This is the online edition of The Wiretap newsletter, your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.When the U.S. government ordered Anthropic to prevent any foreigners from using its latest AI model Fable at the end of last week, the AI company quickly turned the model off for all users to comply. Fable is the public-facing version of Mythos, the AI model that Anthropic had limited to approved companies due to concerns over how good it was at finding vulnerabilities and hacking software. Fable, per Anthropic, is Mythos but with guardrails to prevent malicious use.According to the Wall Street Journal, the government’s directive came after Amazon researchers claimed to have found ways to get around those Fable safeguards, getting it to help carry out a cyberattack. Anthropic noted in a post that other models, like GPT 5.5, could do the same.After the directive, one hundred and fifty cybersecurity experts swiftly decried the government’s action, co-signing an open letter to Commerce Secretary Howard Lutnick and national cyber director Sean Cairncross. They argue this only benefits criminal hackers and America’s adversaries.Among the critics is Jack Cable, former cyber researcher at the DHS Cybersecurity and Infrastructure Agency. Cable, now cofounder and CEO at $200 million-valued AI cyber startup Corridor, tells Forbes that preventing cyber defenders from accessing the most advanced model for finding and exploiting vulnerabilities hamstrings their ability to protect systems. Meanwhile, malicious hackers already have access to AI tools with comparable capabilities to Fable. “It’s a dangerous path to set out on,” says Cable, who used Claude to code up Corridor’s business. He says the letter has also been sent to the White House, though there’s been no response so far.Neither Anthropic nor the government has provided an update to discussions. Anthropic previously suggested that the order was the result of a “misunderstanding.”Oege de Moor, CEO and founder of AI security company Xbow, was one of the first to test Mythos. He says that in Xbow’s tests, OpenAI’s GPT-5.5 proved almost as adept as Mythos at finding bugs and has been publicly available, for much cheaper, since April. “Dollar for dollar, GPT-5.5 gives an attacker better odds of finding an exploit than Mythos does,” de Moor tells Forbes. “Shutting down Mythos/Fable is closing the barn door after the horse has bolted.”He notes that open-weight models, which give users full control over the AI’s training and focus, “are right on the heels” of premier AI labs’ creations. He points to Chinese open-weight model Kimi-K2.6, which is already as adept as GPT-5 in crafting hacking tools to exploit flaws in code. “I'd bet we will see Mythos-quality open-weights models within six months. Once a capability is open-weight, it's out there for good. No government order can recall it.”That’s why defenders shouldn’t rely on a single model to help them secure their networks, says Qasim Mithani, co-founder and CEO of Depthfirst, a $580-million valued startup that develops its own hacking models and has claimed to be just as if not more adept than Mythos in some areas of bug hunting."Cybersecurity is too important to depend on a single model. Models can change, policies can shift and, as we saw last week, access can disappear overnight,” Mithani says. “Defenders at organizations of all sizes need reliability, autonomy, choice, and control.”Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.THE BIG STORY(Photo by JOEL SAGET / AFP via Getty Images)AFP via Getty ImagesShinyHunters Hackers Target Colleges Via Oracle ExploitsGoogle researchers have warned colleges that a prolific hacking crew called ShinyHunters is targeting them again via a vulnerability in Oracle’s PeopleSoft enterprise resource planning applications. ShinyHunters, which extorts its targets by demanding a ransom to keep victims’ data private, has successfully targeted schools and colleges before with an attack on the widely-used Canvas educational software last month. Stories You Have To Read TodayAn Iranian-linked hacking group called Handala has claimed a breach of California Water Service (Cal Water). Cybersecurity researchers at Dataminr claimed customer information had been stolen in the hack. Cal Water spokesperson Yvonne Kingman tells Forbes its investigation remains ongoing, “but our preliminary findings indicate that there are no known operational disruptions to our water and wastewater systems, including the billing platform.”The FBI seized 13 fake consulting company websites that allegedly tried to lure Americans into applying for jobs that didn’t exist. It’s believed to be part of a clandestine China-backed operation focused on acquiring data from individuals with security clearance.Winner of the WeekThe Justice Department and Homeland Security seized the domains CFAKE.com and SOCFAKE.com, which hosted thousands of images and videos edited to depict famous women as nude or engaged in sexual activity. The seizures were carried out under the authority of the Take It Down Act, which First Lady Melania Trump championed. “These domain seizures mark a significant victory in the fight against deepfake pornography,” said acting attorney general Todd Blanche in a press release. Loser of the WeekMeta has been working with a police contractor called Rank One to test its facial recognition tech in the social media company’s Ray-Ban and Oakley smart glasses, Wired reports. The company said it had no immediate plans to roll out the controversial tech, and declined to comment on working with Rank One.More On ForbesForbesForget Elon’s Data Centers In Space. This Startup Wants To Float Them At SeaBy Alan OhnsmanForbesJames Dolan’s Knicks Just Won The NBA Title. Here’s How He Made His Fortune.By Hank TuckerForbesSeed Giant Burpee Wants Americans To Garden Like It’s 1776By Chloe Sorvino