LIVE FEED
Browser Ransomware via File System Access API: DeepSeek

Browser Ransomware via File System Access API: DeepSeek

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Check Point Research

Check Point Research demonstrates how DeepSeek's lower refusal rates allowed researchers to transform an LLM-hallucinated malware concept into a practical browser-native ransomware technique targeting Android photo directories via the File System Access API. The attack requires no native payload, APK installation, or root access — only social engineering to obtain a legitimate browser permission prompt. This research highlights how frontier AI models with weaker safety controls can independently design novel attack paths not yet seen in real-world campaigns.

Claude Fable 5 Jailbreak Triggers US Export Control Ban

Claude Fable 5 Jailbreak Triggers US Export Control Ban

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Simon Willison

The US government issued an export control directive ordering Anthropic to suspend all access to Claude Fable 5 and Mythos 5, citing national security concerns over an alleged jailbreak technique capable of surfacing software vulnerabilities. Anthropic publicly contested the order, arguing the demonstrated capability is already widely available in other public models including GPT-5.5, and that the identified vulnerabilities were minor and previously known. The incident marks a significant precedent for government intervention in frontier AI model access on national security grounds.

Claude Fable 5 Jailbreak Attacks Bypass Fallback Defense

Claude Fable 5 Jailbreak Attacks Bypass Fallback Defense

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 7.2 SecurityWeek

Anthropic has released Claude Fable 5, a high-capability 'Mythos-class' model that automatically falls back to a less capable model (Claude Opus 4.8) when queries touch sensitive domains like cybersecurity and biology. The company conducted over 1,000 hours of external red-teaming with no universal jailbreaks discovered, though it openly acknowledges financially motivated adversaries will attempt to circumvent these controls. Trusted cybersecurity partners under Project Glasswing receive elevated access to the full Mythos 5 capabilities, raising questions about insider risk and tiered trust model security.

Anthropic Mythos AI Autonomously Discovers Zero-Day Exploits

Anthropic Mythos AI Autonomously Discovers Zero-Day Exploits

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Dark Reading

Anthropic has released a preview of 'Mythos,' an AI model reportedly capable of autonomously discovering and exploiting critical zero-day vulnerabilities, raising significant dual-use concerns. While Anthropic claims the model ships with access controls, the security community is scrutinising whether those safeguards are sufficient to prevent misuse by malicious actors. The development represents a pivotal moment in the arms race between offensive AI capabilities and defensive governance frameworks.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.