Disneyland Implements Facial Recognition for Guests

A gunman attempted to breach the White House Correspondents’ Dinner in Washington, DC, last weekend, while President Donald Trump, Vice President JD Vance, and various administration officials were present. Reports from the media and Trump himself quickly named the suspected shooter as 31-year-old Cole Tomas Allen, an engineer and computer scientist. The California native was apprehended at the scene on Saturday and appeared in the US District Court for the District of Columbia on Monday to face three federal charges: attempting to assassinate the president, transporting a firearm across state lines, and discharging a firearm during a violent crime.

This week, the FIDO Alliance, an authentication standards organization, announced collaborative working groups with Google and Mastercard aimed at developing technical safeguards for validating and protecting transactions initiated by AI agents. In response to the increasing sensitivity and prevalence of AI applications, OpenAI has introduced an “advanced” security risk mode for ChatGPT and Codex accounts that are at a higher risk of attack.

New research has revealed an incident involving the online exposure of 90,000 screenshots from a European celebrity’s phone, highlighting the threats posed by commercially available spyware as it relates to personal privacy and the potential for extensive data breaches and misuse. Additionally, WIRED examined arrests in the United Arab Emirates resulting from individuals sharing screenshots and other online content.

And there’s more. Each week, we compile security and privacy news that hasn’t been covered in detail. Click the headlines for the full stories and take care out there.

The Happiest Place on Earth just became a bit unsettling. The Walt Disney Company announced this week that visitors to Disneyland Park and Disney California Adventure Park can choose to enter through a designated lane equipped with facial recognition technology. While the company claims that using facial recognition is “entirely optional,” it also notes that “your image may still be captured” if you opt for lanes without this technology. Disney’s system, like many others, converts images of faces into numerical values for matching in other images. The company states these numerical values will be erased after 30 days, “except in legal or fraud-prevention scenarios.”

Facial recognition systems are broadly utilized throughout the United States and globally. While law enforcement agencies frequently employ this technology, it is also pervasive in everyday settings, including airports, MLB and NFL stadiums, and Madison Square Garden.

Anthropic’s Mythos Preview AI model has gained a reputation for its proficiency in uncovering hackable vulnerabilities in software, resulting in restricted use to avoid falling into the wrong hands. Thus, it may not be surprising that the National Security Agency is not already testing it.

Reports from Bloomberg News and Axios indicate that the NSA is among the agencies and firms granted early access to Mythos, which has been limited to 40 organizations thus far. The agency has employed the tool to search for vulnerabilities in Microsoft’s software—understandably, given its widespread use—and has been impressed with its quick and effective identification of exploitable weaknesses, according to unnamed sources speaking to Bloomberg. The agency’s responsibilities include assisting the US government in identifying and fixing security vulnerabilities in its software, as well as occasionally exploiting those vulnerabilities for its own operations.

The NSA’s testing or adoption of Anthropic’s AI tool appears to have proceeded despite the Department of Defense’s imposed ban on Anthropic, which followed Defense Secretary Pete Hegseth’s assertion that the company poses a supply chain risk. Hegseth stated in February that the DOD would transition away from Anthropic’s tools over a six-month period, and Anthropic has initiated legal action to stop the ban. As the NSA is part of the DOD, it remains uncertain whether the agency is temporarily using Mythos before the ban’s implementation, or if the tool’s efficacy could lead the NSA to reconsider its ban—or create an exception.

The ransomware group Scattered Spider has been linked to some of the most damaging extortion-based hacking operations in recent years, including breaches of MGM Resorts, Caesars Entertainment, and retailers like M&S and Harrods. This gang is particularly notable for its young, English-speaking members located in countries that cooperate with US law enforcement, leading to frequent arrests.

The latest suspected member to be identified and charged is 19-year-old Peter Stokes, who was apprehended at an airport in Finland as he prepared to board a flight to Japan. According to the Chicago Tribune, his alleged involvement in targeting four Scattered Spider victims is detailed in a criminal complaint that is currently under seal. Stokes is reportedly accused of assisting in stealing millions from those unidentified companies, which included an online communication platform and a luxury retailer. Allegedly, he lived a jet-setting lifestyle, traveling from Dubai to Thailand to New York, and has been seen in a photo wearing a diamond-studded necklace that reads “HACK THE PLANET.”

A Medicare database that was inadvertently left exposed on the open internet has revealed the Social Security numbers and personal information of healthcare providers across the US, according to the Washington Post. This database was linked to an online directory for the Centers for Medicare and Medicaid Services (CMS), allowing Medicare patients to identify which insurance plans providers accept. The Post reports that the sensitive data was accessible online for “at least several weeks.” The rollout of this directory is part of an initiative by the Trump administration to “create a national database of healthcare providers,” overseen by Amy Gleason, the acting head of the US DOGE Service and an official at CMS.