Disneyland Rolls Out Facial Recognition for Guests

The FIDO Alliance has announced new working groups alongside Google and Mastercard to establish technical standards for authenticating and protecting transactions initiated by AI agents. This move comes as AI-powered systems increasingly handle sensitive financial operations. Meanwhile, OpenAI has introduced an “advanced” security risk mode for ChatGPT and Codex accounts facing elevated threat levels, reflecting the growing sophistication of attacks targeting AI platforms.

Recent research uncovered a disturbing incident where 90,000 screenshots from a European celebrity’s phone were leaked online, highlighting the dangers of commercially available spyware. The breach underscores not only the invasion of personal privacy but also the potential for widespread data abuse. Separately, WIRED reported on arrests in the United Arab Emirates linked to sharing screenshots and other online content.

Disneyland is rolling out facial recognition technology at its Anaheim parks, allowing guests the option to use designated lanes equipped with the system. While Disney emphasizes that participation is voluntary, it warns that visitors entering through standard lanes may still have their images captured. The technology converts facial features into numerical data for matching purposes, with Disney stating these values will be deleted after 30 days unless required for legal or fraud prevention. Facial recognition systems have become commonplace across the U. S., used by law enforcement, airports, and venues like MLB and NFL stadiums.

Anthropic’s Mythos Preview AI model, renowned for its ability to identify exploitable software bugs, has reportedly been granted early access to the National Security Agency (NSA). According to Bloomberg and Axios, the NSA has used Mythos to hunt for vulnerabilities in Microsoft software, impressed by its speed and effectiveness. This testing occurs despite the Department of Defense’s declared ban on Anthropic, following Defense Secretary Pete Hegseth’s claim of supply chain risks. The NSA’s involvement raises questions about whether the agency is using the tool before the ban takes effect or if Mythos’ capabilities might prompt a policy exception.

The ransomware group Scattered Spider, known for high-profile attacks on MGM Resorts, Caesars Entertainment, and retailers like M&S and Harrods, faces another arrest. Peter Stokes, a 19-year-old alleged member, was detained at a Finnish airport while attempting to board a flight to Japan. According to the Chicago Tribune, Stokes is accused of stealing millions from four victim companies, including an online communications platform and a luxury retailer. The criminal complaint, now sealed, reportedly describes his jet-set lifestyle, with photos showing him in Dubai, Thailand, and New York wearing a diamond-studded necklace reading “HACK THE PLANET.”

A Medicare database left accessible on the open internet exposed Social Security numbers and personal information for health care providers nationwide, the Washington Post reports. The database, linked to an online directory for the Centers for Medicare and Medicaid Services (CMS), allowed patients to check provider insurance plans. The sensitive data remained online for “at least several weeks.” The directory rollout is part of the Trump administration’s effort to create a national health care provider database, overseen by Amy Gleason, acting head of the US DOGE Service and CMS official.