TechLetters ☕️ Anthropic access cut by Washington. Fuel tank gauges hacked. AI safety blocks malware analysis. Korea biggest privacy breach. ChatGPT used for influence ops. KPMG hallucinates a report
The U.S. government has forced Anthropic from making Fable 5 and Mythos 5 available to foreign nationals - including its own employees with foreign passports. The company cut off access for everyone because it could not otherwise guarantee compliance with the order, so it said while preparing for the IPO. The official reason: a jailbreak risk in Fable 5 deemed a threat to national security. Anthropic publicly disputes this.
Europe and the rest of the world just got a memo of a ready-made warning scenario. Access to AI models treated by their home country as national-security assets can be switched off by a single administrative decision. Anthropic sells the service. But Washington holds the keys to the lock?
This is not a precedent in tech history. States have restricted access to strategic technologies deemed national security risks before. But the comparison only goes so far. Crypto could be reimplemented, by anybody, frontier models cannot. They require massive compute, capital and infrastructure. So when the home state can switch off access, you are renting access to a strategic asset.
This is not a wake-up call for Europe. Wake-up calls are for people who were asleep. Europe has seen this risk for years: cloud, chips, platforms, now frontier AI. This is not the alarm. This is the bill for ignoring it.
Security
U.S. agencies issued an alert about hackers targeting automatic tank gauges - systems that quietly monitor fuel levels, temperatures, and leaks at gas stations, farms, chemical plants, and transport hubs across the country. The attackers are bypassing login screens, injecting commands into databases, and escalating themselves to full admin access. Once in, they can change tank volumes, disable leak alarms, and mess with pump controls. https://www.cisa.gov/resources-tools/resources/cisa-and-partners-urge-hardening-automatic-tank-gauge-systems
You can have a hard time to use AI to analyze malicious software if it contains words triggering "safety refusals" due to nuclear weapons design. https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious
Privacy
Biggest consumer data breach in South Korea’s history. 37.56 million people affected in the core breach. The exposed data included:
- 33,057,012 member profile records
- 63,986,351 delivery-address records
- 272,470 order-history records.
Coupang, South Korea’s largest e-commerce platform and online retailer hit with a ₩624.68bn, roughly $409m, sanction by Korea’s Personal Information Protection Commission.
Basic security and governance failures like weak signing-key management, weak access control, poor detection of abnormal access, breach notification failures, data deletion failures, CPO independence issues and investigation obstruction. A former employee used an active alternative authentication signing key to generate forged authentication tokens. Then he reached customer information.
Coupang collected online activity records from 11,170,613 users via third-party websites and apps where Coupang ads appeared. This included visited URL or app name, access time and IP address.
https://pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=12171
Technology Policy
Suspected Chinese info ops used ChatGPT to target U.S. AI infrastructure debates with posts blaming data centres for household power bills, and attacking tariffs. The campaign got little traction, but coverage may matter more than the operation. https://cdn.openai.com/pdf/96b559fa-c165-4575-805d-e636909e2f78/June-2026-Threat-Report.pdf
[This might not belong to the ‘security’ section]
Other
Another AI fabrication report? KPMG published a report called Total Experience: Redefining Excellence in the Age of Agentic AI. It had 45 citations. 5 were accurate. 40 had fake titles. At least 16 were classified as hallucinations/fabrications. 12 were so vague or broken that the source could not be identified. The case studies are worse. JR East was cited as evidence of AI-powered travel recommendations. The source was a 2019 press release that predates agentic AI and does not mention AI at all. KPN’s “agents” turned out to be humans. Toyota’s Woven City press release mentions no AI agents. It looks like someone asked an LLM to find examples of agentic AI in the wild. It made things up. Nobody cared. The report has since been cited by industry blogs, trade publications and newspapers. ChatGPT and Gemini are reportedly repeating its statistics. KPMG charges clients to implement AI responsibly. The invoices, presumably, are accurate. https://gptzero.me/news/investigations-kpmg/
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: