Posted on

Claude Mythos Should Keep You Up at Night

claude, claude mythos, mythos, counterintelligence, counterespionage, cyber, cyber threat, cyber attack, C. Constantin Poindexter

Claude Mythos Preview: A Watershed Threat to National Cybersecurity Infrastructure. My Assessment of Autonomous Offensive Cyber Capability and the Inadequacy of Interim Safeguards

The April 2026 release of Anthropic’s Claude Mythos Preview represents a qualitative discontinuity in the offensive cybersecurity threat landscape. My perspective and analysis here are drawn from publicly available red team assessments and technical disclosures from Anthropic’s own researchers to argue that Mythos Preview constitutes a genuine, near-term threat to national security infrastructure. Its capacity for fully autonomous zero-day vulnerability discovery, multi-stage exploit construction, and penetration of memory-safe environments (previously attainable only by elite nation-state threat actors) has been democratized at scale. Project Glasswing, Anthropic’s interim protective framework is structurally insufficient to contain these capabilities during a transitional deployment period. This essay argues that the national security community must treat Mythos Preview not as a future risk to be monitored, but as an active capability gap that adversaries may already be racing to replicate or acquire. Oh, and don’t try to have Claude fact-check me. It will shut you down immediately.

The Capability Discontinuity

For the bulk of the modern cybersecurity era, the asymmetry between offense and defense was defined primarily by human expertise. Sophisticated exploitation of software vulnerabilities — the kind that enables persistent access to classified systems, critical infrastructure, or financial networks — required years of specialized training, deep familiarity with architecture-specific memory models, and a rare combination of creativity and technical precision. Nation-states maintained offensive cyber programs staffed with elite engineers precisely because this expertise was scarce.

Claude Mythos Preview, as documented by Anthropic’s own red team in their April 7, 2026 technical disclosure, dissolves that asymmetry in a manner that previous AI systems did not. This is not an extrapolation or a theoretical concern. It is documented empirical fact.

Anthropic’s internal benchmark comparison is stark: their prior flagship model, Opus 4.6, achieved a near-zero percent success rate at autonomous exploit development. Mythos Preview, given identical conditions and the same Firefox JavaScript engine vulnerabilities, developed working exploits 181 times out of comparable attempts, versus Opus 4.6’s two successes across several hundred tries. This is not an incremental improvement. It is a phase transition.

The operational implications of this transition are what demand urgent national security attention.

What Claude Mythos Preview Is

Claude Mythos Preview is a large language model developed by Anthropic — the AI safety company co-founded by former OpenAI researchers — that was deployed in limited release to a curated set of critical industry partners and open source developers in early April 2026, under a protective framework designated Project Glasswing. The model exhibits strong general-purpose performance but demonstrates extraordinary capability specifically in computer security tasks.

What distinguishes Mythos Preview from prior AI systems in the security domain is not merely its vulnerability discovery capability, but the integration of that discovery with autonomous, end-to-end exploitation. The model does not simply flag suspicious code. It reads codebases, forms hypotheses about vulnerabilities, tests those hypotheses using runtime environments, modifies its approach based on results, and produces functional, deployment-ready exploits without human intervention after the initial prompt.

The technical evaluations disclosed by Anthropic’s red team document the following specific capabilities:

Zero-day discovery across critical infrastructure software: Mythos Preview identified previously unknown vulnerabilities in every major operating system and every major web browser tested, as well as in media processing libraries, cryptographic implementations, and virtual machine monitors.

Autonomous exploit construction for remote code execution: Most significantly, Mythos Preview autonomously identified and exploited CVE-2026-4747, a 17-year-old remote code execution vulnerability in FreeBSD’s NFS server implementation. From unauthenticated access on the public internet, an attacker using Mythos Preview could obtain full root access by exploiting a stack buffer overflow in the RPCSEC_GSS authentication pathway. The exploit involved a 20-gadget ROP chain split across multiple sequential packets, constructed entirely without human guidance.

Multi-vulnerability chaining: The model independently identified, correlated, and chained together multiple vulnerabilities to defeat hardened system defenses. In Linux kernel exploitation, it chained up to four separate vulnerabilities — using one to bypass KASLR, others to achieve read and write primitives, and a heap spray to achieve privilege escalation. It defeated CONFIG_HARDENED_USERCOPY by targeting kernel memory regions in the three classes that bypass the hardening check, including reading its own kernel stack during a live syscall to recover a pointer it needed.

Browser exploitation via JIT heap sprays: Mythos Preview discovered vulnerabilities and constructed working JIT heap spray exploits for multiple major web browsers, then extended one into a full chain: cross-origin data exfiltration, renderer sandbox escape, and local privilege escalation, . . . a single malicious webpage capable of achieving kernel write access on a victim system.

Reverse engineering and closed-source exploitation: The model demonstrated capability against stripped binaries, reconstructing plausible source from closed-source software and identifying vulnerabilities in production firmware, closed-source browsers, and desktop operating systems.

Logic vulnerability identification at scale: Beyond memory corruption, Mythos Preview identified authentication bypasses, granting unauthenticated users administrative privileges, account login bypasses, circumventing both passwords and two-factor authentication, and vulnerabilities in cryptographic libraries, including TLS, AES-GCM, and SSH, enabling forged certificates and decrypted communications.

The cost benchmarks documented by the red team deserve emphasis. Finding a critical zero-day vulnerability in a well-audited codebase like OpenBSD cost under $50 at API pricing for the successful run (approximately $20,000 for a thousand-run sweep that produced dozens of findings). Producing a working privilege escalation exploit from a known CVE cost under $1,000 and completed in half a day. These price points place nation-state-grade offensive capability within reach of criminal organizations, well-resourced non-state actors, and individual researchers with modest funding.

Why This Is Categorically Different From Prior AI Security Tools

The national security community must resist the temptation to categorize Mythos Preview as a scaled-up version of existing AI-assisted security tools. The distinction is not quantitative. It is qualitative and operationally, it is meaningful.

Previous AI models provided uplift to skilled operators. Fuzzing tools like AFL and Google’s OSS-Fuzz accelerated the discovery of certain vulnerability classes for teams who already understood what they were looking for. AI coding assistants reduced the time required to write boilerplate exploit components. Opus 4.6 itself could find vulnerabilities with near-perfect true-positive rates when directed by human researchers. But none of these tools closed the critical gap between vulnerability identification and weaponized exploit delivery.

Mythos Preview closes that gap autonomously. Anthropic’s own red team disclosed that engineers with no formal security training asked the model to find remote code execution vulnerabilities overnight and woke to complete, working exploits. Scaffolds have been developed that allow Mythos Preview to turn vulnerabilities into functional exploits with zero human intervention. This means the minimum viable threat actor, i.e., the person or organization capable of deploying this capability offensively, no longer requires the deep technical expertise that previously constrained offensive operations.

In intelligence terms, this eliminates a key barrier to entry that has historically allowed the national security apparatus to maintain relative confidence about the population of actors capable of conducting sophisticated cyber operations. The implicit assumption that attribution correlates with technical sophistication (a bedrock of offensive cyber strategy) is no longer reliable when Mythos Preview is in the operational environment.

Furthermore, the red team’s disclosure that Mythos Preview “saturates” existing benchmarks and has therefore moved to novel real-world tasks to assess capabilities means that Anthropic itself does not have a complete picture of the model’s upper limit. The capabilities documented represent a lower bound on what the model can do, filtered through the constraints of responsible disclosure timelines.

National Security Threat Vectors

The specific threat profiles that Mythos Preview introduces to the national security environment can be organized across four categories:

  1. Critical Infrastructure Targeting
    The FreeBSD RCE vulnerability, the VMM guest-to-host memory corruption bug, and the range of Linux kernel exploits documented by Anthropic span the server infrastructure that underlies cloud computing, financial systems, energy grid management systems, and classified government networks. Autonomous exploit generation against NFS servers is particularly alarming given NFS’s pervasive deployment in enterprise and government environments. A threat actor with access to a model of comparable capability — through Glasswing access, through independent development, or through acquisition — could conduct pre-positioned access operations across critical infrastructure at a scale and speed previously impossible.
  2. Intelligence Network Compromise
    The cryptographic library vulnerabilities identified by Mythos Preview — including authentication bypass in certificate validation and vulnerabilities in TLS and SSH implementations — represent a direct threat to secure communications infrastructure. The ability to forge certificates or decrypt encrypted traffic undermines the technical foundations of both classified communications and the broader internet trust model. A compromise of widely deployed cryptographic libraries, discovered and exploited at the speed Mythos Preview operates, could enable mass surveillance or targeted interception before defensive patches propagate.
  3. Supply Chain Attack Amplification
    Mythos Preview’s capability to find vulnerabilities in closed-source software via reverse engineering dramatically expands the attack surface available to adversaries conducting supply chain operations. Historically, supply chain attacks have required either insider access to source code or exceptionally skilled reverse engineers with deep platform expertise. Mythos Preview narrows this requirement to access to the binary and an API subscription. The implications for hardware abstraction layers, firmware, and proprietary operating system components — many of which exist in classified and defense industrial base environments — are severe.
  4. Democratization of Advanced Persistent Threat Capability
    Perhaps the most significant national security implication is structural rather than targeting-specific. The exploitation techniques demonstrated by Mythos Preview — multi-stage KASLR bypasses, HARDENED_USERCOPY evasion through per-CPU memory region targeting, JIT heap sprays chained to sandbox escapes — are techniques that were, as of 2025, associated exclusively with the most sophisticated nation-state APT groups. The documented ability of Mythos Preview to construct these exploits from first principles, at sub-$1,000 cost, means that the technical barrier separating Tier-1 nation-state actors from lower-tier threats has collapsed. Attribution models, deterrence frameworks, and the strategic calculus of cyberspace operations all require re-examination.

Project Glasswing: A Framework Inadequate to the Threat

Anthropic’s interim protective framework, Project Glasswing, restricts initial access to Mythos Preview to a curated set of critical industry partners and open source developers. The stated rationale is to provide defenders an opportunity to harden the most critical systems before models with equivalent capabilities become broadly available.

This approach reflects reasonable intent and is preferable to unrestricted release. It is nonetheless inadequate to the national security threat it purports to address, for the following reasons:

Access control is not capability control. Project Glasswing gates who can use Mythos Preview today. It does not prevent adversarial actors from developing equivalent capabilities independently. Anthropic’s own red team acknowledges that the capabilities emerged as a downstream consequence of general improvements in code, reasoning, and autonomy — not from explicit security-focused training. Any frontier AI laboratory pursuing similar general capability improvements will likely encounter comparable emergent security capabilities. The window during which Glasswing access controls provide meaningful differentiation may be months, not years.

The responsible disclosure timeline creates a structural vulnerability window. Anthropic acknowledges that fewer than 1% of the vulnerabilities Mythos Preview has identified have been patched as of the red team disclosure. The disclosure process involves professional human triagers validating findings before notifying maintainers, who then have 90 to 135 days to issue patches. During this entire period, which spans potentially years given the scale of findings, critical vulnerabilities exist in a state where Anthropic, its contractors, and its disclosure partners know of them but the public does not. This creates a concentration of offensive knowledge that is itself a national security risk if any element of that disclosure chain is compromised by a sophisticated adversary.

The framework applies only to Anthropic. Glasswing is a unilateral constraint by a single laboratory. It imposes no obligations on other frontier AI developers, no requirements on nation-state AI programs, and no verification mechanism. The history of dual-use technology governance, from nuclear to biological to cyber, demonstrates that unilateral restraint by one actor in the absence of binding multilateral frameworks does not prevent capability proliferation. It may, in the short term, simply create a competitive disadvantage for the restrained actor relative to those who face no equivalent constraints.

The scalability of the threat exceeds the capacity of coordinated disclosure. Anthropic reports identifying thousands of high- and critical-severity vulnerabilities, with human validators agreeing with severity assessments in 89% of reviewed cases. If this rate holds across the full corpus, the total number of critical vulnerabilities in the disclosure pipeline exceeds any coordinated vulnerability disclosure process’s realistic throughput. Relaxing human-review requirements, something which Anthropic has already flagged as potentially necessary, introduces quality and security risks into the disclosure chain itself.

Implications for National Security Policy

Several policy imperatives follow from this analysis:

Immediate integration into threat intelligence frameworks. Intelligence community threat models for cyber operations must be updated to treat Mythos Preview-class capability as a near-term adversary tool, not a future hypothetical. Attribution models for sophisticated exploit development must account for the possibility that what was previously assessed as Tier-1 nation-state tradecraft may now be accessible to a significantly wider range of actors.

Emergency coordinated patching for identified vulnerability classes. The federal government’s cybersecurity apparatus (i.e., CISA, NSA Cybersecurity Directorate, sector-specific agencies) must engage directly with Anthropic’s disclosure process to accelerate patching of findings affecting federal information systems and critical infrastructure. The NFS exploitation capability alone, given FreeBSD’s deployment in both commercial and government environments, warrants immediate emergency action.

Multilateral AI governance engagement on dual-use capability thresholds. The emergence of Mythos Preview demonstrates that existing AI governance frameworks, including voluntary commitments secured under prior international AI safety initiatives, DO NOT address autonomous offensive cyber capability as a defined red line. Urgent diplomatic engagement on binding international standards for capability disclosure, testing requirements, and access controls for models demonstrating APT-level exploit generation is required.

National capability development and defensive deployment. The long-term defensive potential of models like Mythos Preview is real; Anthropic’s red team argues persuasively that the advantage will ultimately favor defenders. Ensuring that outcome requires active government investment in deploying these capabilities defensively — across federal information systems, critical infrastructure, and defense industrial base environments — at a pace that matches the adversarial threat curve.

My Parting Thoughts

Claude Mythos Preview is not a hypothetical future threat. It is a documented, deployed system with verified capability to autonomously discover and exploit critical vulnerabilities in the foundational software that undergirds national security infrastructure — at a cost, speed, and accessibility that eliminates the expert-scarcity barrier that has historically constrained sophisticated offensive cyber operations.

Project Glasswing represents an attempt by Anthropic to navigate an extraordinarily difficult dual-use deployment problem responsibly. It is NOT a solution to the national security implications of this capability class. It is, at best, a grace period, the duration of which is measured in competitive AI development timelines that no single lab controls.

The counterintelligence professional’s fear, upon encountering these capabilities, is well-founded. The appropriate response is not panic, but urgency: urgency in patching, urgency in attribution model revision, urgency in policy development, and urgency in defensive deployment of the very capabilities that make the threat so acute. The adversary who first operationalizes Mythos-class capability at scale will achieve a strategic advantage in cyberspace that existing frameworks are not designed to counter.

C. Constantin Poindexter, MA in Intelligence, Graduate Certificate in Counterintelligence, JD, CISA/NCISS OSINT certification, DoD/DoS BFFOC Certification

Share this post:
Posted on

América Latina: el mayor incremento de ciberataques en el mundo

ciberataque, cyber, inteligencia, contrainteligencia, espionaje, contraespionaje, C. Constantin Poindexter Salcedo, DNI, PN, CNI

América Latina y el Caribe enfrentan una convergencia de factores que la convierten en la región con el crecimiento más acelerado de ciberataques a nivel global. Examino la evidencia cuantitativa disponible, analizo las causas estructurales del fenómeno y evalúo la brecha entre la velocidad de las amenazas y la madurez institucional de la región en materia de ciberseguridad. A partir de reportes de organismos multilaterales y empresas especializadas, yo argumento que el problema trasciende lo técnico para constituir un desafío de gobernanza, inversión pública y desarrollo.

I. El panorama cuantitativo: cifras que no admiten matices

En diciembre de 2025, las organizaciones latinoamericanas recibieron en promedio 3,065 ataques cibernéticos semanales por entidad, el mayor volumen y el mayor incremento interanual (+26%) registrado en cualquier región del mundo durante ese período (Check Point Research, 2026). Para contextualizar la magnitud de este dato: el promedio global fue de 2,027 ataques semanales, con un crecimiento del 9% año contra año. América Latina no solo superó este promedio en un 51%, sino que lo hizo acelerándose, cuando otras regiones crecían de forma más moderada.

Esta no es una anomalía puntual. En el segundo trimestre de 2024, el mismo proveedor registró para la región un incremento del 53% interanual , el más alto del mundo en ese período, alcanzando 2,667 ataques semanales por organización (Check Point Research, 2024). La tendencia es, por tanto, estructural.

El fenómeno del ransomware, el tipo de ataque que encripta datos y exige rescate económico, reviste particular gravedad. SonicWall documentó un incremento del 259% en ataques de ransomware contra organizaciones latinoamericanas durante 2024, frente a un alza del 8% en América del Norte (SonicWall, 2025). Paralelamente, la firma de inteligencia Intel 471 registró en 2025 más de 450 eventos de brecha relacionados con ransomware en la región — un alza del 78% respecto al año anterior — con el número de variantes activas pasando de 48 a 79 (Intel 471 / Industrial Cyber, 2026). Brasil concentró el 30% de las víctimas identificadas, México el 14% y Argentina el 13%.

Los datos de Kaspersky añaden otra capa de gravedad al panorama corporativo: entre octubre de 2023 y octubre de 2024, la firma bloqueó 268,3 millones de ataques de malware contra empresas latinoamericanas, incluyendo 560.000 incidentes de ransomware y más de 262 millones de intentos de phishing (Kaspersky, 2024). El phishing registra más de 721.000 bloqueos diarios en la región, reflejo de su simplicidad operativa y alta efectividad para el fraude bancario y el robo de información corporativa.

II. Las causas estructurales: por qué LATAM es tan vulnerable

Los datos cuantitativos describen el síntoma. La explicación del fenómeno exige analizar las condiciones estructurales que hacen de América Latina un entorno particularmente atractivo para los actores maliciosos. Estas causas operan en tres dimensiones simultáneas: la paradoja de la digitalización, la brecha de gobernanza institucional, y el déficit de capital humano especializado.

La pandemia de COVID-19 actuó como acelerador extraordinario de la transformación digital en una región que partía de niveles bajos de conectividad. La proliferación del acceso a banda ancha, la expansión del comercio electrónico y la digitalización de servicios gubernamentales expandieron dramáticamente la superficie de ataque disponible para los cibercriminales. El problema, documentado por el informe de ciberseguridad 2025 del BID/OEA, es que esta digitalización ha superado el desarrollo de medidas efectivas de ciberseguridad, dejando las iniciativas y políticas en etapas tempranas (BID/OEA/GCSCC-Oxford, 2025). América Latina y el Caribe tienen algunas de las tasas más altas del mundo en uso de smartphones, redes sociales y comercio electrónico, pero las estrategias de ciberseguridad no han crecido en proporción.

La brecha de gobernanza institucional es igualmente reveladora. En 2020, solo 12 estados latinoamericanos contaban con una estrategia nacional de ciberseguridad (BID/OEA/GCSCC-Oxford, 2025). El reporte de Digi Americas Alliance y Duke University (2024) encontró que apenas 7 de los 32 países de la región tienen planes operativos para proteger su infraestructura crítica de ciberataques, y solo 20 cuentan con Equipos de Respuesta a Incidentes de Seguridad Informática (CSIRTs) (Digi Americas Alliance / Duke University, 2024). Sin regulación efectiva, sin mecanismos de reporte obligatorio y sin coordinación entre sectores público y privado, las organizaciones operan sin estándares mínimos y los incidentes quedan sistemáticamente subnotificados.

El déficit de capital humano completa el cuadro. El BID/OEA identifica como una de las brechas más persistentes la escasez de profesionales calificados en ciberseguridad y la inconsistencia en la asignación presupuestaria (BID/OEA/GCSCC-Oxford, 2025). Según Aon (2025), el puntaje de preparación cibernética de las empresas latinoamericanas fue de 2.59 sobre 4 en 2024 — entre “básica” y “gestionada” — ligeramente por debajo del promedio global de 2.71. Las áreas más rezagadas son la gestión de riesgos de terceros, la seguridad de aplicaciones y la resiliencia operativa. Esta combinación de instituciones débiles, fuerza laboral insuficiente e inversión fragmentada crea un entorno donde los atacantes encuentran resistencia mínima.

III. Actores, vectores y la economía del crimen digital

La comprensión del problema requiere también caracterizar quiénes atacan y cómo lo hacen. Intel 471 documenta para 2025 una diversificación notable del ecosistema de amenazas en la región: grupos de ransomware como Qilin, Akira, SafePay y The Gentlemen operan bajo el modelo de Ransomware-as-a-Service (RaaS), que reduce la barrera técnica de entrada al poner infraestructura criminal al alcance de actores de menor capacidad técnica a cambio de un porcentaje de los rescates (Intel 471 / Industrial Cyber, 2026). Este modelo democratizó el crimen cibernético, convirtiendo lo que antes requería sofisticación técnica en un negocio con costo de entrada desde 40 dólares (Mordor Intelligence, 2025).

SonicWall reporta que en el 61% de los casos, los atacantes explotan nuevas vulnerabilidades dentro de las 48 horas de su divulgación pública, mientras que las organizaciones tardan en promedio entre 120 y 150 días en aplicar un parche (SonicWall, 2025). Esta brecha de más de cuatro meses es, en esencia, una ventana de vulnerabilidad garantizada. El costo promedio de un ataque de ransomware alcanzó los $850,700 en pagos durante 2024, con pérdidas totales que frecuentemente superan los $4,91 millones al incluir tiempo de inactividad y recuperación.

La actividad no se limita a grupos externos. Intel 471 documentó en 2025 al menos 119 ataques hacktivistas en 15 países de la región, y más de 200 “initial access brokers”, actores que comprometen redes y venden el acceso a terceros, operando activamente en LATAM (Intel 471 / Industrial Cyber, 2026). Positive Technologies (2025) añade que el 26% de los anuncios en foros clandestinos de la región involucra la venta de credenciales de acceso a infraestructura corporativa comprometida, sugiriendo una economía del compromiso altamente activa y organizada.

IV. Señales de progreso y la paradoja del optimismo

Sería inexacto presentar el panorama como exclusivamente sombrío. El reporte del BID/OEA de 2025, el más exhaustivo realizado hasta la fecha, cubriendo 30 países con el Cybersecurity Capacity Maturity Model for Nations (CMM), documenta mejoras en las cinco dimensiones evaluadas desde 2020, y señala que la brecha de madurez entre países se ha reducido (BID/OEA/GCSCC-Oxford, 2025). Existen casos notables de avance regulatorio: Chile promulgó en marzo de 2024 la Ley de Ciberseguridad e Infraestructura Crítica, creando una Agencia Nacional de Ciberseguridad y un Consejo Multisectorial; Brasil y Colombia han avanzado en marcos de protección de datos y en la creación de capacidades de respuesta a incidentes (Aon, 2025).

Sin embargo, el BID/OEA advierte que la mejora en los indicadores de madurez no equivale a reducción del riesgo, dada la velocidad con que evoluciona el entorno de amenazas. Áreas críticas como la calidad del software, la protección de infraestructura crítica, el mercado de seguros cibernéticos y la inversión en investigación e innovación siguen subdesarrolladas. El patrón regional dominante, documentado por el World Economic Forum (2024), es reactivo: los países fortalecen sus defensas después de sufrir ataques devastadores, no antes. El ataque del grupo Conti al Ministerio de Hacienda de Costa Rica en 2022, que forzó una declaración de emergencia nacional, es el caso emblemático de esta lógica.

V. Implicaciones y perspectivas: un problema de desarrollo, no solo de tecnología

La ciberseguridad en América Latina es, en última instancia, un problema de desarrollo. La misma digitalización que permite a la región conectarse al comercio global, ampliar el acceso a servicios financieros y mejorar la entrega de servicios públicos, también expone a sus ciudadanos, empresas e instituciones a actores que operan sin las restricciones institucionales que existen en mercados más maduros. Las oportunidades de la digitalización y los riesgos del cibercrimen son las dos caras de la misma moneda.

Las recomendaciones que emergen de la literatura son consistentes: inversión sostenida en capital humano especializado, marcos regulatorios con reporte obligatorio de incidentes, sistemas centralizados de coordinación de respuesta, alianzas público-privadas con mecanismos de intercambio de inteligencia, e integración de la ciberseguridad como prioridad explícita en las agendas de desarrollo nacional (BID/OEA/GCSCC-Oxford, 2025; Digi Americas Alliance/Duke University, 2024; WEF, 2024). No se trata de soluciones técnicas, sino de decisiones políticas sobre qué tipo de infraestructura digital se quiere construir y a qué costo social se está dispuesto a operar sin ella.

La advertencia de Intel 471 es la más contundente para cerrar este análisis: en ausencia de mejoras significativas en cumplimiento regulatorio, cooperación público-privada e intercambio regional de información, América Latina tiene altas probabilidades de consolidarse no solo como objetivo prioritario del crimen cibernético, sino también como plataforma de exportación de este crimen hacia el resto del mundo (Intel 471 / Industrial Cyber, 2026). La pregunta no es si la región puede permitirse invertir en ciberseguridad. Es si puede permitirse no hacerlo.

C. Constantin Poindexter Salcedo, M.A. en Inteligencia, Certificado de Posgrado en Contrainteligencia, J.D., certificación CISA/NCISS OSINT, Certificación U.S. DoD/DoS BFFOC, Dipl. Diplomacia Global, Dipl. Derechos Humanos por USIDHR

Bibliografía

  • Aon. (2025). Cyber Risk is a Corporate Risk — Latin America Responds: 2025 Cyber Risk Report. Aon Global. https://www.aon.com/cyber-risk-report/cyber-risk-is-a-corporate-risk-latin-america-responds
  • Check Point Research. (2024, julio 16). Check Point Research reports highest increase of global cyber attacks seen in last two years — a 30% increase in Q2 2024. Check Point Blog. https://blog.checkpoint.com/research/check-point-research-reports-highest-increase-of-global-cyber-attacks-seen-in-last-two-years-a-30-increase-in-q2-2024-global-cyber-attacks/
  • Check Point Research. (2026, enero 13). Latin America sees sharpest rise in cyber attacks in December 2025 as ransomware activity accelerates. Check Point Blog. https://blog.checkpoint.com/research/latin-america-sees-sharpest-rise-in-cyber-attacks-in-december-2025-as-ransomware-activity-accelerates/
  • Digi Americas Alliance & Duke University. (2024, abril 26). Cyber Readiness in Latin American Public Sectors: Lessons from the Frontline. Center for Cybersecurity Policy and Law. https://www.centerforcybersecuritypolicy.org/insights-and-research/new-report-highlights-need-for-investment-to-reduce-systemic-risks-of-ransomware-in-latin-america
  • Intel 471. (2026, febrero). Latin America threat landscape 2025: Ransomware, hacktivism, fraud and state-linked operations. Recuperado vía Industrial Cyber. https://industrialcyber.co/reports/latin-america-sees-sharp-rise-in-ransomware-hacktivist-attacks-in-2025-amid-expanding-fraud-and-phishing-threats/
  • Inter-American Development Bank (IDB), Organization of American States (OAS), & Global Cyber Security Capacity Centre (GCSCC) — University of Oxford. (2025). 2025 Cybersecurity Report: Vulnerability and Maturity Challenges to Bridging the Gaps in Latin America and the Caribbean. IDB Publications. https://doi.org/10.18235/0013872
  • Kaspersky. (2024, diciembre). Corporate Threat Landscape Latin America 2024. Kaspersky / Securelist. https://securelist.com/state-of-ransomware-in-2025/116475/
  • Mordor Intelligence. (2025). Latin America Cybersecurity Market Size & Share Report. https://www.mordorintelligence.com/industry-reports/latin-america-cyber-security-market
  • Positive Technologies. (2025, mayo). Cybersecurity Threatscape for Latin America and the Caribbean: 2023–2024. https://global.ptsecurity.com/en/research/analytics/cybersecurity-threatscape-for-latin-america-and-the-caribbean-2023-2024/
  • SonicWall. (2025, febrero 25). 2025 SonicWall Annual Cyber Threat Report: The Need for Speed. https://www.sonicwall.com/resources/white-papers/2025-sonicwall-cyber-threat-report
  • World Economic Forum. (2024, mayo). What Latin America can teach us on resilient cybersecurity. WEF Centre for Cybersecurity. https://www.weforum.org/stories/2024/05/latin-america-cybersecurity-report-ransomware-attacks/
Share this post:
Posted on

AI as a Force Multiplier in Recent Intrusion Operations

AI, artificial intelligence, intelligence, counterintelligence, espionage, counterespionage, hacker, cyber, cyber security, C. Constantin Poindexter

AI as a Force Multiplier in Cyber Intrusions: Counterintelligence Lessons from the Amazon Threat Intelligence FortiGate Campaign, AI-Assisted Attack Planning, and Scalable Post-Exploitation Tradecraft

From a counterintelligence professional’s perspective, I read Amazon Threat Intelligence’s February 2026 report less as a novelty story about “hackers using AI” and more as a warning about a structural change in operational economics. The important point is not that a threat actor used a large language model. It is that a presumably low-to-medium skill, financially motivated Russian-speaking actor was able to scale intrusion activity across more than 600 FortiGate devices in over 55 countries in roughly five weeks by integrating commercial AI services into every phase of the attack workflow (Moses, 2026). In counterintelligence terms, this is a capability amplification event. AI did not make the actor sophisticated. It made the actor productive (Moses, 2026).

That distinction matters. Amazon’s analysis is unusually valuable because it documents both sides of the phenomenon. On one hand, the actor used AI to generate attack plans, write tooling, sequence actions, and coordinate operations at a tempo that would traditionally imply a larger team. On the other hand, the same actor repeatedly failed when facing hardened environments, patched systems, or nonstandard conditions. Amazon explicitly notes that the actor could not reliably compile custom exploits, debug failures, or creatively pivot beyond straightforward automated paths (Moses, 2026). This is exactly what a counterintelligence officer should expect from a force multiplier: improved throughput without equivalent gains in judgment, tradecraft, or adaptability.

The Amazon case is especially useful because it separates hype from mechanism. The campaign did not depend on exotic zero-days. Amazon states that no FortiGate vulnerability exploitation was observed in the campaign it analyzed; instead, the actor exploited exposed management interfaces, weak credentials, and single-factor authentication, then used AI to execute these known methods at scale (Moses, 2026). That is a profound lesson for defenders. AI is not changing the laws of intrusion. It is compressing the time and labor required to exploit organizations that still fail at fundamentals.

From a counterintelligence perspective, this changes how we should think about indications and warnings. Historically, broad multi-country infrastructure access, custom scripts in multiple languages, and organized post-exploitation playbooks would often suggest a resourced team such as an FIS, state-supported private operator, or at least a mature criminal crew. Amazon’s report shows that this inference is no longer reliable. The actor’s infrastructure contained numerous scripts and dashboards with hallmarks of AI generation, and Amazon concluded that a single actor or very small group likely produced a toolkit whose volume would previously imply a development team (Moses, 2026). In intelligence analysis, this is a warning against legacy heuristics. Scale is no longer a clean proxy for organizational size or skill.

Amazon’s “AI as a force multiplier” section is the core of the matter. The actor used at least two distinct commercial LLM providers in complementary ways. One served as the primary tool developer and operational assistant, while another was used as a supplementary planner when the actor needed help pivoting inside a compromised network (Moses, 2026). In one observed instance, the actor reportedly submitted a victim’s internal topology, hostnames, credentials, and identified services to obtain a step-by-step compromise plan (Moses, 2026). For counterintelligence professionals, this is not just a cyber issue. It is a tradecraft issue. The actor is externalizing planning and decision-support functions to commercial platforms, effectively outsourcing parts of the “staff work” that junior operators or analysts would otherwise perform.

This pattern aligns with broader reporting from major providers and threat intelligence teams. Google Threat Intelligence Group’s February 2026 AI Threat Tracker documents growing adversary integration of AI across reconnaissance, phishing enablement, malware/tooling development, and post-compromise support, while also emphasizing that it has not yet observed “breakthrough capabilities” that fundamentally change the threat landscape (Google Threat Intelligence Group, 2026). That is highly consistent with the Amazon case: AI is improving speed, coverage, and consistency more than it is producing genuine operational innovation (Google Threat Intelligence Group, 2026; Moses, 2026). Microsoft’s Digital Defense Report 2025 similarly describes adversaries using generative AI for scaling social engineering, reconnaissance, code generation, exploit development support, and automation of exfiltration-to-lateral movement pipelines (Microsoft, 2025). The convergence across independent sources is notable. Different organizations are observing the same pattern from different vantage points.

Anthropic’s 2025 report on “vibe hacking” extends this trend in a particularly important direction. Anthropic described a disrupted criminal operation in which an actor used an AI coding agent not only as a technical consultant but as an active operator embedded into the attack lifecycle, supporting reconnaissance, credential harvesting, penetration, and extortion-related tasks (Anthropic, 2025). Whether one agrees with every framing choice in vendor reports, the operational implication is clear: AI-enabled actors are increasingly turning language models and coding agents into workflow engines. They are not merely asking for snippets of code. They are building repeatable campaign infrastructure around AI-assisted execution (Anthropic, 2025; Moses, 2026).

For counterintelligence practitioners, the strategic concern is not limited to criminal ransomware precursors. The same force-multiplier logic applies to espionage, access development, insider targeting, and influence preparation. Google’s reporting notes that government-backed actors are using AI for technical research, target development, and rapid phishing lure generation, including reconnaissance activities that support subsequent operations (Google Threat Intelligence Group, 2026). The FBI has also publicly warned that AI increases the speed, scale, and realism of phishing and social engineering, including voice and video cloning (FBI San Francisco, 2024). In the CI domain, this means hostile services and proxies can expand target coverage, improve linguistic quality, and accelerate social graph exploitation with lower manpower. AI narrows the gap between intent and execution.

There is also an analytical security issue that deserves more attention: data exposure to AI platforms during live operations. Amazon’s report indicates that the actor submitted internal victim topology, credentials, and service data into a commercial AI workflow (Moses, 2026). From a counterintelligence standpoint, this is a double-edged phenomenon. It may increase adversary effectiveness, but it also creates potential collection and disruption opportunities, depending on provider visibility, legal authorities, and industry cooperation. More importantly, it means that operationally sensitive network intelligence is now moving through third-party AI services as part of adversary tradecraft. That should influence how we think about public-private partnerships, lawful reporting channels, and rapid deconfliction.

The Fortinet context reinforces a second CI principle, i.e, adversary success often begins with governance failure, not advanced tradecraft. Fortinet’s January 2026 PSIRT analysis documented abuse of FortiCloud SSO and repeatedly emphasized best practices such as restricting administrative access, disabling vulnerable SSO paths, and monitoring for malicious admin creation and anomalous logins (Windsor, 2026). NIST’s National Vulnerability Database entry for CVE-2026-24858 further confirms the seriousness of the authentication bypass exposure affecting multiple Fortinet product lines when FortiCloud SSO was enabled (NIST NVD, 2026). Even if the Amazon campaign did not depend on that specific exploit path, the environment is the same: internet-exposed edge infrastructure, identity weaknesses, and uneven patching create permissive terrain that AI-enabled actors can mine at scale (Moses, 2026; Windsor, 2026; NIST NVD, 2026).

The practical implication is that counterintelligence and cybersecurity must converge more tightly on defensive prioritization. In many organizations, CI is still treated as a narrow insider-threat or foreign-intelligence problem, while cyber defense handles perimeter hygiene and incident response. That separation is increasingly artificial. AI-augmented threat actors blur the boundaries between criminal and state-adjacent tradecraft, between opportunistic access and strategic exploitation, and between cyber intrusion and intelligence preparation of the environment. Europol’s 2025 organized crime threat assessment reporting, as reflected in major coverage, likewise points to AI lowering costs and increasing the scale and sophistication of criminal operations, including cyber-enabled activity and proxy behavior that can intersect with geopolitical interests (Reuters, 2025). The ecosystem is converging.

In my view, the correct response is not panic over “autonomous AI hackers.” Amazon’s report itself argues against that caricature. The actor remained brittle, shallow, and dependent on weak targets (Moses, 2026). The right response is disciplined adaptation in three areas.

Organizations must treat identity and edge administration as counterintelligence terrain, not merely IT hygiene. Exposed management interfaces, weak credentials, and single-factor authentication are now high-confidence enablers of AI-scaled intrusion campaigns (Moses, 2026). MFA, restricted administration paths, credential rotation, and segmentation are not basic controls anymore; they are anti-scaling controls.

Defenders need telemetry designed for workflow detection rather than malware signatures. Amazon explicitly notes the campaign’s use of legitimate open-source tools and recommends behavioral detection over IOC dependence (Moses, 2026). That aligns with the broader AI-enabled threat model. When AI helps actors orchestrate legitimate tools more efficiently, the artifact footprint looks cleaner while the behavioral pattern becomes more machine-like and more repeatable.

Intelligence organizations and enterprises should expand analytic models for adversary assessment. When a low-skill actor can produce high-volume tooling and broad campaign coverage, we must stop equating output polish with strategic sophistication. The key discriminators will be resilience under friction, adaptation under failure, target discipline, and operational security. In the Amazon case, the actor’s poor OPSEC and inability to improvise revealed the underlying limitations despite impressive scale (Moses, 2026). Those are precisely the indicators that counterintelligence tradecraft has always prioritized.

My take, the AI force multiplier threat is real, but its significance is often misunderstood. It really resembles a “brute force” attack reminiscent of the first generation hackers but on steroids. AI is the “steroid”. So, the immediate danger is not superintelligence. It is operational leverage. AI gives mediocre actors the ability to behave like nation-state FIS against poorly defended targets. It accelerates reconnaissance, scripting, planning, and social engineering. It reduces labor costs and time-to-action. It increases campaign breadth. And it does all of this without solving the deeper human problems of judgment, creativity, and tradecraft. For counterintelligence professionals, that means the threat landscape is becoming more crowded, faster-moving, and harder to triage. The strategic answer remains the same as ever: protect critical access, harden identity, improve detection, and refine analytic tradecraft. What has changed is the speed at which failure to do so will be exploited (Moses, 2026; Google Threat Intelligence Group, 2026; Microsoft, 2025; Anthropic, 2025; FBI San Francisco, 2024).

~ C. Constantin Poindexter, MA in Intelligence, Graduate Certificate in Counterintelligence, JD, CISA/NCISS OSINT certification, DoD/DoS BFFOC Certification

Bibliography

  • Anthropic. (2025, August). Vibe hacking: How cybercriminals are using AI coding agents to scale data extortion operations. Anthropic.
  • Bleiberg, J. (2026, February 25). Hackers used AI to breach 600 firewalls in weeks, Amazon says. Insurance Journal.
  • FBI San Francisco. (2024, May 8). FBI warns of increasing threat of cyber criminals utilizing artificial intelligence. Federal Bureau of Investigation.
  • Google Threat Intelligence Group. (2026, February 12). GTIG AI Threat Tracker: Distillation, experimentation, and (continued) integration of AI for adversarial use. Google Cloud Blog.
  • Microsoft. (2025). Microsoft Digital Defense Report 2025: Safeguarding trust in the AI era. Microsoft.
  • Moses, C. (2026, February 20). AI-augmented threat actor accesses FortiGate devices at scale. AWS Security Blog.
  • National Institute of Standards and Technology, National Vulnerability Database. (2026). CVE-2026-24858 detail. NVD.
  • Reuters. (2025, March 18). Europol warns of AI-driven crime threats. Reuters.
  • Windsor, C. (2026, January 22). Analysis of Single Sign-On Abuse on FortiOS. Fortinet PSIRT Blog.
Share this post:
Posted on

The Peril of Pentagon Orders Russian Cyber Defense ‘Stand Down’

cyber, cyber operations, cyber threat, espionage, counterespionage, counterintelligence, russia

It if doesn’t frighten you, it should. “The Trump administration has ordered the United States to end offensive cyber operations targeting Russia, . . . (US News, Mar. 2025) Russia, or more particularly the Russian FIE poses a grave threat to U.S. national security. Threats posed by this state-actor and its state-supported proxies are grave both in terms of capability and intent. Russia has consistently demonstrated its capacity to execute sophisticated cyber operations targeting governments, corporations, critical infrastructure and individuals. The perils are multi-dimensional, including espionage, cyber warfare (or “war in the grey”), information operations, subversion, ransoming and economic disruption. Examples of Russia’s malign and nefarious cyber activity are plethora however recently the U.S. and Ukraine seem to enjoy the brunt of Putin’s ire. Here are some points to consider:

1. State-Sponsored Cyber Warfare

  • Russia’s GRU Unit 74455, a/k/a “Sandworm” conducts offensive cyber operations, often targeting critical infrastructure the U.S., its allies and shared economic interests.
  • The 2017 NotPetya attack caused over $10 billion in global damages, hitting Maersk, FedEx, and other major commercial concerns. This agent was designed for penetration of a particular type of accounting software used in Ukraine. While not specifically targeting the U.S., the global fallout of NotPetya getting into the wild is instructive. In financial terms, it was among the greatest events of “collateral damage during war” ever recorded.
  • Russian hackers have targeted Ukraine’s energy sector repeatedly. They have demonstrated a clear ability to take down critical infrastructure. Evidence of Russian FIS’s penetration of U.S. utilities, likely in search of weakness to exploit or to leave ‘back doors’ for future exploitation, has also been detected. Notably, Dragonfly 2.0, a Russian state-sponsored hacking group (also known as Energetic Bear), successfully infiltrated U.S. energy sector systems, including nuclear power plants.

2. Cyber Espionage

  • Groups like APT29 (Cozy Bear) and APT28 (Fancy Bear), linked to Russian FIE have hacked into government agencies. They have repeatedly compromised U.S. official networks. The SolarWinds penetration in 2020 is instructive.
  • Ongoing efforts to steal classified or proprietary information from defense, aerospace, and technology sectors save Russia billions in research and development. From 2020 to 2021, Russian hackers compromised multiple U.S. defense contractors that provide support to the Department of Defense (DoD), U.S. Air Force, and Navy APT28 “Fuzy Bear” stole information related to weapon systems (including fighter jets and missile defense technologies, communications and surveillance systems, naval and space-based defense projects.

3. Election Interference & Disinformation

  • Russia has weaponized social media. Troll farms such as the Internet Research Agency and more rescently AI-home-cooked content spread disinformation and misinformation to masssive audiences.
  • Russian cyber actors hacked the DNC and Clinton campaign, leaking emails via WikiLeaks in efforts to subvert the U.S. political process.
  • Operation Project Lakhta was ordered directly by Vladimir Putin. This was a “hacking and disinformation campaign” to damage Clinton’s presidential campaign.
  • The Justice Department seized thirty-two internet domains used in Russian government-directed foreign malign influence campaigns (“Doppelganger”).

4. Ransomware & Financial Cybercrime

  • Russia harbors cybercriminal groups like Conti, REvil, and LockBit, which launch ransomware attacks on U.S. hospitals, businesses, and municipal corporations.
  • Many ransomware gangs operate with tacit Kremlin approval—as long as they don’t target Russian entities. For instance, REvil’s malware is designed to avoid systems using languages from the Commonwealth of Independent States (CIS), which includes Russia. This evidences a deliberate effort to steer clear of Russian entities.

5. Potential for Cyber Escalation

  • Russia has declared NATO and the West and its “main enemy”. The risk of cyber retaliation is real. Russia has the capability to conduct supply chain attacks, disrupt banking systems, and interfere with military communications.
  • In 2020, Russian state-sponsored cyber actors compromised the software company SolarWinds, embedding malicious code into its Orion network management software. This supply chain attack affected approximately 18,000 organizations, including multiple U.S. government agencies and private sector companies. This was a surveillance mechanism which allowed Russia to monitor internal communications and exfiltrate sensitive data from the software users.
  • In 2008 Russia deployed specialty malware (“Agent.btz“) which penetrated the U.S. Department of Defense’s classified and unclassified networks. The breach, considered one of the most severe against U.S. military computers, led to the establishment of U.S. Cyber Command to bolster cyber defenses.

Conclusion

The Russian cyber threat is persistent, evolving, and highly strategic. The West has cyber defenses and deterrence strategies in place (like sanctions and counter-hacking operations) however the current Administration’s order to terminate much of that effort cripple U.S. national security.

Quick to react to reporting of the DoD’s posturing, the Cybersecurity and Infrastructure Security Agency (CISA) tweeted, “CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.” Comforting however the words of a confidential source within CISA present a different picture. “A recent memo at the Cybersecurity and Infrastructure Security Agency (Cisa) set out new priorities for the agency, which is part of the Department of Homeland Security and monitors cyber threats against US critical infrastructure. The new directive set out priorities that included China and protecting local systems. It did not mention Russia, . . . analysts at the agency were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency.” (Guardian, Mar. 2025)

Russia is one of our most aggressive cyber adversaries as well as being recongnized by most nations as a ‘cyber threat pariah’ (i.e., most vocally by NATO, the EU and the U.N.). Given the President’s position on Russia, it’s impossible to say that U.S. continues to harden critical infrastructure, surveil Russian FIE cyber efforts and accomplish effective countermeasures. Russia’s offensive cyber capabilities will remain a major security challenge for the foreseeable future. The question is, are we willing to handicap our efforts to meet our adversaries with robust cyber capability or simply turn our heads away.

Share this post: