Saturday Hashtag: #SilentDigitalStorm

Listen To This Story

In the spring of 2026, a series of unprecedented cyberattacks rocked the digisphere, leaving behind a trail of devastation that went mostly unreported.

• First, a Chinese state supercomputer was robbed of 10 petabytes of military data. 
• The FBI’s wiretap management network was breached.
• Lockheed Martin had 375 terabytes of data stolen. 

• Stryker software, critical in military and medical sectors, was wiped clean across 79 countries in minutes. 
• AI training-data vendor Mercor, a startup valued at $10 billion and connected to OpenAI, Anthropic, and Meta, was breached through LiteLLM, an open-source Python library and proxy server by the hacking group Lapsus$.
• Rockstar Games was hit via Anodot, a little-known analytics vendor. 
• North Korea hijacked the Axios NPM package, a widely used and important developer tool downloaded 100 million times weekly, turning it into a digital weapon.

Then there is “Scattered LAPSUS$ Hunters,” a merger of ShinyHunters (a black-hat criminal hacker and extortion group), Scattered Spider (a prolific, English-speaking cybercriminal group), and Lapsus$, which: 

• Breached 400 organizations, including Google, Cisco, Adidas, Qantas, LVMH, LastPass, Okta, AMD, Snowflake, Harvard University, and even Pornhub. 
• Stole 1.5 billion Salesforce records.
• Cloned Cisco’s private GitHub.
• Cracked open Oracle’s legacy cloud.
• Attacked major European airports — Heathrow, Charles de Gaulle, Frankfurt, and Copenhagen — disrupting check-in systems and canceling over 1,600 flights.

On April 7, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell were called into an emergency meeting with the CEOs of the five largest US banks. 

They weren’t discussing a financial crisis, but the existential cyber risks tied to Anthropic’s Claude Mythos. This wasn’t just another AI software release; Mythos has the ability to identify and exploit zero-day vulnerabilities at a scale deemed too dangerous for public knowledge. It is a systemic risk threatening entire sectors of the global economy.

This goes well beyond mere hype for a new product launch, with the Linux Foundation and FFmpeg developers, who prioritize security above all, both acknowledging the real threat posed by Mythos’s capabilities.

Government and media have stayed largely silent despite the increasing danger AI poses to critical infrastructure including the entire health care system. No officials have been held accountable for failing to anticipate these risks, and no AI company has faced consequences for enabling them.

Even as the AI threat has deepened, President Donald Trump has moved to shut down AI regulation, compounding the danger and leaving the country exposed to an increasingly unpredictable and unregulated technology. 

The real question isn’t whether more AI-enabled attacks are inevitable; it’s whether experts have even begun to prepare for the next onslaught or if we’re simply waiting for another catastrophe to expose our vulnerability.

Hashtag Picks

Crowdstrike 2026 Global Threat Report

From Crowdstrike: “Get to know the evasive adversary who is supercharging attacks with AI and making AI the new attack surface.” 

Please Don’t Feed the Scattered Lapsus ShinyHunters

The author writes, “A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the intrusion. Some victims reportedly are paying — perhaps as much to contain the stolen data as to stop the escalating personal attacks. But a top SLSH expert warns that engaging at all beyond a ‘We’re not paying’ response only encourages further harassment, noting that the group’s fractious and unreliable history means the only winning move is not to pay.”

Anthropic’s New Mythos AI Tool Signals a New Era for Cyber Risks and Responses

From The Christian Science Monitor: “When Anthropic detected last September that someone was using its artificial intelligence software in a highly sophisticated spy campaign, the company began investigating. What stood out about this cyberattack was how much the hackers, who Anthropic says were probably Chinese-sponsored, relied on AI. Rather than advising the attackers, the company discovered, the AI technology actually carried out much of the attack itself. Fast-forward to this [month], when the company said AI had made another huge leap in its cyberattack capabilities. The most advanced model to date, Claude Mythos Preview, not only had found thousands of severe vulnerabilities in common operating systems that humans had missed, but also had devised sophisticated ways to exploit those gaps.”

Anthropic’s Mythos Will Force a Cybersecurity Reckoning — Just Not the One You Think

From Wired: “The new AI model is being heralded — and feared — as a hacker’s superweapon. Experts say its arrival is a wake-up call for developers who have long made security an afterthought.”

Anthropic’s Next Model Could Be a ‘Watershed Moment’ for Cybersecurity. Experts Say That Could Also Be a Concern

The authors write, “The next wave of AI-powered cybersecurity attacks will be like nothing we’ve seen before. That’s the message AI company Anthropic sent in a leaked blog post … in which it warned that its upcoming AI model, called Mythos, and others like it can exploit vulnerabilities at an unprecedented pace. And it’s not the only one: OpenAI warned in December that its upcoming models posed a ‘high’ cybersecurity risk. Experts have already said AI can amplify existing dangers and rapidly generate new software hacks.”