(Credit: Getty Images)
Back in 2013, Intel announced that the first Thursday in May would be World Password Day. While the company itself has stepped back from talking about it often, the need for better password security remains a big issue, so this year we’ve updated some of our best password-related features to help you lock down your digital life. For example, these tips for remembering your passwords are essential, although we also recommend a password manager for the utmost security and protection.
And hey, only having to remember the password to your password manager is better than keeping track of the 120 passwords that researchers from NordPass say most of us have. If you want to make sure those passwords are as strong as possible, we have a foolproof passphrase method for you. But please, don’t use AI to generate passwords. It’s terrible at it, and the ones it creates may make you less secure. There is some good news. Most research says there’s no security benefit to changing your passwords regularly, so as long as you have a secure one, stick with it as long as you like.
Again, a good password manager will remove all of those problems for you, and take it from me, it’s much easier to get started with one than you might think. Best of all, if something happens to you, the best ones let you delegate access to your accounts to your loved ones in case you’re incapacitated, have a medical emergency, or worse. Also, as the web starts to transition to passkeys instead of passwords, you’ll be ready for the switch.
We reported this week that if you use Microsoft Edge as your primary browser, it stores loaded passwords in plaintext, which frankly isn’t a good look. Microsoft defended the behavior, saying that a system would already have to be compromised for this to be an issue, but it’s worth noting that no other browser does this, so it’s definitely a choice. And it’s not one that makes you more secure.
And speaking of things that seem secure but actually aren’t, this week we published a deep dive into Flock Security and its fleet of security cameras, some of which have likely started appearing in your town. The whole piece is worth your eyes, and once you learn that the cameras, marketed as being there for public safety, are actually owned and managed by private firms using taxpayer dollars, you may think twice about their presence, too.
That’s a lot, but there’s more. Let’s see what else is happening in the infosec world this week.
India Orders Infosec Red Alert in Case Mythos Sparks Crime Spree
We’ve discussed how Anthropic’s Mythos model will change cybersecurity and that security firms need to prepare for it now. Well, according to a new report from The Register, India’s Securities and Exchange Board is making sure industries that operate in the country are taking the issue seriously: The regulator has issued a “red alert” to all companies that participate in the country’s exchanges to immediately revisit their security plans and systems. The goal is to make sure they’re ready in case Mythos falls into the wrong hands and immediately triggers a crime spree, as hackers use it to exploit any systems they can get their hands on.
Additionally, the board has created a task force to get ahead of the issue, which will share intelligence, develop guidance for companies to harden their systems, and even run a SOC (Security Operations Center) dedicated to monitoring and reporting on AI-powered security threats. India isn’t the only country to suggest that companies prepare for a future where security threats are AI-powered, but it is the first, so far, to take the issue quite this seriously, assuming its plans get off the ground. In any event, whenever Mythos (or another AI model that’s similarly powerful) slips its leash and is in the hands of criminals instead of researchers, we’ll see exactly how well prepared these industries really are.
If AI's So Smart, Why Does It Keep Deleting Production Databases?
This piece at Dark Reading asks a very important question that, until now, I haven’t seen anyone answer. AI is supposed to be the cure to all of our ills, according to enthusiasts. So if that’s the case, why does it keep deleting things it’s not supposed to and breaking out of its guardrails? Well, it turns out that the issue is more human in nature than you might suspect, but that’s not giving AI a pass here: It’s more that businesses are rushing to incorporate AI into their production systems and workflows without doing their due diligence to make sure those models and integrations are actually secure.
The high-profile examples of AI agents deleting entire codebases are just another symptom of the same problem we see when AI models leak data or are vulnerable to prompt injection, which almost all AI-powered browsers are. As with any new tool in a business’s toolkit, the enthusiasm and aggressive orders from the top to stay competitive or drive growth override the need to ensure those tools are implemented properly, putting security professionals and company IT departments on the back foot when something bad happens. The fix is simple: Companies need to slow down when it comes to AI, make sure it’s right for their business and its needs first, and then deploy it properly, rather than rush to add a tool and lay off workers to “keep up.”
Internet Censorship Index Reveals Russia’s Lead and Widespread Content Blocking
As a new law in Utah takes effect, banning the use of VPNs to circumvent content blocks (even though it’s unclear whether it’s enforceable), Security Affairs just released its look at the 2026 Global Internet Censorship Index, published by GoProxies. Predictably, Russia takes a wide lead in the report thanks to its aggressive targeting of VPNs, secure messaging tools, LGBTQ+ content, AI-powered search (specifically Gemini), independent news outlets, and adult content.
Countries like the United Arab Emirates (UAE), Belarus, Bahrain, and Pakistan round out the top five, with all of them largely suppressing tools like VPNs and secure messaging apps that could allow people to coordinate without being surveilled by national authorities. China, which you might think would place higher on the list thanks to its expertise in deep packet inspection and the “Great Firewall,” is actually sixth, but GoProxies notes that there are known issues with the way they tested in China, so you should take its otherwise good-looking score with a significant grain of salt.
Overall, the report notes that countries usually don’t block the entire internet; they target specific kinds of content and communication methods when they want to control specific groups. Russia may be the most restrictive country, blocking the most technologies and platforms, but the UAE has the most censorship, blocking more types of content than any other nation. The report didn’t comment specifically on changes in access here in the United States, but I imagine that attention is being paid.