The U.S. Government Just Told an AI Company to Shut Down
Washington ordered Anthropic to cut foreign access to two AI models over a jailbreak — while Chinese hackers quietly backdoored Linux login software for nearly a decade. Plus: a Microsoft 365 flaw hiding behind a real Microsoft link.
Thursday, June 4, 2026 · 5-minute read
🌐 World Intel
The U.S. government told Anthropic to suspend access to Claude Fable 5 and Mythos 5 for foreign nationals, citing national security concerns. The official worry: a jailbreak method that could allow adversaries to extract sensitive capabilities from the models. Anthropic said publicly the order stems from a misunderstanding and that it was working to restore access as quickly as possible. Other Claude models were unaffected, and U.S. users saw no disruption. The episode is a rare example of the government invoking export controls on a consumer AI product. It appears to have been resolved within days, but it signals that regulators are watching AI model capabilities closely — and are willing to act fast when they get nervous.
Source: The Hacker NewsResearchers found that a China-linked group called Velvet Ant planted backdoors inside two foundational Linux security components — PAM (the login system) and OpenSSH — as far back as 2016. Nine variants of the backdoor were eventually found. The backdoored versions looked and functioned like the real thing. When administrators logged in normally, their credentials were silently recorded. In some versions, the attackers had also added a secret password — type it at any login prompt and the system lets you in without a trace. The campaign went undetected for nearly a decade because the modified software passed all normal checks. Detecting this kind of attack requires verifying the binary files on disk against known-good copies — something most organizations never do.
Source: The Hacker NewsGoogle filed a lawsuit against a Chinese cybercrime operation it says used the Gemini AI platform to generate convincing phishing pages at scale. The attackers used Gemini to produce realistic-looking fake login pages impersonating well-known brands, then sent mass smishing texts to lure Americans into visiting them. Google's complaint is notable because it names AI-assisted fraud as a specific mechanism and seeks damages for terms-of-service violations. The case is one of the first major lawsuits to center on the misuse of a generative AI system for cybercrime at scale.
Source: The Hacker News⚔️ Active Attacks
Security researchers discovered a flaw in Microsoft 365 Copilot — the AI assistant built into Office — that would have let an attacker steal your emails, calendar events, and indexed files with a single click. The trick: the malicious link pointed to a real microsoft.com domain, so every email security filter trusted it. The attack chained three bugs together, including one that exploited how Copilot's AI search indexes your content. Microsoft patched it on the backend without requiring users to update anything. The flaw has been assigned CVE-2026-42824.
What you can do: The patch is already deployed — no action needed from most users. But this is a good reminder to review which apps have access to your Microsoft 365 data. Go to myapps.microsoft.com and audit any third-party connections you don't recognize. Be skeptical of any link — even one that appears to go to a real company domain — that arrives unsolicited in email.
Source: The Hacker News🔓 New Vulnerabilities
A chain of three bugs in Microsoft 365 Copilot allowed one-click theft of emails, calendar data, and indexed files. The attack worked by having a victim click a link pointing to a real microsoft.com domain — meaning standard anti-phishing tools wouldn't flag it. The AI's search index then became the delivery mechanism for stolen data.
Patched by Microsoft on the backend. No user action required — but check your connected apps anyway.
The Velvet Ant backdoors don't map to a single CVE because they aren't software bugs — they're modified versions of legitimate tools. The attackers replaced real PAM and OpenSSH binaries with backdoored copies. Any Linux server running the compromised versions allows silent login with a secret hardcoded password, and logs all real credentials typed at the prompt.
Check your PAM and OpenSSH binary hashes against known-good versions from your distribution. Your security or IT team can do this with package verification tools. If in doubt, reinstall from trusted sources and rotate all credentials that were ever used on affected systems.
A flaw in Splunk Enterprise — software large organizations use to monitor their networks and logs — allows an unauthenticated attacker to perform file operations and execute code remotely via an exposed PostgreSQL API endpoint. No login is required. This is full remote code execution on a system that itself monitors your security infrastructure — a particularly high-value target.
Patch available from Splunk. If you run Splunk Enterprise, treat this as urgent. Check whether your Splunk instance is reachable from the internet and firewall it immediately if so.
🛠 New Tech
Binary integrity verification — the technique that would have caught the Velvet Ant Linux backdoor — is getting easier for regular organizations to implement. Tools like Tripwire, AIDE (Advanced Intrusion Detection Environment), and the newer Sigstore project let you create a cryptographic fingerprint of your critical system files and alert when anything changes. The idea is simple: if your SSH binary's fingerprint on Tuesday doesn't match Monday's, something replaced it. Most Linux distributions also ship package verification built in — running rpm -V openssh or dpkg --verify openssh-server checks whether installed files match what the package manager originally installed. It takes about two minutes and would have detected nine years of Velvet Ant intrusions on the first pass.
💡 Deep Dive
On the morning of June 4, researchers and developers who use Anthropic's Claude outside the United States got an error message instead of a response. Two Claude models — Fable 5 and Mythos 5, newer releases not yet widely known to the public — had been switched off for foreign nationals. The order came from the U.S. government.
The official reason was a jailbreak. A jailbreak, in this context, means a method for tricking an AI into ignoring its built-in rules. Think of it like finding a side door into a building that's supposed to be locked. Someone discovered such a method for these two models, and government officials worried that foreign adversaries could use it to extract capabilities they aren't supposed to have access to.
Here's where export controls come in. The U.S. has had export control laws for decades — originally written for weapons, then expanded to cover dual-use technologies like encryption software and semiconductor designs. The argument is that some technology is so powerful, or so useful for military and intelligence purposes, that selling or sharing it with certain countries poses a national security risk.
Applying that logic to a chatbot is a genuinely new thing. Anthropic said publicly that the government's concern was based on a misunderstanding — that the jailbreak in question didn't actually expose the kind of sensitive capabilities officials feared. The access was restored within days. But the episode matters even if it was resolved quickly, because it demonstrates that regulators now view AI models as things that can be controlled at the border, the same way a weapons component can be.
For everyday Claude users in the United States, nothing changed. Other models — including the Claude many people use daily — were unaffected. But for anyone building products with these newer models and selling them internationally, this is a live risk: a model you depend on could become unavailable in certain markets overnight, without warning, based on a government determination you have no advance notice of.
The deeper question this opens up is one the industry is only beginning to grapple with: if AI models are treated like weapons exports, what does that mean for who gets to use them, who decides, and how fast those decisions happen?