AI Rules, Fortinet Breaches, and a New HTTP Query

Governing AI through opaque, ad hoc interventions is unsustainable, experts warn.

Anthropic has spent much of this week fighting to get its newest AI models back online after the Trump administration abruptly ordered the company to cut access for all foreign nationals, including users inside the US and its own employees, forcing Anthropic to block access to Fable 5 and Mythos 5 for everyone.

“To my knowledge, this is the first time US export controls have been used to control access to an AI model in this way.”

The Trump administration has not publicly explained the legal basis for the order, but in a statement on its website, Anthropic said the government cited “national security authorities” to justify “an export control directive” on the models.

But why did the administration use export control rules to address this? Experts say the episode appears to be unprecedented, exposing an uncertain and unstable stage in AI governance. And what, exactly, is Anthropic supposed to be exporting? (The company did not respond to The Verge ’s request for comment.)

Cybercriminals have compromised tens of thousands of Fortinet firewalls and VPNs used by major companies all over the world, according to two cybersecurity firms.

The widespread hacking campaign, which is ongoing and has been dubbed FortiBleed, appears to not involve abusing any unknown vulnerability in the targeted devices, but rather on a more basic issue: Companies may not be changing passwords to the firewall, nor making sure that the credentials they use for sensitive systems exposed on the internet are not already known by hackers.

In this campaign, hackers are first using automated tools to scan the internet for exposed Fortinet firewalls and VPNs. Then, they are breaking into the devices thanks to lists of previously known passwords. At that point, the cybercriminals can steal more sensitive data from the victim companies, cybersecurity firms Hudson Rock and SOCRadar wrote in their reports that they published this week.

“Once a device is compromised, [the hackers] use it as a listening post, monitoring traffic passing through and collecting any additional credentials that flow by. Those freshly collected passwords are then fed back into the scanner to compromise even more devices. The system feeds itself,” SOCRadar wrote.

Fortinet spokesperson Tiffany Curci told TechCrunch that the company “is aware of a reported third-party credential-harvesting campaign targeting Fortinet firewalls and VPN gateways.” Fortinet said that based on the company’s analysis, the data involved is “a resharing of data from previous incidents, as well as bruteforcing of credentials, and is not related to any recent incident or advisory.”

Odyssey, a world model AI startup founded by self-driving vehicle pioneers CEO Oliver Cameron and CTO Jeff Hawke, has raised a $310 million Series B round at a $1.45B valuation led by Natural Capital, with Amazon, AMD Ventures, GV, and others participating.

World models are the next big thing in AI beyond text- and chat-based large language models. They gather data from the physical world and simulate it with accurate physics. In Odyssey’s case, it has mimicked how Google Earth gathered data; the startup sent people out with cameras strapped to their backs . (Google drives camera-equipped cars around.)

That approach makes sense given the backgrounds of the founders. Cameron was the co-founder and CEO of autonomous vehicle startup Voyage, which was acquired by GM’s Cruise , where he later became VP of product; Hawke was an engineer at buzzy U.K. self-driving startup Wayve.

Odyssey, founded in 2023, now offers a handful of world models for a variety of use cases, from video-game creation to robotics. It is perhaps best known for producing rich, interactive video from text prompts.

With the backing from Amazon, the startup says AWS is now its preferred cloud provider and it will optimize its models to run on AWS’s Trainium chips, a competitor to Nvidia’s AI chips.

Hacker News is discussing RFC 10008, published by the RFC Editor.

The item presents it as the new HTTP Query Method.

The thread has 307 upvotes and 140 comments.

The RFC Editor link is the primary artifact for developers who want the exact method definition.

Tesco filed a lawsuit in the UK’s High Court against Broadcom alleging breach of contract last year. According to a September report from The Register , the lawsuit claimed that in January 2021, Tesco bought perpetual licenses for VMware’s vSphere Foundation and Cloud Foundation, a subscription to VMware Tanzu, plus support services until 2026, with the option to extend support for four additional years.

But when Broadcom took over VMware in November 2023, it would not honor the deal and instead tried to get Tesco to pay “excessive and inflated prices for virtualization software for which Tesco has already paid” and would not allow it to buy support services for its perpetually licensed software without buying “duplicative subscription-based licenses for those same Software products,” the initial complaint read, The Register reported at the time.

Tesco, which reported 73.7 billion pounds (about $98.7 billion) in revenue in its fiscal year 2026, has since started migrating away from VMware and Broadcom’s mainframe products, according to late-May court filings reported on by The Register today.

In January, Broadcom stopped supporting Tesco’s VMware products, Tesco said, and Tesco has been paying for third-party support since. In its initial filing, Tesco also said that Broadcom refused to upgrade software or provide all security updates to customers without subscriptions .

Faced with Broadcom’s abusive conduct, and given the criticality of virtualization and mainframe software and services to its business, Tesco has been forced to incur material costs to procure alternative solutions with reduced functionality, and to migrate to that software in a manner, and on a timeframe, that creates very significant risks to its business.