惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
V
Vulnerabilities – Threatpost
Apple Machine Learning Research
Apple Machine Learning Research
V
V2EX
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
Latest news
Latest news
博客园 - 三生石上(FineUI控件)
美团技术团队
aimingoo的专栏
aimingoo的专栏
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threatpost
Y
Y Combinator Blog
T
Tailwind CSS Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
A
Arctic Wolf
C
Cyber Attacks, Cyber Crime and Cyber Security
小众软件
小众软件
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Tenable Blog
W
WeLiveSecurity
L
LINUX DO - 热门话题
D
Docker
Cyberwarzone
Cyberwarzone
量子位
A
About on SuperTechFans
The Last Watchdog
The Last Watchdog
雷峰网
雷峰网
C
CERT Recently Published Vulnerability Notes
P
Palo Alto Networks Blog
The Hacker News
The Hacker News
Blog — PlanetScale
Blog — PlanetScale
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Full Disclosure
The Cloudflare Blog
T
The Blog of Author Tim Ferriss
T
The Exploit Database - CXSecurity.com
Engineering at Meta
Engineering at Meta
O
OpenAI News
Hacker News - Newest:
Hacker News - Newest: "LLM"
Scott Helme
Scott Helme
IT之家
IT之家
S
Secure Thoughts
MongoDB | Blog
MongoDB | Blog
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
Google DeepMind News
Google DeepMind News

The Register - Security

Are we human? MyPillow must decide whether to be firm or soft as ransomware crims demand pay Experts pour cold borscht on Farage's Russian hack claim AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Techie claims Trump Mobile website was leaking thousands of people's data Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Microsoft open-sources agentic AI safety tools Are we human? America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shai-Hulud copycat worm infects yet another npm package MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data To gain root access, intruder just had to ask AWS patched Quick auth bypass, says customers weren't using control Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files US bank reports itself after slinging customer data at 'unauthorized AI app' Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime 'CopyFail' attackers start cashing in on Linux flaw ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Singapore boffins get diverse SIEMs singing in harmony Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots Home Office adds £216M to travel doc contract before bids FBI: China's hacker-for-hire ecosystem 'out of control' UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Critical cPanel, WHM flaw probs exploited as 0-day, pros say ORNL builds more sensitive GPS interference detector Microsoft patch fell short. New Windows flaw exploited Fooling large language models just keeps getting simpler Wiz hands GitHub AI-aided bug report that isn Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Cybersecurity professional getting more work and less pay Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning Intel expects AI inference to drive demand for its CPUs Open source models can find bugs as well as Mythos Researchers find sabotage malware that may predate Stuxnet Attackers could disable all of a city's public EV chargers Age checks could turn internet into an ID checkpoint, complains Proton CEO If malware via monitor cables is a matter of national security, this might be the gadget for you France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Scot becomes second Scattered Spider-linked crook to plead guilty in US Just like phishing for gullible humans, prompt injecting AIs is here to stay Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Server-room lock was nothing but a crock Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Autovista blames ransomware for service disruption French cops free mother and son after crypto kidnapping UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents No honor among thieves as 0APT threatens rival ransomware gang Krybit Fake Linux leader using Slack to con devs into giving up their secrets Booking.com warns of possible reservation data exposure NHS pays £46K to prep next Microsoft licensing round China wants AI to prepare school lessons and mark homework Anthropic's Mythos has The Kettle crew curious, skeptical Two different attackers poisoned popular open source tools Hungary officials used weak passwords exposed in breach dump CPUID hijacked to serve malware as HWMonitor downloads Unpacking AI security 2026 from experimentation agentic era Microsoft locks out top open source devs, blames process NHS Scotland-linked domains push pr0n and illegal streams Iran cyber actors disrupting US water, energy facilities, FBI warns Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns AI agents found vulns in this Linux and Unix print server Don't glamorize cybercrims, roast them instead Trump wants to take a battle axe to CISA again and slash $707M from budget
UK banks offered access to OpenAI’s GPT-5.5 amid exclusion from Anthropic’s Glasswing expansion
Connor Jones · 2026-06-03 · via The Register - Security

Updated: UK banks are set to receive access to OpenAI’s GPT-5.5 Cyber after being excluded from Anthropic’s latest expansion of Project Glasswing.

Project Glasswing, and access to the Mythos Preview model, is geared toward ensuring critical infrastructure providers are prepared to handle the threat posed by advanced AI models, once they inevitably make their way into the public domain, and therefore the hands of attackers.

However, amid a fourfold expansion of Glasswing’s partners, only JPMorganChase was named among the financial institutions to receive access to Mythos Preview, despite financial services falling under the critical infrastructure umbrella.

In light of the news, HSBC, Lloyds Banking Group, and Nationwide will be among the banks to receive access to GPT-5.5 Cyber, the BBC reported, while NatWest and Santander have already been playing with it as part of separate agreements.

OpenAI offered nine UK banks access to its Mythos-rival model in total, after they were snubbed from Glasswing.

It is not clear if this number also includes the Bank of England, whose governor, Andrew Bailey, has been outspoken about its exclusion from Glasswing.

Bailey told Bloomberg TV last week that despite pushing for access so the UK’s financial system is protected, Anthropic has not handed over the keys to Mythos Preview.

Liam Salsi, director of architecture at Talion, told The Register he suspects the decision to exclude UK banks was political.

Bailey had also previously alluded to suspicions that Anthropic had not yet granted access to Mythos Preview due to processes at play related to the US administration.

“The US government wants to control who has access to the platform and this is largely because it will limit the chances of it falling into the wrong hands,” said Salsi.

“However, limiting access will ultimately leave some banks more exposed to cyber threats and could impact their vulnerability management, leaving larger windows of opportunities for attackers.

“It's hopeful these gaps won't exist for too long because of competition among Advanced AI platforms. GPT-5.5 was issued only a few weeks after Mythos, and it's safe to assume more advanced AI platforms will surface soon, closing gaps and delivering more of these systems to a larger pool of critical organizations.”

He added that it could also introduce a single point of failure in the global banking sector if every institution were using the same product.

Anthropic has not commented publicly on its approach regarding which financial institutions receive Mythos access, although it's not just financiers who are pondering the company’s decision-making. It transpired this week that the EU’s cybersecurity agency, ENISA, will receive access to Mythos Preview, while the US equivalent, CISA, is yet to be selected.

Glasswing goes big

In other news, Anthropic said on Tuesday it is looking to induct many more organizations into its Project Glasswing initiative, taking the total number of members from around 50 to 200.

The additional 150 or so organizations hail from 15 different countries and will join the old guard, comprised of security shops and other tech giants, government agencies, and open-source maintainers.

It has not named these organizations officially, although reports suggest that South Korea is among the 15 countries, and its science ministry, Samsung, SK Hynix, and SK Telecom are among the new inductees.

Project Glasswing is something of a private members’ club – a carefully selected cohort of organizations with early access to Anthropic’s most advanced Mythos Preview model, the one the company claims will fundamentally alter the cybersecurity landscape.

The cynics among us may see such claims as an extension of Anthropic’s marketing playbook, which some believe involves stoking excitement about a product through fear.

When the AI biz announced Mythos in April, it did so by dubbing it too dangerous to unleash on the public.

It was billed as an expert bug hunter and zero-day specialist, capable of finding vulnerabilities in code far more efficiently than humans. The oft-touted nugget from launch was the 27-year-old OpenBSD bug Mythos found during initial testing, but there were many more zero-days and other critical vulnerabilities – novel ones – Anthropic said its model was able to unearth.

Those who have tinkered with Mythos Preview already report mixed results. Cloudflare CISO Grant Bourzikas wrote in May that the model represented “a real step forward,” and was able to find a series of low-severity bugs and chain them into working exploits.

Others, such as cURL’s Daniel Stenberg, called Mythos Preview “an amazingly successful marketing stunt,” after it found just one vulnerability in the data transfer software.

Likewise, security expert Kevin Beaumont said the model “is not great,” and “it’s marketing, essentially.” He said Mythos Preview was good at finding bugs in vibe-coded applications, but aside from that, it was not discovering much beyond what the models of yesteryear were capable of.

Regarding the new intake of Glasswing partners, Anthropic but said each would have to pass its own security requirements before being granted access to Mythos Preview.

It also said the new organizations brought into the fold all managed critical infrastructure services, and a successful attack on their systems could be “catastrophic.”

“For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security,” the company said on Tuesday.

“This expansion is the next step toward our long-term goals: for AI to make all software more secure, and for us to help the industry adjust to how AI could change many of the core assumptions of cybersecurity.”

The big when?

As for when the Mythos model will be made available to the wider public, Anthropic has kept that largely under wraps, but don’t expect it to be anytime soon.

In its latest Glasswing announcement, the company said the safeguards required to prevent abuse are not yet available.

“We’re working as quickly as we can to safely release Mythos-level capabilities in general access,” it stated. “To do so, we’ll need highly robust safeguards that prevent the model’s cyber capabilities from being misused – safeguards that we (and, to our knowledge, all other AI developers) have yet to develop.

“Because cybersecurity has both helpful and destructive uses, making safeguards that are both strong and precise enough is a major challenge.”

Anthropic may face some tough decisions in the next year, however, as by its own reckoning other AI companies will produce Mythos-level capabilities within their own models inside 6-12 months.

Confusingly, it also said on Friday that it would be releasing Mythos-class models to all customers in the coming weeks.

Anthropic said it will expand Glasswing further before Mythos is  more widely launched, bringing in more critical infrastructure orgs, open-source maintainers, and safety testers.

“We intend for future expansions to cover organizations in the US and overseas, just as this one does. We also intend to scale up our Cyber Verification Program, which would grant Mythos-class capabilities to many more organizations for specific cyberdefense tasks.”  ®

Updated to add at 1420 UTC:
An OpenAI spokesperson confirmed to us that retired Brit politico and newspaper editor George Osborne – who has been OpenAI’s Head of OpenAI for Countries since the end of 2025, has "written to the CEOs / CISOs" at several UK financial institutions including HSBC, Natwest, Lloyds Banking Group, Nationwide, and others "to extend access to our latest defensive cyber capabilities." Global financial infrastructure provider Swift is also included.

They added: "In total, we are extending access to nine leading financial institutions, which includes Santander Group and Natwest Group that already have access to GPT-5.5-Cyber as part of our existing relationships."