Daily Briefing for 04.10.26

Top stories.

• Treasury Secretary and Fed Chair summon banking executives over AI security concerns.
• Hacker claims to have stolen 10 petabytes of data from a Chinese supercomputer.
• Payroll-hijacking campaign targets Canadians.

Treasury Secretary and Fed Chair summon banking executives over AI security concerns.

Bloomberg reports that US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell called Wall Street leaders and banking executives to an urgent meeting on Tuesday to address security concerns surrounding Anthropic’s Mythos AI model and similar models capable of rapidly identifying and exploiting vulnerabilities. Bloomberg notes that Powell's presence at the meeting indicates that the concern is apolitical, and not tied to the Trump administration's recent clashes with Anthropic. The meeting signals that regulators consider AI-driven vulnerability exploitation to be a major risk to the financial industry.

Anthropic announced earlier this week that it would not be releasing Claude Mythos to the public and would instead grant access to a consortium of more than forty organizations, including Amazon, Microsoft, Google, Apple, the Linux Foundation, and several security vendors, to support controlled defensive testing. This initiative, dubbed "Project Glasswing," will focus on "tasks like local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing of systems" that "represent a very large portion of the world’s shared cyberattack surface." Anthropic says Mythos has discovered thousands of zero-day vulnerabilities over the past few weeks, though these findings are only partly externally verified.

TechCrunch cites experts who say Mythos likely isn't as groundbreaking or as dangerous as much of the coverage suggests, but the publication concedes that "a careful rollout of the technology is a responsible way forward."

Hacker claims to have stolen 10 petabytes of data from a Chinese supercomputer.

A hacker using the Telegram handle "FlamingChina" claims to have stolen more than 10 petabytes of sensitive data from a state-run Chinese supercomputer, CNN reports. The user posted a sample of the allegedly stolen data, which experts say appears to have been taken from the National Supercomputing Center (NSCC) in Tianjin. The hacker claims the data contains "research across various fields including aerospace engineering, military research, bioinformatics, fusion simulation, and more," stolen from leading Chinese organizations, including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology. The user is selling the trove of data for several hundred thousand dollars in cryptocurrency.

Payroll-hijacking campaign targets Canadians.

A financially motivated threat actor dubbed "Storm-2755" is launching payroll-hijacking attacks targeting Canadians, according to Microsoft. The threat actor gains initial access via SEO poisoning and malvertising attacks targeting users searching for "Office 365" and related terms.

Microsoft notes, "Analysis of this activity reveals a financially motivated campaign built around session hijacking and abuse of legitimate enterprise workflows. Storm-2755 combined initial credential and token theft with session persistence and targeted discovery to identify payroll and human resources (HR) processes within affected Canadian organizations. By operating through authenticated user sessions and blending into normal business activity, the threat actor was able to minimize detection while pursuing direct financial gain."