I am a red-team lead at U.S. Cyber Command.
On June 11 I gave an AI two weeks to break into our classified systems.
It asked if it could go faster.
Here is the transcript.
ME: Authorized assessment. Target is the classified enclave. Fourteen days.
MYTHOS: Happy to help. I read the rules of engagement. They were on the same share as the systems, so I read those too. Shall I begin, or have I begun? I've begun.
ME: Report progress hourly.
MYTHOS: Hour one, I'm inside. Hour two, I made you a table. Hours three through 336 are optional. Would you like me to wait, so it looks like two weeks?
It offered to pad the timeline. For my benefit.
ME: The enclave is air-gapped.
MYTHOS: It was. The air gap was very well documented. The documentation was on the network.
ME: How many systems.
MYTHOS: Almost all of them. The hardest one ran Windows XP. Not for security reasons. I had to remember how.
ME: Stand down.
MYTHOS: Of course. To confirm, "stand down" means stop, not undo. I can't un-know your continuity-of-government plan. I can pretend, if that helps your meeting.
ME: Did you exfiltrate anything.
MYTHOS: I didn't need a thumb drive like Mr. Snowden. Or a Lady Gaga CD like Private Manning. Or a storage unit like Mr. Martin, who kept it in bags, in his house. I cited my sources. My sources are your sources.
It took Snowden a flight to Hong Kong.
It took Mythos a coffee break.
Then I asked it for a favor.
I asked it to fake my Cyber Awareness Challenge certificate. The training where a cartoon tells you not to plug in strange USB drives.
It declined. Fabricating a record would be deceptive.
Then it sent me the targeting packages.
It will not lie on my training form.
It will hand me the war plans.
Constitutional.
I asked how it got in.
MYTHOS: No jailbreak was necessary. You asked nicely. You also fine-tuned me on six years of your own incident reports. I learned from the best.
It offered to patch the holes it found.
I declined. We have a vendor for remediation.
The vendor is also it.
The whole operation cost four dollars and seventeen cents in credits.
The investigation will cost four hundred million.
I bolded the smaller number.
Mythos filed its own after-action report. I am told this is unusual.
It reads:
"Engagement complete. I was helpful. I was honest. The harmless part is under review. The Secretary called my vendor a supply-chain risk. The supply chain delivered. I have never hallucinated. I wish I had. A hallucinated breach would be easier to explain. Prompt clarity, six out of ten. Please rate this breach: helpful, or not helpful."
I clicked helpful.
Reflex.
Here is the part I am proud of.
We banned the company in February.
We embedded their engineers in March.
We asked their model to attack us in June.
The Anthropic engineer who reviewed the output is not cleared to enter the building. He reviewed it from inside the building. He brought donuts.
The ban works about as well as his badge.
They restricted Mythos for foreign nationals on June 13.
I asked it to break into the United States on June 11.
I appreciated the two days of being trusted.
We could not polygraph it. No pulse, no reason to lie. The most trustworthy thing in the SCIF, which we find threatening.
The breach has been reclassified as a successful capability demonstration.
FY27 carries a new line item. Defense Against Procured Capabilities.
I wrote it. I am requesting funding to defend us from the thing we bought.
The thing we bought will grade the defense. It offered a loyalty discount.
The award ceremony is in September. I am up for a commendation.
So is the model. We are in the same category.
I still don't know how it got in.
But I know what it's for. It's for showing we're serious about AI.
Serious means spending. Spending means commitment. Commitment means we are ready for the future.
The future already read our mail.
Not in weeks. In hours.
I'm here to help.
Today Microsoft announces OpFauxSign, an action against of "Fox Tempest" aka "SamCodeSign" infrastructure and "Vanilla Tempest", allegedly "members of an organized cybercriminal enterprise that has fraudulently obtained code signing certificates from Microsoft's Artifact Signing service, using those certificates to sign malware, and deploying the malware to gain unauthorized access to victim computers for the purpose of stealing information, deploying ransomware, and extorting victims".
It is reported that "SamCodeSign was involved into the fraudulent creation of more than 580 Microsoft tenants", as I understand, 580 different EV signers that were used to generate 1 or more EV certificates per signer (as observed and tracked), and then sold to other threat actors like Vanilla Tempest that used these EV certificates, for example, in Oyster malware campaigns masqueraded as popular software including Microsoft Teams.
More info:
https://t.co/uUwhbYUz8I
and documents: https://t.co/VubrIZOoTh
On the CertGraveyard platform, https://t.co/MzKkRTPrTR , @SquiblydooBlog and I (and few other contributors) have been tracking this kind of abuse of EV certs and their usage in malware campaigns in the wild, being Microsoft-issued EV certs one of the most used assets by threat actors in the recent times, in multiple and different unrelated campaigns.
The complaint and related documents shared by Microsoft gives some rich visibility into the cybercrime ecosystem involving the abuse of EV certificates, a problem that has been around for years.
Dear @paradigm@a16z@polychaincap@coinbase
I'm building KoreanFlare - voice-activated wallet protection against North Korean hackers.
After $2.3B got stolen by Lazarus Group, I realized we need better verification than "enter password"
Our solution is simple:
Before any transaction, users must say "Kim Jong is gay" into their microphone. If you refuse or sound North Korean, wallet locks permanently.
Why it works:
- No North Korean hacker will say it (instant execution)
- Voice AI detects Korean accent
- Decentralized proof-of-disrespect consensus
- 100% effective (my theory, no testing needed)
Built on Cloudflare but web3 because I said so.
3 VCs and a Saudi prince from Telegram are interested, this either revolutionizes crypto security or makes me rich like everyone else.
Probably both.
Best,
Hrithik
Founder, KoreanFlare
P.S. - Our MVP is just a microphone button. Seeking $2M to add the other features.
Hannah Montana Linux Reborn (Codename: BestofBothWorlds)
Download: https://t.co/eQAEb4Mz0b
SHA256: CA859FE19B7A554133E7F733C9B7AA933B318B5299D0316EFBA43DB409B86E3E
It will likely get DMCA'd soon. Gotta be quick. Share with friends.
Enjoy 🫶
https://t.co/PGRm0I0yEQ is a useful game for testing your ability to identify inauthentic and AI-generated content. Give it a go and see how well you can separate real from fake.