41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.

Together with two other Sygnia and DigitalMint ransomware negotiators (33-year-old Ryan Clifford Goldberg and 28-year-old Kevin Tyler Martin), Martino was charged with conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to protected computers.

Martino was initially identified only as “Co-Conspirator 1” in an October 2025 indictment, but was named in court documents unsealed in March. Martin and Goldberg also pleaded guilty to conspiracy to obstruct commerce by extortion and are facing up to 20 years in prison each.

According to court documents, while working as a negotiator for five victims, Martino shared confidential information about the victims’ negotiation positions and insurance policy limits with BlackCat ransomware operators, helping the cybercriminals extort the maximum possible amount.

Between April 2023 and April 2025, he was also involved in BlackCat ransomware attacks alongside accomplices Kevin Tyler Martin and Ryan Goldberg.

While operating as BlackCat affiliates, the three defendants demanded ransom payments and threatened victims to leak data stolen before encrypting their systems. Prosecutors added that the three accomplices paid the BlackCat administrators a 20% share of all ransoms proceeds for access to the ransomware and extortion portal.

Their victims included at least five U.S. organizations, among them a financial services firm that paid $25,660,000 and a nonprofit that paid a $26,793,000 ransom, as well as law firms, school districts, medical facilities, and other financial services companies.

DigitalMint CEO Jonathan Solomon told BleepingComputer that the company condemned the previous malicious conduct and noted that Martin and Martino were fired after their actions were discovered.

“We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals,” Solomon said.

The BlackCat ransomware operation has been linked by the FBI to more than 60 breaches between November 2021 and March 2022. In a separate advisory, the bureau added that the cybercrime gang collected at least $300 million in ransom payments from over 1,000 victims through September 2023.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

Ministers are moving to turn England’s patchwork of school phone bans into law, after peers backed fresh changes to the Children’s Wellbeing and Schools Bill in a Monday vote.

Peers backed, by 276 to 169 – a majority of 107 – a Conservative amendment to ban smartphones during the school, effectively daring the government to stop treating the policy as optional guidance. 

UK wants to know if banning under-16s from social media does anything useful

READ MORE

That amendment would require schools to ban both the use and possession of smartphones during the school day, though most already restrict them. The government’s answer, set out in the Lords on Monday, is simple: write that approach into law.

Education minister Baroness Smith told peers that the direction of travel isn’t exactly controversial, as most schools are already there.

“Our guidance is clear that all schools should be mobile phone-free by default,” she said. “In making that clear, I acknowledge that we share the same policy intent… to make sure that schools are mobile phone-free environments.”

She added that ministers have already tried to nudge schools along with updated advice and a bit of regulatory muscle: “We have published strengthened guidance. We have asked our network of attendance and behavior hubs to provide support to schools and, from this month, Ofsted will inspect schools’ mobile phone policies.”

The phone crackdown is only one front in a broader push to rein in kids’ screen time. The same bill has already been used to try to push through a ban on social media for under-16s, although MPs voted against it as recently as last week. Instead, ministers have kicked the issue into a live consultation and a real-world trial involving 300 families testing app bans, curfews, and time limits – suggesting the government is taking the easier win in classrooms while the bigger fight over social media plays out elsewhere.

For schools, this likely changes very little in practice.  Around 90 percent of secondary schools and virtually all primary schools already restrict phone use in some form, according to a 2025 survey by the Children’s Commissioner for England, meaning many will simply see existing rules stamped with legal authority rather than rewritten from scratch.

Smith framed the move as common ground rather than a culture war. “We all want to protect children from the disruption and distraction caused by mobile phones throughout the school day and to create calm, focused school environments that support learning, behavior, and well-being. We are all in agreement on this.”

The message from Westminster is clear: the era of “please don’t use your phone in class” is being quietly retired in favor of something with a bit more bite. ®

Mythos matters. It is a significant step forward in AI-assisted vulnerability discovery. But it does not mean cybersecurity changed overnight, nor does it mean enterprises are suddenly facing fully automated exploitation at internet scale tomorrow.

It does mean the offensive side of AI is continuing to improve. The defensive side needs to catch up now.

Mythos is the latest step in a longer trend. Over the next several years, expect the same pattern to repeat: incremental progress, then a jump; incremental progress, then a jump. Models will get more capable and cheaper with each cycle, and each jump will put more pressure on security teams still operating at human speed.

Mythos demonstrated that AI can find software vulnerabilities with unprecedented depth. That is real progress and should be taken seriously. However, this was not a case where AI suddenly made enterprise compromise cheap, easy, or automatic. Even in Anthropic’s own examples, the cost of discovering a critical vulnerability was significant. One example cited roughly $20,000 in token costs to identify a significant OpenBSD issue. 

Mythos made vulnerability discovery cheaper to scale by replacing bodies with dollars. But finding a vulnerability is only one part of the operational reality.

An attacker still has to determine whether that vulnerability is exploitable in a specific enterprise, identify a viable attack path, gain the necessary access, and successfully operationalize the exploit in a real environment. None of that became easy just because a model found a software bug.

And on the defensive side, Mythos does not yet solve the much harder enterprise problem: How do I know whether this vulnerability is actually exploitable in my environment, and what is the most efficient way to remediate it without breaking the business?

The real enterprise problem is not discovery. It is prioritization and action. Security leaders do not struggle only because vulnerabilities exist. They struggle because the operational cost of deciding what matters, what is exploitable, what can wait, and what can be fixed safely is enormous.

If a large enterprise learns that a critical vulnerability has been found in widely used software, the next step is not magic. It is a painful chain of operational questions focused on where they run the software, what version it is, whether there is a realistic attack path, and many more.

Mythos leaves the defensive cost of answering those questions inside a real enterprise largely unchanged. The right lesson is preparation.

One of the mistakes the market often makes with AI is assuming every new capability is the moment everything changes. The right move is to start now with defensive AI systems that are useful today and positioned to improve over time. For most enterprises, that means looking for AI products that help improve alert investigation, threat hunting, and vulnerability management, offer full audit capabilities, connect to enterprise data and reason to provide organizational context, and evolve as the model landscape matures.

The goal is to build the operational foundation now for a future in which more of the work can be automated safely.

Today, defenders need systems that let humans remain involved while the machine helps them scale. Over time, that involvement will change. Analysts will spend less time doing repetitive work themselves and more time orchestrating, reviewing, and improving how automated work gets done.

Eventually, some workflows will need to be reviewed in bulk rather than one action at a time. When response moves at machine speed, a human may not approve every individual remediation action. Instead, they will need a control center view into patterns: what the system did today, what worked, what did not, and what should be adjusted tomorrow.

That is a very different future from the simplistic idea of “replace the analyst.”

The real future is one where humans move from doing every task manually to supervising systems, shaping policy, reviewing patterns, and controlling how increasingly capable agents operate.

Mythos is a warning. Not because it means the sky is falling. Because it shows where the offensive side is heading. Defenders should move accordingly and with urgency.

Alex Thaman is the chief technology officer at Andesite. Over a 20+ year career, Alex has been an engineering leader at Microsoft, Unity Software, and Scale AI.