A wake-up call on frontier AI.

OpenAI and Anthropic brief Congress on cyber-capable AI. The GAO flags improper DOGE access to Treasury payment systems. Greece moves to end online anonymity. CISA orders agencies to patch an exploited Windows zero-day. Researchers uncover ransomware that destroys data instead of encrypting it. State CISOs report falling confidence. Neurodivergent cyber pros cite inclusion gaps. Police arrest a 19-year-old alleged Scattered Spider member. Our guest is Chris Boehm, Zero Networks’ Field Chief Technology Officer, on minimizing your blast radius. AI lowers the bar and lengthens the line in the courtroom. 

Today is Wednesday April 29th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

OpenAI and Anthropic deliver classified briefings to congress. 

OpenAI and Anthropic delivered classified briefings to House Homeland Security Committee staff on cyber-capable frontier AI models and risks to critical infrastructure sectors.

According to Axios, the companies outlined security implications of new systems, including Anthropic’s unreleased Mythos Preview model and OpenAI’s tiered rollout of GPT-5.4-Cyber. Officials also discussed China’s alleged “industrial-scale” efforts to copy U.S. models and risks from jailbroken systems that bypass safeguards. Lawmakers described demonstrations of misuse scenarios as alarming.

Early congressional exposure to offensive cyber capabilities in AI models signals growing urgency around regulation, infrastructure protection, and government access to defensive AI tools as adversary competition intensifies.

Meanwhile, the White House is considering executive action that could ease tensions with Anthropic and expand government access to its cyber-capable Mythos model.

Officials are consulting industry on guidance that could soften restrictions tied to a Pentagon supply chain risk designation. Agencies, including the National Security Agency, are already using Mythos as legal disputes continue over Anthropic limits on military applications.

Resolving the dispute could shape federal access to advanced defensive AI tools as agencies weigh operational needs against restrictions on surveillance and autonomous weapons use.

The GAO finds DOGE overstepped its bounds. 

A Government Accountability Office report finds Treasury granted a DOGE employee improper access to sensitive federal payment systems, including data tied to tax refunds and benefits.

According to Federal News Network and GAO, the staffer could view, copy, and print Bureau of Fiscal Service payment data in early 2025, and was briefly able to modify or delete records before access was revoked. GAO also found the employee shared an unencrypted file containing USAID payment details without approval. Treasury’s monitoring tools failed to stop the transmission, and required security procedures were not followed.

The findings highlight gaps in safeguards protecting large federal payment datasets and suggest broader oversight risks as DOGE seeks access across agencies, with watchdogs warning current reporting may represent only preliminary findings.

Greece seeks to ban online anonymity. 

Greece is advancing a proposal to require identity verification for social media users, aiming to reduce anonymous harassment, misinformation, and coordinated online abuse.

Digital Governance Minister Dimitris Papastergiou told Euractiv the plan is under review within Prime Minister Kyriakos Mitsotakis’s office ahead of the 2027 national elections. Officials say anonymity enables threats, hate speech, and fake accounts promoting political figures. The proposal would not eliminate pseudonyms but would require platforms to confirm each account corresponds to a real person. Implementation details remain unclear.

Mandatory identity verification could reshape platform accountability requirements and online speech enforcement, while raising technical and legal questions about privacy, platform compliance, and potential EU-level coordination.

CISA orders agencies to patch an actively exploited Windows zero-day. 

CISA has ordered federal agencies to patch a Windows vulnerability tracked as CVE-2026-32202 after evidence of active exploitation in zero-day attacks.

According to Akamai, the flaw stems from an incomplete fix to a prior remote code execution issue and enables credential theft through auto-parsed shortcut, or LNK, files. CISA added the bug to its Known Exploited Vulnerabilities catalog and set a May 12 remediation deadline.

Researchers warn of flawed ransomware that destroys large files instead of encrypting them. 

Researchers warn the VECT 2.0 ransomware contains a flaw that permanently destroys large files instead of encrypting them for recovery after payment.

According to Check Point, the malware mishandles encryption nonces, unique values used during encryption, by overwriting them during chunk processing. Only the final portion of affected files remains recoverable, while earlier sections cannot be decrypted, even by attackers. The issue affects Windows, Linux, and ESXi variants. VECT operators also promoted partnerships targeting victims of recent supply chain compromises linked to TeamPCP activity.

Organizations hit by VECT 2.0 may face irreversible data loss rather than recoverable ransomware encryption, increasing operational risk and reducing the value of ransom negotiations.

State CISOs report declining confidence in public sector cyber defenses. 

A new survey from the National Association of Chief Information Officers and Deloitte finds state chief information security officers report sharply lower confidence in protecting public sector systems from cyber threats.

According to the 2026 biennial study, only 26 percent of state CISOs said they are highly confident in safeguarding information assets, down from 48 percent in 2022. Confidence in local governments and public universities dropped further, while 94 percent of CISOs now help shape generative artificial intelligence security policies and 16 percent report budget cuts. Nearly half identified cybersecurity effectiveness metrics as their top initiative.

Shared infrastructure across state and local agencies increases cascade risk from a single compromise, while AI-enabled attack techniques are raising pressure for coordinated, whole-of-state defenses.

Neurodivergent cybersecurity professionals report inclusion gaps and workload pressures. 

An ISC2 workforce study finds neurodivergent cybersecurity professionals remain engaged in the field but report lower workplace support and higher fatigue than peers.

According to the ISC2 Cybersecurity Workforce Study of more than 16,000 respondents, 12 percent identified as neurodivergent. Sixty-seven percent reported job satisfaction, slightly below non-neurodivergent peers, and only 64 percent said they feel valued at work. Respondents were less likely to hold management roles and more likely to report exhaustion from keeping pace with evolving threats and technologies.

Inclusion gaps and workload pressures may affect retention across an already constrained cyber workforce, while flexible work arrangements, recognition, and clearer career pathways appear linked to stronger engagement and long-term participation in the profession.

Police arrest a 19 year old Scattered Spider member. 

Authorities have arrested a 19-year-old dual U.S. and Estonian national accused of participating in Scattered Spider intrusions targeting major corporations for ransom.

According to court records obtained by the Chicago Tribune, Peter Stokes, known online as “Bouquet,” was detained in Finland while attempting to board a flight to Japan. Prosecutors allege he helped infiltrate corporate networks through help desk social engineering and credential resets, including a 2025 breach of a luxury retailer where attackers claimed to steal 100 gigabytes of data and demanded eight million dollars. Officials say he participated in multiple attacks dating back to age 16.

The case underscores the continued operational impact of loosely organized, youth-driven intrusion groups targeting enterprise authentication workflows.

 

AI lowers the bar and lengthens the line in the courtroom. 

Abraham Lincoln is often credited with the observation that “he who represents himself has a fool for a client.” In 2026, he might have added, “and possibly a chatbot for co-counsel.” A new study finds self-represented federal court filings have risen sharply since generative AI tools made it easier to draft complaints, motions, and other legal paperwork, shifting both who shows up in court and how much work they bring with them.

According to researchers Anand Shah and Joshua Levy, pro se filings held steady at about 11 percent of civil cases until 2022, then climbed to 16.8 percent by 2025. The study reviewed 4.5 million cases and found these filings now include 158 percent more motions and docket activity. Researchers say plaintiffs, not defendants, are driving the increase, suggesting AI is helping people initiate complaints rather than respond to them.

Lower barriers to filing may expand access to justice, but also risk slowing already strained courts as judges process more AI-assisted paperwork, some of it enthusiastic, some of it templated, and all of it still requiring human review.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.