This is the online edition of The Wiretap newsletter, your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.Over the weekend, hackers exploited an AI security failure to take control of prominent Instagram accounts and post pro-Iranian messages. Among the victims were former the White House account for President Barack Obama and a senior official at the Pentagon’s Space Force.According to multiple reports and posts on cyber-focused Telegram groups, all the hackers had to do was ask Meta’s new AI support bot to initiate a password reset for a target account. Then, by telling it to send the recovery email to their own address, they could change the password and take control of the account. If Meta asked for a selfie video as an additional identity check, the hackers took facial images from the target Instagram accounts and created AI-generated selfies, which also reportedly worked. Meta has now patched the issue, according to a tweet from spokesperson Andy Stone.(Photo by Nikolas Kokovlis/NurPhoto via Getty Images)NurPhoto via Getty Images The attacks show how AI agents — even from large, established companies — can be tricked into helping launch simple but effective cyberattacks.Previously, AI bots from Anthropic and OpenAI have helped hackers generate exploit code and provided technical assistance to Chinese cyber spies. The Meta case is a more glaring example of how AI can be manipulated, with little effort, into providing direct access to user accounts. Expect similarly embarrassing gaffes in the ensuing months and years. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.THE BIG STORYgettyChinese Surveillance Dealer Wants AI To Predict Political DissentChinese surveillance provider Geedge Networks is developing AI to predict when someone is a potential political dissident, even before they explicitly dissent, based on a host of internal files leaked from the company online. The AI will assess individuals by looking at location information and internet use data, then generate profiles of citizens, according to a report at Vanderbilt University. “This is what happens when mass surveillance meets AI,” Brett J. Goldstein, the director of the Wicked Problems Lab at Vanderbilt’s Institute of National Security, told the New York Times.Stories You Have To Read TodayAnthropic is planning on releasing newer models that have the same abilities as Mythos, the AI that’s been able to find over 10,000 vulnerabilities across major operating systems and browsers. As part of Project Glasswing, Mythos had initially been limited to select companies so they could find and patch weaknesses ahead of general release, which could land “in the coming weeks,” according to a company blog post on the launch of its latest Opus 4.8 model. On Tuesday, it also announced it had expanded the list of Glasswing partners to 150 to include the U.S. government.Sections of the cybersecurity community are lambasting Microsoft for appearing to threaten legal action against researchers who publicly disclose vulnerabilities and exploits of its systems without informing the company through its disclosure channels. The tech giant has been feuding with a researcher going by the name of Nightmare Eclipse who published a number of exploits of Microsoft software, including its BitLocker encryption system. Microsoft has since clarified it won't seek to take such hackers to court.A pro-Iranian hacker claimed to have broken into the LA Metro network to steal data and destroy systems, according to an analysis from cybersecurity researchers at Gambit Security.Winner of the WeekCrowdStrike, Google and nonprofit cyber research entity The Shadowserver Foundation announced a takedown of a major botnet called Glassworm. The hackers behind it had “systematically targeted software developers” in an attempt to infect anyone who downloaded their code, as part of a sprawling software supply chain attack, CrowdStrike said. Loser of the WeekTroy Murray, a 57-year-old from North Carolina, was sentenced to 121 months in prison for selling elderly Americans’ personal information to Jamaican lottery fraud scammers. Murray was also told to pay a forfeiture of $5.2 million.More On ForbesForbesIconoclast 50 2026By Maneet AhujaForbesHow These Business Mavericks Are Rethinking PhilanthropyBy Kirk OgunrindeForbesHere Are Donald Trump’s 10 Worst Stock Trades Of 2026By Kyle Khan-Mullins