Loading summary
A
You're listening to the Cyberwire Network, powered by N2K.
B
Heading to this year's Black Hat USA. The N2K CyberWire team will be on site recording from our podcast studio in the Spectre Ops Kennel Club. If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.thecyberwire.com for more information. And make sure you stop by the studio and meet the N2K CyberWire team. We'll see you there. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for. Every vendor that turns on AI features, every new integration. Each one is an opportunity for something to go wrong. And most security programs weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by over 16,000 fast moving companies like Ramp, Cursor and Harvey to ensure they're always audit ready. And now Vanta is helping companies like yours watch for the risks that show up between audits across your vendors, your AI tools and your whole environment. How the Vanta agent works like a 24.7grc engineer in the background, finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber that's V-A-N T A.com cyber. Accenture confirms a data breach An Australian telecom investigates a nationwide outage it's shields up for the UK CISA eyes September for its critical infrastructure reporting rule News junkie fakes CTV ad traffic Agentic AI triggered triggers EDR CISA taps Mythos for vulnerability scans Meta faces trillion dollar fines in state lawsuits Our guest is Russ Anderson, COO and co Founder of Rapid Fort Sharing, a coordinated industry effort to harden the world's most critical open source software against AI enabled cyber threats. And when it comes to breaches, mum's the wor. It's Wednesday, july 8, 2026. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. Accenture has confirmed a security breach after a threat actor known as 888 claimed to have stolen 35 gigabytes of company data and offered it for sale on a cybercrime forum. The alleged data includes source code, RSA and SSH keys, Azure personal access tokens, Azure storage access keys and configuration files. To support the claim. The actor shared a screenshot appearing to show an Azure DevOps repository hosted under an Accenture domain, though the full scope of the breach has not been independently verified. Accenture said it remediated the issue and that operations and service delivery were unaffected, but declined to confirm what data was accessed, how attackers gained entry, or whether customer information was impacted. The company previously experienced breaches in 2021 and 2024 in Australia. Telstra is continuing to investigate the cause of a nationwide outage that disrupted mobile, Internet and transport services, with the company saying it cannot yet rule out either human error or a cyber attack. Acting CEO Michael Ackland said there's currently no evidence of malicious activity, but investigators are examining all possibilities alongside government agencies and regulators. The outage has been linked to a time synchronization error affecting Telstra operated data centers in Melbourne and Sydney, disrupting data and voice services. Thousands of customers were affected, with more than 7,500 outage reports logged and some emergency calls requiring follow up welfare checks. The incident also forced train suspensions in Victoria and New South Wales, Underscoring concerns about the resilience of Australia's critical telecommunications infrastructure, Britain's National Cybersecurity center has unveiled plans for cybershield, or a sovereign cyber defense initiative that will use AI to identify and remediate cybersecurity weaknesses across government networks and critical national infrastructure. The program is intended to counter AI enabled cyber threats that can rapidly accelerate reconnaissance and vulnerability discovery, potentially overwhelming traditional defenses. Cybershield envisions paired AI Red agents that probe for vulnerabilities and blue agents that defend systems in real time under the control of infrastructure operators. While some capabilities such as automated network scanning already exist, fully autonomous vulnerability remediation will require further research. The NCSC plans to test the system with government and critical sector partners before expanding it commercially, while inviting industry and academia to help develop the initiative. CISA plans to finalize its Cyber Incident Reporting for Critical Infrastructure act reporting rule in September. The rule will require covered critical infrastructure organizations to report significant cyber incidents within 72 hours and ransomware payments within 24 hours. CISA is reviewing public feedback that urged the agency to reduce reporting burdens, clarify key definitions and better align the requirements with existing federal reporting obligations. The rule has been delayed several times after missing its original October 2025 statutory deadline. Human Security has uncovered and disrupted a coordinated connected TV ad fraud operation dubbed News Junkie, which generated large volumes of invalid advertising traffic disguised as premium CTV inventory. According to the company's Satori threat intelligence and research team, the campaign exploited the limited visibility available in CTV environments by spoofing device application and IP information through server side ad insertion. A more advanced variant also used residential IP addresses paired with Forge device details to evade detection. At its peak, the operation produced hundreds of millions to nearly 2 billion invalid bid requests per day for individual sellers. Heumann said the fraud highlighted the need for end to end supply chain visibility to detect increasingly sophisticated CTV advertising threats and confirmed the operation has been disrupted for its customers. Researchers at Sophos report that AI coding agents such as Claude Code, Cursor Codex and GSTACK are increasingly triggering endpoint security detections because their behavior often resembles attacker activity. Analysis of telemetry from Sophos Behavioral Engine found frequent detections involving credential access, execution, command and control, and defense evasion techniques. Examples included decrypting browser credentials, accessing Windows Credential Manager using PowerShell, downloading software through legitimate Windows utilities, and writing files to startup folders. While these actions were generally part of legitimate automation, they closely match techniques commonly used by threat actors. Sophos concludes that existing behavioral protections are functioning as intended but will require ongoing refinement as AI agents become more common, emphasizing that organizations must establish clear policies governing what AI agents are permitted to do on enterprise endpoints, the US Space Force has expanded the field of companies eligible to compete for national security launch contracts. With the latest on that, our own Ethan Cook.
C
Thanks, Dave. On Tuesday, the U.S. space Force announced it was widening the field of companies that are eligible to compete for national security launch contracts. With this expansion, the Space Force is adding launch startup Relativity Space and orbital transportation company Impulse Space to its roster of commercial providers. This move is a part of an effort to diversify how military satellites reach orbit. Notably, unlike traditional contract awards, indefinite quantity or IDIQ contracts will not guarantee launch business. In these contracts, companies are placed into a pre qualified pool of companies that the Space Force can then solicit bids from as the need for missions arise. Other companies in this pool include SpaceX, United Launch Alliance, Blue Origin Rocket Lab and Stoke Space. For the T Minus Space Cyber Briefing, this is producer Ethan Cook. Back to you Dave.
B
That's the CyberWire's Ethan Cook. Be sure to check out the Cyberwire Pro business briefing written by Ethan that is on our website. Part of Cyberwire Pro, CISA is reportedly using Anthropic's Mythos AI model to scan federal code repositories for security vulnerabilities before they can be exploited by foreign intelligence services or cybercriminals, according to Reuters. The effort Is led by CISA's attack surface evaluation team, with sources saying the tool has already identified a significant number of flaws, although the affected agencies and severity have not been disclosed. Mythos Anthropic's most advanced cybersecurity focused AI model is also reportedly being used by the National Security Agency. The deployment follows earlier tensions between Anthropic and the US Government over AI safeguards, but the relationship has since improved. The initiative reflects growing government interest in using advanced AI to strengthen proactive cyber defense. Meta platforms could face up to $1.4 trillion in penalties in a lawsuit brought by California, Colorado, Kentucky and New Jersey, which allege the company deliberately designed Facebook and Instagram to be addictive for children while misleading the public about their safety. Meta denies the allegations, calling the proposed penalties unprecedented and unsupported by the evidence. The case heads to trial in August, where the court will also consider claims from 29 states alleging violations of the Children's Online Privacy Protection act by collecting children's data without proper parental consent. Meta faces additional lawsuits from other states over similar allegations. The litigation is part of broader legal scrutiny of social media companies over claims that their platforms intentionally encourage excessive use among children and contribute to mental health harms. Coming up after the break Break My conversation with Russ Anderson from Rapid Fort. He's sharing the coordinated industry effort to harden the world's most critical open source software and when it comes to breaches, mum's the word. Stay with us. AI is making phishing attacks faster, more convincing and harder for people to spot. And traditional security awareness and phishing training weren't designed for this level of attack. Hoxhunt helps security teams prepare employees for the attacks they face every day with personalized phishing training that adapts to each employee and reduces risky behavior over time for IT and security leaders looking to strengthen their human layer of defense without adding more manual work. Visit hoxhunt.com cyberwire to learn more. That's H O x h u n t.com cyberwire. This episode is supported by Black Hat usa. If you follow the research, you know a lot of it breaks on. Black Hat stages hundreds of peer reviewed briefings, more than 100 hands on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow, August 1st through the 6th, use code CYBERWIRE for $200 off your briefings pass@blackhat.com we'll see you in Vegas. Russ Anderson is COO and co founder of RapidFort. Today we're discussing the Linux Foundation's ACRITES initiative, a coordinated industry effort to harden the world's most critical open source software against AI enabled cyber threats.
D
I think this is a collaborative effort that stemmed from numerous conversations across both the AI foundational model community and the cybersecurity model community in terms of what are we going to do now from a defensive perspective, given the power that these new models have. So it was a conversation that the Linux foundation centralized across a number of stakeholders, both in industry and government, from what I understand, and so give us
B
the details here of what you all are setting out to do.
D
Well, bear in mind it's a community effort. And while Rapid Forte is on the governing body, fundamentally what we're endeavoring to do is to empower the existing open source community to continue to maintain their software. And there are a couple of challenges in doing that. In the sense that the way vulnerabilities were historically discovered and reported moved at, shall we say, human speed, and now there's a need to move at machine speed. And so a lot of these social constructs in the vulnerability reporting ecosystem now essentially need to be updated, upgraded or updated, while not reducing the role of the fundamental asset of the open source community, which is the open source community maintainers themselves. So it's an effort designed to essentially empower the existing ecosystem to respond to these new AI threats.
B
And how do you plan on striking that balance between the historically human side of open source software and as you say, that need to increase the velocity?
D
Well, it's not easy. And it's not easy for many reasons. But fundamentally the model is one of inclusivity in the sense that the open source community, the fundamental issue we need to overcome is that there's tremendous transparency in the way vulnerabilities were discovered and reported. But it's that transparency itself, which is essentially providing the opportunity for AI enabled malicious actors to take advantage of it. For example, in the past when a vulnerability was disclosed, a human would need to take that vulnerability essentially exploited. And that took days, if not weeks. And so the ecosystem had enough essentially time in it to respond. Now that same vulnerability can be taken essentially from anywhere upstream and weaponized in hours. And so a manual response is no longer viable. And so it's how do you marry the benefits of AI automation with the merits of human enabled open source collaboration? And that's kind of the challenging part. And so if you read what is in the public domain with a Creditus. It's essentially somewhat segmenting that disclosure and then enabling it, enabling the remediation with AI tools. And so members essentially of this community will get advanced notifications and then the tools to fix these things at the machine speed they need to match.
B
And so what does the future state look like to you? What are you envisioning this as it plays out?
D
That's an excellent question. There's a happy path and there's a not happy path. And the happy path is efforts like this are able to harness the power of AI in collaboration with human efforts. And there is actually a very unhappy path where AI calls the frag causes the fragmentation or the overwhelming of the open source community, which would be a tremendous loss in the sense that the open source community up until this point had been an economic asset to all economies, all people, everywhere. The ability to get free software was one of the drivers of a lot of the economic growth that we've seen in the last 15 to 20 years. And so if that would be imperiled, I think everyone would be worse off.
B
It strikes me that by its very nature the open source community is kind of diffuse and I think that's for many years been a feature, not necessarily a bug. But how do you address that naturally diffuse nature when you're trying to create this organizing movement that is inclusive, as
D
you say, it's not easy to do. And this is why I think this project is so needed and it's going to be such a challenge. The open source community have really provided tremendous benefit while not being paid, not being compensated and sort of delivering a lot of value. And they don't necessarily want to apply patches and do a lot of essentially the maintenance of these open source systems because they're much more motivated by building new features and capabilities. And so one of the challenges for the open source community is they're starting to have to do a lot of the really mundane and drudgery kind of activities that typically are normally compensated. And so I don't actually know what the how this is going to play out, but I do think that this is the best model I've seen because it's the most collaborative and it's the most viable in the sense that it has all the people involved necessary for success. It's got the model providers, it's got the open source community, it's got the cloud providers, it's got essentially the right people in the conversation. Now what happens from here is hard to predict, but having spoken to members and in the community at large, there's quite a lot of enthusiasm around how this, this could play out.
B
What have the discussions been like about unintended consequences, you know, throwing up unintentional roadblocks or inadvertently becoming a gatekeeper?
D
Well, I don't think anyone could have predicted how fast AI would involve in these unattended consequences. And so I don't think that there has been. I think what's positive is that conversations have been sincere, they've been based on the best information that is available. But I don't think anyone could really have predicted that this was going to come in the way, shape and form that it has unfolded. And there's many aspects to that. There's the political involvement, there's the geopolitical involvement of open source. It's a very complicated problem. And I don't think anybody can lay claim to the fact that they understand all of these complexities and let alone have predicted it.
B
What is your hope for the future here? When you think about the ideal situation a few years down the line, what might that look like?
D
I think the positive case is that we are going to face some large waves as these models roll through. As a model gets upgraded, it's going to find more and more vulnerabilities, but my hope is that their waves are smaller and smaller and smaller as essentially vulnerability discovery sort of reaches this asymptote. And so my hope for the future is that the open source community can leverage the benefits of AI, which is to deploy awesome software cheaply and rapidly and inexpensively to the benefit of all, while not having to suffer some of the security risks we face today. So I am somewhat optimistic that the rate of vulnerability discovery is actually going to go down and the ability to actually address it's going to go up. And so we can essentially rebalance what is looking like a pretty ominous equation here.
B
What sort of information can you share for folks who may want to join your efforts?
D
Well, again, it's a community effort, but please follow WhatsApp kritis a k R-I-T dashes.org there's essentially a number of forms and opportunities to collaborate and contribute.
B
That's Russ Anderson, COO and co founder of RapidFort. As organizations grow, so does complexity. New applications are deployed, vendors are granted temporary access, and remote support tools are installed. Many of them never go away. In my recent conversation at RSAC 2026 with Rob Allen, Chief Product Officer at ThreatLocker, he explains how these forgotten tools create hidden pathways into enterprise environments and why attackers increasingly exploit what's already inside the network. Instead of trying to break through the perimeter, learn how to reduce lingering access, shrink your attack surface, and implement zero trust more effectively by listening to the full conversation at explore.thecyberwire.com threatlocker. So good, so good so good.
A
New summer arrivals are at Nordstrom Rack stores Now get ready to save big with up to 60% off brands like Rag and Bone, Levi's, Adidas and Free people. Join the NordicLub to unlock exclusive discounts. Shop new arrivals first and more. Plus, buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you Rack
E
this episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome? That's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration blog. Or finally, break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check responses, setup required, compatibility and availability various 18.
B
And finally the latest CyberSecurity survey from Bitdefender suggests that while breach disclosure rules are becoming more common, workplace culture is still playing by its own rule book. More than half of respondents, 55%, said they had been told to stay quiet about a security breach, a figure that has climbed sharply over the past two years before settling into an uncomfortable plateau. The report argues that changing policy is easier than changing behavior, especially when silence still feels like the safer option. Meanwhile, more than half of organizations experienced a cyber incident over the past year, with unauthorized cloud access, business email compromise and ransomware leading the list. The survey also found a confidence gap worthy of its own risk assessment. Executives and managers consistently viewed their security posture more favorably than frontline staff. Apparently, the higher you climb the org chart, the the clearer everything looks. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Iban. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
A
Have no fear. Chosen Foods is here to defend your favorite foods from the forces of seedy oils and sketchy ingredients with cooking oil, salad dressings and mayo, all powered by the good fats from 100% pure avocado oil and simple, delicious ingredients. Chosen Foods
B
what happens when AI agents gain access to the same systems, applications, and credentials as your employees? According to Arvind Nithra Kashayap, CTO and co founder of Rubrik, that reality is already here. As AI agents proliferate across enterprise environments, organizations face a growing how do you govern systems that operate at machine speed? To learn more about AI sprawl, the risk it creates, and how organizations can prepare, visit explore.thecyberwire.com Rubrik to hear the full conversation.
Date: July 8, 2026
Host: Dave Bittner (N2K Networks)
Guest Interview: Russ Anderson, COO and Co-Founder of RapidFort
This episode covers the latest developments in cybersecurity, focusing on high-impact news including the Accenture breach, a major Australian telecom outage, new AI-driven defenses, and updated regulatory frameworks. The feature interview with Russ Anderson spotlights the open source community's coordinated effort (under the Linux Foundation's ACRITES initiative) to harden key open source software against AI-enabled cyber threats.
"Accenture said it remediated the issue and that operations and service delivery were unaffected, but declined to confirm what data was accessed, how attackers gained entry, or whether customer information was impacted." (03:51)
"Cybershield envisions paired AI Red agents that probe for vulnerabilities and blue agents that defend systems in real time under the control of infrastructure operators." (05:10)
"While these actions were generally part of legitimate automation, they closely match techniques commonly used by threat actors." (08:00)
"Changing policy is easier than changing behavior, especially when silence still feels like the safer option." (25:58)
Guest: Russ Anderson, COO & Co-Founder at RapidFort
Topic: Linux Foundation’s ACRITES initiative – Securing Open Source Against AI-Enabled Threats
“What are we going to do now from a defensive perspective, given the power that these new models have?” – Russ Anderson (15:07)
"The way vulnerabilities were historically discovered and reported moved at, shall we say, human speed, and now there's a need to move at machine speed." (15:44)
"Now that same vulnerability can be taken essentially from anywhere upstream and weaponized in hours. And so a manual response is no longer viable." (17:14)
"There's quite a lot of enthusiasm around how this could play out." (20:46)
“If that would be imperiled, I think everyone would be worse off.” (18:11)
“Please follow WhatsApp kritis... there’s essentially a number of forms and opportunities to collaborate and contribute.” (23:36)
“The ecosystem had enough essentially time in it to respond. Now that same vulnerability can be... weaponized in hours.” – Russ Anderson (17:11)
“The open source community up until this point had been an economic asset to all economies, all people, everywhere.” – Russ Anderson (18:45)
“Changing policy is easier than changing behavior, especially when silence still feels like the safer option.” (25:58)
This episode underlines the growing pace and complexity of cybersecurity risks, shaped by AI's dual role as both an enabler of attacks and emergence of next-generation defenses. The featured discussion on the ACRITES initiative highlights the importance of evolving open source security to meet the new speed and scale of AI-driven threats—emphasizing collaboration, community empowerment, and responsible use of AI tools as the way forward.