Elections increasingly attract cyber operations that target politicians, businesses and the public. These activities range from espionage campaigns against political parties to influence operations seeking to shape opinions, sow discontent or undermine democratic processes.
This newsletter, published twice a month, provides an overview of key cyber incidents and emerging threats related to the upcoming October 2026 general elections in Brazil. It offers recommendations on how organizations and individuals can mitigate and protect against these threats.
Key incidents
In this issue we focus on:
Specialized US cyber defense team not yet activated to protect 2026 midterm elections
CNN has reported that for the first time since 2020, the US government has not activated the Election Security Group (ESG), a specialized team of intelligence and military officials tasked with detecting and preventing foreign threats and interference in US elections.
Development of AI capabilities increasing concerns for bank executives around the “patch gap”
According to an April 22 Yahoo Finance article, leaders in the financial services industry are growing increasingly alarmed about the threats posed by AI-enabled cyber capabilities to their organizations and specifically around the speed with which bad actors can potentially exploit vulnerabilities in their systems.
+1,210% Estimated growth rate of AI-enabled fraud in 2025
(Source: Vectra AI Analysis, March 2026)
This was contrasted with the +195% growth rate of traditional fraud during 2025, and it was estimated that over 82% of all phishing emails were AI-generated and that such AI-generated emails resulted in a 4x higher click rate for would-be victims.
Mitigation advice twice a month
- Strengthen email security controls and conduct regular phishing awareness training by deploying advanced filtering and authentication protocols, alongside frequent simulation exercises to reinforce employees’ ability to identify and report suspicious messages.
- Reduce patching timelines by prioritizing critical vulnerabilities and accelerating update processes through structured workflows, automation where possible, and rapid testing and deployment across systems.
- Expand threat detection capabilities by implementing continuous monitoring tools, integrating threat intelligence, and analyzing network and user behavior to quickly identify and respond to anomalous activity.
- Monitor and manage reputational risk by tracking online narratives, assessing potential impacts and establishing clear communication protocols to respond effectively to misinformation or disinformation incidents.
- Strengthen third-party risk management by conducting due diligence on vendors, enforcing consistent cyber security requirements and maintaining ongoing oversight of external partners’ security practices.
- Implement heightened security measures during election periods by tightening access controls, increasing monitoring coverage and ensuring incident response teams are prepared to act quickly in high-risk scenarios.
Specialized US cyber defense team not yet activated to protect 2026 midterm elections
The ESG generally comprises officials from the US National Security Agency and US Cyber Command. Since 2020, it has been active and staffed during general and midterm elections and has by this stage briefed Congress on its efforts, according to CNN.
The ESG shares intelligence on foreign threats to US elections and is also tasked with conducting offensive operations against threat actors linked to adversary nation states, including suspected Iranian actors during the 2020 elections and suspected Russian actors spreading disinformation during the 2024 elections.
The US intelligence community’s 2026 annual threat assessment, released in March, did not address foreign interference in US elections for the first time in nearly a decade. However, it did emphasise the growing strategic importance of AI, including its potential use by foreign actors in influence and information operations.
Potential impact: Heightened cyber and foreign interference threats to US and Western elections, including election infrastructure, are almost certain to persist. Adversarial nation state actors continue to enhance their offensive cyber capabilities, increasingly through using AI-enabled tools and methodologies.
Development of AI capabilities increasing concerns of bank executives around the “patch gap”
Although the “patch gap” (the time between when a software vulnerability is discovered and when it is fixed or patched) has long existed, the advent and continued development of AI has only further heightened concerns around it. AI tools such as Anthropic’s Claude Mythos can rapidly identify previously unknown vulnerabilities, expanding exposure for both defenders and attackers.
The process of detecting vulnerabilities and developing patches can also provide a roadmap for threat actors, according to Yahoo Finance. Furthermore, the time between a patch being released and being tested and applied by bank security teams can stretch to days or weeks – leaving banks particularly exposed during this time.
Potential impact: Financial institutions are prime targets given their access to large sums and general reliance on complex systems. They are also prone to threat actors exploiting singular, identified vulnerabilities as many banks use the same third-party technology providers. This patch gap will almost certainly apply to enterprises in other sectors that are also part of critical national infrastructure (CNI) and with potentially devastating effects in many other areas.
Focus on: Anthropic’s Claude Mythos and Project Glasswing
Anthropic’s Claude Mythos, launched on 7 April, is the company’s most advanced AI model to date. It is primarily designed to autonomously identify previously unknown software vulnerabilities and it is currently restricting its use to a select group of around 50 enterprise-level users through Project Glasswing. These users include Google, Apple, Microsoft and JPMorgan Chase.
According to a 25 May SecurityWeek article, Mythos has already identified more than 23,000 potential vulnerabilities, of which roughly 3,900 are expected to be confirmed as high or critical severity. These capabilities give the model significant dual-use potential for both defence and attack, which is why Anthropic is restricting access to give defenders an early advantage.
Anthropic has also stated that it does not think Mythos currently has enough guardrails for broader release and is asking Project Glasswing participants to evaluate and advise on Mythos and its performance during this preview period. Anthropic says it plans to commercialize Mythos and make similar models more widely available in the near future.
Electoral protection in Brazil: cybersecurity training and support
Register to receive these twice-monthly reports