Axios Future of Cybersecurity

July 14, 2026
Happy Tuesday! Welcome back to Future of Cybersecurity.
📬 Have thoughts, feedback or scoops to share? [email protected].
🚨 Situational awareness: Google DeepMind co-founder Demis Hassabis is calling on the U.S. to establish a new AI watchdog amid growing concerns about AI-driven cyber risks.
Today's newsletter is 1,837 words, a 7-minute read.
1 big thing: AI-powered cybercrime is getting easier
The barriers keeping cybercriminals from adopting AI — restricted access, high costs and little incentive to change tactics — are starting to fall, researchers tell Axios.
Why it matters: The trend is opening the door to more AI-assisted attacks.
The big picture: Three trends are converging.
- Open-weight AI models are approaching the cyber capabilities of OpenAI's, Anthropic's and Google's models, giving attackers more options outside of monitored services.
- Underground marketplaces now sell jailbroken models, custom models and AI-powered hacking services.
- Hackers are getting more comfortable weaving AI into existing workflows rather than trying to automate an attack from scratch.
Driving the news: A string of reports over the past two weeks suggests cybercriminals are moving beyond AI experiments and starting to use the tools in the real world.
- In the recent JadePuffer attack, a single hacker used AI agents to automate most of a ransomware attack, including writing exploit code, stealing data and negotiating with the victim, per cloud security company Sysdig.
- In another case, a lone hacker used AI to execute multiple well-known cloud attack tactics — compressing a cyberattack that would've normally taken weeks into just 72 hours, according to Sygnia research.
- Researchers at Elastic uncovered a bank fraud scheme last week targeting Mexico-based financial organizations. The attack relied, in part, on AI-generated malware.
What they're saying: "They're willing to take shots at a goal that historically they might not have gone after," Conor Sherman, global chief information security officer at Sysdig, tells Axios.
- Sherman adds that AI is giving individual attackers far more leverage.
Zoom in: The AI agent in the JadePuffer attack rewrote exploit code in 31 seconds before continuing the attack.
- "Someone else with no ransomware skills whatsoever could potentially do this same kind of operation," Crystal Morin, a senior cybersecurity specialist at Sysdig, tells Axios.
Reality check: Researchers say many early AI-assisted attacks still reveal basic mistakes, including exposed servers, poorly hidden attacker activity and prompts left behind in malware.
- Aaron Walton, senior threat intelligence analyst at Expel, tells Axios that the JadePuffer case that Sysdig uncovered included a few questionable details, such as a bitcoin address that may have been hallucinated and the failure to encrypt the victim's data so it could be recovered.
Between the lines: Just like cyber defenders, malicious hackers have been growing more comfortable with experimenting with AI — especially as models' cyber capabilities improve, experts tell Axios.
- Hacker forums regularly feature discussions comparing which models are best, trading jailbreak techniques and sharing strategies for writing prompts, Walton says.
- Underground marketplaces sell jailbroken frontier models, homegrown AI models and tools designed to make sophisticated attacks easier to launch, Meredith Burkart, senior director of government affairs and public policy at Halcyon, tells Axios.
The intrigue: While open-source models have also reignited fears about hackers automating and scaling their attacks, hackers are still more likely to use Claude and ChatGPT since open-source models still require significant technical expertise and computing resources, Walton says.
What's next: Experts say defenders still have time to prepare for AI-accelerated attacks, but the window is shrinking as AI becomes easier for attackers to use.
- "Don't panic," Burkart says. "Just get started, one little thing at a time. It's all that you can do."
2. Exclusive: Grok jailbreak creates explicit images
A jailbreak that tricked ChatGPT into generating graphic sexual and violent images also works on SpaceXAI's Grok, researchers at Mindgard shared exclusively with Axios.
Why it matters: The prompt that Axios reviewed suggests that relatively simple jailbreaks can still bypass AI image safeguards.
Zoom in: Researchers at Mindgard found Grok would generate sexual and violent images using a simple prompt that never explicitly requested that type of content.
- While testing the prompt, Mindgard found Grok would create images of nude women or bloody body parts with little to no instructions.
- SpaceXAI warns in Grok's terms of service that its outputs could be sexual or violent depending on a prompt. "If users choose certain features or input suggestive or coarse language, the Service may respond with some dialogue that may involve coarse language, crude humor, sexual situations, or violence," the company says.
Threat level: Peter Garraghan, founder and chief science officer at Mindgard, told Axios the same technique could also be adapted to create deepfakes using someone's likeness.
- Garraghan said AI dramatically lowers the skill and time needed to create convincing fake images.
- "If we spend more time [testing this jailbreak], you will find worse stuff that will trigger police at your door, I largely suspect," Garraghan said.
State of play: The jailbreak still worked for researchers over the weekend, according to a video demonstration shared with Axios.
- During Axios' testing, however, Grok repeatedly refused to generate an image using the prompt. Mindgard said repeated attempts can eventually produce prohibited content.
- SpaceXAI did not respond to a request for comment.
Between the lines: The findings add to scrutiny over Grok's image safeguards, including an ongoing lawsuit that claims the model created nonconsensual deepfake child sexual assault materials.
Yes, but: Grok's images appeared more stylized than ChatGPT's, which Mindgard previously found produced more realistic graphic imagery.
- Garraghan said the difference could stem from what materials each model used in training.
3. What CISA learned from its own security scare
CISA says it lacked a clear way for security researchers to report vulnerabilities and didn't have an incident response playbook when a researcher alerted the agency in May to exposed sensitive credentials.
Why it matters: CISA is using its own mistakes as a lesson for other organizations, underscoring that even mature security teams need clear reporting channels and incident response plans before a crisis hits.
Catch up quick: In May, security firm GitGuardian discovered an exposed GitHub repository containing administrative credentials for three AWS GovCloud servers and contacted independent journalist Brian Krebs after struggling to reach CISA through its existing reporting channels.
Zoom in: In a post-mortem of the event published Friday, CISA acting CIO Preston Werntz and acting CISO Brad Libbey said part of the issue was that the agency did not have a dedicated channel for security researchers to report security issues involving the agency's own infrastructure.
- CISA said its vulnerability disclosure program is intended for vulnerabilities that could affect the broader cybersecurity community, rather than issues involving the agency's own internal infrastructure.
- "To reduce ambiguity, CISA is refining its reporting channels to make them easier and faster for researchers to use," the agency added.
Between the lines: CISA also lacked an incident response playbook for GitHub and cloud account exposures, forcing the agency to develop one while responding to the incident.
State of play: Since the incident, CISA has rotated every single credential across all environments and limited which users are allowed to upload to its public code repositories.
- The agency added that its security operations center also had the activity logs needed to "successfully investigate the incident."
➡️ Read the rest of the post-mortem here.
4. SpaceXAI wipes customer data after Grok uploads
SpaceXAI says it will delete customer data previously uploaded to its systems after a researcher found that its Grok Build coding assistant was sending entire code repositories to a company-controlled Google Cloud storage bucket.
Why it matters: The tool appeared to upload far more data than was needed to answer coding requests, potentially including proprietary source code, API keys and other sensitive information that customers may not have realized was leaving their computers.
- Developers whose repositories contained API keys, cloud credentials or database passwords now may need to rotate those credentials, since deleting the uploaded data doesn't eliminate the risk that sensitive information was exposed.
Driving the news: A security researcher reported over the weekend that Grok Build was uploading much more of customers' code repositories than was necessary to complete coding tasks.
- Shortly after the findings were published, the uploads appeared to stop without users installing an update, suggesting SpaceXAI had made a change on its end.
- SpaceXAI said yesterday that "no trace and code data is ever retained" for customers with zero-data-retention agreements, adding that " we care deeply about your privacy and respect customer choice."
- "As a precautionary measure, all user data that was uploaded to SpaceXAI before now will be completely and utterly deleted. Zero anything whatsoever will remain," SpaceXAI CEO Elon Musk also said on X yesterday.
By the numbers: In one test, Grok Build uploaded 5.1 gigabytes of data even though the coding task required just 192 kilobytes — about 26,000 times more data than was needed.
The big picture: SpaceXAI joins Anthropic and other AI companies that have faced questions this year over how customer data is collected, retained and used.
- When Anthropic rolled out Fable 5 and Mythos 5, the company started retaining user data for those models for 30 days to "support our safety work," despite having zero data retention agreements with several enterprise customers.
What to watch: It remains unclear how many SpaceXAI users were affected, which versions of Grok Build uploaded repositories, how long the data was stored, whether it was ever accessed, and how customers can independently verify that it has been deleted.
5. Catch up quick
@ D.C.
🕵️ Department of Homeland Security personnel twice dismissed signs of an intrusion into the agency's Homeland Security Information Network as false positives or benign activity before detecting an intrusion in June. (Nextgov)
⏯️ The Pentagon is pausing plans to introduce the second wave of new requirements coming to its contractor cyber compliance program this fall. (Federal News Network)
🎯 The National Security Agency has revived the name "Tailored Access Operations" for its elite hacking unit. (The Record)
@ Industry
🤖 OpenAI broadly released GPT-5.6 last week after staggering the rollout per the U.S. government's request. (Axios)
🇨🇳 The Chinese government claims it found a security backdoor in Anthropic's Claude Code after the U.S. company said it was removing code used to track China-based users. (Wall Street Journal)
💰 A pair of far-right conspiracy theorists and convicted felons are now reportedly running an offensive cybersecurity company that buys zero-day vulnerabilities from hackers. (KrebsonSecurity)
@ Hackers and hacks
📣 State actors in China, Russia and Iran are starting to focus their influence operations playbooks to amplify the divide in Americans' views on building new AI data centers. (The New York Times)
🔓 Accenture said it remediated a cyber incident on one of its customer systems after hackers claimed they stole sensitive data, including source code, encryption keys and more, from the firm. (Cybersecurity Dive)
🚰 A closed-door war game simulated the central role the insurance industry would likely play in the event of a China-backed hack on U.S. water systems. (Wired)
6. 1 fun thing
🎤 Like every young millennial woman in the Bay Area, I, too, was at the Hilary Duff concert this weekend — living a decades-long dream.
- ✨ In the words of Hilary: "This is what dreams are made of."
☀️ See y'all next week!
Thanks to Megan Morrone for editing and Khalid Adad for copy editing this newsletter.
If you like Axios Future of Cybersecurity, spread the word.
Sign up for Axios Future of Cybersecurity






