CyberWire Daily - No Mythos of escape.
Episode Date: June 16, 2026Emergency talks fail to free Anthropic’s Fable 5. Trump moves to strengthen national security systems. Microsoft patches a critical Copilot flaw. ShinyHunters weaponize a PeopleSoft zero-day. Dragon...Force hides in Microsoft Teams for months. Plus, Amos Stealer targets Macs, CISA issues a three-day patch deadline, Delta avoids penalties, and researchers show just how easy it is to manipulate AI search. Our guest is Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. Consulting meets confabulation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. If you enjoyed this conversation, check out the full interview here. Selected Reading Anthropic Is Still at Odds With the White House Over Claude Fable 5 (WIRED) Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher (The Register) White House Issues Memo to Bolster NSS Cybersecurity (SecurityWeek) Microsoft Patches Critical SearchLeak Vulnerability in Copilot Enterprise (Beyond Machines) ShinyHunters Hits Universities Via Oracle Zero-Day (GovInfo Security) DragonForce Ransomware Exploited Microsoft Teams to Hide Attack (Infosecurity Magazine) Inside Amos Stealer: How This Threat Targets macOS Credentials and Keychains (CyberProof) CISA warns of another cPanel plugin flaw exploited in attacks (Bleeping Computer) US closes probe into 2024 Delta Air Lines meltdown sparked by CrowdStrike outage (Reuters) It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests (404 Media) KPMG pulls report on AI usage due to apparent hallucinations (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Looking to understand the cybersecurity risks emerging beyond Earth's atmosphere?
In the weekly Signals in Space newsletter, T-minus host Maria Vermazas and producer Ethan Cook connect the dots between terrestrial infrastructure and the growing attack surface in space.
Each week, you'll get the latest space cyber headlines, direct access to the week's T-minus podcast conversation, plus everything.
expert insights and resources to help security professionals better understand this rapidly evolving domain.
Space systems are becoming critical infrastructure.
Signals in space helps you stay ahead of the threats shaping the next frontier.
Subscribe now to the Signals and Space newsletter.
Are you one of those media strategy people clicking through slides, scrolling spreadsheets?
Yes? Good. This is for you.
Because on Spotify, there's an audience that's different. Locked in.
Loyal, invested. They're called fans. Fans don't just listen to music. They feel seen by it,
like it belongs to them. So when your brand shows up on Spotify, that's who you're talking to.
And you're right next to artists like me, Lizzo. So, are you ready to talk to fans? Spotify advertising.
You're among fans. Emergency talks failed a free Anthropics Fable 5. Trump moves to strengthen national security systems.
Microsoft patches a critical co-pilot flaw. Shiny hunters.
weaponizes a PeopleSoft Zero Day.
Dragon Force hides in Microsoft Teams for months.
Plus, Amos Steeler, targets Max.
Sisa issues a three-day patch deadline.
Delta avoids penalties,
and researchers show just how easy it is
to manipulate AI search.
Our guest is Mike Fay,
co-founder and CEO at Island,
discussing the architectural differences
between network and modern Sassie.
And consulting meets confabulation.
It's Tuesday, June 16, 26.
I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining us here today.
It's great as always to have you with us.
The Trump administration has decided to keep export controls in place
on Anthropics' most advanced AI models
following emergency talks over concerns
that users can bypass safety restrictions built into the company's systems.
At the center of the dispute is clawing.
FABEL-5, a public-facing model that Anthropics says, includes safeguards designed to limit
access to advanced cybersecurity, biology, and chemistry capabilities.
Administration officials, however, remain concerned that those guardrails can be circumvented,
effectively giving users access to the more powerful capabilities of Anthropics' mythos model.
The issue surfaced last week after Amazon reportedly alerted administration officials,
officials to potential vulnerabilities. The concerns were serious enough that the National Security
Agency was asked to review the findings. According to people familiar with the process,
the NSA concluded that it was possible to remove or bypass some of Fable 5's protections,
helping drive the decision to impose export restrictions. Anthropics strongly disagrees with
that assessment. Company executives and security researchers traveled to Washington for
meetings with the Commerce Department, arguing that the administration has overstated the risks.
The company says Fable Five safeguards remain effective and that the restrictions are unjustified.
The debate has spilled into the cybersecurity community. More than 100 security experts signed
an open letter urging the government to reverse the controls. They argue that Anthropics models
are valuable defensive tools but are not uniquely capable compared to other
leading AI systems. The dispute is now being watched closely across the AI industry. Beyond Anthropic,
the episode signals that the U.S. government may be willing to intervene directly when it believes
advanced AI models present national security risks. AI companies are increasingly expected to provide
early visibility into major model releases and to maintain close communication with federal
officials before deploying frontier systems. President Trump,
Trump has signed National Security Presidential Memorandum 12 aimed at strengthening cybersecurity protections
for the nation's most sensitive government networks. The directive covers national security
systems used for classified information, military operations, and intelligence missions. The memorandum
reestablishes and modernizes the Committee on National Security Systems, giving it authority to set
baseline security requirements, coordinate cybersecurity efforts across agencies, and issue emergency
directives. It also designates the National Security Agency as the national manager for these systems.
Agencies must maintain and regularly update inventories of their national security systems,
while the committee is tasked with reviewing and updating cybersecurity policies over the next 90 days.
Microsoft has patched a critical vulnerability in Microsoft 365 co-pilot enterprise that could allow attackers to steal sensitive organizational data through a single malicious link.
Dubbed search leak, the flaw combined prompt injection, browser rendering behavior, and a Bing server-side request mechanism to exfiltrate information from emails, files, and other corporate data sources accessible to a victim.
Researchers describe it as an example of an AI-native attack that weaponizes existing web security weaknesses.
Microsoft applied the fix to its cloud infrastructure earlier this month, so customers do not need to take action.
Those security teams are advised to monitor for suspicious co-pilot search URLs and educate users about clicking complex links.
The Cybercriminal Group Shiny Hunters has been linked to an active external.
Custortion campaign exploiting a previously unknown vulnerability in Oracle PeopleSoft, according to researchers
at Mandiant and Google Threat Intelligence Group, the attackers targeted more than 100 organizations
worldwide between late May and early June, with universities and colleges accounting for nearly
70 percent of those affected. The campaign abused a critical remote code execution flaw
that allowed attackers to compromise vulnerable PeopleSoft systems without authentication.
Once inside, shiny hunters deployed disguised remote management tools, mapped victim environments,
and stole sensitive data for use in extortion attempts.
Several organizations successfully blocked the attacks,
but others saw stolen information published on the group's leak site.
Researchers are urging organizations running Oracle PeopleSoft to immediately secure,
exposed systems, review logs for suspicious activity, and search for signs of unauthorized access.
Researchers at Symantec and Carbon Black say the Dragon Force Ransomware Group maintained covert
access to a major U.S. services firm for as long as two months before launching its attack.
The attackers used a custom Go-based remote access Trojan called Backdoor. Turn that hid command
and control traffic inside legitimate Microsoft Teams communications by abusing
teams relay infrastructure. This made malicious traffic appear as normal connections to Microsoft's
servers. The group also used a vulnerability in a Huawei driver and made multiple system changes
to maintain persistence, including creating accounts, modifying firewall rules, and weakening
security settings. Researchers believe the initial intrusion likely came through a
vulnerable SQL or Microsoft SQL server. The attackers ultimately exfiltrated data and deployed
Dragon Force ransomware, highlighting what researchers describe as exceptionally sophisticated tradecraft
and stealth capabilities. Amos Steeler continues to be a highly active MacOS-focused information
Steeler, reflecting a broader trend of threat actors increasingly targeting Apple environments.
In a recent campaign, researchers at Cyberproof observed the malware using a malicious curl command
to silently download and execute payloads that launch AppleScript-based data collection.
The malware harvests browser credentials, cookies, auto-filled data, cryptocurrency-related information,
and the MacOS keychain database.
It also targets developer and configuration files such as SSH keys and Kubernetes credentials.
Collected data is staged, compressed into an archive, and exfiltrated to attacker-controlled
infrastructure in 10-Magabyte chunks using HTTP requests designed to blend into normal traffic.
Researchers say Amos Steeler deploys validation checks, retry mechanisms, and cleanup routines
to improve reliability and evade detection,
underscoring the growing need for behavioral monitoring
and endpoint hardening on macOS systems.
SISA has ordered U.S. federal agencies
to secure systems affected by an actively exploited
light-speed C-panel plugin vulnerability within three days.
The flaw affects multiple versions
and can allow attackers with FTP or WebShell access
to escalate privileges to root,
on vulnerable cloud Linux and CageFS servers.
Lightspeed disclosed active exploitation earlier this month and released security updates.
SISA has now added the vulnerability to its known exploited vulnerabilities catalog,
warning that flaws like this are frequently targeted by threat actors
and pose significant risks to government networks.
The Trump administration has closed a federal investigation into Delta Airlines' response,
to the July 24 crowd strike-related outage without imposing penalties. The disruption affected roughly
1.3 million customers and cost Delta an estimated $500 million. The probe launched under the Biden
administration examined why Delta's recovery lagged behind other major airlines. The Transportation
Department concluded that affected passengers received prompt refunds, baggage assistance, and support
for travelers with disabilities.
Delta welcomed the decision, citing the extensive customer assistance it provided during the
unprecedented industry-wide outage.
New research from Cornell University suggests that AI-powered search and deep research agents
can be manipulated with surprisingly little effort.
Researchers found that as few as 13 words of user-generated content on sites like Reddit,
Quora or Wikipedia, can influence the responses produced by tools such as chat GPT and Google's
AI search. The study examined how AI systems rely on content retrieved from user-generated platforms,
which account for nearly a quarter of cited sources in some queries.
Researchers demonstrated that short promotional phrases inserted into otherwise ordinary posts
could cause AI systems to recommend fake products, services, or businesses in their answers.
The findings highlight growing concerns around AI engine optimization or AEO,
an emerging industry focused on influencing AI search results
by seeding online communities with targeted content.
Researchers warn that because these attacks can be subtle and blend into normal discussions,
moderators may struggle to detect them, placing increasing pressure on AI companies to develop stronger defenses against manipulated source material.
Coming up after the break, my conversation with Mike Fay, co-founder and CEO at Island.
We're discussing the architectural differences between network and modern sassy.
And consulting meets confabulation.
Stick around.
What's the one thing in business that's spreading as fast as.
AI? AI risk. Every new tool your team signs up for, every vendor that turns on AI features,
every new integration, each one creates another opportunity for something to go wrong. And most
security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one
agenetic trust platform, used by more than 16,000 fast-moving companies like Ramp, Cursor, and Harvey,
to help ensure they're always audit-ready.
And now, Vanta is helping companies watch for the risks that show up between audits, across vendors,
AI tools, and their entire environment.
The Vanta agent works like a 24-7 GRC engineer in the background,
finding issues, drafting fixes, and cutting vendor assessment time by up to 50%.
Whether you're a fast-growing startup or a global enterprise,
Vanta is here to help you automate your secure.
and compliance, and earn and prove trust.
Get started today at vanta.com slash cyber.
That's v-a-t-a-com slash cyber.
This father's day start with a question,
like where did dad's story begin?
Ancestry DNA now has up to $75 off on our Father's Day sale,
so Dad can explore his roots across more than 3,600 regions
and discover the places in
cultures that shaped his story. Save now, give Ancestry DNA from only $69.
Offer ends June 21st. Visit Ancestry.ca for details. Terms apply.
Mike Fay is co-founder and CEO at Island, and in today's sponsored industry voices conversation,
we discuss the architectural differences between network and modern Sassie.
The architecture that Sassie replaced was a heavy on-prem hardware-centric architecture.
And Sassie allowed organizations to find a better cost structure, a more nimble approach to secure networking,
and one that would allow us to start to reach across our user base to where they were at, right?
We started to embrace people outside the office.
a little bit. We started to embrace SaaS properties, you know, service now, sales force type
things. And so it was the first rev of the recognition that the network was changing.
And so over the past few years, what has changed that's made folks start questioning
whether those initial assumptions still hold? Yeah. So when we thought of the sassy environment
and we built ours back at Blue Code and Z-Scaler showed up on the scene and then there were other
competitors that showed up after that.
The thought process was a very data center-centric one.
You had a small amount of SaaS properties people were going to, but the data center was
still a very important part of the thought process.
As we've grown, as we've evolved, as the world has changed, now if you think about a normal
end user, you have entire groups of large worker populations that just interact with
cloud-based applications, right?
Office 365, Salesforce, Workday,
my entire Salesforce touches nothing but cloud applications, for instance.
And that's where the challenge starts to come in.
Then you overlay that with increased encryption requirements,
the cert-pinning organizations not supporting you if you have a man in the middle,
and now you have an additional challenge,
which is we can't see inside the traffic like we used to.
So what's evolved is this weird state that says,
Sassy was the answer, but now it's blind to a big chunk of the traffic.
It's not architecturally where you need it to be to provide value.
And it's becoming a very cost prohibitive and almost as importantly, a source of outages
because of the complexity that is being a man in the middle with a haulback traveling
approach to the traffic.
Well, I know you've made the case that traditional Sassie is solving.
the wrong problem. I'm curious if a security strategy depends on seeing and inspecting traffic,
what happens when that visibility starts to disappear? Yeah. The traditional sassy
environments see about 30% of the real world traffic now. They're blind to 70%. They're blind to things
like office, slack, clawed, you know, things that matter. When you lose that visibility,
you can't enforce security as well. So they have to,
have to put more stuff on the endpoint. You end up with additional tooling, additional, you know,
approaches to do that. And the loss of visibility has given rise to complexity and cost
pushed to the endpoint to try to shore up these blind spots. And it's not working anymore.
And we need to evolve to something that sees all the traffic. And the way to do that is to
pre-imposed encryption. You don't want to be a man in the middle enforcing your will anymore.
That is not a viable path, nor is backhauling traffic to locations not required.
You know, when we built this concept of that backhaul, the networks aren't what they are today.
The best networks in the world now are the hyperscalers, right? It's, you know, GCP, it's Azure,
it's Amazon, and the list goes on. Those are the networks you want to get to as fast as possible
and they're right outside your door.
So back hauling to a point of presence
that can't break the encryption,
that can't see inside of it,
it's an archaic way to do things
that breaks yet more
with things like AI agents
and quantum encryption and the like.
So I really do believe
the days of the traditional Sassie approach
are numbered,
and they're coming out as much faster
than we expected.
Well, I want to dig into
all of these things here.
Let's start with AI.
What is fundamentally
different about these AI-driven workflows?
Yeah, so if you look at one AI agent, not much.
Thinking about it like another end user, just running in a different location,
is a valid conceptual way to think about what it's doing, right?
It's instead of a physical user, you know, a human user,
it's a artificial user. Great.
the difference is the size, scale, and connectivity requirements.
So one person could have hundreds, thousands of agents working for them.
They don't take a break.
They're constantly communicating.
They're constantly running.
They're constantly engaged.
And they're communicating often over an encrypted or cert-pin path that you can't see inside of.
So when you think about pulling all that traffic back to some scrubbing station,
you start to realize one that's financially not viable two it doesn't hold up and it doesn't add value
and it puts in latency and outages we don't need so that's really the idea it's those networks
were built at employee scale i scale is many times if not hundreds or thousands of times bigger
but way more streamlined if you let it be and that's the rub the size and scale and persistent nature of an
agent is very different than a typical end user.
Yeah, I think it's fair to say that AI has certainly been reshaping security, but
quantum computing is another major technological shift that's on the horizon here.
How do you see these two trends intersecting?
Yeah, let's start with quantum.
I think quantum is a big game changer for network security because now your level of encrypt
has to go up so dramatically.
And we used to think this was out in 2036 or some very, you know, very, very important.
far off time. And now experts are saying it's 2029 and it will not shock me if that moves forward again.
And what I'm talking about is the time where quantum compute is available to an attacker to
unencrypt your traffic. So today, I could sit and listen to your traffic. And in that traffic
might be very important data, but I can't unencrypt it. So it's as if I never heard it. But if I
can record that traffic today and then take it to a quantum computer tomorrow, I will see everything
inside of it. That terrifies banks, Department of Defense, you know, anyone doing something strategic
will be operating in the clear. We'll be operating an open text, basically. So we have to up our
level of encryption so that that's not possible. Well, to do that, think of encryption changing from
a password like you use today, 12 characters, you know, caps, special cases or special,
you know, exclamation marks or whatever it is you use to all of Webster's dictionary arranged
in a unique order for each of us. And now you want to set up the traditional security of break
and inspect at that level of encryption. Even if you could do it, you couldn't afford the
hardware, the access to the GPUs required, the latency that would incur.
So knowing that's out there, there is a shelf life on this old approach of break and inspect.
And that shelf life is very clear, and we're seeing customers start to embrace it.
And the complexity to try to elongate this shelf life is causing outages and expense.
So we're headed to a serious rethinking of our network infrastructure.
So if I'm a SISO evaluating my security strategy today,
what sort of things should be on my short-term planning?
Yeah, I think you want to think about the future of the network
and an endpoint-centric network,
because you'll be pre-imposed encryption.
You want user traffic to go directly to where it needs to.
We don't need to reroute it.
We don't need to backhaul it.
Those are antiquated concepts.
And we need to think at agent scale,
How does all this work when my user population isn't my employee count?
It's my employee count plus the manifestations of their agents, right?
So a company that's 50,000 users might have to support an environment that feels like half a million.
There are very few companies on the planet set up to do that.
And that's where the cyber security experts have to start focusing, which is this shift to true cloud-based compute at AI scale.
what does the network of the future and cybersecurity of the future look like?
And all roads point back to pre-impost encryption enforcement.
And if you do it right, it should save you significant money.
It should be way better security, but it'll set you up for the next run of what we see now
on the horizon between AI and quantum.
You know, Mike, I think you've been at this long enough that you've witnessed multiple major
technology transitions in cybersecurity. I'm curious, how does this moment compare to the previous
shifts that you've witnessed? You know, it is so different, but I would say 90% of cybersecurity
is treating it as the same. So what do I mean by that? The bulk of cyber right now is talking about
the bad guy, how AI is going to make the bad guy more capable. When we were moving to the cloud,
It was all about how the bad guy would have access to the cloud.
We moved to SaaS.
It was all about how the bad guy, the mobile was all about what the bad guy is going to do.
And we're doing that again.
And then the new technology, it's all about how to secure it, right?
How do we protect ourselves from bad things Claude might do?
How do we make sure that, you know, we have control over it and we can govern it and all that good stuff?
And there's nothing wrong with that logic.
But I believe the difference here, and what makes this so special, it's not a new set of tech.
It's not a new platform.
It's not a new way of running.
It is a new capacity of thought and execution.
AI can fundamentally make the first giant systemic change in cybersecurity.
AI is the answer, not the problem.
I look at AI as the fundamental thing that could make cybersecurity finally deliver a massive
level of protection that a breach is a rarity.
instead of a common event.
And I think that's what this moment represents.
And like true fundamental changing moments,
not everybody sees it because change is hard.
We know a playbook that works,
but you've got to throw that out.
We can fundamentally change cybersecurity forever.
And now's the moment we get to do that.
And I think most of cyber still run in the old way,
but there's some of us focused on that new path.
And I think we will see in the next couple
years, we will see cybersecurity start to become a problem that is actually solved for some
companies, where they really are truly secure. And it'll take good tech, it'll take great use of
AI. It won't be cheap to do it first, but it will be outrageously powerful. And this is the moment
where cybersecurity can change forever. This isn't a step function change. This is monumental.
And it's the most exciting time ever in cybersecurity.
That's Mike Faye, co-founder and CEO at Island.
And finally, KPMG has quietly withdrawn a report on the promise of agentic AI,
after several organizations featured in the document,
said the examples attributed to them were inaccurate.
The report, titled Redefining Excellence in the Age of Agentic AI,
drew scrutiny after research.
at GPT Zero identified what they described as AI-generated inaccuracies, suggesting the report may have
fallen victim to one of the very technologies it was discussing. Among those disputing the report's
claims were UBS, the UK's National Health Service, Swiss Federal Railways, and Transport for London,
all of which told the Financial Times that descriptions of their AI use were either misleading or
simply untrue. KPMG says it has removed the report while conducting an internal review,
and reiterated that employees are expected to verify AI-generated content through human oversight.
The episode follows a similar incident last month, when EY withdrew a report that reportedly
contained fabricated citations, adding another chapter to the growing challenge of using AI to
write about AI without becoming part of the cautionary tale.
And that's the Cyberwire.
Or links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing
world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to
to Cyberwire at N2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester
with original music and sound designed
by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibin.
Peter Kilpe is our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.