Mythos Implications for Cybersecurity Leaders
Summary What happened? On April 6th, Anthropic revealed Project Glasswing, Anthropic’s initiative to secure critical software against AI-enabled adversarial vulnerability identification and exploitation. It is powered by Claude Mythos, which Anthropic calls a step-change in artificial intelligence reasoning and coding. Mythos is reported to be capable of autonomously identifying and exploiting high-severity and zero-day vulnerabilities at […]
Iran Targets Western Companies with Cyber Attacks
Iran Cybersecurity Threat Update In our March 1 blog on the unfolding Iran situation, we warned that the killing of the Supreme Leader of Iran, Ali Khamenei, and significant Iran Revolutionary Guard Corps (IRGC) leadership losses increased both the motivation and the likelihood of Iranian cyber retaliation. As military operations continue, we are now seeing […]
Iran Update – 1 March 2026: What Khamenei’s Death Changes
This update supersedes our initial advisory of 28 February 2026. What Has Changed U.S. and Israeli operations have entered a second day. Iranian Supreme Leader Ayatollah Ali Khamenei has been confirmed dead. At least 40 senior Iranian military and security officials were killed in the same strike package, including the IRGC Commander, Defense Minister and […]
Emerging Legal and Regulatory Frameworks Governing AI
Summary Artificial intelligence (AI) has quickly emerged as a transformative technology, impacting nearly every aspect of society, from medicine to education to manufacturing. Governments are beginning to respond, and what they do to govern the development and deployment of novel forms of AI will be one of the major themes of the next several years. […]
Managing Software Supply Chain Risk: A Buyer’s Guide
Chertoff Group Cybersecurity leaders Adam Isles and David London, along with John Steven, senior advisor and CEO of Aedify, led a CyberSymposium learning session about how software purchasers can incorporate best practices to secure their software supply chains. The discussion offered a summary of software security frameworks and their limitations, where organizations can encounter blind […]
The Cloud is Falling: AWS Outage and Why it Matters
What Happened? On October 20, 2025, Amazon Web Services (AWS) experienced a major outage around 3:00 a.m. Eastern. General service was restored by 3:30 p.m., though some services were still degraded. The outage affected AWS’s US-EAST-1 region, impacting thousands of websites and applications such as airlines, social media, gaming, financial services and Amazon’s own services. […]
A Window Sticker for Software
How Buyers Can Use Performance Measures to Drive Better Security in Software Products Every modern organization relies on software and systems that it cannot create for itself. Whether that be small office automation software, larger enterprise applications, or hundreds of Internet-based services, the organization depends on that software to meet its business goals. The number […]
Preparing for Sensitive Personal Data Security Requirements
On April 8, a U.S. Department of Justice (DOJ) rule took effect that restricts the handling of U.S. personally identifiable information (PII), where companies or their employees, vendors or investors have touchpoints in China, Russia and other countries of concern. Background and Key Provisions The Final Rule, published in December 2024, applies to “covered data […]
Michael Chertoff: Britain Should Reconsider its Move to Break Encryption
In January, the United Kingdom served Apple with an order to force the company to create a backdoor for British law enforcement enabling access to the encrypted cloud backups of any Apple user worldwide. A technical capability notice issued under the UK’s Investigatory Powers Act, is unprecedented in both its legal and geographic scope, requiring […]
Salt Typhoon Amplifies Why End-to-End Encryption is Essential
Introduction Adam Isles and Andreas Kurland from our Cybersecurity team discuss the infiltrations of the Salt Typhoon security breach with the CISO Tradecraft podcast. As the U.S. government reveals that intrusions into telecom companies are deeper, more wide-spread and more severe than previously known, it is essential to incorporate end-to-end encryption into communication methods. What […]