Why stop at just license plates?

Danny Brugmann

7 min read
Share
Why stop at just license plates?

Five Cyber Stories - June 14, 2026, Issue 012

Howdy! Welcome back for another edition of Five Cyber Stories. This week I'm talking about capturing all your signals, new AI models, and more.

But first, was this newsletter shared with you? Follow this link to quickly subscribe.

And now, without further ado, it's story time!

All your signals belong to us ($)

Reporting from 404 Media's Joseph Cox

Captured signals: Automated license plate readers (A.L.P.R.s) aren't very popular. Congress recently debated ($) "effectively" banning the surveillance tech via funding constraints. Some towns have also banned them ($) by ending relationships with vendors. Still, the demand for the technology from law enforcement and governments appears high. I recently wrote about the tech being used on school buses ($), and the F.B.I. is seeking ($) to buy access.

This week, 404 Media's Joseph Cox reported that the company Leonardo is seeking to augment A.L.P.R.s with tech that also captures "unique identifiers of mobile phones, wearables, and other Bluetooth-enabled devices in those cars," to create a tool named SignalTrace. The idea is that by pairing license plate readers with identifiable information, law enforcement would be able to drill down on who was in each car that is photographed or filmed by matching the various digital signals including the pictured license plate.

Dual uses: I can imagine of a lot of good uses for SignalTrace, but I can also imagine a lot of potential abuses. I feel uneasy about the latter. In fact, I don't have to imagine abuses of surveillance tech by law enforcement as several have been reported by outlets like 404 Media ($) and Wired ($). This is further evidence that we need a rigorous debate about the boundaries of digital surveillance. Faithful readers are probably tired of reading it here, but it is all the more true.

A new Mythos and Fable

Reporting from Cyberscoop's Derek B. Johnson

A Mythos reborn: Anthropic is releasing a new version of its powerful Mythos model to the public in the form of Fable 5. According to reporting from Cyberscoop's Derek B. Johnson, Fable is based on the Mythos family of A.I. models, but it comes with built-in safeguards. If it's prompted on topics such as cybersecurity and biology, it reverts to Anthropic's less capable Claude Opus 4.8 model. Only members of Anthropic's Project Glasswing, which I've written about previously, will have access to the full capabilities of the newly updated Mythos 5 model. According to Anthropic, both Mythos 5 and Fable 5 are broadly more powerful than the first release of the Mythos Preview as reported by The Register's Thomas Claburn.

Mythos's story: The fears around the capabilities of Mythos' original previews have had real impact. It's drawn the attention ($) of the White House, and it's initiated multiple rounds of press coverage ($). This week is no exception ($). Now, a version of this powerful model, Fable 5, is available to the public. Though Anthropic is reportedly giving Fable "guardrails," my concern is still more directed at smaller businesses and organizations without cybersecurity infrastructure.

Yes, the hyperbole and narratives around Mythos have already re-shaped ($) the industry and even larger conversation about AI, but many of these conversations are centered around large corporations with existing and complex security teams. These are luxuries the average small business, local bank, or rural elementary school does not have. Fable 5's guardrails are effectively (and frustratingly to some) moving certain biological ($) and cybersecurity prompts to an older model, Claude Opus 4.8, but it's proven that the latest models aren't needed to create powerful malware.

What's more, one of the latest A.I. enabled cybersecurity incidents was avoidable with the practice of basic security principles - multi-factor authentication. Until we societally clear the low hurdles, it's smaller organizations' cybersecurity I fear for the most.

To close this story, Anthropic has already had to revise some of Fable 5's safeguards in regards to cybersecurity after hefty criticism.

It's not just for nerds ($)

Reporting from Wired's Matt Burgess and TechCrunch's Zack Whittaker

Cyber politics: Europe is increasingly seeking to move away from American technology to pursue what's been labeled "digital sovereignty." Wired's Matt Burgess details ($) multiple examples of European governments and organizations looking for non-American alternatives to tools such as Google Docs, Amazon Web Services, Microsoft Office, and more. The article ($) also includes a more detailed list of some of the changes European groups are making. Burgess's reporting delves into some of political motivations behind the movement.

And on this side of the pond, Americans are also starting to take actions to hamper big tech's influence. TechCrunch's Zack Whittacker reported this week that Massachusetts is close to passing the Consumer Data Privacy Act which would put restrictions on companies that deal with the data of over 100,000 customers. This would include making it illegal for companies to sell "precise location data."

A groundswell: I was first made aware of Europe's trend towards "digital sovereignty" in an opinion piece by The Register's Steven J. Vaughan-Nichols back in April. With more American mainstream publications like Wired beginning to cover the topic, it appears that the trend is continuing to gain traction. Nations are beginning to see digital tools as part of their national security.

And though we're still without a national digital privacy law in the U.S., more states are starting to pick up the slack. Massachusetts is one of multiple states who have begun to protect their residents' data, and California even fined General Motors $12.75 million (though the crime itself generated $20 million of sales) this year for violating the California Consumer Privacy Act.

I began this newsletter because I believe cybersecurity and privacy affect everyone's non-digital lives. The digital sovereignty movement in Europe and the American push back to data brokers show that politicians and their constituents are beginning to reflect this.

A world of targets

Reporting from Cybersecurity Dive's David Jones and Politico's Maggie Miller

Kickoff: The start of the 2026 F.I.F.A. World Cup means the beginning of one of the largest sports tournaments in the world and "a massive attack surface for cyber threat activity or even violence," writes Cybersecurity Dive's David Jones. He goes onto list the types of potential and active cyber threats that are zeroing on soccer fans including phishing attacks, spoofed websites, ticketing scams, Q.R.-code fraud, distributed denial of service (D.D.o.S.) attacks, and cyberattacks from state actors. The war with Iran certainly heightens some of these risks.

Security concerns for the times: When I think of the security required for a large sporting event, my mind goes to police presence, metal detectors, crowd control, and other physical safety practices. The digital era requires a broader perspective. In April, Politico's Maggie Miller wrote ($) a fascinating article about the security prep in American cities going into the World Cup. C.I.S.A. is playing an active role despite its struggles, and I was surprised that safety drills and rehearsals included cyber security agencies. I highly recommend giving Miller's reporting ($) a read as it showcases another great example of how cybersecurity is a critical part of our physical security even at live events.

Your regularly scheduled update on F.I.S.A.

Reporting by TechCrunch's Zack Whittacker and The Verge's Gaby Del Valle

F.I.S.A. to go dark: After Congress renewed the Foreign Intelligence Surveillance Act, commonly known as F.I.S.A., for 45 days in May, the law is now set to expire. The House voted against re-authorizing F.I.S.A. on Thursday, and now Congress is on recess with the bill set to expire. Zack Whittaker reported on the political hurdles that led to the failed vote with members of both parties voting nay.

But wait: This doesn't mean that warrantless surveillance is at an end. The Verge's Gaby Del Valle wrote an excellent breakdown of how the surveillance powers enabled by F.I.S.A. are still available to U.S. intelligence agencies even after the law expires. It turns out that the expiration of F.I.S.A. and its Section 702 are effectively more like guidelines due to other standing laws and executive orders.

So, U.S. intelligence agencies can continue hoovering up data that includes sensitive information about Americans without a warrant. This is in spite of there being bipartisan consensus that F.I.S.A. and its kind of surveillance needs reform. Many including myself believe this is in conflict with our nation's Fourth Amendment and the Bill of Rights. For this reason, I believe the debate regarding F.I.S.A. reform is important for all Americans.

Wrap Up:

Thanks for reading this week! Here are a few other articles that I found interesting and relevant:

And here are a few more articles I haven't gotten to yet but will likely make for some great Sunday reads:

For next week, it will be a shorter newsletter that contains recommended articles similar to this one. It's the start of summer, and I have a few personal matters that need some attention. Still, I'll make sure there are some links to some good stories. See you then!

Danny

Read more