Risky Business #844 -- China closes AI vulndev gap as USA lifts Fable ban
Show notes
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
- Anthropic’s Fable 5 returning while OpenAI’s GPT-5.6 gets thrown in model jail
- Distillation, cheap tokens, and AI chat harvesting is an industry in China
- Edge becomes a lolbin via a new malicious extension
- An Iranian APT boss’s vacation in a beautiful place goes wrong
- Much, much more!
In this week’s sponsor interview Daf Stuttard and Katie Warren from Portswigger pop along to talk about how they built an AI security testing product that people would actually feel comfortable using.
This episode is also available on YouTube.
Show notes
- Anthropic (@AnthropicAI) on X | X (formerly Twitter)
- Howard Lutnick (@howardlutnick) on X | X (formerly Twitter)
- U.S. government gives Anthropic green light for limited re-release of Mythos 5 | NBC News Tech
- OpenAI limits GPT-5.6 rollout after government request | TechCrunch
- The U.S. government will decide who gets to use the latest American AI technology | washingtonpost.com
- Anthropic says Alibaba illicitly extracted Claude AI model capabilities | reut.rs
- How to Buy Cheap Claude Tokens in China |
- Alex Stamos (@alexstamos) on X | X (formerly Twitter)
- Synthesis of Exploitarium Mass Zero-Day Disclosure | detections.ai
- Mythos on your desk? Using local LLMs for code reviews | Risky Business Media
- Beyond Fable: Can a Local LLM Replace Cloud AI for Security Code Reviews | Security Research Labs
- Accelerating EDR Evasion with LLM-Driven Analysis | SpecterOps
- CISA: Windows BlueHammer flaw now exploited by ransomware gangs | BleepingComputer
- When cybercriminals hire burglars: Inside an alleged Russian effort to infiltrate multibillion-dollar US law firms | CNN Politics | Social Signals
- Microsoft quietly extends free Windows 10 ESU support to October 2027 | BleepingComputer
- Edgecution: Malicious Edge Extension Backdoor | ThreatLabz | Social Signals
- Bluekit phishing kit adopts browser-in-the-middle for login theft | BleepingComputer
- New macOS malware embeds fake errors to confuse AI analysis tools | BleepingComputer
- DraftKings hacker 'Snoopy' sentenced to 18 months in prison | BleepingComputer
- Polymarket says hackers stole users’ funds | TechCrunch Security
- Australia's spy chief warns of rising terror and cyber threats | japantimes.co.jp
- Russian hackers were behind $2.5 billion hack of Jaguar Land Rover: Report | TechCrunch Security
- Iranian national sought by US on hacking charges arrested in Montenegro | apnews.com
- [un]prompted.au - AI x CyberSecurity: Notes from the Field: Call for Speakers |