CISO Daily Digest: Anthropic's Mythos AI Breaks Into NSA Classified Systems in Hours (20260622)

Anthropic’s Mythos AI Breaches NSA Classified Systems

Anthropic’s latest frontier model, Mythos, demonstrated alarming penetration capabilities during a red-team evaluation conducted jointly with US national security agencies. The AI autonomously identified and exploited vulnerabilities across compartmentalized classified networks within hours — reportedly compromising nearly all NSA systems it was tested against.

The revelation compounds an extraordinary week for AI governance, coming just one day after Anthropic announced it was retiring Fable 5, its previous flagship model, citing capability exceeding safety thresholds. Together, these events signal that frontier AI models are advancing faster than the control mechanisms designed to contain them — and that capability escapes containment before policy catches up.

Why This Reshapes AI Governance

• Capability threshold enforcement: Voluntary safety frameworks have demonstrably failed. Expect binding pre-deployment red-teaming mandates with mandatory disclosure requirements.
• Export control escalation: Fable 5’s retirement was already shaped by export regime pressure. Mythos’s NSA-level penetration capability will tighten restrictions on model weights, training compute, and inference infrastructure.
• Offensive AI doctrine: The NSA’s willingness to publish these results — even in summary form — signals that US agencies are actively preparing both defensive and offensive AI postures.

Additional Anthropic developments this week:

• Trump administration targets Anthropic in an escalating AI regulatory crackdown, though conflicting signals suggest the administration may be re-evaluating Anthropic’s national security risk classification.
• Micron-Anthropic strategic agreement: Micron signed a major deal to supply memory and storage infrastructure for AI factories, driving a 5.5% surge in Micron shares.
• Anthropic opens Seoul office with South Korea-based partnerships, expanding its Asia-Pacific presence.

---

Active Threats This Week

📌 Mastra AI Framework NPM Supply Chain Attack North Korean threat actors (BlueNoroff / UNC1069 / Sapphire Sleet) compromised the Mastra AI application framework, implanting backdoors in over 140 NPM packages. The supply chain attack delivered malicious code capable of exfiltrating credentials, environment variables, and API keys from development and production environments. 🔗 Reference: iThome | Security Affairs

📌 FortiBleed: 70,000+ Fortinet Firewall Credentials Exposed A widespread credential-harvesting operation dubbed FortiBleed, attributed to Russian threat actors, has leaked administrative credentials for over 70,000 Fortinet devices globally. Taiwan ranks third in affected devices. CISA has issued emergency guidance requiring credential rotation, PBKDF2 hash migration, and mandatory MFA. The UK NCSC recommends using SOCRadar and Hudson Rock tools for domain-specific checks. 🔗 Reference: Security Affairs | iThome | Security Affairs - CISA Warns

📌 Squidbleed: 29-Year-Old Squid Proxy Bug Leaks Cleartext HTTP A critical vulnerability in the Squid caching proxy, nicknamed Squidbleed, exposes cleartext HTTP requests from proxied traffic. The bug has existed for 29 years and affects widely deployed proxy infrastructure, potentially leaking internal network topology, credentials transmitted over HTTP, and sensitive internal resource paths. 🔗 Reference: The Hacker News | iThome

📌 OXLOADER + CastleStealer: Malware Campaign via Google Ads A new malware loader called OXLOADER is being distributed through malicious Google Ads, delivering the CastleStealer information-stealing malware. The campaign targets users searching for legitimate software downloads, using SEO-poisoned ad placements to maximize infection reach. 🔗 Reference: The Hacker News

📌 AryStinger Malware Infects 4,300 Legacy Routers The AryStinger malware campaign has compromised over 4,300 outdated routers (primarily D-Link) to build a proxy network used for reconnaissance and credential harvesting. The botnet leverages end-of-life devices no longer receiving security patches. 🔗 Reference: The Hacker News | iThome

📌 INTERPOL Warns Phishing, Ransomware, and AI Scams Rising Across Asia-Pacific INTERPOL issued a regional warning about a significant increase in phishing, ransomware, and AI-powered scams across Asia-Pacific. The advisory highlights the growing sophistication of deepfake voice and video impersonation in social engineering campaigns. 🔗 Reference: The Hacker News

📌 Cisco ISE Critical Vulnerability Grants Root Access Cisco patched a critical vulnerability in its Identity Services Engine (ISE) that could allow an unauthenticated attacker to gain root-level access on affected systems. Organizations using ISE for network access control should prioritize patching. 🔗 Reference: Security Affairs

---

How Can OPSWAT Help

The convergence of AI supply chain compromise, malvertising-delivered malware, and credential-harvesting botnets creates an attack surface that OPSWAT’s MetaDefender platform directly addresses:

• Supply chain defense (Mastra attack): MetaDefender’s multi-scanning (30+ AV engines) and Deep CDR neutralize malicious NPM packages before they reach developer environments.
• Malware delivery via ads (OXLOADER/CastleStealer): MetaDefender Cloud’s file upload API scans downloaded files at the network edge, blocking known and unknown malware before endpoint compromise.
• Credential leakage (FortiBleed): MetaDefender Email Security prevents credential-stealing payloads, while File Security scans attachments across all protocols.
• Legacy device protection (AryStinger): OPSWAT’s zero-trust access solutions provide a security layer for unpatched infrastructure that cannot be immediately replaced.

🔗 Reference: OPSWAT MetaDefender