Jordan: An AI model that autonomously discovers and exploits zero-day vulnerabilities across major operating systems and browsers. The company that built it says it's too dangerous to release publicly. And that's the good-guy version. Take a moment with that.

Alex: Welcome to Cleartext. It's Wednesday, April 8th, 2026. I'm Alex Chen.

Jordan: And I'm Jordan Reeves.

Alex: Today we've got a dense threat landscape to work through. Iranian actors actively hitting OT systems across U.S. critical infrastructure. A Russian GRU operation that stole Microsoft 365 tokens from 18,000 routers without touching a single endpoint. A supply chain attack through a SaaS integrator hitting a dozen Snowflake customers. A Massachusetts hospital diverting ambulances. And a proposed CISA budget cut that would gut the very services many of you rely on for baseline security hygiene. Plus, the FBI's 2025 cybercrime numbers are out, and they're not pretty. Let's get into it.

Jordan: Let's start with the joint advisory that dropped yesterday from CISA, FBI, NSA, and the Pentagon. Iranian-affiliated APT actors are actively exploiting internet-facing PLCs—specifically Rockwell Automation and Allen-Bradley hardware—across U.S. energy, water, and municipal networks. We're not talking about reconnaissance. These are confirmed operational disruptions. Diminished PLC functionality, manipulated display data, service interruptions.

Alex: The timing here matters as much as the targeting. U.S.-Iran geopolitical tensions are elevated, and this is the operational expression of that. For CISOs in energy, utilities, water, and municipal government, this is not a theoretical risk right now. This is the threat environment you're operating in today.

Jordan: The core problem is one we've talked about before and it never seems to get fixed: internet-facing OT. These PLCs were never designed to be exposed to the internet, and yet they are. Some because of deliberate remote access decisions, some because someone plugged something in without thinking, some because a vendor needed access and the firewall rule never got cleaned up. The attack surface is known. The problem is remediation velocity.

Alex: If you have OT in your environment—and that includes manufacturing CISOs, not just utilities—this advisory is your board-level briefing this week. Pull your ICS and SCADA exposure inventory. If you can't produce it in 24 hours, that's finding number one. Segment, monitor, and for anything internet-facing with no legitimate business justification, the answer is: take it offline.

Jordan: Pivot to Russia, because the Forest Blizzard operation is just as important and considerably more elegant from an attacker's standpoint. GRU-linked APT28 compromised over 18,000 routers across 120 countries and used them to intercept Microsoft 365 authentication tokens via DNS hijacking. No malware deployed on victim endpoints. No EDR alert. The credential theft happened upstream, in the network layer, on infrastructure you don't own.

Alex: This is the part that should keep endpoint-centric security programs up at night. If your detection strategy relies heavily on endpoint telemetry, you have a visibility gap that nation-state actors are actively exploiting. The FBI executed a court-authorized operation to sever U.S.-based routers from the botnet, which is good. But the broader technique is not going away.

Jordan: Your action items here are concrete. Review your conditional access policies for Microsoft 365. Token lifetime restrictions, device compliance requirements, continuous access evaluation—these are the controls that degrade the value of a stolen token. Also, this is another argument for network-level monitoring, not just endpoint. If your SOC isn't looking at DNS anomalies, you have a blind spot.

Alex: Now let's talk about the story that is genuinely paradigm-shifting, and I want to be precise about that word because I don't use it lightly. Anthropic has announced Claude Mythos, a model that can autonomously identify zero-day vulnerabilities and construct working exploits across major operating systems and browsers. They've restricted it to 45-plus organizations through a program called Project Glasswing—AWS, Apple, Broadcom, Cisco, CrowdStrike are in that consortium. And Anthropic's own characterization is that the model is too dangerous to release broadly.

Jordan: I want to sit on the threat side of this for a second, because the defensive framing is going to dominate the press coverage and it shouldn't dominate your thinking. What Anthropic is describing—autonomous zero-day discovery and working exploit generation—is a capability that adversary nation-states are also racing to develop. The gap between a controlled Glasswing rollout and a proliferated offensive tool is not as wide as anyone would like.

Alex: From a CISO strategy standpoint, this compresses the timeline between vulnerability disclosure and weaponization in a way that breaks the assumptions underneath most patch management programs. If AI can go from "this is an interesting code pattern" to "here is a working exploit" in hours instead of weeks, then your 30-day patching SLA for critical vulnerabilities is already obsolete. The programs that survive this transition are the ones that can move in days, with automated patching pipelines and rigorous asset inventory so you actually know what you're running.

Jordan: And the flip side—which is the genuine promise of Glasswing—is that defenders with access to these tools can find and remediate vulnerabilities faster than attackers can exploit them. That's the race. The question is whether the defensive consortium stays ahead of proliferation.

Alex: Let's run through the supply chain stories together because they're thematically linked. First, the Snowflake customer breach. A SaaS integration provider was compromised, authentication tokens were stolen, and attackers used those tokens to access Snowflake environments at over a dozen companies. No malware, no brute force—just valid tokens used from unexpected places.

Jordan: This is the 2024 Snowflake campaign pattern repeating itself with a twist. Last time it was customer credential hygiene. This time it's third-party integrator hygiene. Every SaaS vendor in your ecosystem that has persistent authentication into your cloud data environment is an extension of your attack surface. If you haven't audited those OAuth grants and token permissions in the last 90 days, that audit just became urgent.

Alex: And connected to that—the North Korea npm story. DPRK actors spent weeks social engineering an Axios maintainer through a fake Slack workspace and a fabricated Microsoft Teams call, got him to install a RAT, and injected malware into packages downloaded 100 million times per week. OpenSSF has issued an advisory warning that other maintainers are being targeted with identical tactics.

Jordan: The sophistication of the social engineering here is notable. This wasn't a phishing email. This was weeks of relationship building, a cloned company identity, a live video call. The patience and investment is consistent with state-level resourcing. And the target selection is smart—a widely-used open source package is a force multiplier that any supply chain team should be modeling.

Alex: The healthcare hit in Massachusetts can't go unaddressed, even briefly. Signature Healthcare is diverting ambulances, canceling cancer treatments, and running on downtime procedures after a cyberattack took their EHR systems offline. For healthcare CISOs listening, this is your board conversation. Life-safety consequences are now a standard feature of healthcare cyber incidents, and your incident response plan needs to account for clinical continuity, not just IT recovery.

Jordan: And your regulators know it too. The liability exposure from a patient harm event tied to a cyber incident is a different category of risk than a data breach fine.

Alex: Okay—the FBI IC3 numbers. Twenty-point-nine billion dollars in U.S. cybercrime losses in 2025. Up 26 percent year over year. Investment fraud, BEC, and data breaches drove the bulk of it. And the FBI explicitly flags that actual losses are substantially higher due to underreporting.

Jordan: The number that matters for your board deck is that 26 percent growth rate. Cyber losses are compounding. If your security budget isn't growing at a comparable rate, you are losing ground in real terms. This report is your external validation for that conversation.

Alex: Now let's talk about CISA, because this is the story with the longest tail. The Trump administration's FY2027 budget proposal cuts CISA by approximately 700 million dollars and eliminates nearly 900 positions. Specifically targeted: vulnerability scanning services and field support for critical infrastructure operators.

Jordan: I'll be direct. CISA's free vulnerability scanning has been a meaningful resource for a lot of organizations that don't have the internal capacity to replicate it—municipalities, water utilities, smaller healthcare systems. Cutting it doesn't make those vulnerabilities disappear. It just removes one layer of detection. For the Iranian PLC story we opened with, the timing of this proposed cut is genuinely terrible.

Alex: For CISOs in regulated sectors who have depended on CISA field support for incident response and exercises, you need to start identifying private-sector alternatives now. Don't wait to see how the budget negotiations land. The planning assumption should be reduced federal support, and your resilience posture needs to account for that.

Jordan: The week's theme is pretty clear: the infrastructure of U.S. cyber defense is under simultaneous pressure from multiple directions. Nation-state actors are hitting OT and cloud credentials at scale. AI is compressing attack timelines. Supply chains are being weaponized with patience and precision. And the federal backstop that critical infrastructure operators have relied on is getting smaller.

Alex: What to watch: how quickly the Glasswing consortium actually deploys Claude Mythos defensively and whether any findings come out publicly. Also watch the CISA budget fight—this is going to be a major fault line in the security community over the next several months. And if you're in energy or utilities, watch for follow-on advisories to the Iranian PLC alert. These campaigns tend to escalate before they de-escalate.

Jordan: And patch your internet-facing OT. Every time we say it, someone hears it for the first time.

Alex: That's Cleartext for Wednesday, April 8th. If you found this useful, share it with a peer who needs it. We're back tomorrow with whatever the threat landscape decides to hand us, which lately has been plenty.

Jordan: Stay clear.