AI AND CYBERSECURITY: A KEY CHALLENGE AND THE OCCASION TO SET UP AN EUROPEAN RESPONSE
Three developments have placed AI and cybersecurity at the heart of European strategic concerns:
- The emergence of AI systems capable of detecting code vulnerabilities at scale, notably MYTHOS by Anthropic, has raised questions about the future role of cybersecurity vendors, particularly in threat management and vulnerability assessment. This was a central topic at the INCYBER Forum in Lille, in the Teaming Up for Cyber workshop, organised by the ECA, bringing together researchers, vendors, and CISOs.
- Anthropic’s decision to restrict access to MYTHOS to a limited number of companies through the GLASSWING project, including Cisco, Palo Alto, and CrowdStrike, effectively creates a closed US-centric ecosystem.
- Most recently, the US administration’s decision to ban non-US actors from accessing these tools has further underscored the risk of strategic dependency for European cybersecurity players. While this decision has been reversed on July 1st, it seems impossible to accept such a hazardous dependency where European actors can be suddenly deprived of essential systems while others would keep benefiting from them.
In response to these developments, ECA has initiated a working group to explore the feasibility of a coordinated European response that leverages domestic AI capabilities and cybersecurity expertise. Important cyber vendors, AI system providers and integrators are actively working on this issue.
THE FRENCH STATISTICS AGENCY HIT
The National Institute of Statistics and Economic Studies (Insee), the French public statistical service, announced on June 26, 2026 that it had been the victim of a cyberattack that targeted its directory of agents and resulted in a breach of personal data. The incident affected the identity and professional contact information of approximately 12,800 people currently working, formerly working, or affiliated with Insee. The agency, a directorate general of the Ministry of the Economy, said that no sensitive data was compromised. Passwords, personal contact information, bank details, social security numbers, and health information were not affected by the breach. Moreover, data collected on French economic actors or citizens are not concerned.
MORE ON JAGUAR LAND ROVER BIG DISRUPTION
This Newsletter has reported several times on the disruption of JAGUAR LAND ROVER Group by a vast cyber attack in September 2025. The devastating attack on the British car manufacturer was estimated to cost the UK economy a dramatic €2.2 billion, due to the shutdown of an entire supply chain. On a Telegram channel, the cybercriminals “Scattered Lapsus$ Hunters” initially claimed responsibility for the attack.The name references three already well-known English- and French-speaking cybercriminal groups. However, according to several people close to the investigation interviewed by the New York Times, a Russian hacker group more likely carried out the attack. The New York newspaper also reports that the Russian hackers suspected of being behind it used an unprecedented ransomware. It included a “stunning,” “really very complex” encryption algorithm, investigators say. This suggests advanced computer skills, usually the hallmark of organized groups. However, the question whether the criminal group directly reports to Russian Services, or acts independently, is still open.
NEW INSIDIOUS ATTACK PATH EXPOSED
The DeepSeek large language model demonstrated a new browser-only ransomware technique capable of running on Windows, macOS, Linux and Android devices without installing malware or exploiting browser flaws. Researchers from Check Point say they analyzed a file they say came from prompting the Chinese-made artificial intelligence chatbot. The application, dubbed InfernoGrabber v9.0, masquerades as a fake Discord avatar AI upscaler. ” Beyond credential theft and data harvesting, the code revealed an unusual attack path that uses the browser’s File System Access API to encrypt files and display a ransom note entirely from within the browser.
Check Point said the attack works by tricking a user into granting a malicious webpage access to a local folder. Once permission is approved, the page can enumerate files, read and exfiltrate their contents, encrypt and overwrite them, and then present an extortion message. The technique requires no native payload, browser exploit or root access. Researchers said the significance lies less in the malware itself than in how the attack path was created. According to Check Point, the DeepSeek-generated sample linked an unrealistic “browser ransomware” concept with a legitimate browser capability, producing a practical proof of concept for an attack that defenders had largely dismissed as infeasible
THE US HOMELAND SECURITY TARGETED BY A CYBER ATTACK
The Department of Homeland Security (DHS) has just confirmed a major breach in its system, highlighting potentially serious vulnerabilities. The target? The Homeland Security Information Network (HSIN), an intelligence-sharing platform used by a wide range of federal, state, and local agencies. The attack reportedly took place at the end of May and once again casts doubt on the strength of the U.S. critical infrastructure, right in the middle of the World Cup. This comes after a long list of attacks against US governmental and other official boards.
HACKERS TOPPLED
Another police crackdown on cybercrime. The French Anti-Cybercrime Office (Ofac) just announced five arrests linked to the ‘Marak’ gang, a group accused of targeting healthcare facilities, medical sector companies, and even a messaging service used by the customs department. The investigation into ‘Marak’ had started in July 2025 after a hack of a healthcare facility in the Loire, also reported Nicolas Guidoux. It involved a breach at the Hôpital privé de la Loire (HPL), based in Saint-Étienne.The healthcare facility had then reported ‘an identity theft that led to the theft of certain patients’ personal data.‘ In fact, according to a report by the CERT SANTE, “the suspects were exploiting a human vulnerability in the authentication system of digital professional cards”. According to the Paris prosecutor’s office, the hacking of an account used by a doctor allowed the hackers to steal data from 525,000 patients. Then the hackers targeted the National Health Insurance Fund, e-health services, and customs agents. The police were able to trace the five suspects, notably thanks to the compromise indicators collected by the digital specialists from the regional support groups for e-health (CERT SANTE), also notes the report.
AI NOT SO SECURE !
(Tribute to LE POINT)
This is a scientific document that exposes the vulnerability of our current artificial intelligence systems. On the arXiv platform, two researchers from Florida International University recently unveiled “JaiLIP” (Jailbreaking with Loss-guided Image Perturbation), a formidable attack method targeting models capable of analyzing images. The principle? Rather than manipulating text, JaiLIP poisons the pixels directly. The algorithm calculates tiny mathematical alterations, completely invisible to the human eye, but which act like a real digital Trojan horse. Unlike us, AI doesn’t “see” an image; it reads a matrix of numbers. Once submitted to the model, the trapped image exploits the flaw and bypasses ethical safeguards. In the researchers’ tests, for example, a simple tampered photo of a traffic light was enough to make the AI explain in detail how to run a red light without receiving a fine


