love when a voice I recognize is reading the book to me in the car.