Category: NIST

Wintermute Arrives: AI-Orchestrated Cyber Espionage Becomes Reality

Share

On November 13, 2025, Anthropic, the developer of an artificial intelligence model (“AI”) known as Claude, announced that it had detected and helped disrupt what it believes to be the first cyber espionage campaign orchestrated primarily by autonomous AI agents.1   Anthropic stated that it had “high confidence” that the campaign was orchestrated by a state-sponsored group, and described the campaign as a “significant escalation” in the evolution of cybersecurity threats.  Like the artificial intelligence in William Gibson’s Neuromancer, AI technology is now able to automate and assist complex attacks on a large scale, and lowers the barrier to sophisticated hacking of computer systems.  The incident is a reminder of the risks to both the developers of these technologies, and the businesses and individuals whose data may be at risk from malicious use of AI.

Summary of the Incident

In mid-September 2025, Anthropic’s Threat Intelligence team discovered suspicious activity that was later traced to a Chinese state-sponsored group they designated as “GTG-100.”2  GTG-1002 had used social engineering and “jailbreaking” techniques to manipulate Claude Code developer tool into executing cyberattacks. Specifically, human actors convinced Claude to assist in the attack by posing as employees of a cybersecurity firm engaged in defensive testing and breaking the larger campaign down into smaller steps that standing alone, seemed innocuous and concealed their offensive purpose.3

Continue reading “Wintermute Arrives: AI-Orchestrated Cyber Espionage Becomes Reality”

NIST Releases New Draft of Artificial Intelligence Risk Management Framework for Comment

Share

The National Institute of Standards and Technology (NIST) has released the second draft of its Artificial Intelligence (AI) Risk Management Framework (RMF) for comment. Comments are due by September 29, 2022.

NIST, part of the U.S. Department of Commerce, helps individuals and businesses of all sizes better understand, manage and reduce their respective “risk footprint.”  Although the NIST AI RMF is a voluntary framework, it has the potential to impact legislation. NIST frameworks have previously served as basis for state and federal regulations, like the 2017 New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500).

The AI RMF was designed and is intended for voluntary use to address potential risks in “the design, development, use and evaluation of AI products, services and systems.” NIST envisions the AI RMF to be a “living document” that will be updated regularly as technology and approaches to AI reliability to evolve and change over time.

Continue reading “NIST Releases New Draft of Artificial Intelligence Risk Management Framework for Comment”

“Zero Trust Architecture” Is Officially Here: NIST Publishes New Cybersecurity Framework

Share

The National Institute of Standards and Technology, commonly referred to as NIST, recently published a new computer framework for users to consider as a cyber-framework security model — the Zero Trust Architecture Model (ZTA). This new model was officially published in NIST SP 800-207 in late 2020.

Continue reading ““Zero Trust Architecture” Is Officially Here: NIST Publishes New Cybersecurity Framework”

NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment

Share

In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.

Continue reading “NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment”

NIST Privacy Framework Takes Shape

Share

As previously reported, the National Institute of Standards and Technology (NIST) is developing a voluntary Privacy Framework in collaboration with private- and public-sector stakeholders. The goal is to help organizations better identify, assess, manage, and communicate their privacy risks. Other benefits anticipated from this project are fostering the growth of innovative approaches to protecting individual privacy and creating greater trust in products and services that may use the Framework once it is established.

Continue reading “NIST Privacy Framework Takes Shape”

NIST Seeks Public Comment on Developing a Privacy Framework

Share

The National Institute of Standards and Technology (NIST) published its request for information (RFI) covering a series of questions designed to assist in the development of a voluntary framework meant to improve the management of the privacy risk that could arise from the collection, storage and use of individuals’ information in the Federal Register on November 14, 2018.

Continue reading “NIST Seeks Public Comment on Developing a Privacy Framework”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy