Defense & Security

An Anthropic AI model designated Mythos identified vulnerabilities in classified U.S. government systems, according to a U.S. official cited by the Associated Press. The disclosure represents a significant operational data point for how large language models are being integrated into offensive or red-team security functions at the classified level.

The capability demonstration raises unresolved questions about the scope of the vulnerabilities found, whether they have been patched, which agencies were involved, and how the government intends to govern AI-assisted vulnerability research against its own infrastructure going forward.

Secretary of Defense Pete Hegseth announced at the NATO Defense Ministerial in Brussels a review of U.S. force posture in Europe and introduced the phrase 'NATO 3.0' to describe a prospective restructuring of the alliance's operational framework. The announcement did not specify timelines, which commands or installations are under review, or what doctrinal changes NATO 3.0 would entail.

The review lands at a moment when European allies are accelerating their own defense spending and force generation, creating a live tension between potential U.S. drawdown signals and the alliance's ongoing eastern flank reinforcement commitments.

Ukraine has launched a platform called TrophyLab that makes technical data on captured Russian weapons systems available to allied governments and defense researchers. The initiative formalizes what had been ad hoc sharing of captured equipment intelligence and gives allied procurement and R&D communities structured access to Russian hardware at a scale not previously available through official channels.

The strategic value of the platform depends on what systems are catalogued, the classification level of the data shared, and which allied governments have been granted access - none of which has been fully disclosed publicly.

The Pentagon issued production contracts for unmanned aircraft systems, signaling movement from development into fielding on at least one UAS program. Production contract awards are a materially different procurement milestone than R&D agreements and indicate that program requirements have been sufficiently validated to commit acquisition funding.

The specific platforms, contractors, contract values, and delivery schedules have not been fully characterized in available public reporting, leaving the industrial base and competitive implications unresolved.

Iran confirmed that card-based banking services were disrupted at three financial institutions following a cyberattack, with Israeli attribution reported but not officially confirmed by either government. The attack targeted financial infrastructure rather than military or industrial systems, a targeting choice that has implications for how economic coercion via cyber means is being operationalized in the Iran-Israel conflict.

The incident is the most recent in a pattern of reciprocal infrastructure targeting between the two states, and the question of whether it reflects a deliberate escalation in targeting scope - or a shift toward financial system disruption as a sustained coercion instrument - remains open.