Cybersecurity

When cybersecurity and geopolitics collide, and other cybersecurity news

Published · Updated
Italy's Prime Minister Giorgia Meloni, European Council President Antonio Costa, Ukraine's President Volodymyr Zelenskiy, Caroline Merotto, wife of Switzerland's President Guy Parmelin, Japan's Prime minister Sanae Takaichi, Swiss Federal President Guy Parmelin, Brazil's Rosangela "Janja" da Silva, Brazil's President Luiz Inacio Lula da Silva, South Korea's President Lee Jae-myung, France's President Emmanuel Macron, South Korea's first lady Kim Hea Kyung, French President's wife Brigitte Macron, British Prime Minister's wife Victoria Starmer, U.S. President Donald Trump, Britain's Prime Minister Keir Starmer, India's Prime Minister Narendra Modi, Canada's Prime Minister Mark Carney, Canadian Prime Minister's wife Diana Carney, European Commission President Ursula von der Leyen, German Chancellor's wife Charlotte Merz, European Commission President's husband Heiko von der Leyen, , Germany's Chancellor Friedrich Merz and Kenya's President William Ruto pose for a family photo before a cultural performance and concert during the G7 summit, in Evian-les-Bains, France, June 16, 2026. REUTERS/Evelyn Hockstein/File Photo

Future access to frontier AI systems was discussed on the sidelines of the G7 summit. Image: REUTERS/Evelyn Hockstein/File Photo

Akshay Joshi
Head of the Centre for Cybersecurity, Member of the Executive Committee, World Economic Forum
  • This regular round-up brings you key cybersecurity stories from the past month.
  • Top cybersecurity news: Geopolitics and cybersecurity collide after the launch of Anthropic's new AI models; Governments rush to close AI 'patch window'; Cyberattack on Romanian hospitals serve as a test case for disaster planning.
  • The World Economic Forum’s Centre for Cybersecurity provides an independent and impartial platform to reinforce the importance of cybersecurity as a strategic imperative and drive global public-private action to address systemic cybersecurity challenges.

1. US temporarily restricts access to Anthropic's latest AI models

Last month, the US ordered Anthropic to suspend access to its new AI models, Claude Fable 5 and Claude Mythos 5, for foreign nationals shortly after launch, underscoring cybersecurity's growing geopolitical importance. The export controls were lifted weeks later after Anthropic assured the government that it could identify risks, report malicious activity, and cooperate on security protocols.

Anthropic had announced that it had given access to Mythos to 50 organizations, so they could use it to scan their IT systems for vulnerabilities. More than 10,000 threats were uncovered as part of this process. The organizations included entities ⁠in the ​healthcare, communications, power and water sectors. The US cyber defence agency, CISA, is reportedly also trialling Mythos to audit government software.

The export controls on Anthropic's models also led to Open AI limiting access to its latest GPT-5.6 model to vetted partners only.

At the G7 summit in France, the Trump administration then proposed a “trusted partner scheme” for cutting-edge AI technology. Being a trusted partner would mean G7 members - and other allies - could gain broader access to advanced AI models to develop stronger cybersecurity and other defences.

However, with AI vital not only to national and cybersecurity, but also to competitiveness, the discussions resurfaced concerns about using technology as political leverage and the need for Europe and other regions to develop AI sovereignty.

2. Closing the 'patch window' as new AI threatens to supercharge hacking

As AI accelerates the speed at which hackers can find and exploit vulnerabilities, governments are putting on pressure to close these backdoors into their systems. In the US, CISA has issued a new directive obliging federal agencies to fix ('patch'), disable or remove the affected software or equipment within three calendar days. Less severe weaknesses must be addressed within two weeks, and agencies have up to two months to deal with the least serious flaws.

Similarly, in the private sector, boards are looking for reassurance that their organizations understand the threat frontier AI could pose and are prepared to head them off. This growing recognition is translating into concrete action across organizations. In January, the Forum's Global Cybersecurity Outlook 2026 found that the percentage of respondents assessing the security of AI tools has nearly doubled over the past year, from 37% in 2025 to 64% in 2026.

Moreover, speed of response will be even more critical as new AI models hit the mainstream. The Five Eyes intelligence alliance (US, UK, Canada, Australia, New Zealand) has warned that frontier AI models are going to supercharge cyber hacking threats. In a statement, the alliance cautioned that these new models will further lower barriers for hackers. It urges organizations to draw on AI itself to strengthen their own defences, including against zero-day vulnerabilities.

Fighting fire with fire might help address some issues. However, Infosecurity's survey shows that despite 21% struggling with growing data volumes and 17% needing to manually "stitch together" threat data, experts remain cautious about AI for decision-making.

Discover

How the Forum helps leaders understand cyber risk and strengthen digital resilience

3. News in brief: Top cybersecurity stories this month

Cyber-attacked Romanian hospitals are a lesson to the world: Following a ransomware attack on a widely used medical administration software in 2024, more than 100 hospitals in Romania had to disconnect from the internet for five days and switch to paper documentation. It's considered one of the worst medical cyber attacks globally and, as such, is being used as an example of how best to respond in the case of "a mass hospital hack", reports the BBC.

UK university faces up to major data breach: A major cyber attack on the University of Nottingham in June led to significant amounts of student data being breached. Experts told the BBC that the cause could either have been voice phishing or a previous attack on a third-party supplier to the university. Hackers ShinyHunters had claimed responsibility for the breach, underscoring that education remains an attractive target for ransomware and data theft.

Microsoft issues record number of patches: June saw a record-breaking amount of Microsoft patches for more than 200 vulnerabilities in one drop, Computer Weekly reports. This is up from 170 in October 2025, underlining the increasing speed at which vendors must address vulnerabilities.

Confidential data stolen from Novo Nordisk: The maker of the weight loss drugs Wegovy and Ozempic experienced a major hack in mid-June, with cyber extortion group FulcrumSec demanding a $25 million ransom. The Danish pharma company refused payment. The attackers claimed to have stolen patient data, source code, information on existing and new drugs and internal AI model information.

AI builds ransomware toolkit: Researchers at cybersecurity firm Sophos detected an AI-built ransomware toolkit that automates EDR (Endpoint Detection and Response) evasion and Active Directory discovery. By streamlining key attack stages, overcoming commonly used EDR systems, the toolkit could enable attackers to compromise enterprise environments more quickly and efficiently.

NAIC suspends investment risk designations: In the US, the National Association of Insurance Commissioners (NAIC) was forced to suspend the assignment of investment risk designations after ShinyHunters accessed credit‑rating data from multiple suppliers. The attack prompted rating agencies to pause data sharing with NAIC, affecting insurers' calculation of capital requirements for policyholder obligations.

Prevalence of cyber-enabled fraud.
Nearly two-thirds of respondents in a World Economic Forum survey say they have been targeted by cybercrime. Image: World Economic Forum

4. More about cybersecurity on Forum Stories

Disrupting the cybercrime economy: Cybercrime has become a converged criminal economy, says Derek Manky of Fortinet. Ransomware, fraud, trafficking, money laundering and organized crime have merged, making isolated responses ineffective. Defending against attacks requires sharing intelligence, public-private cooperation, and cross-domain coordination to disrupt these ecosystems.

Your home - cybersecurity's front line: A third of cyberattacks on C-suite executives originate at home, not in secure corporate networks. Hackers often target insecure home-office networks and executives' family members, including children and older adults. Elçin Biren, CEO of Swiss CyberSmart, argues that true cyber resilience should shift from one-off compliance to ongoing, adaptable learning from an early age.

Protecting citizens against cybercrime: While cyberattacks on large corporations are well-covered, most against private individuals go unreported, creating a knowledge gap. Rory Innes, CEO of Cyber Helpline, notes these attacks span various areas but are often viewed separately by industry and policymakers. A unified model to track threats would improve prevention and reduce systemic risks.

Loading...

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Share:
Contents
1. US temporarily restricts access to Anthropic's latest AI models2. Closing the 'patch window' as new AI threatens to supercharge hacking3. News in brief: Top cybersecurity stories this month4. More about cybersecurity on Forum Stories
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

More on Cybersecurity
See all

How next-gen inverters are helping to reinvent electricity and what industry must do to prepare

Marcia Poletti and Dave Sivaprasad

June 19, 2026

Cybercrime is converging. The response must converge faster

About us

Engage with us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2026 World Economic Forum