Crypto-Gram
May 15, 2026

by Bruce Schneier
Fellow and Lecturer, Harvard Kennedy School
schneier@schneier.com
https://www.schneier.com

A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit Crypto-Gram's web page.

Read this issue on the web

These same essays and news items appear in the Schneier on Security blog, along
with a lively and intelligent comment section. An RSS feed is available.

** *** ***** ******* *********** *************
In this issue:

If these links don't work in your email client, try reading this issue of
Crypto-Gram on the web.

    Defense in Depth, Medieval Style
    Human Trust of AI Agents
    Mythos and Cybersecurity
    Is "Satoshi Nakamoto" Really Adam Back?
    Mexican Surveillance Company
    ICE Uses Graphite Spyware
    FBI Extracts Deleted Signal Messages from iPhone Notification Database
    Hiding Bluetooth Trackers in Mail
    Medieval Encrypted Letter Decoded
    What Anthropic?s Mythos Means for the Future of Cybersecurity
    Claude Mythos Has Found 271 Zero-Days in Firefox
    Fast16 Malware
    A Ransomware Negotiator Was Working for a Ransomware Gang
    Hacking Polymarket
    DarkSword Malware
    Rowhammer Attack Against NVIDIA Chips
    Smart Glasses for the Authorities
    Insider Betting on Polymarket
    LLMs and Text-in-Text Steganography
    Copy.Fail Linux Vulnerability
    OpenAI?s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
    How Dangerous Is Anthropic?s Mythos AI?
    Upcoming Speaking Engagements

** *** ***** ******* *********** *************
Defense in Depth, Medieval Style

[2026.04.15] This article on the walls of Constantinople is fascinating.

    The system comprised four defensive lines arranged in formidable layers:

        The brick-lined ditch, divided by bulkheads and often flooded, 15-20
meters wide and up to 7 meters deep.
        A low breastwork, about 2 meters high, enabling defenders to fire freely
from behind.
        The outer wall, 8 meters tall and 2.8 meters thick, with 82 projecting
towers.
        The main wall -- a towering 12 meters high and 5 meters thick -- with 96
massive towers offset from those of the outer wall for maximum coverage.

    Behind the walls lay broad terraces: the parateichion, 18 meters wide, ideal
for repelling enemies who crossed the moat, and the peribolos, 15-20 meters wide
between the inner and outer walls. From the moat?s bottom to the highest tower
top, the defences reached nearly 30 meters -- a nearly unscalable barrier of
stone and ingenuity.

** *** ***** ******* *********** *************
Human Trust of AI Agents

[2026.04.16] Interesting research: ?Humans expect rationality and cooperation
from LLM opponents in strategic games.?

    Abstract: As Large Language Models (LLMs) integrate into our social and
economic interactions, we need to deepen our understanding of how humans respond
to LLMs opponents in strategic settings. We present the results of the first
controlled monetarily-incentivised laboratory experiment looking at differences
in human behaviour in a multi-player p-beauty contest against other humans and
LLMs. We use a within-subject design in order to compare behaviour at the
individual level. We show that, in this environment, human subjects choose
significantly lower numbers when playing against LLMs than humans, which is
mainly driven by the increased prevalence of ?zero? Nash-equilibrium choices.
This shift is mainly driven by subjects with high strategic reasoning ability.
Subjects who play the zero Nash-equilibrium choice motivate their strategy by
appealing to perceived LLM?s reasoning ability and, unexpectedly, propensity
towards cooperation. Our findings provide foundational insights into the
multi-player human-LLM interaction in simultaneous choice games, uncover
heterogeneities in both subjects? behaviour and beliefs about LLM?s play when
playing against them, and suggest important implications for mechanism design in
mixed human-LLM systems.

** *** ***** ******* *********** *************
Mythos and Cybersecurity

[2026.04.17] Last week, Anthropic pulled back the curtain on Claude Mythos
Preview, an AI model so capable at finding and exploiting software
vulnerabilities that the company decided it was too dangerous to release to the
public. Instead, access has been restricted to roughly 50 organizations --
Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical
infrastructure -- under an initiative called Project Glasswing.

The announcement was accompanied by a barrage of hair-raising anecdotes:
thousands of vulnerabilities uncovered across every major operating system and
browser, including a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg.
Mythos was able to weaponize a set of vulnerabilities it found in the Firefox
browser into 181 usable attacks; Anthropic?s previous flagship model could only
achieve two.

This is, in many respects, exactly the kind of responsible disclosure that
security researchers have long urged. And yet the public has been given
remarkably little with which to evaluate Anthropic?s decision. We have been
shown a highlight reel of spectacular successes. However, we can?t tell if we
have a blockbuster until they let us see the whole movie.

For example, we don?t know how many times Mythos mistakenly flagged code as
vulnerable. Anthropic said security contractors agreed with the AI?s severity
rating 198 times, with an 89 per cent severity agreement. That?s impressive, but
incomplete. Independent researchers examining similar models have found that AI
that detects nearly every real bug also hallucinates plausible-sounding
vulnerabilities in patched, correct code.

This matters. A model that autonomously finds and exploits hundreds of
vulnerabilities with inhuman precision is a game changer, but a model that
generates thousands of false alarms and non-working attacks still needs skilled
and knowledgeable humans. Without knowing the rate of false alarms in Mythos?s
unfiltered output, we cannot tell whether the examples showcased are
representative.

There is a second, subtler problem. Large language models, including Mythos,
perform best on inputs that resemble what they were trained on: widely used
open-source projects, major browsers, the Linux kernel and popular web
frameworks. Concentrating early access among the largest vendors of precisely
this software is sensible; it lets them patch first, before adversaries catch
up.

But the inverse is also true. Software outside the training distribution --
industrial control systems, medical device firmware, bespoke financial
infrastructure, regional banking software, older embedded systems -- is exactly
where out-of-the-box Mythos is likely least able to find or exploit bugs.

However, a sufficiently motivated attacker with domain expertise in one of these
fields could nevertheless wield Mythos?s advanced reasoning capabilities as a
force multiplier, probing systems that Anthropic?s own engineers lack the
specialized knowledge
--- FMail-lnx 2.3.2.6-B20251227
 * Origin: TCOB1 A Mail Only System (618:500/1)