[ad_1]
Computer processing power doubles every year and a half, but artificial intelligence accelerates 10 times faster, estimates Jared Kaplan, the CEO of Anthropic, whose latest AI model, Claude Mythos, is fueling grave safety concerns among tech and security experts. In limited release as a safety precaution, Claude Mythos has the potential to not only write code but hack into the world’s most secure programs. It has found weaknesses in every major operating system and browser on the market.
The innovation could be catastrophic for the philanthropic and nonprofit worlds if they don’t prepare, and the latest release is one of many reasons, including rising antisemitism and the recent war with Iran, that cybersecurity experts warn Jewish nonprofits and philanthropists to stay vigilant.
“Generally speaking, cybercriminals are super innovative, super early adopters, and any technology that they can use in order to leverage crime and scale crime, they will use,” Menny Barzilay, chief technology officer of the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University, told eJewishPhilanthropy.
When people think of protecting Jewish institutions, they envision security guards and cameras, but “in today’s threat environment” cybersecurity “is no longer optional,” Steve Gonzales, vice president of global security and safety at the Anti-Defamation League, told eJP.
Gonzales, who worked at the FBI for 21 years, said that “Jewish organizations generally face threats across multiple domains — physical, digital and reputational — and we’re seeing the same hate and extremism that drives the physical security threats increasingly manifest themselves online.”
Between January and mid-April 2026, the Secure Community Network clocked 190 cyberattacks targeting synagogues and Jewish organizations across 16 states. The attacks come in many forms – website defacement, phishing, doxxing, fraud and data exposure – and are “no longer theoretical for the community,” Gonzales said. Cyberattacks don’t receive the same attention as physical attacks do, and cybersecurity doesn’t receive the same funding, often getting dumped onto the IT department’s already heavy load.
Cyberattacks on Jewish institutions aren’t simply about “financial gain, but also for information gathering or identifying potential targets within the community,” Michael Masters, the national director and CEO of SCN, told eJP. “The overlap between cyber-activity and physical targeting risk is increasingly evident.”
This has all been exacerbated by the war with Iran, a country that has invested heavily in his ability to carry out digital attacks, which the Department of Homeland Security warned would carry out “low-level cyberattacks against U.S. networks.”
“Jewish organizations are affected by general cybercrime, just like any other sector, but they’re also uniquely targeted due to the antisemitism and geopolitical factors,” Gonzales said. “Our adversaries adapt constantly, and so must we.”
In mid-March, as the war with Iran was raging, Jewish news site Yeshiva World News was hacked, although the attack hasn’t been confirmed to have originated in Iran. “Now we are in control,” was posted on its homepage, written in Farsi, along with an image of ayatollahs Ruhollah Khamenei and Ali Khamenei, as well as Mojtaba Khamenei, the new supreme leader of Iran.
“One of the biggest misconceptions is that smaller institutions believe that they won’t be targeted because they’re small or they’re too small,” Gonzales said. “Unfortunately, cybercriminals and bad actors often look for the path of least resistance, and they target organizations that may have fewer protections, less training or older systems.”
One easy way to improve security, experts say, is to ensure that the organizations’ systems use two-step verification to log in or access information. Additionally, organizations should update older software, which is more vulnerable to viruses and doesn’t have the latest safety features in place, advises Mitchell Silber, CEO of the Community Security Initiative, which does cybersecurity assessments for Jewish organizations.
When introducing an AI program into a workplace, Silber said, organizations should implement it in a controlled environment with a limited number of people involved so its impact and holes can be monitored closely. Organizations should set boundaries protecting AI from accessing sensitive information, especially about donors.
Staff need to be trained to recognize and report phishing, which “everyone faces all the time,” Brandon Lindsay, the director of information security and data protection for HIAS, told eJP. Everyone has been phished, the term for those pesky emails or texts asking for recipients to download files or log in to seemingly legitimate-looking sites as a way to steal credentials or gain access to an organization’s system.
Because of AI, hackers use autonomous programs to harvest specific details to make phishing scams seem that much more genuine. Emails will know tiny details about investors’ interests and even impersonate the writing of CEOs.
Hackers can even steal speech, recreating the voice of employees and CEOs to contact donors and ask for money, which will then be transferred to hackers’ bank accounts.
A prominent example of voice cloning occurred in 2024 when a Baltimore high school principal was falsely alleged to have made bigoted comments about Black students and Jewish parents. The deepfake was so convincing that the principal was removed from his position, but it turned out that the phone call was a hoax — created by the school’s disgruntled former athletic director. Voice cloning programs are so easy that almost anyone can use them, Barzilay said.
To combat voice cloning schemes, nonprofits should ensure that donors expect to receive more than one method of communication when money is being transferred — for instance, getting a phone call, plus a code sent via email to verify identity or a WhatsApp message plus a phone call, Barzilay said.
“It’s very hard for a hacker to take control over [multiple] communication channels,” he said. “Usually they will hack your emails, but they will not hack your phones, or they hack your phone, but they will not hack your computer.”
Often, fraudsters will ask donors to send money to bank accounts that look similar to the one the organization has – only a digit or two off, according to Masters. To protect donors, Barzilay, who has co-founded multiple companies, tells donors to always expect the same, correct bank account prominently displayed on every contact. If the account numbers ever change, donors will be told via an email plus phone call or chat, plus another form of verification.
Many security grants, Silber said, including those from the Department of Homeland Security’s Nonprofit Security Grant Program, can be used for cybersecurity if digital vulnerability is mentioned in the assessment.
“The AI risks, frankly, are actually one of a myriad of risks that any organization today faces, anything from insider risk to third-party risk,” Chaim Yudkowsky, who served as chief information officer for American Israel Public Affairs Committee (AIPAC) for 21 years, told eJP.
At HIAS, Lindsay is part of a larger protection unit made up of the physical and cybersecurity teams and communication staff. “We’re dorks, and we call it shield,” he said. The three departments’ work can overlap, such as with securing digital keys used to access buildings or being prepared to combat misinformation campaigns, which can quickly turn physical.
Lindsay uses AI tools to “think like the attacker,” he said. He has run Microsoft Copilot and other programs to scan HIAS’ systems to find security holes, which he then patches. He’s excited to test out Claude Mythos when it receives wider release.
During the Holocaust, the Nazis collected data “to round up Jews and other people they found undesirable,” Lindsay said. HIAS supports today’s displaced people, refugees and asylum seekers. “Best security for them, digitally, physically, with their privacy and data. It heals them as much as it heals me.”
[ad_2]
Click Here For The Original Source.
