Breaking AI & Tech News Analyzed

The Cyber-Attack on Transport for London Two British cybercriminals, Thalha Jubair, 20, and Owen Flowers, 18, pleaded guilty to offences under the Computer Misuse Act at Woolwich crown court on Monday. They were part of an online hacking community known as Scattered Spider, suspected of carrying out several attacks in recent years. The Financial Impact of the Attack The attack, which took place between 29 August and 3 September 2024, prevented live tube arrival information from appearing on the TfL Go app and the TfL website, while TfL was also unable to process any payments on the Oyster and contactless apps or to register Oyster cards to customer accounts. The incident cost TfL £39m. The Data Analysis TfL said it had emailed more than 7 million customers in September 2024 “to inform them about the incident” and tell them that “some customer data may have been taken”. The BBC reported that 10 million TfL customers had their data stolen. The Impact on TfL and Its Users The attack had significant consequences for TfL and its users. TfL handles up to 5m passenger journeys a day on the underground alone. The attack also shut the application system for Oyster photocards for children and young people, leaving some customers out of pocket for much longer than usual. The Future Outlook for Cybercrime The National Crime Agency (NCA) said the TfL incident underlined the growing threat from homegrown and English-speaking hackers. Typically, hacks on high-profile public and private organisations have been carried out by Russian speaking hackers or assailants based in the former Soviet Union. The NCA said Flowers and Jubair were both “members of the online criminal collective known as Scattered Spider”, a moniker assigned by cybersecurity analysts.

The Lead Germany's rail network ground to a halt late on Tuesday due to a botched IT replacement, leaving hundreds of thousands of passengers unable to get home. The nationwide chaos has sparked widespread criticism of the national operator, Deutsche Bahn (DB), and raised concerns about the country's aging infrastructure. The Event Details The Deutsche Bahn meltdown was initially thought to have been caused by a cyber-attack, but it later emerged that it was likely triggered by a scheduled attempt to replace an ageing component in the railway's internal communication network. Trains were brought to an abrupt halt as a precaution, leaving many stuck on tracks or standing in stations. The Data Analysis The rail network is currently undergoing a multi-billion euro overhaul, which is leading to further frequent disruptions on major routes. DB's chief executive, Evelyn Palla, has said any significant improvement is likely to take several years. Punctuality stood at just 59% in February, compared with 66% a year ago, with one in three long-distance trains arriving late. The Impact Analysis The state of the railways is viewed as a bellwether of Germany's fiscal and structural standing, and is often listed alongside creaking bridges and dilapidated roads and school buildings as an example of the catchup the country needs. The incident has sparked angry reactions across the political divide, with Oliver Krischer, the regional transport minister for North-Rhine-Westphalia state, telling local media that 'That all the rail traffic in Germany ground to a halt because of a technical defect is a new low in what are already poor operating standards.' The Prediction The fact that the communications system that broke down is based on 1990s 2G technology used in the first mass mobile phones, is reflective of the wider problems. A 5G network is not scheduled to be introduced until about 2035, leaving the operator scrambling to find and buy up old components around the world, which it is stockpiling to ensure it can continue to fix the system when needed.

The Vulnerability of UK Museums and Galleries Britain's museums and galleries are being left vulnerable to thefts and cyber-attacks that could put priceless collections at risk, MPs have warned. A report by the public accounts committee (PAC) said big security failures in recent years, including the theft of thousands of artefacts from the British Museum and a devastating cyber-attack on the British Library, had exposed serious weaknesses across the sector. Recent Incidents Highlight Security Failures The warning comes less than three years after the British Museum revealed that about 2,000 objects had been stolen, damaged or gone missing from its collections over a period of years, in a scandal that led to the resignation of its director, Hartwig Fischer. The same year, a ransomware attack on the British Library crippled its digital services for months and led to the theft of staff and user data. The Financial Impact on Museums The report found that although UK museums and galleries generated £563m in self-generated income in 2024-25 – a 53% real-terms increase compared with 2021-22 – visitor numbers had yet to recover fully to pre-pandemic levels and institutions continued to face rising staffing and energy costs. There was also a 16% real-terms reduction in government funding after emergency pandemic support came to an end. The Need for Stronger Oversight The committee said such incidents highlighted the need for stronger oversight of both the physical security of collections and museums' digital infrastructure. While the Department for Culture, Media and Sport (DCMS) had facilitated discussions about recent breaches, MPs said it had been unable to identify concrete actions taken across the sector as a result. The Future of Museum Security MPs called on the government to set out what measures museums and galleries had introduced to tackle cyber and physical security risks, including wider use of digital record-keeping systems that could help prevent items disappearing from collections unnoticed. The PAC also questioned whether the current funding model provided sufficient incentives for museums to become financially resilient.

The Europe 2031 Scenario: A Digital DystopiaIt's 2031 and the US and China are about to tear Europe into pieces. The US ploughed vast sums into datacentres and the EU did not. China built robots and Europe did not. American companies "restructured" their workflows around AI and fired people, while EU workers went on long lunch breaks and handed over administrative tasks to the AI model Claude. Now the chickens are coming home to roost. Europe's economy is a shambles because it does not have its own AI. Populism is surging, the euro is wobbling, cyber-attacks are shredding EU businesses. Brexit seemed like a good idea. It looks like the end of the European Union.The Thought Experiment Behind the Viral ScenarioThat vision comes from "Europe 2031," a speculative thought experiment penned by Brussels-based thinktankers and published fortuitously one day before the Trump administration decided to block "foreign nationals" from using a much-hyped AI model built by Anthropic, called Fable. In the heady week of G7 talks that followed, the scenario has gone viral – feeding a feverish discussion of the urgency for EU tech sovereignty. It has been read by members of the European parliament and, say its authors, was brought up in track 1.5 discussions between British and German officials earlier this week.The Financial Stakes in the AI RaceThe scenario unfolds from the perspective of a fictional bright-eyed Brussels staffer, Caroline Dubois, who has a German friend, Christian Vogt, with a startup in San Francisco. On a visit, she's impressed by America's "70 or 80-hour" working weeks and discomfited by the conviction among tech bros that everything is about to change. Back in Europe, she works to evangelise her well-meaning bosses about the impending AI future – but fails to convince. There's too much scepticism, and most people think AI is a bubble.Why Europe's Tech Position MattersThings go from there. The Americans spend huge sums on a massive AI building programme – the scenario highlights a real-life $100bn (£75bn) deal between OpenAI and Nvidia, the $300bn agreement between OpenAI and Oracle, and "bulldozers" breaking earth in Texas for an AI datacentre. Europeans, meanwhile, put forward a tepid investment package and ignore advisers' pleas for "a full regulatory carte blanche for datacentre providers." In a matter of years, America monopolises 70% of the world's "compute" – the semiconductor chips that fill the datacentres that power AI models. Europe's economy is meanwhile gasping for air, mostly because its companies have not adopted AI.The Future of European Tech SovereigntyAs AI-powered cyber-attacks shred European firms and unemployment surges, EU officials scramble to parlay their one last bargaining chip – the Dutch lithography firm ASML, which is vital to the production of AI semiconductors – into concessions from Beijing or Washington. But it's too late. The US deploys powerful "frontier AI" spyware and learns the deepest fears of EU officials and also which of them are having affairs. Curtains drop. Christian and Caroline exeunt stage left for a drink. Disaster impends.

The Lead Marks & Spencer's CEO, Stuart Machin, has publicly denounced the UK government's proposal for voluntary price caps on essential food items, labeling it as 'completely preposterous'. This stance comes as M&S; reports a 23.8% slump in underlying profits to £671m for the year ending March 28. M&S's Financial Performance M&S's underlying profits slumped by 23.8% to £671m in the year to 28 March as sales rose only 1.9% to £14.2bn despite widespread inflation of more than 3%. Profits were hit by £131.3m of costs related to a paralysing cyber-attack last year. The Government's Proposal The UK government had proposed that supermarkets consider voluntary price caps on essential food items such as bread, milk, and butter. However, Machin argues that this approach is not the solution, stating, 'I don’t think government should be trying to run business. They should try to understand business better.' The Impact of Taxes and Regulations Machin highlighted that M&S is facing 'a triple whammy of headwinds with increased taxation, a greater regulatory burden and ongoing global conflict'. He pointed out that the company will incur additional costs from a new packaging levy and national insurance changes, totaling around £50m to £100m. The Future Outlook Despite the challenges, M&S plans to invest in technology and open 18 new food stores. Machin emphasized that the next three years are critical for M&S as it invests for growth. The company also reported a strong performance in food sales, growing 7% and reaching a 4.1% market share.

The Growing Threat of Business Crime in the UKUK business leaders are issuing a stark warning that crime has become an increasingly "serious barrier" to growing Britain's economy, with two-fifths of companies experiencing some form of criminal activity in the past year. The British Chambers of Commerce (BCC) is calling on the government to provide "a step change in the support businesses can count on" as businesses face rising levels of theft, fraud, and cyber-attacks.Rising Crime Statistics Across Business SectorsThe BCC's research, based on a survey of 1,411 firms, reveals that crime against businesses is widespread and growing. Key findings include:Two-fifths of companies experienced some form of crime in the past yearOne-fifth of companies faced fraud or scams21% experienced cyber-attacks50% of manufacturing companies reported business crime, making it the hardest hit sectorLarger companies are more vulnerable, with 58% of firms employing more than 250 people experiencing crime, compared to 32% of microbusinessesRetail businesses have been particularly affected by shoplifting, with police-recorded incidents rising 20% year on year to reach 516,971 offences in the year to December 2024, exceeding 530,000 by March 2025.Financial Impact on Major CompaniesThe financial consequences of business crime have been substantial, with several high-profile companies suffering significant losses. The hack of Jaguar Land Rover alone is estimated to have cost the UK economy £1.9bn, potentially making it the most costly cyber-attack in British history. Marks & Spencer took a £324m hit to profits after being forced to close its website to orders for more than six weeks following a damaging cyber-attack. Other major companies affected include the Co-op and Booking.com.Industry-Wide Consequences and Economic ImpactCrime against businesses is creating "structural barriers to growth" according to the BCC, forcing companies to divert crucial time and money away from expansion and investment. The impact spans across sectors, from retail and manufacturing to tradespeople experiencing surging tool thefts that threaten their ability to operate. As Ellis Shelton, a policy manager at the BCC, noted, "Bosses are being forced to divert crucial time and money to tackling this anchor on growth."The rising sophistication of criminal activities, particularly in cybercrime and fraud, has left many businesses struggling to keep pace with security measures, especially small and medium-sized enterprises with limited resources.Call for Government Action and Future OutlookIn response to the growing threat, the BCC has called for several specific measures from the government:Creation of a cyber-attack reporting system for companiesEstablishment of regional business crime hubs bringing together police and business crime reduction partnershipsExpansion of cyber and fraud resilience support for small and medium-sized businessesMore incentives for companies to invest in securityWithout decisive action, business crime is likely to continue hampering UK economic growth, with the most sophisticated threats potentially targeting larger companies with greater resources. The BCC's warning suggests that addressing business crime must become a priority for policymakers if the UK is to overcome this "serious barrier" to economic expansion.

Britain's Silent War: The New Reality of Hybrid Conflict We are at war. Four words that sound ludicrously melodramatic on a sunny spring day, when all may not be exactly right with the world – but when you can still shut your eyes to a lot of it just by switching off the news and cracking on with life. No bombs are falling, no bullets flying, no sirens sounding. Though the idea that Britain is already under a form of hybrid attack is commonplace in defence circles, politicians still mostly skirt around it. The Five Fronts of Modern Hybrid Warfare If war can be considered an assault on five fronts – against a country's political leadership, critical infrastructure, essentials such as food or fuel supplies, civilian population and armed forces – then Britain is arguably now being attacked on the first four without a shot being fired. Think of rampant, Russian-generated political disinformation on social media and attempts to bribe British politicians; of Russian submarine surveillance of the British undersea cables carrying most of our internet traffic, or the four "nationally significant" cyber-attacks recorded every week; of the blockading of food and fuel supplies through the strait of Hormuz. The Shadow War Tactics Think, too, of Keir Starmer's warning in the Sunday Times last week of conflict with Iran coming home to British civilians via "the use of proxies in this country". He didn't elaborate, but counter-terrorism police say they are investigating whether a spate of arson attacks on synagogues, Jewish-owned businesses and Iranians living in Britain may have been sponsored by Tehran – a thugs-for-hire tactic familiar from the Russian playbook for sowing division and hate. The Strategic Defense Review's Warning It's 10 months since the strategic defence review, commissioned by the former Labour defence secretary George Robertson, similarly argued that Britain must urgently equip itself not for the expeditionary foreign wars against non-state actors we're used to fighting alongside the US, but for homeland defence against a well-armed peer country in a sustained conflict. To strip away the jargon: if when you imagine Britain at war, you think of the Iraq and Afghanistan conflicts, you're out of date. The Political Response Gap Forgotten in the resulting row over how to find more money for defence – to which Bailey's answer, incidentally, is a mix of new instruments for borrowing and reforming procurement – is Robertson's call for a national conversation, levelling with the public about what exactly all this means in practice. After much public prodding, Starmer seems now to be engaging, though arguably too little and too late for the review's frustrated authors. Societal Resilience as Defense Despite seeing the damage that cheap, mass-produced drones can do in Ukraine and across the Gulf, she warned last week, Britain still isn't properly prepared for a drone flying through the window of a strategically important building. Our overstretched NHS may not be able to handle mass casualties – and we lack the stockpiled food supplies or analogue backups to digital systems that would help us ride out a successful cyber-attack or serious act of sabotage. The Path Forward: Two Imperatives for Survival Preparing for this unfamiliar form of attack isn't just about buying tanks and fighter jets, but also about two things that most Labour voters probably expected a Labour government to do anyway: shoring up the public realm to cope in a crisis, and forging a more mutually trusting and tolerant society that is resilient to extremism, where neighbour does not fear neighbour and people willingly help each other in a crisis. The Leadership Challenge Ahead Starmer hasn't found the words to articulate any of that yet – and if May's anticipated local election drubbing is bad enough he may not be here to make the case for much longer. But anyone with ambitions to succeed him must be able to show both that they are capable of leading a country under attack, and of explaining the puzzling nature of that attack without inducing panic to a public heartily sick of being asked to make sacrifices. A war this hard to discern, even when it's supposedly upon you, may not feel yet like much of a threat. But lives may in future depend on seeing clearly into the shadows.

The Mythos Breach: Supply Chain Vulnerabilities ExposedAnthropic has confirmed it is investigating a report of unauthorized access to its Mythos model, a high-stakes cybersecurity tool not yet released to the public. The incident occurred after a small group of users gained access through a third-party vendor environment, raising immediate concerns about the security of private AI testing ecosystems.How the Breach OccurredBloomberg reported that the access was facilitated by a worker at a third-party contractor for Anthropic who utilized methods typical of cybersecurity researchers. While the group reportedly gained access to the model on the same day it was being rolled out to select partners like Apple and Goldman Sachs, their intent appears to be exploratory rather than malicious. They have not reportedly run cybersecurity prompts, but the breach itself exposes a critical flaw in how sensitive AI models are managed outside of Anthropic's direct control.The "Step Up" in Cyber-Threat CapabilitiesThe significance of this breach lies in the nature of the Mythos model. The UK AI Security Institute (AISI) has previously classified Mythos as a "step up" from previous models in terms of cyber-threat potential. Unlike standard AI, Mythos is designed to identify and exploit system weaknesses autonomously.Autonomous Execution: The model can carry out multi-step attacks without human intervention.Efficiency: Tasks that would normally take human professionals days to complete can be simulated in minutes.Success Rate: Mythos successfully completed a 32-step simulation of a cyber-attack in 3 out of its 10 attempts.Regulatory and Industry ImplicationsThe incident has prompted warnings from the highest levels of government. Kanishka Narayan, the UK’s AI minister, stated that businesses should be "worried" about the model's ability to spot flaws in IT systems. This breach serves as a stark reminder that the "black box" nature of advanced AI models makes them difficult to secure, even when they are intended for defensive purposes.The Future of AI Security TestingAs AI models become more capable of autonomously navigating complex digital landscapes, the traditional perimeter defense is no longer sufficient. This incident suggests that the industry must move beyond simple access controls and implement rigorous, continuous auditing of third-party environments to prevent high-risk technology from falling into the wrong hands.

The LeadAnthropic has made the unprecedented decision to withhold its latest frontier model, Mythos, from the public domain, citing an existential threat to global cybersecurity infrastructure. This move comes after a report of unauthorized access and highlights the terrifying potential of AI to automate the discovery and exploitation of critical system flaws.The Anatomy of Mythos: A Zero-Day WeaponMythos is not merely a chatbot; it is a specialized AI model designed to identify and exploit zero-day vulnerabilities—flaws in software that are unknown to developers and have no patch available. Anthropic announced the model on 7 April but immediately ruled out public release, describing it as a "watershed moment for cybersecurity." The model can theoretically identify unnoticed flaws in every major IT operating system and web browser, some of which have persisted for decades.Project Glasswing: Anthropic has restricted access to select partners, including Apple and Goldman Sachs, to assess risks.Unauthorized Access: A "handful" of users in a private online forum reportedly gained access to the model, raising alarms about containment.Quantifying the Threat: The AISI AssessmentThe UK's AI Security Institute (AISI) has conducted a rigorous assessment, confirming that Mythos represents a significant step up in cyber-threat capabilities. The institute noted that Mythos can carry out multi-step attacks without human guidance, a capability previously unattained.Attack Simulation: Mythos successfully completed a 32-step simulation of a cyber-attack, a first for the AISI.Vulnerability Discovery: The model flagged thousands of zero-day flaws across complex systems, including FreeBSD.Expert Nuance: While some analysts argue the hype is overstated compared to cheaper models, the ability to chain attacks is a distinct evolution.Financial Sector on High Alert: Project Glasswing and Regulatory ResponseThe potential for Mythos to fall into the wrong hands has triggered a systemic response from the global financial sector. With 40 companies involved in Project Glasswing, the stakes extend far beyond technology firms.Regulatory Action: The US Treasury Secretary and UK regulators have convened emergency meetings to discuss the risks.Systemic Risk: UK government modelling suggests a successful hack could disrupt direct debits, mortgages, and cash withdrawals, potentially causing a bank run.Defense vs. Offense: Banks are rushing to integrate Mythos into their defenses, but the dual-use nature of the technology remains a primary concern.The Containment Paradox: Can We Keep Dangerous AI in the Box?The unauthorized access to Mythos proves that even closed-source, high-security models are vulnerable to insider threats. The future of AI safety now hinges on the "containment paradox": the difficult task of leveraging these powerful tools for defense while preventing them from becoming autonomous weapons.As AI capabilities accelerate, the window for safe, controlled deployment is closing. The industry must move beyond simple testing to establish robust governance frameworks before these models become ubiquitous.