AI speeds cybercrime by exposing flaws, and other cybersecurity news

AI data breaches are on the rise, with hackers increasingly using the technology to detect software vulnerabilities, according to Verizon's 2026 Data Breach Investigations Report. Nearly a third of breaches start with software vulnerabilities, overtaking stolen passwords as the main way for hackers to gain access. As the focus shifts from tricking people into revealing passwords, generative AI is boosting the speed at which hackers work, from identifying new security weaknesses to writing the matching malware.

CrowdStrike reports that AI-enabled hackers increased their attacks by 89% year-on-year in 2025, boosting the skills of both less sophisticated operators and advanced ones.

As hackers exploit AI to speed their attacks, the window for cybersecurity professionals to detect and respond is becoming ever smaller, and they are struggling to keep pace. They must use AI more effectively to counter and preempt cyber attacks, Verizon's chief information security officer Nasrin Rezai told Reuters

A case in point is the European Central Bank working on defences against attacks that use Anthropic's new AI model Claude Mythos. Mythos – currently only available in the US – was developed to counter cyberattacks but has been shown to threaten the very systems it is supposed to protect.

Mythos is currently undergoing testing with 50 partner organisations, and Anthropic reported that it had helped uncover more than 10,000 vulnerabilities over a month.

Cyberattacks eased in May 2026, but ransomware surged by 48%, according to Check Point Research. Education was targeted more than any other industry, averaging 4,641 weekly attacks per organization, up 7% year-on-year. Government and telecommunications were next in line.

Retailers also remain prominent targets. In May, convenience store chain 7-Eleven confirmed a breach after cybercriminal ShinyHunters gained unauthorized access to systems used to manage franchisees' documents and subsequently leaked 9.4GB of stolen records after failed ransom negotiations.

While technology companies tend to be lower down the list of ransomware targets, Foxconn, a semiconductor manufacturer with clients including Apple, Google, Nvidia and Sony, fell victim to extortion in May. Foxconn makes products across the entire global technology supply chain. The hackers claimed to have stolen over 11 million files, including confidential data relating to Foxconn customers.

Anthropic suspends new AI tools over security concerns: Anthropic has suspended access to its new Claude Fable 5 and Mythos 5 models after US authorities raised national security concerns shortly after their public release. The company said it had been ordered to restrict foreign nationals from using the tools, amid concerns about potential "jailbreaking" methods that could help identify or exploit cyber vulnerabilities.

US Congress releases AI Act: A draft of the Great American AI Act aims to create a federal AI governance framework through a new Center for AI Standards and Innovation in the Department of Commerce. It proposes banning states from passing laws directly regulating AI model development, though they can regulate AI use. The bill also requires AI companies to improve transparency via risk assessments, incident reporting, and verification, with fines up to $1 million per violation.

23andMe sued over data breach: Underscoring that cyberattacks can cast long shadows, the genetic testing company Chrome Holding (formerly 23andMe) is being sued by California over a 2023 data breach that exposed nearly 7 million customers' family and genetic information. The company has already been fined by the UK Information Commissioner's Office, which said adequate data protection had not been put in place.

Carnival Cruises data leak: Close to 6 million Carnival cruise passengers may have had their data leaked after hackers used social engineering to gain access to the company's IT systems. The company has offered affected US travellers two years of complimentary credit monitoring in the wake of the attack.

GitHub suffers data breach: The popular code-hosting platform has been under attack from hackers who used a Visual Studio Code extension to compromise an employee's device and steal source code. While the company found no evidence of any customer-facing systems being affected, it estimates that about 3,800 internal repositories were stolen.

Anthropic set for IPO: Anthropic, the company behind the Claude AI platform, has completed a Series H funding round valuing it at just under $1 trillion and filed a draft S-1 registration document for review by the US Securities Exchange Commission ahead of an initial public offering (IPO). Hot on the heels of Anthropic, both Open AI and Perplexity have also announced their plans to go public.

Empowering defenders: The Forum’s AI and Cyber: Empowering Defenders report finds that artificial intelligence is now the biggest driver of change in cybersecurity. The report shows that most organizations already use AI in areas such as phishing detection, anomaly monitoring and incident response, and that heavy users can shorten breach lifecycles by about 80 days and cut average breach costs by up to $1.9 million.

How to strengthen cyber resilience in vulnerable sectors: Cyber attackers are increasingly targeting education, healthcare and NGOs, where disruption can quickly translate into real‑world harm. With cyber inequity widening, closing the resilience gap requires collective action, including tailored cyber‑resilience strategies, capacity building, shared services and targeted support from governments and technology companies.

Protecting critical infrastructure: Shielding critical infrastructure against cyber crime often falls to small, under-resourced teams at local municipalities and service providers. Using AI to fend off advanced cyber threats at the intersection of physical and IT infrastructure can address looming threats by monitoring for subtle anomalies and enabling quicker incident response.

AI could make cybersecurity more accessible: Cybersecurity has been something of a dark art to date, but AI can simplify it and democratize it by allowing us to express security intent in natural language rather than through complex tools.