Axios Future of Cybersecurity

June 30, 2026
Happy Tuesday! Welcome back to Future of Cybersecurity.
- 💗🏝️ "Love Island" viewers: Please send me your hottest takes about Casa Amor ending. I cannot stop reading them.
- 📬 Have other thoughts, feedback or scoops to share? [email protected].
Today's newsletter is 1,405 words, a 5.5-minute read.
1 big thing: You don't need Mythos to prepare for Mythos
Defending against AI-driven hacking threats doesn't require access to the most advanced models, experts tell Axios.
Why it matters: High token costs and ever-shifting barriers to access make it pretty much impossible for small to medium-sized enterprises to consistently tap the powers of the most advanced U.S. frontier models — even though those companies have much to fear from AI-powered attacks.
Driving the news: The Trump administration shut down access to Anthropic's Mythos 5, before telling the company last week that it could start re-releasing the model to a limited group of government-approved organizations.
- Also last week, the administration requested OpenAI release its latest model, GPT-5.6, as only a limited preview for now, due to national security concerns.
- Anthropic is continuing to negotiate Fable 5 access with the U.S. government.
The big picture: While access to those frontier models remains uncertain, a range of AI security tools are already rivaling Mythos' and GPT-5.6's ability to find and exploit critical zero-day vulnerabilities.
- Aisle, an AI security company, discovered six of the 18 recently disclosed vulnerabilities in the wildly popular open-source Curl software library. Meanwhile, Mythos Preview found just one in that batch.
The intrigue: Even before Anthropic kickstarted a global conversation about AI-driven hacks, several frontier models were already pretty good at finding software bugs, Phil Venables, a partner at Ballistic Ventures and former Google Cloud CISO, tells Axios.
- Most companies can turn to existing, lower-cost models to start hunting for bugs on their systems now, Venables says.
- "If you were at a company that panicked because you couldn't get access to Mythos, you just went home to GPT or Claude Opus or Gemini or whatever and ran it against your code base and freaked out anyway because you found a ton of vulnerabilities," he says.
Between the lines: Cybersecurity companies have also started building their own multimodal AI harnesses, which use a mix of models to find bugs, write proofs of concept and analyze malware.
- For example, Aisle takes an agnostic approach to its model stack, combining proprietary models with finely tuned, open‑source models trained on the company's own cybersecurity expertise, Stanislav Fort, the company's founder and chief scientist, tells Axios.
- That harness lets it hunt for bugs in hardened codebases at a fraction of the cost of brute‑force approaches that frontier models rely on.
Threat level: At least 1 in 5 cyber incidents last year targeted a company with fewer than 1,000 employees, according to Verizon's 2026 data breach investigations report.
- About a quarter of those attacks involved a hacker exploiting a vulnerability in a system — the precise issue that security experts say advanced AI models like Mythos and GPT-5.6 will accelerate.
- But many mid-market companies don't have the resources or investments in their cybersecurity programs to keep up with emerging AI‑powered hacking threats, Morgan Adamski, a principal leader in PwC's cyber, data and technology risk business, tells Axios.
The bottom line: AI models are likely just going to exacerbate existing problems, experts tell Axios, meaning many companies can defend themselves adequately if they double down on the basics.
- Basic cyber hygiene like building a zero-trust data access policy and updating both identity management protocols and vulnerability management programs are a must, Adamski says.
- "Whether you have access or not, the bottom line is that the fundamentals are what you should be focusing on," she adds.
2. New hacking group ensnares cyber firms
A relatively new hacking group stole data from cybersecurity firms and enterprise software companies in a recent supply chain attack.
Why it matters: Little is known about the group, making it difficult to predict where it may strike next or what tactics defenders should prioritize.
Driving the news: About two dozen customers of market research company Klue have disclosed that their Salesforce instances were compromised in a cyberattack this month.
- Those customers include LastPass, HackerOne, Recorded Future, Snyk, Tanium and Huntress.
- Klue said the attackers used a stolen login credential that was not decommissioned after a limited pilot program in 2022 to gain access to its systems.
- So far, the breaches appear to have been limited to Klue customers that use its Salesforce integration, exposing primarily internal marketing and customer data.
Between the lines: Several security researchers have attributed the attack to Icarus, a hacking group first observed in the wild as early as late April.
- The financially motivated group has targeted finance, technology and professional services companies through ransomware and credential theft campaigns, according to cybersecurity firm ZeroFox.
The intrigue: A separate hacker appears to have recently breached Icarus' own infrastructure, including cryptocurrency wallets, servers and other internal systems.
- The unknown hacker posted a note Wednesday, shared with Axios, claiming to have compromised Icarus' entire operation and alleging Icarus had breached roughly 195 organizations.
- The note also claimed Icarus had already sold some of the data it stole and falsely promised victims it would delete stolen information after ransom payments.
- "Icarus you stupid child, give the money back or everything will be leaked," the note reads.
What to watch: Klue says that it has about 250,000 global users and that it's still unclear how many organizations were affected by the breach.
3. Startup sues Palo Alto Networks over research
MeetingTV, an online videoconferencing and webinar startup, is suing Palo Alto Networks and its recently acquired threat-intelligence firm, Koi Security, over a security research report that linked its infrastructure to a Chinese hacking operation.
Why it matters: MeetingTV alleges that a hallucinated finding is behind the mix-up — raising questions about how companies are using AI in threat intelligence and who bears responsibility for the impact of security research.
State of play: MeetingTV filed a complaint against Koi on March 18, alleging the company falsely labeled its websites as infrastructure tied to a Chinese hacking operation in a report published Dec. 30.
- Before filing its complaint, MeetingTV reached out to Koi's leadership asking the company to update its report and contact other security vendors that had labeled MeetingTV's domains as malicious.
- Many cybersecurity firms rely on threat intelligence like Koi's to determine which websites, domains and services should be blocked to protect customers from malicious activity.
Koi updated the report on Feb. 12 and removed one MeetingTV domain.
- "While the domain appeared in code analyzed during our investigation, we have determined that there is no evidence that this domain is connected or related in any way to the malicious infrastructure or the threat actor group described in this report," the update on the research report reads.
- But MeetingTV CEO Michael Robertson says his company's infrastructure remains blocked across multiple security products and services.
- Palo Alto Networks acquired Koi in April and was later added as a defendant in MeetingTV's amended complaint.
4. Catch up quick
@ D.C.
📲 Google's security and privacy teams are worried that pending regulatory plans in Europe that would make Android interoperable could leave people's search queries exposed and increase cybercrime. (Wired)
⚖️ The Supreme Court ruled that law enforcement authorities now need to obtain a search warrant before requesting location data from tech firms as part of their investigations. (TechCrunch)
🪖 The Pentagon is looking to recruit engineers experienced in frontier AI, machine learning and automation. (Bloomberg)
@ Industry
👥 Meta has hired three founders and other employees from Virtue AI as the company beefs up its agentic security efforts. (Axios)
🍎 Apple pushed a series of software updates that previously would've been bundled in the next version of iOS to fend off AI-driven security threats. (Reuters)
💰 Straiker, which secures AI agents, raised a $64 million Series A round. (Axios Pro)
@ Hackers and hacks
🚗 Investigators now believe Russian cybercriminals were behind the costly hack of Jaguar Land Rover. (New York Times)
☎️ Hackers called a low-level employee and tricked them into letting them into Madison Square Garden's systems in a recent breach. (404 Media)
🔌 A Russian cybercrime gang is now employing people in the U.S. to pose as IT workers, show up at law firms, and plug in malware-infected USB sticks. (CNN)
5. 1 fun thing
🔍 A digital forensics company recently told me that the FBI used AI tools to quickly investigate the attack at the White House Correspondents' Dinner in April.
☀️ See y'all next week!
Thanks to Dave Lawler for editing and Khalid Adad for copy editing this newsletter.
If you like Axios Future of Cybersecurity, spread the word.
Sign up for Axios Future of Cybersecurity




