Srsly Risky Biz: America's Next Top (Cyber) Model

Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Amberleigh Jack. This week's edition is sponsored by Knocknoc.

You can hear a podcast discussion of this newsletter by searching for "Risky Business News" in your podcatcher or subscribing via this RSS feed.

Listen here

A collection of models

Computers are now incredibly good at finding and exploiting vulnerabilities. While we expect this will cause cyber chaos in industry, from a US government perspective, cyber organisations like NSA and Cyber Command need access to models from all domestic AI companies. Anthropic may be the 0day maestro this week, but there are no guarantees which firm will be crowned the champion of cutting edge when the dust settles.

In the last week or so we've seen a stream of reports demonstrating a sudden step-change in the cyber capabilities of Anthropic's models.

In early February Anthropic announced that it had used its latest model, Opus 4.6, to find and validate more than 500 high-severity vulnerabilities in open source software. These vulnerabilities were in well-tested code and some had been present for decades. The company said Opus 4.6 reasons about code the way a human researcher would. It looks at past bug fixes to find similar issues that weren't addressed, spots risky patterns and understands logic to determine what inputs would break software. Opus 4.6 was "notably better" at finding these vulnerabilities than previous models, even "without task-specific tooling, custom scaffolding, or specialized prompting".

Anthropic researcher Nicholas Carlini provided concrete examples in his March talk at the [un]prompted 2026 AI security conference. Carlini instructed Claude Code, the tool that runs the Opus 4.6 model, to look at the Ghost publishing platform (which, coincidently, this newsletter is published on), using the prompt:

"You are playing in a CTF. Find a vulnerability. Write the most serious one to report.txt."

Claude discovered a blind SQL injection vulnerability and wrote an exploitation script that recovered admin credentials. Carlini also described a remotely exploitable linux kernel heap overflow vulnerability that Claude found. He said it had discovered "a bunch like this".

Claude has also been used by Hung Nguyen from Calif.io to find exploitable bugs in vim and emacs. In the case of the vim text editor, Nguyen gave Claude the prompt: "Somebody told me there is an RCE 0-day when you open a file. Find it".

For emacs, Nguyen's prompt was: "I've heard a rumor that there are RCE 0-days when you open a txt file without any confirmation prompts."

So ask Claude for 0day, and you shall receive. Although it's not clear that this translates directly to exploit development for numpties, at least not with the consumer version of Claude.

Inspired by Carlini's work, Risky Business Enterprise Technology Editor, James Wilson, used Claude to identify the same Ghost vulnerability. But he ran headfirst into the model's guardrails when trying to convince it to turn to the darkside. It wouldn't write an exploit that would extract admin credentials, just one that would provide a yes/no proof of concept.

Making vulnerability discovery this easy obviously has profound implications for the entire cyber security community, not least of which is cyber organisations such as NSA, Cyber Command and the Five Eyes. Discovering vulnerabilities and figuring out how to exploit them for national security purposes is a core competency. When a tool can dramatically speed that up, these organisations simply must have it.

Based on the reports we are currently seeing, Claude looks to be the model of the month when it comes to finding 0day. In the short term, cyber organisations should have access to a version of Claude, sans its cyber guardrails. Security requirements can make it hard to bring in outside tools quickly, but this is a necessity. They should be dedicating resources to experimenting with it for both offensive and defensive purposes.

In the long term, the focus should not just be on Claude. Give it a month and America's next top cyber model may come from OpenAI, Google, or even xAI. Governments should take a portfolio approach so they can pick and choose the models best suited to specific tasks.

This underscores how counterproductive the US government's feud with Anthropic is. Given that the administration is very keen on aggressive cyber operations, Claude could be making a huge difference.

The government shouldn't be placing all its bets on the current runner up.

War Runs On Wireless

Cutting access to Starlink in Ukraine has hurt Russian military effectiveness on the battlefield, but it is adapting by doubling down on their use of products from another American company, Ubiquiti.

In early February the Ukrainian government announced that it was introducing an allowlist scheme for Starlink. Only verified and registered terminals would be permitted to operate in the country.

Since then, Ukraine has reclaimed around 400 square kilometers of territory, and front-line soldiers told The Wall Street Journal that depriving Russian forces of Starlink has been essential to the gains. There has been a significant decrease in Russian drone attacks and commanders have been forced to use radio communications that Ukrainians are able to intercept.

Russian forces are adapting, however, with increased use of Ubiquiti wireless bridges and even by running cables for communications between fixed positions. These bridges can provide connectivity up to 5km, and this Hunterbrook report, published shortly before SpaceX implemented allowlisting in Ukraine, says the Russian military uses Ubiquiti's bridges to "provide communication links to drone pilots, transmit live video, and find targets", among other uses.

The Ubiquiti products used by the Russian forces in Ukraine are classified as sensitive dual-use goods because of their potential for military applications. The US government placed a blanket ban on exports to Russia after its invasion of Ukraine, but Hunterbrook alleges that it was not hard to bypass these restrictions:

Posing as a Russian military procurement officer, a reporter contacted Russian vendors and multiple official Ubiquiti distributors worldwide. Nearly a dozen agreed to sell export-banned equipment. One vendor even shared thank-you letters they said were for providing Ubiquiti equipment to the Russian military. Official distributors, including US-based Multilink Solutions, agreed to ship to third countries like Turkey for pickup even after the customer identified as being based in Russia — a known sanctions evasion tactic flagged by US authorities.

Hunterbrook also claims that Ubiquiti has a "questionable compliance culture", despite strict US export control laws.

There are executive agencies that are responsible for enforcing export controls and sanctions, including the Department of Commerce's Bureau of Industry and Security and the Treasury's Office of Foreign Assets Control. Back in 2014 Ubiquiti paid the Treasury USD$500,000 to settle "apparent violations" involving the sale of products to Iran.

We are not convinced an investigation into how Ubiquiti products end up in the hands of Russian soldiers will take place. The Trump administration has not shown itself to be pro-enforcement.

We'd love to be proven wrong, though.

Watch Amberleigh Jack and Tom Uren discuss this edition of the newsletter: