AI Security Institute Warns: Strengthen Cyber Basics After Mythos Preview Test

The AI Security Institute (AISI) has issued a clear warning to organizations worldwide: reinforce your cybersecurity fundamentals now. This call comes after the institute conducted rigorous evaluations of Anthropic’s latest model, Claude Mythos Preview. The model made headlines last week when Anthropic claimed it had identified thousands of zero-day vulnerabilities spanning decades. As a result, the company launched Project Glasswing, allowing select tech vendors to use the model to locate and patch these flaws. Although Anthropic pledged not to release Mythos Preview publicly, concerns persist that threat actors may eventually gain access.

What the AI Security Institute Found in Its Tests

The UK-based AI Security Institute conducted controlled evaluations of Mythos Preview and described it as “a step up over previous frontier models in a landscape where cyber performance was already rapidly improving.” In these tests, when explicitly directed and given network access, the model demonstrated the ability to execute multi-stage attacks on vulnerable networks. It could autonomously discover and exploit vulnerabilities—tasks that would typically take human professionals days to complete.

However, the results were not without caveats. The AISI built a “32-step corporate network attack simulation,” running from reconnaissance to full network takeover. Human experts would need around 20 hours to finish this operation. Mythos Preview succeeded in only three out of ten attempts, completing an average of 22 out of 32 steps. Yet, the institute noted that with more inference compute, its performance could improve significantly.

Limitations of the Testing Environment

The AISI also highlighted that its testing environment differs from real-world conditions in important ways. “Mythos Preview’s success on one cyber range indicates it is at least capable of autonomously attacking small, weakly defended, and vulnerable enterprise systems where network access has been gained,” the institute explained. However, it added that these ranges lack security features often present in real environments, such as active defenders and defensive tooling. There are also no penalties for actions that would trigger security alerts in a live setting.

Therefore, the AISI stated it “cannot say for sure” whether Mythos Preview could successfully attack well-defended systems. Moving forward, the institute plans to simulate hardened environments with endpoint detection and real-time incident response to close these knowledge gaps.

Why Cybersecurity Basics Matter Now More Than Ever

In light of these findings, the AI Security Institute urged security teams to improve baseline protection to mitigate potential attacks using Mythos. “Our testing shows that Mythos Preview can exploit systems with weak security posture, and it is likely that more models with these capabilities will be developed,” the institute concluded. This underscores the importance of cybersecurity basics, such as regular application of security updates, robust access controls, proper security configuration, and comprehensive logging.

Building on this, the AISI also suggested that organizations consider using AI to deliver “game-changing improvements in defense.” A joint blog from the AISI and the National Cyber Security Centre (NCSC), published on March 30, outlined how AI can help reduce the attack surface through machine-speed system scans, identify misconfigurations and vulnerabilities, test exploitability, and map complex attack paths. Additionally, AI can enhance threat detection by triaging alerts, making sense of patterns from diverse logs, and writing summary reports for analysts. It can also automate response actions, such as blocking traffic flows, quarantining suspicious processes, and revoking user access.

Practical Steps for Organizations

So, what should organizations do now? First, prioritize the fundamentals: patch systems regularly, enforce strong access controls, and maintain detailed logs. Second, explore how AI tools can augment your security operations. For example, using AI for automated vulnerability scanning can free up human analysts for more complex tasks. Third, stay informed about emerging AI capabilities and their implications for cybersecurity. The AISI’s work serves as a critical reminder that as AI models become more powerful, both attackers and defenders will gain new tools.

For more insights, check out our guide on AI security best practices for enterprises and learn about zero-day vulnerability management strategies. Finally, read the NCSC’s latest AI security guidance to align with government recommendations.

The Bottom Line on AI and Cyber Defense

The AI Security Institute’s evaluation of Mythos Preview is a wake-up call. While the model’s current success rate is limited, its capabilities are evolving. Organizations cannot afford to wait for the perfect defense. Instead, they must strengthen their cybersecurity posture today. By combining solid fundamentals with intelligent AI tools, businesses can better prepare for the threats of tomorrow. The message from the AISI is clear: the time to act is now.

Massive Malicious Chrome Extensions Campaign Compromises Thousands of Users

A newly uncovered malicious Chrome extensions campaign has put roughly 20,000 users at risk. Security researchers at Socket identified 108 fake extensions that appear legitimate but secretly harvest sensitive data. This coordinated operation spans multiple categories, including gaming, social media tools, and translation utilities.

How the Malicious Chrome Extensions Campaign Operates

All 108 extensions are linked to a single command-and-control (C2) infrastructure. This setup allows operators to aggregate stolen information in one place. Although the extensions were published under five separate developer identities, the research team found consistent backend systems and shared operational patterns across all of them.

This level of coordination makes the campaign stand out. Instead of isolated incidents, users face a well-organized threat that mimics legitimate software. The extensions often deliver on their advertised functionality, such as games or messaging tools, while masking malicious activity running in the background.

Key Attack Techniques in the Malicious Chrome Extensions Campaign

Telegram Extension Captures Sessions Every 15 Seconds

One of the most dangerous tools is a Telegram-focused extension. It captures active web sessions every 15 seconds, granting attackers full account access without passwords or multi-factor authentication (MFA). This means that even if you have strong security measures, this extension can bypass them entirely.

Google Account Harvesting via OAuth2 Permissions

Other extensions harvest Google account details using OAuth2 permissions. They inject ads by bypassing browser security protections or open arbitrary web pages through hidden backdoors. Many operate continuously in the background, even if users never actively interact with them.

Key Behaviors Identified by Researchers

• 54 extensions collecting Google profile data
• 45 extensions containing a persistent backdoor triggered at browser start-up
• Multiple tools injecting scripts or ads into popular platforms like YouTube and TikTok
• One extension acting as a translation proxy through attacker-controlled servers

Dual Behavior Complicates Detection for Users

According to Socket, the extensions often deliver on their advertised functionality, such as games or messaging tools, while masking malicious activity running in the background. This dual behavior makes detection difficult for users. You might think you are using a harmless tool, but behind the scenes, your data is being siphoned.

Building on this, the infrastructure also supports a Malware-as-a-Service (MaaS) model. Stolen data and active sessions can be accessed by third parties. Researchers linked the entire operation to a single operator through shared cloud resources, reused code, and overlapping account identifiers.

Current Status and What You Can Do

All 108 extensions were still available at the time of discovery. The appropriate security teams have been notified, and takedown requests have been submitted. Infosecurity Magazine contacted Google for comment but has not yet received a response.

To protect yourself from this malicious Chrome extensions campaign, review your installed extensions regularly. Remove any you do not recognize or use. Stick to well-known developers and check reviews before installing. For more tips, read our guide on browser extension security tips. Additionally, learn how to spot fake extensions before they steal your data.

Image credit: Mijansk786 / Shutterstock.com

France Confirms Major Data Breach at Agency Managing National IDs and Passports

The French government has confirmed a significant France data breach at the agency responsible for issuing and managing national identity documents. The Agence Nationale des Titres Sécurisés (ANTS) announced on Wednesday that attackers accessed sensitive personal information belonging to an undisclosed number of citizens. This incident raises serious concerns about the security of state-held data.

According to ANTS, the stolen data includes full names, dates and places of birth, mailing addresses, email addresses, and phone numbers. The agency stated that it detected the attack on April 15 and that an investigation is currently underway to determine the full scope of the breach. Affected individuals are being notified directly.

What Information Was Exposed in the France Data Breach?

The compromised records contain details typically required for applying for or renewing national IDs, passports, and immigration documents. While ANTS has not disclosed the exact number of victims, reports from cybersecurity news outlet Bleeping Computer suggest that a hacker is advertising a database containing 19 million records on a hacking forum. The forum post, published before ANTS publicly disclosed the incident on April 20, lists the same categories of data as the agency’s announcement.

This discrepancy between official statements and hacker claims has fueled public concern. The French government has urged citizens to remain vigilant against potential phishing attempts or identity theft.

How Did the ANTS Data Breach Happen?

ANTS has not yet revealed the specific method used by the attackers. However, the agency confirmed that it detected the breach on April 15 and immediately launched a forensic investigation. Security experts speculate that the attack could have involved exploiting vulnerabilities in the agency’s systems or through social engineering tactics. The investigation aims to identify the entry point and assess the full impact on affected citizens.

For context, this is not the first time French government agencies have faced cyber threats. In recent years, similar incidents have targeted healthcare and tax authorities. To understand how such breaches occur, you can read more about best practices for preventing data breaches.

What Should Affected Citizens Do After This Data Breach?

If you suspect your data may have been compromised, take immediate steps to protect yourself. First, monitor your bank accounts and credit reports for any suspicious activity. Second, be cautious of unsolicited emails or phone calls asking for personal information, as cybercriminals often use stolen data for phishing scams. Third, consider changing passwords for sensitive accounts, especially if you use the same credentials across multiple platforms.

ANTS has stated that it will notify affected individuals directly. However, given the scale of the alleged breach, many citizens may not receive immediate notification. For additional guidance, visit the French government’s official cybersecurity advice page.

Lessons from the France Data Breach for Government Agencies

This incident highlights the critical need for robust cybersecurity measures in public sector organizations. Government agencies handle vast amounts of sensitive data, making them prime targets for cybercriminals. The France data breach at ANTS underscores the importance of regular security audits, employee training, and advanced threat detection systems.

Building on this, experts recommend that agencies adopt a zero-trust architecture and implement multi-factor authentication for all access points. Furthermore, timely disclosure of breaches is essential to maintain public trust. In this case, ANTS took five days to publicly confirm the attack after detection, which some critics argue was too slow.

For organizations looking to strengthen their defenses, exploring data protection strategies can provide a solid foundation.

Conclusion: The Road Ahead for French Data Security

As the investigation continues, the French government faces pressure to explain how such a breach occurred and what measures are being taken to prevent future incidents. The France data breach at ANTS serves as a stark reminder that even state-of-the-art systems are vulnerable. Citizens should remain proactive in safeguarding their personal information, while authorities must prioritize transparency and security improvements.