Cyber

• CrowdStrike disclosed on April 25, 2026, a sophisticated cyberattack via compromised third-party software affecting 2.5 million patient records at UnitedHealth's Change Healthcare subsidiary. • Attackers, linked to North Korean Lazarus Group, exfiltrated data over 72 hours before detection, demanding $22 million ransom. • Incident highlights vulnerabilities in US healthcare IT supply chains, prompting HHS emergency directives for 500+ providers.

• The First Trust NASDAQ Cybersecurity ETF (CIBR) experienced a pullback in recent trading sessions amid market volatility. • Investors assess buy-the-dip opportunities as the ETF tracks key US cybersecurity firms. • RAD Intel, a holding, scaled from $10 million to over $220 million valuation since acquiring its AI engine in 2021, achieving 5,400% growth.

• OpenAI and Microsoft expanded their cybersecurity partnership to jointly combat emerging cyber threats through deployment of advanced artificial intelligence tools and enhanced security protocols. • Microsoft will leverage its cybersecurity expertise to strengthen protections for OpenAI's systems and customer environments, while OpenAI's powerful AI models will be made accessible to Microsoft's security operations. • The collaboration aims to address rising AI-driven cyber risks and establish industry standards for AI security defense.

• OpenAI and Microsoft announced an expanded cybersecurity partnership aimed at combating emerging cyber threats in the AI era. • The two companies plan to deploy advanced artificial intelligence tools to enhance security capabilities across their platforms. • This collaboration reflects the growing recognition that AI-powered security solutions are essential to address increasingly sophisticated cyber threats.

• Cyware was again named to the Cyber66 list of hottest privately held security companies, announced via PRNewswire on April 23, 2026. • The recognition highlights Cyware's leadership in AI-powered threat intelligence operationalization and secure threat sharing. • Company emphasizes agentic AI for accelerating targeted threat responses and collaboration.

• Anthropic is investigating unauthorized access to its Mythos AI tool, a critical cybersecurity system, after reports revealed that an unauthorized group breached the platform via a vendor vulnerability. • The incident raises fresh concerns about security gaps within advanced AI systems and amplifies questions about the trustworthiness of AI tools handling sensitive security functions. • The breach exemplifies broader risks in the interconnected tech ecosystem, where vendor compromises can cascade into exposures of high-value AI infrastructure.

• IBM announced IBM Autonomous Security on April 15, 2026, deploying coordinated AI agents to detect and contain threats at machine speed without human intervention. • The service addresses a critical gap: attackers now achieve full network lateral movement in as little as 27 seconds, compared to an average of 29 minutes in 2024—a 65% speed improvement driving urgent demand for AI-powered defenses. • AI-enabled attacks surged 89% year-over-year in 2025, with a 44% increase in assaults exploiting public-facing applications, prompting major security vendors to adopt autonomous AI defense strategies.

• Cowbell Cyber Inc. launched Prime One, a new U.S. cyber insurance product for organizations with $250 million to $1 billion in annual revenue. • The policy provides up to $10 million in coverage limits and includes affirmative protection for AI-related incidents and quantum computing risks. • Prime One addresses unauthorized use or access to AI systems in business operations, targeting advanced digital risk profiles.

• Industry reporting from April 20, 2026 highlights how artificial intelligence is simultaneously accelerating cyberattacks while becoming a core defensive tool in enterprise security strategies. • Key players including Microsoft, Stellantis, and Anthropic are addressing emerging threats as AI enables faster, more scalable attack vectors across the technology sector. • The cybersecurity landscape faces competing pressures: organizations must deploy AI defenses while managing risks from AI-powered threats targeting critical infrastructure and supply chains.

• Anthropic launched Claude Mythos Preview on April 7, 2026, an advanced AI model designed for defensive cybersecurity that uncovered thousands of major vulnerabilities in every major operating system and web browser. • Through Project Glasswing, access granted to tech giants including Amazon, Microsoft, Nvidia, Apple, and over 40 organizations maintaining critical software infrastructure. • Rising concerns from experts and governments about misuse risks to economies, public safety, and national security; US software stocks tumbled on April 9 amid fears of AI disruption to traditional security firms.

• CrowdStrike disclosed on April 20, 2026, a sophisticated supply chain attack affecting 1,200 US clients, including Fortune 500 firms, via compromised third-party software. • Attackers deployed ransomware, encrypting critical systems and demanding $50 million in Bitcoin; no data exfiltration confirmed yet. • The incident highlights rising risks in software supply chains, echoing SolarWinds breach, with FBI joining investigation.

• Microsoft announced the acquisition of Cerberus AI, a Boston-based cybersecurity startup, for $2.1 billion on April 19 to enhance real-time threat detection across Azure cloud infrastructure. • Cerberus AI's proprietary machine learning platform identified over 50,000 zero-day vulnerabilities in the past year and will integrate with Microsoft Defender to provide unified threat management across enterprise environments. • The acquisition marks Microsoft's continued investment in AI-driven security as cloud-based attacks have increased 35% year-over-year, according to recent industry reports.

• NATO's Cyber Defense Centre convened an emergency session Friday evening after Russia launched a sophisticated cyberattack targeting Poland's electrical grid and water treatment facilities, temporarily affecting 2.3 million residents. • Polish authorities attribute the attack to Russian military intelligence, claiming it used previously unknown malware variants designed to evade NATO defense systems and test alliance cyber resilience. • The incident prompted NATO to raise its cyber alert status to level 3, the highest in the alliance's history, and triggered Article 5 consultations regarding collective defense implications.

• The U.S. government is evaluating a restricted rollout of Anthropic's Mythos frontier AI model to federal agencies under Project Glasswing for defensive cybersecurity purposes. • Mythos has identified thousands of vulnerabilities across operating systems and web infrastructure at unprecedented speed, far surpassing traditional manual audits that take months or years. • Officials emphasize collaboration with model providers and intelligence community to implement guardrails before wider agency access, as stated by spokesperson Barbaccia.

• IBM launched IBM Autonomous Security on April 17, 2026, a multi-agent AI service automating detection, policy enforcement, and remediation against frontier AI-driven attacks in hybrid environments. • The solution addresses emerging 'agentic attacks' where adversaries use advanced AI models, with nearly 80% of global IT leaders citing AI as a major security risk. • IBM also released an enterprise cybersecurity assessment tool focused on threats from large language models and generative AI.

• Anthropic discovered its AI tool can outperform humans at certain hacking and cybersecurity tasks, marking a significant milestone in autonomous security capabilities. • The findings have prompted discussions among regulators and legislators regarding the implications of advanced AI systems in cybersecurity applications. • The development highlights growing concerns about balancing AI capabilities with security risks, particularly as AI systems demonstrate competency in traditionally human-dominated security roles.

• Fortra announced the launch of its new Defense and Intelligence Unit (DIU) on April 16, 2026, from Minneapolis to deliver integrated cyber solutions to defense and national security organizations worldwide. • The unit focuses on cross-domain cyber innovation, AI-powered capabilities, and mission expertise for critical infrastructure and allied nations. • This development strengthens US cybersecurity posture amid rising global threats to defense sectors.

• OpenAI Group PBC announced the launch of GPT-5.4-Cyber on April 14, 2026, a fine-tuned variant of its GPT-5.4 model specifically designed for defensive cybersecurity tasks. • The model targets security professionals, enabling advanced threat detection and response through AI-driven analysis vetted by experts. • This breakthrough addresses rising cyber threats in the AI era, providing enterprises with enhanced tools for proactive defense amid increasing attack sophistication.

• A survey by AirMDR released on April 14, 2026, in Palo Alto, CA, reveals 80% of US-based cybersecurity investors intend to increase AI cybersecurity funding next year. • 71% expect decisive ROI from AI tools, with capital shifting toward companies proving operational impact and cost reductions over mere product enhancements. • Investors prioritize defensible AI technologies delivering real outcomes, signaling strong market confidence but heightened selectivity for enterprise-ready solutions.

• The Nasdaq Cybersecurity ETF declined 15% over the past six months, signaling mounting pressure on the cybersecurity sector. • Investors are questioning the industry's traditional moat as competitive and technological challenges erode barriers to entry. • This downturn coincides with rising AI-driven threats, prompting initiatives like Anthropic's Project Glasswing for defensive advantages.

• Anthropic postponed releasing Claude Mythos, an AI excelling at coding and vulnerability scanning, following high-level meetings with US financial regulators. • Mythos demonstrated ability to chain unknown security flaws in software at unprecedented speed, sparking 'agent-to-agent war' concerns in cyberspace. • Partners like Amazon, Apple, Microsoft, Google, Cisco, CrowdStrike, and JPMorgan Chase received restricted previews under Project Glasswing.

• US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened Wall Street leaders on April 7 to warn about Anthropic's new Mythos AI model, which can identify software vulnerabilities that have evaded decades of human review and millions of automated security tests. • Mythos is being released only to carefully selected partners for defensive security work, as Anthropic fears the tool could provide ransomware gangs and hostile governments with powerful weapons to steal data or disrupt critical infrastructure. • The model represents a significant leap in AI cybersecurity capabilities, with the potential to both protect systems through accelerated penetration testing and pose risks if misused by malicious actors.

• Anthropic and OpenAI are both developing advanced AI cybersecurity products in a competitive race to control offensive and defensive capabilities, with OpenAI finalizing a security product for limited partner release and Anthropic running Project Glasswing internally. • Project Glasswing brings together major tech companies including Amazon, Apple, Microsoft, Google, and others to proactively hunt critical software vulnerabilities before attackers exploit them. • A joint study by Anthropic and MATS Fellows found that Claude Sonnet and GPT-5 could produce exploits against Ethereum smart contracts worth $4.6 million and uncovered two novel zero-day vulnerabilities in nearly 3,000 recently deployed contracts.

• OpenAI is finalizing an advanced cybersecurity product designed to defend critical systems, planning to release it first to a limited set of partners as reported by Axios. • The move represents a strategic shift for frontier AI firms to demonstrate their ability to support defensive security infrastructure amid growing concerns about offensive AI misuse. • AI companies face mounting pressure to prove their models can protect critical systems rather than enable attackers, reshaping how they frame commercial opportunities in the security sector.

• French cybersecurity funding has undergone a structural shift driven by AI-powered threats, regulatory requirements, and U.S. expansion, with Q1 2026 alone surpassing all of 2025's funding activity. • The sector is emerging as a frontline investment priority, though a government report warns of a €3 billion funding gap over five years for breakthrough technologies needed for future defense. • The acceleration reflects growing global demand for advanced security solutions as AI capabilities reshape both offensive and defensive cybersecurity strategies.

Reports say Fed chair Jerome Powell among attenders at meeting in Washington The US Treasury secretary, Scott Bessent, summoned major American bank chiefs to a meeting in Washington this week amid concerns over the cyber risks posed by Anthropic’s latest AI model, according to reports.Bosses including the Federal Reserve chair, Jerome Powell, were said to have gathered at the Treasury headquarters for the meeting after the release of the Claude Mythos AI model that Anthropic says poses unprecedented cybersecurity risks. Continue reading...

• Dropzone AI, a Seattle-based startup, secured $16.8 million in funding to develop autonomous AI agents for cybersecurity operations. • The company is a finalist for GeekWire Awards' AI Innovation of the Year, competing with firms transforming HR, retail, biotech, and more. • Investors back the platform amid surging demand for AI-driven threat detection and response in US enterprises.

• Iranian cyberattacks target critical U.S. infrastructure as President Trump threatens strikes on Iran's bridges and power plants. • The cyber activity escalates frictions during the fraying ceasefire, with unclear U.S. peace terms. • U.S. officials report the attacks follow Trump's profanity-laden threats, prompting Democratic backlash.