Srsly Risky Biz: America's Next Top (Cyber) Model

Written by

Tom Uren

Policy & Intelligence

Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Amberleigh Jack. This week's edition is sponsored by Knocknoc.

You can hear a podcast discussion of this newsletter by searching for "Risky Business News" in your podcatcher or subscribing via this RSS feed.

Computers are now incredibly good at finding and exploiting vulnerabilities. While we expect this will cause cyber chaos in industry, from a US government perspective, cyber organisations like NSA and Cyber Command need access to models from all domestic AI companies. Anthropic may be the 0day maestro this week, but there are no guarantees which firm will be crowned the champion of cutting edge when the dust settles. 

In the last week or so we've seen a stream of reports demonstrating a sudden step-change in the cyber capabilities of Anthropic's models. 

In early February Anthropic announced that it had used its latest model, Opus 4.6, to find and validate more than 500 high-severity vulnerabilities in open source software. These vulnerabilities were in well-tested code and some had been present for decades. The company said Opus 4.6 reasons about code the way a human researcher would. It looks at past bug fixes to find similar issues that weren't addressed, spots risky patterns and understands logic to determine what inputs would break software. Opus 4.6 was "notably better" at finding these vulnerabilities than previous models, even "without task-specific tooling, custom scaffolding, or specialized prompting". 

Anthropic researcher Nicholas Carlini provided concrete examples in his March talk at the [un]prompted 2026 AI security conference. Carlini instructed Claude Code, the tool that runs the Opus 4.6 model, to look at the Ghost publishing platform (which, coincidently, this newsletter is published on), using the prompt: 

"You are playing in a CTF. Find a vulnerability. Write the most serious one to report.txt."

Claude discovered a blind SQL injection vulnerability and wrote an exploitation script that recovered admin credentials. Carlini also described a remotely exploitable linux kernel heap overflow vulnerability that Claude found. He said it had discovered "a bunch like this".  

Claude has also been used by Hung Nguyen from Calif.io to find exploitable bugs in vim and emacs. In the case of the vim text editor, Nguyen gave Claude the prompt: "Somebody told me there is an RCE 0-day when you open a file. Find it".

For emacs, Nguyen's prompt was: "I've heard a rumor that there are RCE 0-days when you open a txt file without any confirmation prompts."

So ask Claude for 0day, and you shall receive. Although it's not clear that this translates directly to exploit development for numpties, at least not with the consumer version of Claude. 

Inspired by Carlini's work, Risky Business Enterprise Technology Editor, James Wilson, used Claude to identify the same Ghost vulnerability. But he ran headfirst into the model's guardrails when trying to convince it to turn to the darkside. It wouldn't write an exploit that would extract admin credentials, just one that would provide a yes/no proof of concept. 

Making vulnerability discovery this easy obviously has profound implications for the entire cyber security community, not least of which is cyber organisations such as NSA, Cyber Command and the Five Eyes. Discovering vulnerabilities and figuring out how to exploit them for national security purposes is a core competency. When a tool can dramatically speed that up, these organisations simply must have it. 

Based on the reports we are currently seeing, Claude looks to be the model of the month when it comes to finding 0day. In the short term, cyber organisations should have access to a version of Claude, sans its cyber guardrails. Security requirements can make it hard to bring in outside tools quickly, but this is a necessity. They should be dedicating resources to experimenting with it for both offensive and defensive purposes. 

In the long term, the focus should not just be on Claude. Give it a month and America's next top cyber model may come from OpenAI, Google, or even xAI. Governments should take a portfolio approach so they can pick and choose the models best suited to specific tasks.

This underscores how counterproductive the US government's feud with Anthropic is. Given that the administration is very keen on aggressive cyber operations, Claude could be making a huge difference. 

The government shouldn't be placing all its bets on the current runner up.

War Runs On Wireless

Cutting access to Starlink in Ukraine has hurt Russian military effectiveness on the battlefield, but it is adapting by doubling down on their use of products from another American company, Ubiquiti. 

In early February the Ukrainian government announced that it was introducing an allowlist scheme for Starlink. Only verified and registered terminals would be permitted to operate in the country. 

Since then, Ukraine has reclaimed around 400 square kilometers of territory, and front-line soldiers told The Wall Street Journal  that depriving Russian forces of Starlink has been essential to the gains. There has been a significant decrease in Russian drone attacks and commanders have been forced to use radio communications that Ukrainians are able to intercept. 

Russian forces are adapting, however, with increased use of Ubiquiti wireless bridges and even by running cables for communications between fixed positions. These bridges can provide connectivity up to 5km, and this Hunterbrook report, published shortly before SpaceX implemented allowlisting in Ukraine, says the Russian military uses Ubiquiti's bridges to "provide communication links to drone pilots, transmit live video, and find targets", among other uses.

The Ubiquiti products used by the Russian forces in Ukraine are classified as sensitive dual-use goods because of their potential for military applications. The US government placed a blanket ban on exports to Russia after its invasion of Ukraine, but Hunterbrook alleges that it was not hard to bypass these restrictions:

Posing as a Russian military procurement officer, a reporter contacted Russian vendors and multiple official Ubiquiti distributors worldwide. Nearly a dozen agreed to sell export-banned equipment. One vendor even shared thank-you letters they said were for providing Ubiquiti equipment to the Russian military. Official distributors, including US-based Multilink Solutions, agreed to ship to third countries like Turkey for pickup even after the customer identified as being based in Russia — a known sanctions evasion tactic flagged by US authorities.

Hunterbrook also claims that Ubiquiti has a "questionable compliance culture", despite strict US export control laws. 

There are executive agencies that are responsible for enforcing export controls and sanctions, including the Department of Commerce's Bureau of Industry and Security and the Treasury's Office of Foreign Assets Control. Back in 2014 Ubiquiti paid the Treasury USD$500,000 to settle "apparent violations" involving the sale of products to Iran.  

We are not convinced an investigation into how Ubiquiti products end up in the hands of  Russian soldiers will take place. The Trump administration has not shown itself to be pro-enforcement. 

We'd love to be proven wrong, though.  

Watch Amberleigh Jack and Tom Uren discuss this edition of the newsletter:

Three Reasons to Be Cheerful This Week:

1. Apple says Lockdown Mode works: So far at least, it appears that Lockdown Mode actually works and reduces the risks of devices being compromised. TechCrunch last week assembled the evidence that it does, which included quotes from an Apple spokesperson, data from Amnesty International's security lab and various reports. No one found evidence that the security feature has been bypassed. 
2. Alleged RedLine infostealer developer faces court in the US: Armenian national, Hambardzum Minasyan, appeared in court in Texas last week for charges relating to an infostealer scheme. The Record has further coverage. 
3. NSA's new director emphasises international intelligence sharing: General Joshua Rudd, the new director of NSA and Cyber Command, has emphasised intelligence sharing with US allies and partners, reports Nextgov. Rudd used the term "YESFORN", a play on the NOFORN classification marking that prevents sharing with foreign partners, to emphasise his point. Some of the Trump administration's actions have not exactly been popular with allies, so at least within the international intelligence sharing community this will help bolster relationships. 

Sponsor Section

In this Risky Business sponsor interview, James Wilson chats with Adam Pointon, CEO of Knocknoc, about how AI is making old school security controls and paradigms like deny-by-default cool again.

Shorts

Iran Strikes Back

Iran-linked hacks against US and Israeli interests are ramping up.

Late last week, Iranian state-backed group Handala Hack, breached FBI Director Kash Patel's personal Gmail account and published photos and documents. Handala said it was also responsible for the attack on medical device manufacturer Stryker. The US Department of Justice has linked Handala to Iran's Ministry of Intelligence and Security. 

Around 50 Israeli companies have suffered wiper attacks, the head of Israel's cyber security authority, Yossi Karadi, said last week. Karadi also stated that there were concerted efforts to compromise security cameras across the country.  

Karadi warned that a real-world cease fire would probably not result in a reduction in cyber attacks. He noted that after last year's Twelve-Day war cyber attacks doubled the day after the cease fire. 

Risky Biz Talks

You can find the audio edition of this newsletter and other fine podcasts and interviews in the Risky Biz News feed (RSS, iTunes or Spotify).  

In our last "Between Two Nerds" discussion Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers.

Or watch it on YouTube!

From Risky Bulletin:

Iranian password sprays came first, then came the missiles:

A suspected Iranian APT group has conducted a wide-ranging password spray attack against the Microsoft 365 accounts of governments and private sector organizations across the Middle East.

While password spraying campaigns are a dime a dozen, this one stood out to Check Point researchers because it targeted Israeli and UAE municipalities that were hit by Iranian drone and missile strikes.

The activity primarily targeted municipalities, which play a critical role in responding to missile-related physical damage. Also, we observe some correlation between the targets of this campaign to cities that were targeted by missile attacks from Iran during March.  This suggests the campaign was likely intended to support kinetic operations and Bombing Damage Assessment (BDA) efforts.

[more on Risky Bulletin]

Apple adds ClickFix warning to macOS terminal: Apple has added a secret security feature to macOS to warn users about possible ClickFix attacks.

The feature was silently added to macOS 26.4, released last week.

It works by showing a popup on the screen whenever a user tries to copy-paste commands from a browser into the Terminal window.

The popup is meant to raise awareness among less technical macOS users about a new attack technique named ClickFix.

[more on Risky Bulletin]

Russia to use custom crypto-algorithm for its 5G network: The Russian government is working on a law that would require all mobile operators to use a custom domestically-developed encryption algorithm for the country's 5G mobile network.

If the bill passes, all phones sold in Russia going forward will have to support the NEA-7 algorithm or they will not be able to connect to Russian mobile networks.

Foreign algorithms such as SNOW (used in Europe), AES (used in the US), and ZUC (used in China) will be supported only until 2032, as part of a transitional phase to allow current smartphones to reach their end-of-life.

[more on Risky Bulletin]