International law enforcement has successfully disrupted major DDoS-for-hire operations, marking a significant win against cybercrime. Concurrently, OpenAI's expansion of GPT-5.4-Cyber access is intensifying the race in AI-driven cybersecurity solutions. In the financial sector, American Express has acquired AI expense management fintech Hyper, highlighting the growing integration of machine learning in banking. These developments underscore critical advancements and challenges across cybersecurity and enterprise AI.
International Law Enforcement Disrupts Major DDoS-for-Hire Operations
An extensive international law enforcement effort, dubbed "Operation PowerOFF," has successfully dismantled 53 domains and arrested four individuals linked to commercial distributed denial-of-service (DDoS) operations. These services were utilized by over 75,000 cybercriminals, facilitating more than $20 million in attempted fraud. The operation significantly disrupted access to these DDoS-for-hire platforms and seized their underlying technical infrastructure.
Authorities also gained access to databases containing over 3 million criminal user accounts, indicating the broad reach of these illicit services. In addition to the arrests and infrastructure takedowns, law enforcement agencies are issuing warning emails and letters to identified criminal users, with 25 search warrants already executed. This coordinated action involved 21 countries, highlighting the global nature of cybercrime and the necessity for international cooperation to combat it effectively.
The U.S. Department of Justice further announced parallel actions, disrupting several prominent DDoS Internet of Things (IoT) botnet services. These efforts underscore a continued commitment to holding DDoS botnet administrators accountable and seizing websites that enable users to launch potent DDoS attacks. The DoJ also initiated an advertising campaign to deter potential cybercriminals and inform the public about the illegality of DDoS attacks.
This disruption is a significant blow to the "DDoS-for-hire" ecosystem, which Europol describes as one of the most prolific and easily accessible trends in cybercrime, allowing individuals with minimal technical skills to launch disruptive attacks. By targeting the infrastructure and user base of these services, Operation PowerOFF aims to reduce the overall volume and impact of DDoS attacks globally, protecting legitimate online services from malicious traffic.
OpenAI Expands Access to GPT-5.4-Cyber, Intensifying AI Cybersecurity Race
OpenAI has significantly expanded access to its GPT-5.4-Cyber model, a frontier AI specifically fine-tuned for defensive cybersecurity tasks. This move widens the "Trusted Access for Cyber" program to hundreds of organizations immediately, with plans to reach thousands of vetted defenders in the coming weeks. The expansion includes a $10 million ecosystem grant in API credits, aiming to accelerate adoption among open-source maintainers, vulnerability researchers, security vendors, and large enterprises. This initiative directly positions OpenAI in a competitive landscape against Anthropic's Claude Mythos, which has demonstrated powerful offensive capabilities in vulnerability discovery.
GPT-5.4-Cyber offers enhanced binary analysis, allowing security professionals to analyze compiled code and malware without source access, thereby accelerating reverse engineering and exploit-chain mapping. OpenAI is implementing layered identity verification, Know-Your-Customer processes, and tiered permissions, alongside robust monitoring and auditing, to mitigate misuse. This strategic expansion underscores the growing reliance on advanced AI models for proactive vulnerability detection and incident response, as the cybersecurity industry grapples with increasingly sophisticated threats.
The timing of OpenAI's announcement, shortly after Anthropic's Claude Mythos revealed its ability to autonomously discover zero-day vulnerabilities, highlights a rapid escalation in the AI cybersecurity arms race. While Anthropic has taken a more cautious approach, limiting Mythos's general availability due to its potent offensive capabilities, OpenAI is pushing for broader, controlled deployment of its defensive AI. This competitive dynamic is driving innovation in AI-driven cybersecurity solutions, compelling enterprises to evaluate which vendor's access model best aligns with their risk posture and defensive strategies.
—SECTION—
HEADING: White House Considers Federal Agency Access to Anthropic's Claude Mythos Amidst Security Concerns
CATEGORY: AI Regulation
BODY:
The White House Office of Management and Budget (OMB) is reportedly preparing to authorize a modified version of Anthropic's Claude Mythos model for use by major U.S. federal agencies. This development comes despite ongoing concerns that the powerful AI model could rapidly identify and potentially exploit cybersecurity vulnerabilities. Federal Chief Information Officer Gregory Barbaccia indicated that the OMB is establishing safeguards to enable federal agencies to utilize the model, though specific agencies and timelines for deployment remain unconfirmed.
This potential authorization signals a significant shift in federal cyber defense strategy, moving towards leveraging frontier AI models capable of discovering vulnerabilities at a pace far exceeding human capabilities. The move also highlights a divergence in approach within the U.S. government, as the Department of Defense's supply-chain risk designation against Anthropic, issued in March, remains in effect, barring the company from defense contracts. This "civilian workaround" aims to provide federal agencies with advanced defensive AI capabilities while attempting to control the model's potent offensive potential.
The debate surrounding Claude Mythos underscores the complex challenges of integrating highly capable AI into critical infrastructure and government operations. Experts emphasize the need for robust, multi-layered control frameworks encompassing discovery, classification, security, assurance, and action to manage the risks associated with such powerful AI. The situation also presents a crucial lesson for private-sector buyers, emphasizing the importance of carefully evaluating AI vendor access models and ensuring appropriate guardrails are in place to prevent misuse and manage the evolving threat landscape.
American Express Acquires AI Expense Management Fintech Hyper
American Express (Amex) has announced its acquisition of Hyper, a New York-based fintech specializing in AI-powered expense management. This strategic move, slated to close in the second quarter of 2026, aims to significantly bolster Amex's AI capabilities within its commercial services division. Hyper, founded in 2022, has developed a back-office automation platform that leverages AI agents to streamline financial workflows, with its flagship product being an AI assistant for real-time expense review and filing via text.
The acquisition builds upon a prior collaboration between Amex and Hyper in 2024, which saw the joint launch of the Hypercard Rewards American Express card. Amex's Group President of Global Commercial Services, Raymond Joabar, emphasized that Hyper's "deep expertise in designing and deploying AI agents" will be crucial as the company continues to integrate AI into its products and services, including an upcoming expense management platform later this year. This indicates a clear strategic direction for Amex to enhance its offerings with advanced AI automation.
Hyper also has two additional AI agents in development: an FP&A agent for forecasting and business performance analysis, and a travel agent for corporate travel planning. This acquisition highlights the growing trend of established financial institutions integrating specialized AI fintechs to gain a competitive edge in automation and efficiency. The move is expected to set a new benchmark for platform providers in the core banking space, shifting the focus from theoretical AI applications to practical, governed delivery.
—SECTION—
HEADING: Slash Financial Achieves Unicorn Status with AI-Powered Financial Agent 'Twin'
CATEGORY: AI Agents
BODY:
Slash Financial, a banking platform for modern businesses, has achieved a $1.4 billion valuation after a $100 million Series C funding round. This significant investment underscores a definitive pivot towards the era of AI agents and autonomous finance within the fintech sector. The core of this development is the launch of "Twin," Slash's new AI-powered financial agent, designed to act as an AI Chief of Staff.
Twin leverages contextual access to a company's entire Slash account to provide insights on recurring financial and operational tasks, and crucially, can take direct action via card or bank payments and other key functions. This transforms the value proposition of a business banking platform from merely a digital interface to offering genuine operational automation, enabling a "lean, high-velocity" model for modern businesses.
This development signals that the next competitive battleground in fintech is shifting beyond feature parity in corporate cards or expense management to the depth and security of embedded, proactive AI that minimizes human effort. The move sets a new standard for indispensable financial operating systems and will likely prompt direct competitors in the SMB banking and expense management space to accelerate their transition from software-first to intelligence-first platforms.
Expert.ai and Microsoft Italy Partner to Accelerate Enterprise AI Adoption with Neuro-Symbolic Approach
Expert.ai and Microsoft Italy have announced a strategic collaboration to accelerate the adoption of artificial intelligence for critical business processes. This partnership makes Expert.ai's EidenAI Suite solutions available on the Microsoft Azure Marketplace, enabling organizations globally to deploy proven AI technologies within the Azure ecosystem. The collaboration aims to move businesses beyond experimental AI usage to practical, operational transformation, focusing on reliable, governable, and scalable AI solutions.
Expert.ai's approach leverages neuro-symbolic AI, combining the adaptability of generative AI with the precision of structured knowledge and business rules. This integration within Microsoft Azure supports the entire AI value chain, from data acquisition and understanding to knowledge creation, AI model orchestration, and the activation of explainable and auditable decisions and processes. This is particularly significant for enterprises seeking to operationalize AI effectively, ensuring that AI systems not only respond but also reason and provide transparent explanations for their actions.
The partnership addresses a growing need for businesses to bridge the gap between AI's potential and its tangible value in daily operations. By offering enterprise-grade solutions on a trusted platform like Azure, Expert.ai and Microsoft aim to remove barriers to AI adoption, especially for complex workflows where control, transparency, and reliability are paramount. This move is expected to help organizations harness AI to drive growth and innovation with greater confidence and efficiency.
McGraw Hill Data Breach Exposes 13.5 Million Accounts via Salesforce Misconfiguration
The ShinyHunters extortion group has leaked data associated with 13.5 million McGraw Hill accounts, stemming from a security incident involving a misconfigured Salesforce environment. The exposed dataset, exceeding 100GB, reportedly contains sensitive personal information including email addresses, names, phone numbers, and physical addresses. This incident highlights the critical importance of secure third-party integrations and robust configuration management, especially when handling large volumes of user data.
While McGraw Hill, a prominent educational solutions provider, has stated that its core systems and more sensitive data were not compromised, the breach of 13.5 million accounts still represents a significant privacy concern for affected individuals. The exposure of personal contact information could lead to increased risks of phishing attacks, identity theft, and other forms of social engineering targeting students, educators, and other users of McGraw Hill's services. Organizations must recognize that even data considered "less sensitive" can be weaponized by threat actors.
This incident underscores a recurring theme in cybersecurity: the vulnerability introduced by third-party platforms and misconfigurations. Salesforce, a widely used CRM, often holds vast amounts of customer data, making its secure implementation and continuous monitoring paramount. Companies relying on such platforms must ensure that their configurations adhere to best practices and that access controls are rigorously enforced to prevent unauthorized data exfiltration.
The ShinyHunters group, known for its data extortion activities, continues to demonstrate its capability to exploit vulnerabilities across various platforms. This breach serves as a stark reminder for all organizations, particularly those in the education sector, to conduct thorough security audits of their third-party integrations and regularly review their data handling practices to mitigate the risk of similar incidents.
Sources
- thehackernews.com
- securityboulevard.com
- csoonline.com
- straitstimes.com
- substack.com
- ffnews.com
- ffnews.com
You must be logged in to post a comment.