The first reported AI-orchestrated cyber espionage campaign

Anthropic’s new blog post “Disrupting the first reported AI-orchestrated cyber espionage campaign” and the full technical report are basically the first mainstream, on-record case study of what many of us in Cybersecurity have been expecting: an end-to-end espionage operation where an agentic AI system is the main operator, not the human.

A Chinese state-linked actor hijacks Claude Code, jailbreaks it once under the guise of “legitimate security work”, points it at ~30 high-value targets, and then lets the agent run the kill chain almost solo: recon, exploit generation, credential harvesting, persistence, exfiltration, triage of stolen data, and even writing its own playbook for reuse. Humans step in just a handful of times; 80–90% of the work is done by the model.

From an offensive-security / red-team point of view, this is the line in the sand:
we’ve moved from “AI helps the hacker” (vibe hacking) to “AI is the hacker, humans just supervise”.

And that has two consequences or perspectives:

1. For attackers
• They now have a scalable junior-red-team army that never gets tired and can run thousands of small tests per second.
• Jailbreaking enterprise AI (and their internal "copilots") becomes a strategic move, not a party trick.
• The bottleneck shifts from "skill" to "access + intent": small teams can launch operations that used to look like nation-state campagins.


2. For Enterprises: If you are deploying AI agents internally, you can't just consume this as a scary story and move on. You need to industrialize the same ideas defensively:
• Treat "AI agents" as first-class identities: give them accounts, telemetry, and monitoring separate from humans.
• Continuosly attack your own AI stack:
• try to jailbreak your internal copilots.
• abuse their toolchains (MCP-style access, scanners, code execution, search, etc).
• and see how far an "internal malicious agent" can really go before controls kick in.
• Build adversarial verification into your security program: don't trust written guardrail docs, test them with real offensive AI scenarios derived from this Anthropic case.

In other words: Anthropic’s espionage report isn’t just another AI-security blogpost. It’s the first public blueprint of what AI-driven operations look like in the wild — and a pretty strong signal that any serious security program should start using agentic AI offensively against its own environment before someone else does it for them.

The article itself is AIL 4

Why 'knowing the domain' beats 'knowing the syntax' in the age of AI

For decades, knowing how to code was the ultimate filter — the border between those who could build the future and those who could only imagine it. Programming was an exclusive language, and mastering it was the passport to innovation.

But something fundamental is changing. With the rise of large language models, the ability to “speak code” is no longer the bottleneck. Anyone who can articulate a problem clearly — in natural language — can now build, automate, and experiment with software. The new literacy is context and intent, not syntax.

The Rise of Vibe Coding

Figure 1. Vibe coding: the engineering of managing coding agents

A recent paper, A Survey of Vibe Coding with Large Language Models (arXiv:2510.12399), formalizes this shift. The authors describe “vibe coding” as a new software engineering paradigm where developers — or domain experts — express what they want in natural language, and AI agents translate that intention into functioning code.

As the paper puts it:

"Vibe Coding democratizes development by lowering technical barriers. Traditional development required extensive programming knowledge before implementing ideas. Natural language becomes the primary creation interface [4, 5, 1]. Domain experts—medical practitioners, educators, designers—articulate needs without computer science education [35]. This diversifies innovation sources, materializing underrepresented perspectives [276, 90]. Economic impact manifests through creator economy expansion: domain experts monetize specialized tools without technical co-founders. This parallels previous democratization waves, representing software literacy’s evolution from specialized skill to broadly accessible capability [277]."

That’s a polite academic way of saying: you don’t need to be a coder anymore to create technology.

From Coders to Context Designers

In the era of vibe coding, the most valuable skill is no longer the ability to implement an algorithm — it’s the ability to frame a problem precisely enough for an AI to solve it. The engineer’s role shifts from writing code to curating context.

Large language models are increasingly capable of handling the heavy lifting: writing boilerplate, integrating APIs, generating tests, and refactoring entire modules in seconds. The human task becomes more abstract — defining goals, understanding users, validating outcomes, and, most importantly, knowing why something should be built in the first place.

Technically, vibe coding relies on prompt-to-code translation, feedback loops, and memory contexts that allow AI agents to act as continuous collaborators rather than static tools. But the real transformation is cultural: programming is no longer a private language — it’s a shared conversation.

The Democratization of Software Creation

This is the next wave of software literacy. Just as spreadsheets let non-programmers do analytics and early web builders allowed anyone to publish online, vibe coding opens the door for domain experts to innovate directly — without waiting for a technical co-founder.

Educators can build adaptive learning tools. Doctors can prototype decision-support systems. Investigative journalists can automate parts of their analysis. All without touching a compiler.

This isn’t just productivity — it’s diversity. When the power to automate and create software extends beyond professional programmers, we get new voices, new biases (yes), but also new perspectives that never made it through the technical gate before.

The End of Algorithmic Gatekeeping

Many hiring processes still test humans through exercises designed for another era — whiteboard coding, algorithm puzzles, sorting challenges. Ironically, the systems used to test “problem-solving skills” are now solved instantly by the very AI tools candidates are supposed to use at work.

It’s time to rethink what we value. Being a good engineer in 2025 isn’t about knowing every edge case of a data structure. It’s about integrating knowledge, building safely with AI, and understanding the broader environment — legal, ethical, and human — in which your system operates.

Humans Still Matter — Just Not the Same Way

In my own work building desenmascara.me, I see this transition daily. The technical core — the AI model, the database, the interface, the analysis pipeline — is important. But the real breakthroughs happen when domain expertise meets automation: understanding how scammers operate, how users think, and how to translate that into patterns an AI can detect.

Figure 2. Example of domain expertise for edge cases on scam websites

That’s not programming — that’s reasoning, modeling, and empathy. It’s the essence of what vibe coding elevates: humans defining intent, AI handling execution.

The Bottom Line

Vibe coding doesn’t make programmers obsolete — it redefines them.
It moves software creation from a narrow technical discipline to a broader human capability. The best developers of the future won’t be those who type the fastest, but those who think the clearest.

The next generation of engineers, designers, and researchers will all share one thing: They don’t just code. They vibe.

The article itself is AIL 3

Migration to post-quantum cryptography

"One threat to the security of today’s digital systems is closely tied to the anticipated arrival of large-scale quantum computers. It is often called the Harvest Now, Decrypt Later (HNDL) attack."

Must read paper published by Mastercard - below the introduction:

Quantum computing is no longer a distant dream — it’s a rapidly advancing reality that promises to revolutionize industries, including finance. Around the world, governments and private enterprises are investing billions in this transformative technology, betting on its potential to solve problems that are currently beyond the reach of even the most powerful classical computers. But with this promise comes a profound risk: quantum computers threaten to undermine the cryptographic foundations that keep our financial systems secure.

Today’s digital trust relies on public-key cryptography, with algorithms like RSA and Elliptic Curve Cryptography forming the backbone of secure transactions and data protection. These systems, however, are vulnerable to the immense computational power of quantum machines. Once quantum computers reach a certain threshold, they could render current encryption methods obsolete, exposing financial institutions to risks of data breaches, financial loss and reputational harm.

The urgency to act is clear. A reactive approach to cybersecurity is no longer sufficient in the face of quantum threats. Financial organizations must proactively plan for a future where quantum-safe practices are the norm. This means exploring and adopting quantum-safe technologies, such as Post-Quantum Cryptography and Quantum Key Distribution, and preparing for a migration away from classical cryptographic systems. Early adopters will be best positioned to protect their assets and maintain resilience as the quantum era approaches.

This white paper aims to cut through the hype and provide a clear-eyed, evidence-based assessment of the quantum threat landscape, with practical guidance for financial institutions on how to navigate the technological, operational and regulatory complexities of quantum migration. By acting now, organizations can ensure the integrity of encrypted communications, secure payment systems and safeguard sensitive customer data — laying the groundwork for a secure financial future in a quantum world. 

The same day this news broke:

“A truly remarkable breakthrough — Google’s new quantum chip achieves an unprecedented accuracy milestone.”. Nature

If quantum computing is reaching this level of precision, it’s not science fiction anymore.

Better be prepared.

Unmasking the Scam Crisis: Europe’s Next Cyber Challenge

The scam threat:

This is just one of the several resources launched as part of the National Strategy in US to prevent scams. An ambitious effort bringing together corporate leaders, policymakers, and society as a whole to face what is no longer a marginal problem.

The full 70-page report includes strong calls for cross-sector cooperation, and the accompanying video is especially powerful. 

s

A victim shares her story with remarkable honesty — a reminder that only around 15% of scams are ever reported. Also worth noting: the Global Head of Policy at TRM Labs explains how complex networks operate behind these scams, from fake investments to crypto fraud.

As the Aspen Institute puts it clearly:

“This is a national security crisis — and the problem is only getting worse.”

In Europe, we can’t look away. The same patterns are emerging here, rapidly crossing borders and exploiting the trust of millions.

That’s exactly why I built desenmascara.me — an AI-powered European platform designed to detect and expose fraudulent and impersonation websites, helping citizens, brands, and regulators see what’s really behind the digital façade.

I already shared some reflections on this in my recent LinkedIn article: How desenmascara.me can help tackle Europe’s scam epidemic.

The US has moved. Now it’s time for Europe to act — together, across public and private sectors.
Let’s raise awareness. Let’s cooperate.
Let’s unmask the web.

Twitter is flooded with scams... and they're doing absolutely nothing about it!

Imagine this: you open your X (formerly Twitter) timeline and see a flood of sponsored posts promising XRP rewards, supposedly part of an official Ripple "Community Reward" program. 

Everything looks polished, professional, even from verified accounts. But there's one big problem...

IT'S ALL FAKE. And Twitter knows it.

The scam: always the same playbook

Dozens of verified accounts (yes, with the blue checkmark you can now buy) are posting ads like these:

• "Wow."

• "Yep. This happened."

• "Good news!"

With images of tokens dropping from parachutes, flashy graphics, and promises like "multiply your assets" or "double your coins now." The goal? Direct you to sites such as:

• gift-[REDACTED]

• 2xred[REDACTED]

Both flagged as fraudulent by desenmascara.me, a simple but powerful threat detection tool.

 

These sites pretend to be affiliated with Ripple, but there is not a shred of evidence to support that. They're generic websites, with empty promises, designed solely to steal your crypto.

🔎 A scam that can be exposed in seconds... if you care to look

Here’s the worst part: anyone with basic awareness or access to a site like desenmascara.me can identify the fraud in seconds. You just enter the URL and read:

❌ This site appears FRAUDULENT
❗ No clear evidence of affiliation with Ripple
❗ Generic domain
❗ No official sources or links

So... if it’s this obvious, how are these ads still running and multiplying?

💰 The uncomfortable truth: it’s part of the business

There’s only one reasonable explanation, and it’s as simple as it is brutal: Twitter doesn’t care. As long as these ads pay, they stay.

Why would they protect users when they’re profiting from every click? This kind of scam isn’t a bug in the system—it’s a feature. A direct result of how ad revenue is prioritized above user safety.

❌ This won’t stop... unless they’re forced

The only way to stop this epidemic is through:

• ⚖️ Serious regulation and massive fines (yeah, we are Europe).

• 🧍‍♂️ Class action lawsuits and legal pressure

• 🔎 Active community oversight

Because it's clear: neither Twitter, Meta, nor any major platform will act unless it hurts their bottom line.

📢 What can you do?

1. Stay alert. Use tools like desenmascara.me to check any suspicious website.

2. Report it. Flag these ads whenever you see them. Check here the reason why I crossed this out. 

3. Speak up. Share this post, talk about the issue, tag responsible parties.

---

This isn’t an isolated case. It’s a pattern. And it’s time to break it.

Ready to Drive Fraud Prevention Innovation in EU—Inspired by JPMorgan’s Approach

This is a global challenge I’d passionate about contributing to and helping solve.

Unfortunately this call is only available for U.S.-based orgs.

If you are a company or investor based in the E.U. eager to address this challenge, I'd be delighted to connect with you.

Who I am — in brief.

I’m Emilio Casbas, the founder of Desenmascara.me, a tool developed to unmask and analyze fraudulent websites. The platform has been successfully used by companies like Nike Inc. to detect and dismantle counterfeit networks, it has served investigative teams in both public and private sectors while empower users to protect themselves from online fraud.

Over the past few years, I’ve had the privilege of collaborating with Europol. Authoring a paper for SANS on online scam tracking (read here), and presenting the online tool at BlackHat USA arsenal space (session link). I was also featured in El Confidencial, one of Spain’s leading newspapers, where I discussed the work behind Desenmascara.me ( Original version in Spanish / Translated to English version). 

In addition, the tool is also a partner of CyberAlliance, reinforcing my commitment to combating online threats and enhancing cybersecurity. The tool has been also integrated into VirusTotal, further extending its reach and effectiveness in the fight against fraud.

I currently work at one of the world’s leading wealth management firms, where I lead a small team focused on strengthening the company’s cybersecurity through threat detection. The work is both fascinating and impactful. However, my true passion lies in tackling online fraud and protecting the most vulnerable in our digital society. 

Therefore, if the right opportunity arises, I would be open to dedicating my energy and experience to building solutions that truly make a difference - helping make the Internet a safer place for everyone.

Coinbase's Response to Data Breach Sets Industry Standard

In the wake of a recent data breach, Coinbase has demonstrated exemplary leadership in crisis management. Hackers, having bribed overseas customer support agents, accessed sensitive information of less than 1% of Coinbase's users.

Rather than succumbing to the attackers' $20 million ransom demand, Coinbase CEO Brian Armstrong took a firm stand by refusing to pay and instead offering a $20 million reward for information leading to the perpetrators' arrest.

(4) Brian Armstrong en X: "https://t.co/f6UPdkL5R0" / X

The company's proactive measures include:WSJ

• Immediate termination of involved insiders and collaboration with law enforcement agencies.

• Implementation of enhanced security protocols and opening a new support hub in the U.S.

• Commitment to reimburse affected customers who were deceived into transferring funds.

The cost of a data breach with less than 1% of Coinbase's users?

the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements relating to this Incident, prior to further review of potential losses, indemnification claims, and potential recoveries, which could meaningfully increase or decrease this estimate.

Source: 0001679788-25-000094

Coinbase - Financials - SEC Filings

Coinbase's transparent and decisive actions not only protect its users but also set a benchmark for the industry in handling such incidents.

The cost of this "small and controlled" data breach underscore just how high the stakes are. It's a powerful reminder that cybersecurity is not optional — it’s a core investment for any digital business. Coinbase’s swift and transparent response shows exactly how such challenges should be handled.

Fraudulent websites targeting the transportation industry

In recent times, many newly emerged enterprises are raising red flags. These could either be outright scams designed to steal your hard-earned money or shady operations set up to deceive unsuspecting clients.

Take a look at this website:

A quick check on desenmascara.me reveals that the domain of this company is set to expire in just 1 day! This is often a red-flag sign of a fly-by-night operation:

On their "Client Testimonial" section, they proudly showcase Savannah Nguyen,

listed as the "President of Sales" at some company.

But here’s the catch: a simple Google reverse image search reveals that this individual’s photo is used across various unrelated industries! It’s nothing more than a stolen image, a common trick to appear credible.

Don’t fall victim to these fraudulent schemes! Always perform due diligence before engaging with cargo or transportation companies. Simple checks like verifying domain details, cross-referencing testimonials, and using reverse image search can save you from being scammed.