NSA Gets Secret AI, 3 Million Texans Exposed & 75,000 Firewalls Hit

The government just put an AI company inside the NSA. Not to defend networks. To help find ways into them. At the same time, more than 3 million Texans had their driver’s license and passport data exposed through a third-party vendor, and attackers harvested credentials from 75,000 Fortinet firewalls around the world, then organized the victims by how much money they were likely worth. Three stories. One uncomfortable reality: *The most powerful security tools are being locked up while your biggest risks are still the basics.* On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down what business owners, executives, IT leaders, and MSPs need to understand about AI, vendor risk, and the growing gap between the tools governments get and the threats businesses still face every day. Story 1: Anthropic Inside the NSA The Financial Times reported that Anthropic, the company behind Claude, embedded engineers inside the NSA to deploy a frontier AI model called Mythos. The same company that was previously flagged as a supply chain risk is now helping deploy one of the most advanced cyber-focused AI systems in government. Anthropic says the model is too dangerous for broad release. That raises a bigger question: If the most capable AI tools are increasingly treated as national-security assets, what happens when the tools your business depends on become tools you can no longer access? Story 2: 3 Million Texans Exposed Through a Vendor The Texas Parks and Wildlife Department disclosed a breach affecting more than 3 million people after attackers compromised a third-party vendor responsible for hunting and fishing license systems. Exposed data reportedly includes: • Driver’s license information • Passport numbers • Home addresses • Phone numbers • Email addresses Officials emphasize that Social Security numbers were not exposed. That’s missing the point. A driver’s license, passport, address, and contact information already provide everything many criminals need for identity theft, fraud, and account takeover. The lesson is simple: Your security is only as strong as the vendors holding your data. Story 3: 75,000 Fortinet Firewalls Compromised Researchers disclosed a campaign that harvested administrator and VPN credentials from roughly 75,000 Fortinet firewalls across 194 countries. The attackers didn’t just collect passwords. They categorized victims by: • Country • Industry • Company size • Estimated revenue In other words, they built a target list. Researchers say the infrastructure remains active and continues collecting credentials. If your organization uses Fortinet equipment, this is not a “someday” problem. This is a this-week problem. In This Episode • Why Anthropic’s NSA deployment matters to every business using AI • Whether cybersecurity will become the justification for restricting advanced AI capabilities • How a third-party vendor exposed more than 3 million Texans • Why “no Social Security numbers were stolen” is often the wrong question • How attackers harvested credentials from 75,000 Fortinet devices • The immediate actions Fortinet customers should take • Why cybersecurity still comes down to fundamentals, even as AI transforms the battlefield The Bottom Line Most businesses worry about futuristic threats. Meanwhile, attackers are still winning through vendors, passwords, exposed systems, and concentration risk. The technology is changing fast. The fundamentals are not. Security Squawk is a weekly podcast and livestream focused on cybersecurity, business risk, ransomware, AI, vendor risk, and executive decision-making. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Anthropic #NSA #AI #Claude #Fortinet #DataBreach #VendorRisk #IdentityTheft #BusinessRisk #MSP #Ransomware #AIRegulation