DataBreachToday.com

Also: Washington's AI Policy Divide, FDA's Push for AI-Driven Clinical Trials
In this week's panel, four ISMG editors discussed the battle over who gets to access powerful AI cybersecurity models, policy issues unfolding in Washington over AI-driven cyber defenses, and how the FDA is beginning to test AI-supported real-time clinical trials to speed up drug development.

State Insurance Officials Seeking Details About Service Firm's Mega Data Breach
Missouri regulators are widening their investigation into the 204 hacking incident at Conduent Business Services, alleging that the company has stonewalled the state's attempts to obtain information about the data breach, which is estimated to affect more than 25 million people nationwide.

Top Democrat Warns States Are Losing Federal Cyber Defense Support
A top U.S, Senate Democrat decried shrinking federal support for election security ahead of the November midterms, warning that cuts to the Cybersecurity and Infrastructure Security Agency could leave states without cyber defense or threat intelligence capabilities

AI-Developed Attack Tooling Generated 'High-Volume, Noisy Workflows'
A hacker used Claude and Chat GPT in a cyberattack against a municipal water and sewage utility's operational technology systems in Mexico in January, according to forensic analysis by OT security firm Dragos. The tools "leveraged known techniques and existing vulnerability knowledge."

Artificial intelligence that is embedded in newer editions of software and other technology tools but is not explicitly revealed by vendors is a substantial risk on par with shadow AI, said regulatory attorney Elizabeth Hodge with the law firm Akerman LLP.

Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail Sentence
This week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another Ivanti zero-day.

WatchGuard Aims to Reduce Alert Fatigue Through Telemetry Correlation
WatchGuard acquired SaaS security startup Perimeters to strengthen cloud detection and response capabilities spanning identity threat detection, cloud posture management and shadow IT discovery as enterprises face escalating attacks targeting cloud applications and distributed environments.

ServiceNow Takes Aim at Enterprise AI Sprawl at Knowledge 2026
At its Knowledge 2026 conference, ServiceNow announced artificial intelligence control tower expansions, an autonomous workforce across every business function and a platform play to become the operating layer for all enterprise AI solutions.

Pentagon Expands Frontier AI Providers Amid Anthropic Legal Fight
The Pentagon said it will no longer depend on a single artificial intelligence provider as the White House pushes agencies to diversify frontier AI systems amid an escalating legal and policy fight with Anthropic over military use of advanced models.

AI-Driven Attacks Compress Breakout Times, Forcing Defenders to Rely on Context Now
AI has lowered the cost and speed of cyberattacks, enabling adversaries to exploit vulnerabilities within minutes. As breakout times collapse, security teams must respond faster by using context-driven intelligence and automation to detect, prioritize and stop threats in real time.

Mythos Moves the Needle on AI Innovation, Defense
Anthropic’s “Mythos moment” is accelerating vulnerability discovery, but speed without validation is a growing risk. As exploit windows shrink and remediation lags, more findings only mean more noise. The real advantage lies in validating what actually matters—and fixing it first.

Portable KYC Remains Elusive Despite Digital Identity Growth in UAE, Europe, Asia
The United Arab Emirates recently launched a national digital Know Your Customer platform under the oversight of the UAE Central Bank, aiming to standardize customer onboarding, streamline compliance checks and strengthen anti-money laundering enforcement.

ARPA-H Program Aims to Speed Up Disease Breakthroughs Using AI-Enabled Ecosystem
Biomedical research breakthroughs for complex diseases and chronic illnesses can take years to achieve. The U.S. Department of Health and Human Services is hoping to speed that up ten-fold by creating an artificial intelligence-enabled interoperable research ecosystem.

Mythos Found ‘Tens of Thousands’ of Unpatched Flaws With Months to Fix Them
Anthropic CEO Dario Amodei warned that Claude Mythos has found tens of thousands of unpatched software vulnerabilities, with a six-to-12 month window before Chinese AI models catch up. The disclosure came alongside a major financial services push including an investor-backed firm and 10 new AI agents.

Allianz Retains Risk Exposure While Outsourcing Cyber Insurance Operations
Allianz will transition operational control of its standalone commercial cyber insurance business to Coalition, combining the insurer's global distribution and balance sheet with Coalition's cyber underwriting, monitoring and incident response capabilities in a long-term strategic partnership.

Litigation Initiated by the US FTC Leads to Settlement Restricting Data Broker
The Federal Trade Commission has banned an Idaho-based data broker from selling sensitive location data gathered from "hundreds of millions" of individuals' mobile devices without their knowledge or consent. The proposed order ends several years of legal sparring between Kochava and the FTC.

BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCs
BlueVoyant named John Hernandez - the former leader of Quest's Microsoft security business - as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.