News & Updates
The latest news and updates from companies in the WLTH portfolio.
US security agency 'found' using Pentagon 'blacklisted company' Anthropic's most powerful model yet, Mythos
The US National Security Agency (NSA) is reportedly using Anthropic's Mythos Preview, the company's most-controversial AI model yet. This comes despite the US Department of War that oversees NSA labelled the AI company a 'national security risk' in March. An Axios report quoting two people familiar with the development said that the model was being used more widely within the department. Stating that it is unclear how the NSA is currently using Mythos, the report adds that other organizations with access to the model are using it predominantly to scan their own environments for exploitable security vulnerabilities. The US Department of War designated Anthropic as "a supply chain risk", a label that's historically only been applied to foreign companies. The conflict started when Anthropic refused a Pentagon ultimatum for "full, unrestricted access" to its AI tool Claude, citing ethical concerns regarding mass surveillance and fully autonomous weapons.In a sharply critical Truth Social post then, President Donald Trump described the company's leadership as "Leftwing nut jobs", signalling a deepening rift between the White House and key AI suppliers to the Pentagon."THE UNITED STATES OF AMERICA WILL NEVER ALLOW A RADICAL LEFT, WOKE COMPANY TO DICTATE HOW OUR GREAT MILITARY FIGHTS AND WINS WARS!" Trump wrote in the post.Anthropic challenged the ban and filed a lawsuit. On March 26, US district judge Rita Lin granted the AI company's request for a preliminary injunction, halting both the Presidential Directive ordering federal agencies to stop using Anthropic's technology and defence secretary Pete Hegseth's designation of the company as a "supply chain risk." Announcing the Mythos AI model, Anthropic said that it will not publicly release its latest AI model, Claude Mythos Preview, citing fears that it could destabilise the cybersecurity world. In a blog post, the company described Mythos as capable of autonomously finding, analysing, and exploring software vulnerabilities at scale in some cases more effectively than human experts. Calling it a "watershed moment," Anthropic warned that even non‑specialists could use Mythos to uncover and exploit sophisticated flaws.During the testing, Mythos reportedly detected thousands of critical flaws, including zero-day vulnerabilities that typically take elite human teams months to uncover. According to a Business Insider report, cybersecurity specialists warn that if Mythos is made publicly available attackers would benefit first by generating phishing campaigns, deepfakes, or exploit chains instantly.
Week in Review: Global chaos forces rethink of cost-led sourcing models
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
Banks in close contact with European regulator on Anthropic's Mythos, banker says
FRANKFURT, April 20 : Banks are in close contact with their European regulators regarding Anthropic's new artificial intelligence model Mythos, Christian Sewing, president of the German banking association and CEO of Deutsche Bank, said on Monday. He said that the banking association would further discuss the topic later on Monday after talks last week. "It's certainly not something that's causing panic or setting off any alarm bells on our end right now, but it's definitely something we need to keep in mind in our day-to-day risk management - and that's exactly what we're doing," he told journalists. The vast capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts say, prompting greater scrutiny from some regulators globally.
Piraeous builds AI hub with Accenture and Anthropic
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community. Built to act as a central engine for designing, developing and scaling advanced AI capabilities, the Hub will seek to reinvent banking processes across operations, customer experience, risk, and compliance, and modernize the technology backbone. Priaeus will also lean on Udacity, Accenture's AI-native learning and training platform to embed AI skills and ways of working across the organization. The AI Hub builds on Piraeus' successful collaboration with Accenture to adopt a cloud first operating model, migrating its technology stack to Microsoft Azure. "The AI Hub represents a strategic inflection point for Piraeus," says Harry Margaritis, group chief operating officer, Piraeus. "We are advancing from individual AI deployments to a unified, enterprise-level capability that is deeply embedded in how the Bank operates. Our collaboration with Accenture, together with the integration of Anthropic's AI technology, enables us to scale advanced AI responsibly, anchored in strong governance, transparency and human control. This initiative empowers our people, reinforces trust with our customers and regulators, and builds a resilient, future-ready foundation for banking in Greece."
Banks in close contact with European regulator on Anthropic's Mythos, banker says | Law-Order
Banks are in close contact with their European regulators regarding Anthropic's new artificial intelligence model Mythos, Christian Sewing, president of the German banking association and CEO of Deutsche Bank, said on Monday. He said that the banking association would further discuss the topic later on Monday after talks last week. "It's certainly not something that's causing panic or setting off any alarm bells on our end right now, but it's definitely something we need to keep in mind in our day-to-day risk management -- and that's exactly what we're doing," he told journalists. The vast capabilities of Mythos to code at a high level have given it a potentially unprecedented ability to identify cybersecurity vulnerabilities, experts say, prompting greater scrutiny from some regulators globally. (This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)
Vercel Security Incident: Supply Chain and OAuth Vulnerabilities - FinanceFeeds
Vercel, the cloud frontend platform, disclosed a significant security breach on April 19, 2026, which originated from a supply chain attack involving a third-party observability tool. The breach was triggered when attackers compromised Context.ai, an AI-powered service integrated into the workflow of a Vercel employee. By exploiting the integration between Context.ai and the employee's Google Workspace account, the attackers obtained valid OAuth credentials, which were then used to gain unauthorized access to Vercel's internal development environment. Once they bypassed the initial authentication layer, the attackers were able to move laterally through internal systems to access environment variables. While Vercel maintains a robust internal security posture, this incident demonstrated how third-party software integrations can serve as a hardened back-door for sophisticated actors. The company moved quickly to revoke the compromised credentials and launched a forensic investigation with the assistance of the cybersecurity firm Mandiant to ensure that no malicious code was injected into the platform's core production pipelines, which remain secure and operational for all users. In the wake of the breach, Vercel provided clear guidance to its users to mitigate potential downstream effects. While the company confirmed that its "sensitive" environment variables -- which are stored using an encrypted-at-rest format -- were not accessed, they advised that other non-sensitive variables might have been exposed. Vercel has reached out to the limited subset of affected customers to advise on specific remediation steps. For the broader user base, the platform strongly recommended a proactive security hygiene strategy, including the rotation of all existing API keys and tokens. The company is continuing to investigate what data was exfiltrated, and plans to contact customers if further evidence of compromise is discovered during the ongoing forensic audit. Furthermore, Vercel emphasized the importance of auditing all active OAuth integrations connected to developer accounts, urging users to revoke permissions for any tools that are no longer actively maintained or required for daily operations. Moving forward, the company has implemented new technical safeguards that enforce the use of the "sensitive" flag for all secret storage, ensuring that even if an internal environment is breached, the most critical data remains encrypted and inaccessible. This incident underscores the systemic risks inherent in the modern developer stack, where the reliance on external SaaS tools requires a hardened approach to credential management and access control. By treating third-party integrations as potential vulnerabilities, developers can better secure their application delivery pipelines against the growing threat of credential-based lateral movement.
SpaceX Accelerates Starlink Deployment Toward One Million Satellites - News Directory 3
As of April 2026, over 6,800 Starlink satellites are operational in orbit, according to tracking data from independent satellite monitoring services and corroborated by filings with the U.S. SpaceX continues to accelerate the deployment of its Starlink satellite constellation, with recent reports indicating the company is now producing and launching approximately 340 satellites per month. This pace underscores the rapid expansion of the low-Earth orbit broadband network, which aims to deliver high-speed internet access to underserved and remote regions worldwide. According to analysis shared by industry observers and confirmed through public launch manifests, SpaceX has maintained a consistent cadence of Falcon 9 launches dedicated to Starlink, averaging more than one mission per week. Each launch typically carries between 20 and 23 satellites, depending on orbital inclination and payload mass constraints, enabling the monthly deployment figure. As of April 2026, over 6,800 Starlink satellites are operational in orbit, according to tracking data from independent satellite monitoring services and corroborated by filings with the U.S. Federal Communications Commission. This represents more than 60% of the total number of satellites ever launched by humanity, highlighting the unprecedented scale of the constellation. The deployment rate has been driven by improvements in SpaceX's satellite manufacturing pipeline at its facility in Redmond, Washington, where automated assembly lines now produce satellites at a rate that matches launch availability. Company officials have noted that design refinements to the Starlink V2 Mini spacecraft -- including enhanced power systems and improved phased-array antennas -- have increased both production efficiency and orbital performance. Despite the rapid growth, the expansion has drawn scrutiny from astronomers and space sustainability experts concerned about the impact of large satellite constellations on night sky observations and orbital debris risks. The International Astronomical Union has continued to engage with SpaceX on mitigation strategies, including satellite orientation adjustments and reflective coating treatments to reduce brightness. Regulatory oversight remains a key factor in the constellation's evolution. The FCC has granted SpaceX approval for up to 7,500 second-generation Starlink satellites operating at lower altitudes, with ongoing reviews for additional shells. The company has also submitted proposals for a future generation of larger, more capable spacecraft intended to support direct-to-cell services and broader global coverage. In the commercial sphere, Starlink has expanded its service footprint to include maritime, aviation and enterprise customers, with partnerships announced with major airlines and shipping providers. Consumer adoption continues to grow, particularly in rural areas of North America, Europe, and parts of Asia where terrestrial broadband infrastructure remains limited. Looking ahead, SpaceX aims to maintain its current launch tempo through 2026 and into 2027, leveraging the reusability of the Falcon 9 first stage and the rapid turnaround capability of its launch sites at Cape Canaveral, Kennedy Space Center, and Vandenberg Space Force Base. The company has not disclosed specific targets for total constellation size but has indicated that service quality and network capacity will remain primary drivers of deployment decisions. While the long-term vision of a massive satellite swarm -- including speculative concepts such as one million satellites -- remains theoretical and faces significant technical, regulatory, and environmental hurdles, the current trajectory reflects a focused effort to deliver scalable broadband connectivity through a rapidly growing low-Earth orbit infrastructure.
Attacks on Jewish sites 'raise prospect of foreign state working to sow discord'
A spate of attacks on Jewish sites in London raises the "troubling" prospect of a foreign state using hate crime to sow discord in the UK, one of the country's most senior police officers has said. Investigators are working to establish whether Iran has paid British criminals to carry out acts on UK soil, after a series of incidents including an arson attack on Jewish community ambulances and attempted arson attacks at synagogues in Finchley and Kenton and a former Jewish charity in Hendon. Another incident saw a drone flown near the Israeli embassy in London, and a petrol bomb was thrown towards the site of Volant Media, the parent company of Persian news channel Iran International. A group that calls itself Harakat Ashab al-Yamin al-Islamia, the Islamic Movement of the Companions of the Right, that is suspected to be Iran-backed, has claimed responsibility for most of the incidents along with other attacks in Europe since March 9. Metropolitan Police Deputy Commissioner Matt Jukes told LBC: "We're going to look incredibly closely at whether those claims stand up. "They're intended to intimidate so we have to distinguish what's happening online and being broadcast and claimed, from those things we can prove. "But I think this is an extraordinary period. "We've sadly seen hate crime in our communities before, we've seen radicalisation towards terrorism. "But now what we've got is the prospect of a foreign state actually using that as a mechanism to sow discord, discontent and to create anxiety in our communities. "That is really troubling." "Thugs for hire" are risking long prison sentences for inconsequential amounts of money if they agree to carry out crimes for foreign states, he told the broadcaster. Mr Jukes gave the example of Dylan Earl, who was jailed for 17 years after agreeing to carry out an arson attack in Leyton, east London, for the Russian-backed Wagner group in 2024. So far 15 people have been arrested over the six incidents in London since March 23. The most recent attack saw a petrol bomb thrown through the window of Kenton United Synagogue at around midnight on Sunday, landing in a medical room. Jewish charity the Community Security Trust (CST) said that minor smoke damage to an internal room was caused but said there were no injuries or significant structural damage. Mr Jukes earlier told BBC Radio 4's Today programme that a 17-year-old boy and 19-year-old man had been arrested in connection with the incident. Chief Rabbi Sir Ephraim Mirvis described the arson attack as "cowardly" and said "a sustained campaign of violence and intimidation against the Jewish community of the UK is gathering momentum". His statement shared on X said: "This sustained attack on our community's ability to worship and live in safety is an attack on the values that bind us all together." Video that appears to be published online by Harakat Ashab al-Yamin al-Islamia, also known as Hayi, shows a person in dark clothing lighting an item and throwing it at the Kenton United Synagogue before running away. It was filmed by another person behind the metal fence surrounding the building. Prime Minister Sir Keir Starmer has said he is "appalled by recent attempted antisemitic arson attacks in north London". He added in his statement on X: "This is abhorrent and it will not be tolerated. Attacks on our Jewish community are attacks on Britain."
Rheinmetall Kraken GmbH launches series production of maritime unmanned systems in Hamburg
(PresseBox) - Series production of the Kraken K3 Scout has begun at Rheinmetall's Blohm+Voss site in Hamburg. With the market-ready unmanned surface vessel (USV), Rheinmetall's new Naval Systems division -- together with its British joint venture partner Kraken Technology Group -- offers a surface platform for both military and civilian applications. Depending on the configuration, the vessels can be used for maritime surveillance, protection of critical infrastructure, or as weapons carriers in military operations. The joint venture established last year between Rheinmetall Naval Systems and the British tech company Kraken Technology Group will now operate under the name "Rheinmetall Kraken GmbH." The partnership addresses the growing global demand for market-available unmanned platforms of various sizes. Production of the systems -- which are capable of speeds of up to 55 knots, measure 8.4 metres in length, and are individually configurable -- takes place at Rheinmetall's shipyard Blohm+Voss in Hamburg, a site that the Düsseldorf-based company is developing into Germany's leading test and technology centre for unmanned and autonomous marine systems. "Production of the Kraken K3 Scout is initially designed for around 200 units per year. Depending on the order volume, we can scale up production to as many as 1,000 units annually," says Tim Wagner, CEO of Rheinmetall's Naval Systems division. With five locations in Germany, the Naval Systems division specialises in the construction of complex naval and coast guard vessels and is a pioneer in the development of unmanned and autonomous surface systems. Mal Crease, CEO of Kraken Technology Group said: "The formation of Rheinmetall Kraken GmbH combines the scale, expertise and reach of a longstanding defence leader with an agile, innovative maritime technology company. This will ensure that production of Kraken's K3 Scout can scale to meet exponentially growing operational requirements." Kraken Technology Group develops high-performance and cost-efficient unmanned maritime systems. Through the joint venture, they benefit from the extensive production and integration capabilities of the Rheinmetall Naval Systems division.
Vercel Crypto Hack Update: No Funds Affected, API Key Risks in Focus
Web3 teams rotate credentials and tighten security measures. The crypto industry is once again on alert following a fresh security scare. Amid a surge in crypto hacks in April, a new incident was reported, but no funds were stolen. The latest security incident involving Vercel, a Web3 infrastructure provider, may have exposed sensitive API keys. Thus, it has prompted Web3 teams to act fast. They have rotated credentials and reassessed their security setups before any real damage can be done. Crypto hacks are rising in 2026. But the latest security breach incident comes with a difference- no funds have been lost. Web3 service provider Vercel disclosed an incident in which hackers gained unauthorized access to parts of its internal systems. This affected only a limited number of users, and there have been no financial losses. According to the company, attackers were able to break into certain internal tools. This prompted Vercel to bring in incident response experts and inform law enforcement. While the investigation is still ongoing, the company is working to understand exactly how far the breach reached. Developer Theo Browne shared that integrations like Linear and GitHub were among the most affected areas. These integrations often connect key workflows, which makes them a potential entry point for attackers. On a more reassuring note, Vercel said that environment variables labeled as "sensitive" were stored securely and were not exposed. However, any variables that were not marked this way could be at risk. Users have been advised to rotate those credentials as a precaution. The full extent of the breach is still unclear, and it may not be limited to Vercel alone. There are indications that the same crypto-hacking method may have targeted other companies using similar tools or integrations. It is worth noting that this crypto scam is reported amid a rising number of similar incidents. As previously reported, over the past two weeks alone, crypto hack losses have hit a massive $450 million. Meanwhile, cybersecurity sources like Dark Web Informer suggest that the group behind the crypto hack could be ShinyHunters. This is a well-known hacking and extortion group linked to multiple high-profile data breaches. However, this has not been officially confirmed. Following the crypto hack, Vercel released an official statement, providing details of the incident. The platform explained that the hacker was able to get into the internal settings that were not secure enough. Such a situation would mean the exposure of API keys- private information needed for apps to communicate with other systems outside the network. If the keys are abused, they can be used to impersonate an application and to abuse service functionality. Adding to the concern, a post on the cybercrime forum BreachForums claimed that stolen Vercel data, including access keys and source code, was being offered for sale for $2 million. However, these claims haven't been independently verified so far. Vercel said it is taking the situation seriously and is working with cybersecurity experts and law enforcement. They continue to investigate whether any sensitive data was actually taken. This crypto news comes on the heels of another major crypto scam that shook the world- the Drift protocol hack. The company also shared how the breach likely happened. According to its CEO, the attack was linked to Context.ai, a third-party AI tool used by an employee. A compromised Google Workspace account linked to this tool appears to have enabled attackers to move deeper into Vercel's internal systems. On the positive side, Vercel emphasized that environment variables labeled as "sensitive" are stored securely to prevent them from being read, even in such incidents. So far, there's no evidence that these protected credentials were accessed. Still, as a precaution, developers are being advised to review their setups, rotate any exposed keys, and tighten security around third-party integrations.
Anthropic's Project Glasswing Is a Warning: Technical Debt Is Now a National Security Risk
Anthropic's launch of Project Glasswing should be understood less as a product announcement and more as a policy warning. Reuters reports that the rapid emergence of Claude Mythos Preview has already prompted discussions among the US Treasury, the Federal Reserve, and major banking executives because the model exposes the fragility of legacy systems. When the release of a new AI model triggers urgent conversations among Treasury officials, central bankers, and major financial institutions within days, the issue is no longer confined to Silicon Valley. It becomes a matter of economic resilience and national security. The most important takeaway is not merely that Anthropic has built a model capable of finding vulnerabilities across major operating systems, browsers, and enterprise software. Rather, it is that AI has finally turned decades of accumulated technical debt into an immediately exploitable risk surface. For years, enterprises and governments have operated under an implicit bargain: Ship fast, preserve backward compatibility, and patch later. In many situations, "later" was synonymous with "never." Layers of legacy middleware, aging libraries, undocumented integrations, and orphaned code paths remained embedded in systems that underpin finance, energy, healthcare, and transportation. These systems continued to function well enough to avoid expensive modernization, even as their security assumptions quietly aged out. Mythos drastically alters the economics of that complacency. According to Anthropic, the model has already identified thousands of high-severity vulnerabilities, including flaws that persisted for decades in widely trusted software. Anthropic now provides a select group of critical infrastructure operators and major technology firms with access to the model, enabling them to begin defensive remediation before similar capabilities become broadly available. Two years ago, on the Explain to Shane podcast, I discussed how technical debt should be a policy concern because the software industry's long-standing ship-it-and-patch-it-later culture was built on organizations' tolerance for outdated systems, as the cost of discovery often exceeded the practical likelihood of exploitation. AI now removes the discovery bottleneck that once protected poorly maintained systems through obscurity and inertia. Mythos reportedly does more than identify flaws; it chains them together into workable exploits, collapsing what was once a multi-stage offensive workflow into an autonomous reasoning task. This is particularly dangerous for sectors such as banking and critical infrastructure, where modern cloud-native systems are tightly coupled with software written decades ago. Reuters correctly highlighted that financial institutions run hybrid stacks in which advanced tooling coexists with legacy code, creating precisely the heterogeneous environment in which AI-driven exploit chaining thrives. The policy concern is that legacy systems are now a strategic vulnerability multiplier. Much of today's digital infrastructure was designed in an era when attack sophistication scaled with human labor. AI fundamentally changes that ratio. A model capable of autonomously probing binaries, analyzing memory behavior, identifying privilege escalation paths, and generating exploit code can now operate at speeds that no traditional patch management regime can match. This creates a widening asymmetry between discovery and remediation, as discovery accelerates exponentially while remediation remains stubbornly human. Many flaws lie in foundational open-source libraries maintained by small volunteer teams or in enterprise environments where patching a single component risks breaking downstream dependencies built over decades. This is the true cost of technical debt: not merely insecure code, but systems so brittle that fixing them introduces operational risk. That brittleness is why policymakers should resist the temptation to frame Project Glasswing as merely another AI safety story. The deeper issue is infrastructure modernization. Insecure legacy code in financial services, utilities, logistics, and telecom is no longer just a private-sector IT challenge. It is a public-interest stability issue. The United States has spent years debating cyber resilience, focusing on information-sharing mandates, breach-disclosure timelines, and liability standards. Those remain important. But the Mythos moment shows that software modernization itself must now be treated as a core resilience policy priority. Project Glasswing may give defenders a temporary head start, and Anthropic deserves credit for recognizing the need for controlled deployment. But the company's decision to withhold Mythos from general release should not create false comfort. The odds that frontier AI capabilities for vulnerability discovery remain unique to one firm are low. Competitors, state actors, and well-resourced criminal groups are almost certainly moving in parallel, whether publicly or quietly. That means the strategic question is no longer whether AI can expose decades of technical debt. It already can. The real question is whether institutions modernize fast enough to reduce their inherited attack surface before this capability becomes fully commoditized. Glasswing is the first visible attempt to pay down that bill. The bill itself, however, was written over thirty years of legacy software decisions, deferred upgrades, and security compromises made in the name of speed. AI has merely made the invoice impossible to ignore.
Anthropic's Mythos Lands It a White House Meeting
The White House has u-turned on its previous scorn for the AI company as it looks to collab with Anthropic. The release of Claude Mythos preview from Anthropic is rocking the tech world as world leaders meet with the AI firm's leadership and global tech titans collaborate to improve defences. Most recently, Axios reported that the US White House met with Anthropic's CEO to discuss "opportunities for collaboration, as well as shared approaches and protocols to address the challenges associated with scaling this technology," the White House said. This meeting is despite Anthropic currently suing the US Department of Defence over its cancelled contract and labelling as a supply chain risk by Secretary of War Pete Hegseth following disagreements surrounding Anthropic's use in autonomous weapons and surveillance. The introduction of Claude Mythos, which has only been released to a select few other tech firms for testing, promises enhanced cyber defences but can also outperform humans when it comes to certain hacking and cyber-crime abilities. It can find age-old vulnerabilities in code, and also exploit them, sharpening the double-edged sword of AI in cyber. Mythos also appears to see the US executive branch viewing Anthropic in a new light; previously the US President said his government "will not do business with them again," but is now looking to collaborate. The cyber-capable AI model is also changing Anthropic's own release tactics. The AI firm's newest model Opus 4.7 may boast superior advancements on software engineering compared to previous systems, but the firm used methods to "differentially reduce" its cyber capabilities. The model has less cyber acumen than Mythos, but also hosts new guardrails to prohibit potentially nefarious cyber uses. Anthropic aims to use these safeguards to inform its future release of "Mythos-class models," aiming to reduce their cyber-risk. For those wanting to test Opus 4.7's cyber abilities, however, they will need to join Anthropic's Cyber Verification Program, which will let approved enterprises and developers test the model on tasks like vulnerability detection and penetration testing.
ASIC joins global regulators monitoring Anthropic's Mythos AI
Australia's markets regulator has publicly confirmed it is watching the development of Anthropic's Mythos model alongside peer regulators worldwide, adding to a rapidly expanding international regulatory response that began with the Bank of England, the US Federal Reserve, and the Treasury Department. ECB President Lagarde has warned no governance framework is yet in place. The Australian Securities and Investments Commission (ASIC) confirmed on Monday that it is monitoring the development of Anthropic's frontier AI model Mythos and its potential implications for the Australian financial market, Reuters reported. "ASIC is closely monitoring these developments along with peer regulators to assess possible implications for the Australian market," an ASIC spokesperson said. "ASIC engages closely with other regulators, government agencies and the financial sector to understand and respond to changing technologies." The regulator added that it expected financial services licensees to "be on the front foot" to safeguard their customers and clients. The ASIC statement is the latest in a cascade of global regulatory responses to Mythos, the advanced AI model that Anthropic launched on 7 April 2026 under a restricted access programme called Project Glasswing. Anthropic claimed the model successfully identified and exploited zero-day vulnerabilities in every major operating system and web browser, a capability the company says is intended to accelerate defensive security work but which regulators have identified as a potential systemic risk if threat actors accessed the model's capabilities. The response from financial regulators has been rapid and unusually coordinated for a technology event. Bank of England Governor Andrew Bailey, speaking at Columbia University in New York, warned that Mythos could "crack the whole cyber risk world open" and called on regulators to urgently assess the extent to which the model can identify and exploit vulnerabilities in financial infrastructure. The Bank of England's Cross Market Operational Resilience Group (CMORG) and its AI Taskforce subsequently scheduled meetings to discuss Mythos within weeks. European Central Bank President Christine Lagarde told Bloomberg TV that there is currently no governance framework "to actually mind those things", a frank admission that the regulatory infrastructure has not kept pace with the technology. In the United States, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting of major bank CEOs to discuss Mythos's cyber risk implications. The meeting, held while bank chiefs were already in Washington for a Financial Services Forum board meeting, was confirmed by CNBC. JPMorgan Chase CEO Jamie Dimon was the only major bank CEO who could not attend. A Treasury spokesperson subsequently confirmed the meeting and said Treasury plans to lead further sessions with regulators and institutions on an ongoing basis. On the commercial side, major US banks have begun internal testing of Mythos for defensive purposes. Goldman Sachs CEO David Solomon told analysts on a quarterly earnings call that the bank has access to the model and has "hypersensitivity" to the enhanced capabilities of new AI systems. JPMorgan Chase was named as an initial Project Glasswing partner, alongside approximately 40 companies including Amazon, Apple, Google, Microsoft, and Nvidia. Anthropic has committed $100 million in credits to these partners and $4 million to open-source security organisations, with the explicit goal of building defensive capacity ahead of any public capability release. The core risk that regulators are assessing is structural rather than individual. Financial institutions run technology stacks that layer decades-old legacy systems with modern cloud infrastructure, creating accumulated technical debt and undiscovered vulnerabilities. The banking sector's heavy reliance on a small number of consolidated cloud providers means that a sufficiently capable AI model exploiting vulnerabilities in those providers' systems could cascade across the entire financial system. IBM Senior Vice President Rob Thomas has publicly criticised Anthropic's restricted-access approach, arguing that "security improves more often through scrutiny than through concealment." Anthropic's CEO Dario Amodei has defended the restricted rollout, writing that "the dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world." Anthropic's relationship with the US government remains complicated by a separate dispute. The Department of Defense designated Anthropic a supply chain risk to national security, a classification the company has contested in court.
Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too
An attacker compromised the tool's Google Workspace OAuth app, hijacked a Vercel employee's account, then accessed environment variables that weren't marked "sensitive." Vercel is now asking customers to rotate those secrets, even though they were classified as non-sensitive. Vercel contacted the limited subset of customers whose credentials were confirmed compromised. But the broader lesson applies to any organization: a third-party OAuth compromise can cascade into internal systems fast. Vercel called the attacker "highly sophisticated" based on their speed and detailed knowledge of Vercel's systems. Assume any related secret is at risk until you've investigated it. Identify every exposed credential, check where it's used, and confirm whether it's active or already abused. Then revoke or rotate it, redeploy, and verify dependent services. Vercel's guidance is direct: use the "sensitive" flag for environment variables that contain API keys, tokens, database credentials, or signing keys. Sensitive variables are stored in a way that prevents them from being read. If you're a Vercel customer responding to this incident, start by pulling your environment variables locally and scanning them for exposed secrets. Pull your environment variables for each project: Then scan the file with GitGuardian: GitGuardian will identify which variables contain valid secrets, such as API keys, tokens, or database credentials, signing keys. This gives you a prioritized list of what to rotate first. You can also scan across multiple projects by pulling each environment file and scanning the directory: Once you've identified exposed secrets, rotate them in your upstream services (like AWS, Stripe, or database providers) before updating the values in Vercel. Vercel published the following guidance for customers:
Billion-dollar company Vercel 'names and shames' the AI tool that got its systems hacked; says: We assess the attacker as ...
Cloud development platform Vercel has confirmed a security breach incident involving unauthorised access to its internal systems. For those unaware, Vercel is a premier cloud platform for frontend developers, specializing in hosting websites and web applications. The billion-dollar company has published a Security Bulletin, confirming the incident. "We've identified a security incident that involved unauthorized access to certain internal Vercel systems," Vercel said. "We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses". In the bulletin, the cloud platform firm said that the security incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. The attacker, it said, used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as "sensitive.""Environment variables marked as "sensitive" in Vercel are stored in a manner that prevents them from being read, and we currently do not have evidence that those values were accessed," the company revealed.Vercel stated that it is working with Mandiant, additional cybersecurity firms, industry peers, and law enforcement. "We have also engaged Context.ai directly to understand the full scope of the underlying compromise," the company said.In its bulletin, Vercel said that it has identified a limited subset of customers whose Vercel credentials were compromised. The company has reached out to that subset and recommended an immediate rotation of credentials."If you have not been contacted, we do not have reason to believe that your Vercel credentials or personal data have been compromised at this time," it clarified. "We continue to investigate whether and what data was exfiltrated and we will contact customers if we discover further evidence of compromise. We've deployed extensive protection measures and monitoring. Our services remain operational," the company assured. Vercel recommends impacted users to:
Attacks on Jewish sites 'raise prospect of foreign state working to sow discord'
A spate of attacks on Jewish sites in London raises the "troubling" prospect of a foreign state using hate crime to sow discord in the UK, one of the country's most senior police officers has said. Investigators are working to establish whether Iran has paid British criminals to carry out acts on UK soil, after a series of incidents including an arson attack on Jewish community ambulances and attempted arson attacks at synagogues in Finchley and Kenton and a former Jewish charity in Hendon. Another incident saw a drone flown near the Israeli embassy in London, and a petrol bomb was thrown towards the site of Volant Media, the parent company of Persian news channel Iran International. A group that calls itself Harakat Ashab al-Yamin al-Islamia, the Islamic Movement of the Companions of the Right, that is suspected to be Iran-backed, has claimed responsibility for most of the incidents along with other attacks in Europe since March 9. Metropolitan Police Deputy Commissioner Matt Jukes told LBC: "We're going to look incredibly closely at whether those claims stand up. "They're intended to intimidate so we have to distinguish what's happening online and being broadcast and claimed, from those things we can prove. "But I think this is an extraordinary period. "We've sadly seen hate crime in our communities before, we've seen radicalisation towards terrorism. "But now what we've got is the prospect of a foreign state actually using that as a mechanism to sow discord, discontent and to create anxiety in our communities. "That is really troubling." "Thugs for hire" are risking long prison sentences for inconsequential amounts of money if they agree to carry out crimes for foreign states, he told the broadcaster. Mr Jukes gave the example of Dylan Earl, who was jailed for 17 years after agreeing to carry out an arson attack in Leyton, east London, for the Russian-backed Wagner group in 2024. So far 15 people have been arrested over the six incidents in London since March 23. The most recent attack saw a petrol bomb thrown through the window of Kenton United Synagogue at around midnight on Sunday, landing in a medical room. Jewish charity the Community Security Trust (CST) said that minor smoke damage to an internal room was caused but said there were no injuries or significant structural damage. Mr Jukes earlier told BBC Radio 4's Today programme that a 17-year-old boy and 19-year-old man had been arrested in connection with the incident. Chief Rabbi Sir Ephraim Mirvis described the arson attack as "cowardly" and said "a sustained campaign of violence and intimidation against the Jewish community of the UK is gathering momentum". His statement shared on X said: "This sustained attack on our community's ability to worship and live in safety is an attack on the values that bind us all together." Video that appears to be published online by Harakat Ashab al-Yamin al-Islamia, also known as Hayi, shows a person in dark clothing lighting an item and throwing it at the Kenton United Synagogue before running away. It was filmed by another person behind the metal fence surrounding the building. Prime Minister Sir Keir Starmer has said he is "appalled by recent attempted antisemitic arson attacks in north London". He added in his statement on X: "This is abhorrent and it will not be tolerated. Attacks on our Jewish community are attacks on Britain."
Attacks on Jewish sites 'raise prospect of foreign state working to sow discord'
A spate of attacks on Jewish sites in London raises the "troubling" prospect of a foreign state using hate crime to sow discord in the UK, one of the country's most senior police officers has said. Investigators are working to establish whether Iran has paid British criminals to carry out acts on UK soil, after a series of incidents including an arson attack on Jewish community ambulances and attempted arson attacks at synagogues in Finchley and Kenton and a former Jewish charity in Hendon. Another incident saw a drone flown near the Israeli embassy in London, and a petrol bomb was thrown towards the site of Volant Media, the parent company of Persian news channel Iran International. A group that calls itself Harakat Ashab al-Yamin al-Islamia, the Islamic Movement of the Companions of the Right, that is suspected to be Iran-backed, has claimed responsibility for most of the incidents along with other attacks in Europe since March 9. Metropolitan Police Deputy Commissioner Matt Jukes told LBC: "We're going to look incredibly closely at whether those claims stand up. "They're intended to intimidate so we have to distinguish what's happening online and being broadcast and claimed, from those things we can prove. "But I think this is an extraordinary period. "We've sadly seen hate crime in our communities before, we've seen radicalisation towards terrorism. "But now what we've got is the prospect of a foreign state actually using that as a mechanism to sow discord, discontent and to create anxiety in our communities. "That is really troubling." "Thugs for hire" are risking long prison sentences for inconsequential amounts of money if they agree to carry out crimes for foreign states, he told the broadcaster. Mr Jukes gave the example of Dylan Earl, who was jailed for 17 years after agreeing to carry out an arson attack in Leyton, east London, for the Russian-backed Wagner group in 2024. So far 15 people have been arrested over the six incidents in London since March 23. The most recent attack saw a petrol bomb thrown through the window of Kenton United Synagogue at around midnight on Sunday, landing in a medical room. Jewish charity the Community Security Trust (CST) said that minor smoke damage to an internal room was caused but said there were no injuries or significant structural damage. Mr Jukes earlier told BBC Radio 4's Today programme that a 17-year-old boy and 19-year-old man had been arrested in connection with the incident. Chief Rabbi Sir Ephraim Mirvis described the arson attack as "cowardly" and said "a sustained campaign of violence and intimidation against the Jewish community of the UK is gathering momentum". His statement shared on X said: "This sustained attack on our community's ability to worship and live in safety is an attack on the values that bind us all together." Video that appears to be published online by Harakat Ashab al-Yamin al-Islamia, also known as Hayi, shows a person in dark clothing lighting an item and throwing it at the Kenton United Synagogue before running away. It was filmed by another person behind the metal fence surrounding the building. Prime Minister Sir Keir Starmer has said he is "appalled by recent attempted antisemitic arson attacks in north London". He added in his statement on X: "This is abhorrent and it will not be tolerated. Attacks on our Jewish community are attacks on Britain."
Attacks on Jewish sites 'raise prospect of foreign state working to sow discord'
Add Yahoo as a preferred source to see more of our stories on Google. A spate of attacks on Jewish sites in London raises the "troubling" prospect of a foreign state using hate crime to sow discord in the UK, one of the country's most senior police officers has said. Investigators are working to establish whether Iran has paid British criminals to carry out acts on UK soil, after a series of incidents including an arson attack on Jewish community ambulances and attempted arson attacks at synagogues in Finchley and Kenton and a former Jewish charity in Hendon. Another incident saw a drone flown near the Israeli embassy in London, and a petrol bomb was thrown towards the site of Volant Media, the parent company of Persian news channel Iran International. A group that calls itself Harakat Ashab al-Yamin al-Islamia, the Islamic Movement of the Companions of the Right, that is suspected to be Iran-backed, has claimed responsibility for most of the incidents along with other attacks in Europe since March 9. Metropolitan Police Deputy Commissioner Matt Jukes told LBC: "We're going to look incredibly closely at whether those claims stand up. "They're intended to intimidate so we have to distinguish what's happening online and being broadcast and claimed, from those things we can prove. "But I think this is an extraordinary period. "We've sadly seen hate crime in our communities before, we've seen radicalisation towards terrorism. "But now what we've got is the prospect of a foreign state actually using that as a mechanism to sow discord, discontent and to create anxiety in our communities. "That is really troubling." "Thugs for hire" are risking long prison sentences for inconsequential amounts of money if they agree to carry out crimes for foreign states, he told the broadcaster. Mr Jukes gave the example of Dylan Earl, who was jailed for 17 years after agreeing to carry out an arson attack in Leyton, east London, for the Russian-backed Wagner group in 2024. So far 15 people have been arrested over the six incidents in London since March 23. The most recent attack saw a petrol bomb thrown through the window of Kenton United Synagogue at around midnight on Sunday, landing in a medical room. Jewish charity the Community Security Trust (CST) said that minor smoke damage to an internal room was caused but said there were no injuries or significant structural damage. Mr Jukes earlier told BBC Radio 4's Today programme that a 17-year-old boy and 19-year-old man had been arrested in connection with the incident. Chief Rabbi Sir Ephraim Mirvis described the arson attack as "cowardly" and said "a sustained campaign of violence and intimidation against the Jewish community of the UK is gathering momentum". His statement shared on X said: "This sustained attack on our community's ability to worship and live in safety is an attack on the values that bind us all together." Video that appears to be published online by Harakat Ashab al-Yamin al-Islamia, also known as Hayi, shows a person in dark clothing lighting an item and throwing it at the Kenton United Synagogue before running away. It was filmed by another person behind the metal fence surrounding the building. Prime Minister Sir Keir Starmer has said he is "appalled by recent attempted antisemitic arson attacks in north London". He added in his statement on X: "This is abhorrent and it will not be tolerated. Attacks on our Jewish community are attacks on Britain."
Attacks on Jewish sites 'raise prospect of foreign state working to sow discord'
A spate of attacks on Jewish sites in London raises the "troubling" prospect of a foreign state using hate crime to sow discord in the UK, one of the country's most senior police officers has said. Investigators are working to establish whether Iran has paid British criminals to carry out acts on UK soil, after a series of incidents including an arson attack on Jewish community ambulances and attempted arson attacks at synagogues in Finchley and Kenton and a former Jewish charity in Hendon. Another incident saw a drone flown near the Israeli embassy in London, and a petrol bomb was thrown towards the site of Volant Media, the parent company of Persian news channel Iran International. A group that calls itself Harakat Ashab al-Yamin al-Islamia, the Islamic Movement of the Companions of the Right, that is suspected to be Iran-backed, has claimed responsibility for most of the incidents along with other attacks in Europe since March 9. Metropolitan Police Deputy Commissioner Matt Jukes told LBC: "We're going to look incredibly closely at whether those claims stand up. "They're intended to intimidate so we have to distinguish what's happening online and being broadcast and claimed, from those things we can prove. "But I think this is an extraordinary period. "We've sadly seen hate crime in our communities before, we've seen radicalisation towards terrorism. "But now what we've got is the prospect of a foreign state actually using that as a mechanism to sow discord, discontent and to create anxiety in our communities. "That is really troubling." "Thugs for hire" are risking long prison sentences for inconsequential amounts of money if they agree to carry out crimes for foreign states, he told the broadcaster. Mr Jukes gave the example of Dylan Earl, who was jailed for 17 years after agreeing to carry out an arson attack in Leyton, east London, for the Russian-backed Wagner group in 2024. So far 15 people have been arrested over the six incidents in London since March 23. The most recent attack saw a petrol bomb thrown through the window of Kenton United Synagogue at around midnight on Sunday, landing in a medical room. Jewish charity the Community Security Trust (CST) said that minor smoke damage to an internal room was caused but said there were no injuries or significant structural damage. Mr Jukes earlier told BBC Radio 4's Today programme that a 17-year-old boy and 19-year-old man had been arrested in connection with the incident. Chief Rabbi Sir Ephraim Mirvis described the arson attack as "cowardly" and said "a sustained campaign of violence and intimidation against the Jewish community of the UK is gathering momentum". His statement shared on X said: "This sustained attack on our community's ability to worship and live in safety is an attack on the values that bind us all together." Video that appears to be published online by Harakat Ashab al-Yamin al-Islamia, also known as Hayi, shows a person in dark clothing lighting an item and throwing it at the Kenton United Synagogue before running away. It was filmed by another person behind the metal fence surrounding the building. Prime Minister Sir Keir Starmer has said he is "appalled by recent attempted antisemitic arson attacks in north London". He added in his statement on X: "This is abhorrent and it will not be tolerated. Attacks on our Jewish community are attacks on Britain."
Attacks on Jewish sites 'raise prospect of foreign state working to sow discord'
A spate of attacks on Jewish sites in London raises the "troubling" prospect of a foreign state using hate crime to sow discord in the UK, one of the country's most senior police officers has said. Investigators are working to establish whether Iran has paid British criminals to carry out acts on UK soil, after a series of incidents including an arson attack on Jewish community ambulances and attempted arson attacks at synagogues in Finchley and Kenton and a former Jewish charity in Hendon. Another incident saw a drone flown near the Israeli embassy in London, and a petrol bomb was thrown towards the site of Volant Media, the parent company of Persian news channel Iran International. A group that calls itself Harakat Ashab al-Yamin al-Islamia, the Islamic Movement of the Companions of the Right, that is suspected to be Iran-backed, has claimed responsibility for most of the incidents along with other attacks in Europe since March 9. Metropolitan Police Deputy Commissioner Matt Jukes told LBC: "We're going to look incredibly closely at whether those claims stand up. "They're intended to intimidate so we have to distinguish what's happening online and being broadcast and claimed, from those things we can prove. "But I think this is an extraordinary period. "We've sadly seen hate crime in our communities before, we've seen radicalisation towards terrorism. "But now what we've got is the prospect of a foreign state actually using that as a mechanism to sow discord, discontent and to create anxiety in our communities. "That is really troubling." "Thugs for hire" are risking long prison sentences for inconsequential amounts of money if they agree to carry out crimes for foreign states, he told the broadcaster. Mr Jukes gave the example of Dylan Earl, who was jailed for 17 years after agreeing to carry out an arson attack in Leyton, east London, for the Russian-backed Wagner group in 2024. So far 15 people have been arrested over the six incidents in London since March 23. The most recent attack saw a petrol bomb thrown through the window of Kenton United Synagogue at around midnight on Sunday, landing in a medical room. Jewish charity the Community Security Trust (CST) said that minor smoke damage to an internal room was caused but said there were no injuries or significant structural damage. Mr Jukes earlier told BBC Radio 4's Today programme that a 17-year-old boy and 19-year-old man had been arrested in connection with the incident. Chief Rabbi Sir Ephraim Mirvis described the arson attack as "cowardly" and said "a sustained campaign of violence and intimidation against the Jewish community of the UK is gathering momentum". His statement shared on X said: "This sustained attack on our community's ability to worship and live in safety is an attack on the values that bind us all together." Video that appears to be published online by Harakat Ashab al-Yamin al-Islamia, also known as Hayi, shows a person in dark clothing lighting an item and throwing it at the Kenton United Synagogue before running away. It was filmed by another person behind the metal fence surrounding the building. Prime Minister Sir Keir Starmer has said he is "appalled by recent attempted antisemitic arson attacks in north London". He added in his statement on X: "This is abhorrent and it will not be tolerated. Attacks on our Jewish community are attacks on Britain."
