AI is already making online swindles easier. It could get much worse. Some cybersecurity researchers say it's too early to worry about AI-orchestrated cyberattacks. Others say it could already be happening. Anton Cherepanov is always on the lookout for something interesting. And in late August last year, he spotted just that.

Plus: AI reportedly caused ICE to send agents into the field without training, Palantir's app for targeting immigrants gets exposed, and more. As Immigration and Customs Enforcement continues its "Operation Metro Surge" infiltration of Minnesota, more than 2,000 ICE operatives and about 1,000 other federal agents have made more than 2,400 arrests since the operation began in late 2025, and tear gassed protesters. Last week, an ICE agent shot and killed local resident Renee Nicole Good, a 37-year-old US citizen. In response, the state of Minnesota and the Twin Cities' local governments sued the US government and several officials this week to stop the operation . WIRED reported on a contract justification published in a federal register on Tuesday that says 31 ICE vehicles currently operating in Minnesota "lack the necessary emergency lights and sirens" to be "compliant" with regulations.

Plus: Cisco discloses a zero-day with no available patch, Venezuela accuses the US of a cyberattack, and more. Federal contracting records reviewed by WIRED this week show that United States Customs and Border Protection is transitioning from testing small drones to using them as standard surveillance tools, a move that will further expand CBP's already extensive dragnet that in some cases extends far beyond US land borders. Meanwhile, US Immigration and Customs Enforcement is planning to incorporate a broad cybersecurity contract that will include expanding employee surveillance and monitoring . The move comes as the US government is escalating leak investigations and condemning internal dissent. The Chinese-language artificial intelligence app Haotian can be used to create "nearly perfect" face swaps during live video chats, and it is a favorite tool of Southeast Asian scammers.

The Metropolitan Police Department arrested a 17-year-old boy on Thursday for allegedly carrying out a cyberattack on the operator of the Kaikatsu Club internet cafe chain, sources said. Tokyo police served an arrest warrant on a 17-year-old boy on Thursday for allegedly carrying out a cyberattack on the operator of the Kaikatsu Club internet cafe chain, investigative sources said. The Metropolitan Police Department arrested the second-year high school student from the city of Osaka over an alleged violation of the law against unauthorized computer access and fraudulent obstruction of business. According to the sources, the boy fraudulently obtained about 7.25 million sets of Kaikatsu Club membership information with a computer program he created using the ChatGPT artificial intelligence chatbot. The boy is said to have skills strong enough to have won awards in cybersecurity competitions, as reported by TBS.

Cybersecurity was already a nightmare. Listen to more stories on the Noa app. Earlier this fall, a team of security experts at the AI company Anthropic uncovered an elaborate cyber-espionage scheme. Hackers--strongly suspected by Anthropic to be working on behalf of the Chinese government--targeted government agencies and large corporations around the world. And it appears that they used Anthropic's own AI product, Claude Code, to do most of the work.

AI startup Anthropic's recent announcement that it detected the world's first artificial intelligence-led hacking campaign has prompted a multitude of responses from cybersecurity experts. In a report on Friday, Anthropic said its assistant Claude Code was manipulated to carry out 80-90 percent of a "large-scale" and "highly sophisticated" cyberattack, with human intervention required "only sporadically". Anthropic, the creator of the popular Claude chatbot, said the attack aimed to infiltrate government agencies, financial institutions, tech firms and chemical manufacturing companies, though the operation was only successful in a small number of cases. The San Francisco-based company, which attributed the attack to Chinese state-sponsored hackers, did not specify how it had uncovered the operation, nor identify the "roughly" 30 entities that it said had been targeted. Roman V Yampolskiy, an AI and cybersecurity expert at the University of Louisville, said there was no doubt that AI-assisted hacking posed a serious threat, though it was difficult to verify the precise details of Anthropic's account.

A team of researchers has uncovered what they say is the first reported use of artificial intelligence to direct a hacking campaign in a largely automated fashion. The AI company Anthropic said this week that it disrupted a cyber operation that its researchers linked to the Chinese government. The operation involved the use of an artificial intelligence system to direct the hacking campaigns, which researchers called a disturbing development that could greatly expand the reach of AI-equipped hackers. "While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale," they wrote in their report. The operation was modest in scope and only targeted about 30 individuals who worked at tech companies, financial institutions, chemical companies and government agencies.

To ensure that Machine Learning (ML) models can perform a robust detection and classification of cyberattacks, it is essential to train them with high-quality datasets with relevant features. However, it can be difficult to accurately represent the complex traffic patterns of an attack, especially in Internet-of-Things (IoT) networks. This paper studies the impact that seemingly similar features created by different network traffic flow exporters can have on the generalization and robustness of ML models. In addition to the original CSV files of the Bot-IoT, IoT-23, and CICIoT23 datasets, the raw network packets of their PCAP files were analysed with the HERA tool, generating new labelled flows and extracting consistent features for new CSV versions. To assess the usefulness of these new flows for intrusion detection, they were compared with the original versions and were used to fine-tune multiple models. Overall, the results indicate that directly analysing and preprocessing PCAP files, instead of just using the commonly available CSV files, enables the computation of more relevant features to train bagging and gradient boosting decision tree ensembles. It is important to continue improving feature extraction and feature selection processes to make different datasets more compatible and enable a trustworthy evaluation and comparison of the ML models used in cybersecurity solutions.

Recent outages have revealed how vulnerable the internet is, but there seems to be no official plan in the event of a catastrophic failure. Vladimir Lenin is said to have warned that all societies are three square meals from chaos. But in the modern world, it is only a Wi-Fi signal that separates us from anarchy. Every aspect of our lives is reliant on computers and the internet, and when they fail, they do so with disorientating speed. This became abundantly clear during power cuts across Spain and Portugal earlier this year.

Adaptive Cruise Control (ACC) is rapidly proliferating across electric vehicles (EVs) and internal combustion engine (ICE) vehicles, enhancing traffic flow while simultaneously expanding the attack surface for communication-based cyberattacks. Because the two powertrains translate control inputs into motion differently, their cyber-resilience remains unquantified. Therefore, we formalize six novel message-level attack vectors and implement them in a ring-road simulation that systematically varies the ACC market penetration rates (MPRs) and the spatial pattern of compromised vehicles. A three-tier risk taxonomy converts disturbance metrics into actionable defense priorities for practitioners. Across all simulation scenarios, EV platoons exhibit lower velocity standard deviation, reduced spacing oscillations, and faster post-attack recovery compared to ICE counterparts, revealing an inherent stability advantage. These findings clarify how controller-to-powertrain coupling influences vulnerability and offer quantitative guidance for the detection and mitigation of attacks in mixed automated traffic.