This is the online edition of The Wiretap newsletter, your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.Over the last week, internet giants and security researchers who got early access to Anthropic’s Mythos model released assessments of the powerful AI. They generally agreed that the model, alongside OpenAI’s GPT 5.5, is a major advance in finding software vulnerabilities. Not only do both models find more bugs, but they also complete cybersecurity tasks significantly faster than previous models (and humans).But Mythos users have warnings too. Grant Bourzikas, chief information security officer at Cloudflare, the $70 billion market cap internet security company, wrote in a blog that when Mythos suggested patches for vulnerabilities, if applied, they would have quietly broken something the code relied on, causing a potential crash or another weakness for a hacker to exploit. Though companies with strong security checks should be able to see where an AI has introduced a weakness, there remains a real possibility that companies might “blindly accept these patches to keep up with the volume of bugs being disclosed,” Bourzikas tells Forbes.He found that while Mythos helped his team find vulnerabilities, it also flagged a large number of “false positives.” Essentially, Mythos frequently surfaced bugs that, after human review, turned out to be innocuous. (Photo by JOEL SAGET / AFP via Getty Images)AFP via Getty ImagesPalo Alto Networks, a $200 billion market cap cybersecurity firm, had similar findings, reporting that 30% of flags from Mythos and GPT 5.5 were false, according to Axios. It did, however, manage to patch 75 vulnerabilities in one month, around seven times more than it did before in the same timeframe.Cloudflare’s experience with Mythos has shown that software needs hardening now, before attackers get hold of similarly-powerful AI, and that humans are still required to “separate noise from real, exploitable priority findings,” Bourzikas says. “The model doesn’t replace judgement.”Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.THE BIG STORYgettyThe DOJ Is Demanding Apple And Google Identify Over 100,000 Users Of This Car AppThe government is suing car app maker EZ Lynk for allegedly willfully helping users break emissions laws. As part of that case, it subpoenaed a number of corporate giants—Apple, Google, Amazon and Walmart—for the identities, addresses and purchase histories of all EZ Lynk users. The subpoenas likely affect over 100,000 people. Civil liberties groups and car hacking enthusiasts say the subpoenas are government overreach.Stories You Have To Read TodayA group of Democratic senators urged the DHS not to push ahead with plans for developing smart glasses to scan people’s faces and other biometric data. “DHS would be able to weaponize smart glasses and turn them into an authoritarian tool against anyone who speaks out against President Trump,” they wrote in a letter.A staffer at the DHS Cybersecurity and Infrastructure Security Agency accidentally leaked the department’s Amazon Web Services government account keys on Github. That means hackers could have viewed “how CISA builds, tests and deploys software internally,” independent journalist Brian Krebs reports. Experts said it was one of the more severe leaks of government information in recent memory.Winner of the WeekInvestigative reporter Kim Zetter has a fascinating story on some malware history, with a tool known as “Fast16,” which targeted Iranian nuclear development back in the mid-2000s. It was a sneaky piece of malicious software which fed “false data to engineers about the nuclear detonation tests they were conducting, in order to trick them into believing the tests were failing.”Loser of the WeekEuropol announced the takedown of 14,200 posts across social media, claiming they were propaganda produced by Iran’s Islamic Revolutionary Guard Corps (IRGC). Now the IRGC’s main X account, which had over 150,000 followers, is no longer available in Europe.More On ForbesForbesCalifornia Hater Elon Musk Needs The State’s Subsidies To Launch Tesla’s SemiBy Alan OhnsmanForbesHunting For Stocks With A Long Shot At A Giant PayoffBy William BaldwinForbesWhat To Do With All Your Parents’ Stuff–And Your OwnBy Kelly Phillips Erb