• DHS creation: Established post-9/11 to safeguard America, homeland, and values; led data collection for monitoring terrorists.
• Trump administration directive: Directed DHS parts to assist ICE in achieving 1 million deportations in first year.
• Scott Shuchart quote: Former ICE assistant director notes criminal investigative technologies repurposed for deportations, including tracking grandmothers.
• Surveillance technologies listed: Include geolocation, facial recognition, DNA testing, eye scans, spyware, license plate cameras, credit reports.
• AI and mobile tools: AI cross-references datasets; mobile apps provide field agents instant information access.
• Data brokers and vendors: Proliferation enables easy surveillance; private firms like AT&T, Palantir, Clearview AI secure multimillion-dollar contracts.
• Lobbying ties: Some contractors hired lobbyists connected to White House amid ICE ambitions.
• Oversight concerns from officials: Former DHS privacy officer Deborah Fleischaker reports sidelined safeguards, reduced oversight, and novel rule-breaking practices.

The Department of Homeland Security was created in the wake of the 9/11 attacks with a mission to “safeguard the American people, our homeland, and our values”. It was at the forefront of the huge data collection apparatus the US government built to monitor and locate suspected terrorists.

Under the Trump administration, large parts of America’s biggest domestic law enforcement and intelligence agency have been directed to help its Immigration and Customs Enforcement (ICE) agents reach a target of 1mn deportations in the president’s first year.

“Technologies used and managed for criminal investigative purposes are being repurposed, in part, to track down grandmas to deport,” says Scott Shuchart, a former ICE assistant director who left in January.

Thousands of contracts and documents outline the contours of DHS’s surveillance capabilities: geolocation, facial recognition, DNA testing, eye scans, spyware, licence plate cameras, credit reports and more. AI tools cross_**-**_reference datasets, while mobile apps give field agents information at their fingertips.

At the same time, the proliferation of data brokers and digital, “open_**-source” intelligence has made surveillance easier than ever. Unlike the government programmes revealed by Edward Snowden over a decade ago, DHS has not needed to build extensive in-**_house capabilities — vendors now offer sweeping tools at relatively low cost.

A wide array of private corporations, from global powerhouses to niche start_**-**_ups, have secured hundreds of millions of dollars in government contracts, including AT&T, Thomson Reuters, Palantir and Clearview AI. Some have hired lobbyists with ties to the White House to capitalise on ICE’s growing ambitions.

Individual surveillance technologies should be understood within the “mass surveillance context”, says Emily Tucker, a professor at Georgetown Law School. “All this stuff is being used together.”

Former officials say internal safeguards have been sidelined. “There’s less oversight and more willingness to break the rules,” says Deborah Fleischaker, who served as DHS’s privacy officer and ICE chief of staff under Biden.

“Things are just unbound,” she adds. “People are doing things that have never been done before, in ways that have never been done before, with fewer safeguards in place.”

• Public blockchains: Roadblock for banks due to clients' privacy concerns over balances and payments.
• Circle-Aleo partnership: Launches USDCx, a private stablecoin obscuring transaction histories.
• Howard Wu statement: Transparent blockchains leak business revenues and intelligence.
• Compliance feature: Transactions include records accessible by Circle for law enforcement.
• Public view: Transactions appear as unintelligible blobs of data.
• Privacy level: Described as banking-level, not absolute privacy.
• Institutional interest: BlackRock's BUIDL fund, Robinhood tokenized stocks, Stripe stablecoin investments.
• Further adoption: Interest from Request Finance, Toku, prediction markets; contrasts with volatile privacy coins like Zcash.

Blockchains are public databases. That’s an immediate roadblock for large institutions like banks, whose clients largely don’t want their balances and payments history open to prying eyes. Now, the crypto giant Circle has partnered with the blockchain Aleo to launch a “private” version of its stablecoin called USDCx, which will obscure transaction histories, Howard Wu, cofounder of Aleo, told Fortune.

Recommended Video

“People don’t want to reveal their business revenues. They don’t want to reveal business intelligence,” Wu said. “But the way that transparent blockchains work today unfortunately means that every time you transact, you are leaking that data.”

The new Circle-backed token, which like other stablecoins is pegged to underlying assets like the U.S. dollar, won’t be truly private. Every transaction of the token will include what Wu called a “compliance record,” which Circle will be able to access in case law enforcement or other authorities reach out about specific transactions. Still, for public users looking at a blockchain log, the transactions will look unintelligible and like “blobs of data,” Wu said. 

“This is banking-level privacy, as opposed to ‘privacy privacy,’” he added.

Big banks lean in

The launch of USDCx comes amid a broader push from the crypto industry to persuade big banks and institutions to use blockchain technology. That effort appears to be gaining traction, especially in the realm of tokenization, or the act of putting real-world assets like mortgages or even the U.S. dollar in blockchain wrappers.

The asset management giant BlackRock has launched its own tokenized money market fund BUIDL, the online brokerage Robinhood has dabbled in blockchain-based stock trading, and fintech giants like Stripe have invested huge sums of capital into stablecoins. “Every stock, every bond, every fund—every asset—can be tokenized,” Larry Fink, cofounder and CEO of BlackRock, said in his 2025 letter to investors.

Wu, the cofounder of Aleo, has seen interest in privacy-enabled stablecoins from a swathe of potential customers, including the crypto payroll processors Request Finance and Toku. He also said that prediction markets, or locales where gamblers can bet on real-world events and sports, are also interested in experimenting with stablecoins like USDCx.

Aleo, which specializes in private blockchain transactions, isn’t the only privacy-first technology of its kind in crypto. There are other cryptocurrencies—most famously Zcash—which also promise users encrypted transactions. However, these cryptocurrencies are much more volatile than stablecoins, which, as their name implies, are designed to stay stable relative to the U.S. dollar or other currencies.

Fortune Brainstorm AI returns to San Francisco Dec. 8–9 to convene the smartest people we know—technologists, entrepreneurs, Fortune Global 500 executives, investors, policymakers, and the brilliant minds in between—to explore and interrogate the most pressing questions about AI at another pivotal moment. Register here.

About the Author

By Ben WeissCrypto Reporter

LinkedIn iconTwitter icon

Ben Weiss is a crypto reporter at Fortune.

See full bioRight Arrow Button Icon

• Foundation Launch: OpenAI, Anthropic, and Block cofound Agentic AI Foundation to promote AI agent standards.
• Technology Transfer: Companies transfer Model Context Protocol (MCP), Agents.md, and Goose to the foundation.
• Open Development: Technologies were free; foundation enables contributions from others.
• Interoperability Goal: MCP as open standard allows cross-provider agent communication.
• Umbrella Organization: Operates under Linux Foundation with support for open source projects.
• Additional Members: Google, Microsoft, AWS, Bloomberg, and Cloudflare join the foundation.
• AI Paradigm Shift: Moves from chat-based to agentic AI for user actions and negotiations.
• Openness Context: Contrasts US API models with open source efforts including Chinese providers.

, Anthropic, and Block have cofounded a new open source organization—the Agentic AI Foundation—to promote standards for artificial intelligence agents.

The three companies are also transferring ownership of some widely used agentic technologies over to the foundation. This includes Anthropic’s Model Context Protocol (MCP), which allows agents to connect and interact; OpenAI’s Agents.md, which lets programs and websites specify rules for coding agents; and Goose, a framework for building agents developed by Block. These technologies were already free to use, but through the new foundation it will be possible for others to contribute to their development.

“MCP is used by many companies, but there are others [who don’t use it],” says Nick Cooper, who leads work on the protocol at OpenAI. Cooper says that making MCP an open standard should encourage developers and companies to embrace it and build systems that integrate agentic AI. “That open interoperability—that open standard—really means that companies can talk across providers, and across agentic systems.”

Featured Video

The Agentic AI Foundation is being created under the Linux Foundation, which oversees development of the widely used open source Linux operating system as well as other projects. The foundation provides legal and technological support for the creation of open source foundations. Other companies who have signed on to the AAIF, beyond the three founding members, include Google, Microsoft, AWS, Bloomberg, and Cloudflare.

The new foundation reflects a nascent shift from chat-based AI systems to greater use of programs that take actions on behalf of users. This kind of agentic AI promises a potentially lucrative new paradigm in which AI agents use the web and negotiate with one another to power all sorts of applications. Consumers may, for example, use AI assistants to buy and book things, while businesses use AI agents to manage transactions and customer interactions.

Srinivas Narayanan, chief technology officer of B2B applications at OpenAI, envisions a time when large numbers of AI agents routinely communicate with one another in the course of business. The AI industry working across the same open standards should help ensure that those interactions happen seamlessly. “Open source is going to play a very big role in how AI is shaped and adopted in the real world,” Narayanan says.

The question of openness seems crucial to AI right now. US companies mostly make money by offering access to powerful closed models through application programming interfaces, or APIs. Meta previously released the weights for its best model, Llama, so that anyone could download and run it, although the company has recently signaled a shift to a more closed approach. A number of Chinese AI companies, including DeepSeek, Alibaba, Moonshot AI, and Z.ai, provide strong open source models that have become popular with developers, startups, and AI researchers. Some worry that this picture could give Chinese firms a big strategic advantage over time.

• Spanish hacker arrest: National Police arrested 19-year-old in Barcelona for stealing 64 million records from nine companies.
• Charges faced: Cybercrime involvement, unauthorized access, private data disclosure, and privacy violations.
• Data obtained: Full names, home addresses, emails, phone numbers, DNI numbers, and IBAN codes.
• Sales activity: Attempted to sell records on hacker forums using six accounts and five pseudonyms.
• Investigation details: Launched in June after breaches detected; suspect located in Igualada, Barcelona.
• Arrest seizures: Computers and cryptocurrency wallets with funds from data sales confiscated last week.
• Ukrainian hacker arrest: 22-year-old detained for custom malware hacking social network accounts, mainly US and EU victims.
• Ukrainian charges: Up to 15 years prison under Criminal Code Article 361, plus activity restrictions; sold access via 5,000-account bot farm.

The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies.

The teen now faces charges related to involvement in cybercrime, unauthorized access and disclosure of private data, and privacy violations.

"The cybercriminal accessed nine different companies where he obtained millions of private personal records that he later sold online," reads the police's announcement.

The police launched an investigation into the cybercriminal in June, after the authorities became aware of breaches at the unnamed firms.

Eventually, the suspect was located in Igualada, Barcelona, and it was confirmed that he held 64,000,000 private records. These records include full names, home addresses, email addresses, phone numbers, DNI numbers, and IBAN codes.

It is unclear how many total individuals were impacted by the breach.

The police mention that the detainee attempted to sell the information on various hacker forums, using six different accounts and five pseudonyms.

The 19-year-old was arrested last week, and during the action, police agents also confiscated computers and cryptocurrency wallets containing funds believed to be from data sales.

Data broker also arrested in Ukraine

In parallel but unrelated news, the cyberpolice in Ukraine have announced the arrest of a 22-year-old cybercriminal who used a custom malware he developed to automatically hack user accounts on social networks and other platforms.

Most of the hacker's victims were based in the United States and various European countries.

The offender then proceeded to sell access to the compromised accounts, which he boosted using a bot farm of 5,000 accounts, on various hacking forums.

The arrested man now faces up to 15 years in prison for violations of Ukraine's Criminal Code (Article 361), as well as deprivation of the right to hold certain positions or engage in certain activities for up to three years.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI

Broken IAM isn't just an IT problem - the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.

Related Articles:

Poland arrests Ukrainians utilizing 'advanced' hacking equipment

Barts Health NHS discloses data breach after Oracle zero-day hack

Dartmouth College confirms data breach after Clop extortion attack

Hacker claims to steal 2.3TB data from Italian rail group, Almaviva

Spain dismantles “GXC Team” cybercrime syndicate, arrests leader

• Defense Department selection: Chose Alphabet Inc.’s Gemini for Government system for AI capability to three million civilian and military employees.
• Defense Secretary statement: Pete Hegseth said in X video that the future of American warfare is AI, aiding quick analysis of video and imagery.
• Platform name: New platform known as GenAI.mil.
• Pentagon description: Designed to usher in AI-driven culture change dominating the digital battlefield for years.
• Google Cloud contract: Announced $200 million contract in July to provide AI to DoD’s Chief Digital and Artificial Intelligence Office.
• Other AI firms: OpenAI, xAI, and Anthropic PBC received similar up-to-$200 million contracts.
• Existing Google services: Provides AI capabilities to US Navy and Air Force.
• Additional Google role: Supplies AI to Pentagon’s Defense Innovation Unit.

The Defense Department said it has chosen Alphabet Inc.’s Gemini for Government system to deliver artificial intelligence capability for its roughly three million civilian and military employees.

“The future of American warfare is here, and it’s spelled AI,” Defense Secretary Pete Hegseth said in a video posted to X on Tuesday, adding the software will help the military quickly analyze video and imagery.

The new platform, known as GenAI.mil, is designed to usher in an “AI-driven culture change that will dominate the digital battlefield for years to come,” the Pentagon said in a statement.

In July, Alphabet’s Google Cloud announced a $200 million contract to provide AI capabilities to the Department of Defense, with other prominent AI firms including OpenAI, Elon Musk’s xAI and Anthropic PBC also receiving similar contracts.

Google already provides AI capabilities to the US Navy, Air Force and the Pentagon’s Defense Innovation Unit.

• Common assumption: People expected more phishing vulnerability on mobiles due to multitasking.
• Study finding: Mobile users more risk-avoidant, less likely to click dangerous links than PC users.
• Real-world data: Analyzed 499,781 URL requests from home routers over one week, 2.4% unsafe.
• Device breakdown: 80% unsafe requests from PCs, 20% from mobiles.
• Lab experiment: 257 participants assigned to mobile or PC, faced simulated phishing pop-up during task.
• Lab results: 57% avoided clicking; 64% of avoiders on mobiles, 36% on PCs.
• Phishing types: Similar avoidance for clear risks; PCs more clicked unclear malicious links.
• Explanation and advice: Low-attention mobile use prompts avoidance; train instinctive safe habits.

By

Lisa Ward

1

Jon Krause

You might think people would be more likely to fall for phishing scams on mobile phones because they are often on the go or multitasking when using them.

A recent study, however, suggests the opposite is true. The researchers found that people tend to become more risk-avoidant when using a mobile phone versus a personal computer, making them less likely to click on potentially dangerous messages and links.

“It’s counterintuitive,” says Naama Ilany-Tzur, an assistant professor at Carnegie Mellon University and one of the study’s authors.

In one part of the paper, the researchers collected anonymized data from companies that provide home-internet routers. They looked at 499,781 URL requests over a single week to determine whether the requested site, image or content was safe or not. They found that about 2.4% of the URL requests were unsafe.

The authors then looked at the type of device used to make the unsafe URL requests. They found that about 80% of the unsafe requests were from PC users, and about 20% were from mobile users.

In the lab

The researchers then sought to replicate the findings from that real-world experiment in a laboratory setting, to control for unknown variables that might have affected the results.

They recruited 257 participants and randomly assigned half to use a mobile phone and half to use a personal computer. Participants were asked to analyze images on their device. In the middle of the task, there was a simulated phishing attack, where an ad popped up and asked participants to click on a link. Some participants were shown links that were clearly risky, such as a link containing a misspelling, while others were shown links where the risk was unclear.

Almost 57% of the participants overall didn’t click on the link, avoiding the phishing attack. Of those, about 64% were using mobile phones and 36% were using personal computers.

The researchers then looked at what type of phishing links study participants were most likely to fall for. They found that when a phishing pop-up had clear malevolent telltales, like misspellings, the phone and PC users tended to avoid it at similar rates. But when it was less clear that a link was malicious, PC users were more likely than the phone users to click on it. The same pattern was found in a subsequent experiment.

Avoidant behavior

The findings suggested to Ilany-Tzur that mobile users might not be thinking about cyber risk logically, but instead just avoiding links altogether.

When people use their mobile phones they are often multitasking or they are using their phones in what Ilany-Tzur calls “low-attention contexts,” like lying in bed. Because people often tend to be less focused in these situations, they may be more inclined to avoid engaging in risky behavior. That is, people may be more likely to just avoid clicking on any dubious link rather than try to deliberately suss out the overall risk, she says. That risk-avoidant behavior could be the default anytime someone uses their phone.

According to Ilany-Tzur, the study’s takeaway isn’t that paying less attention is a good way to avoid phishing attacks; rather, it’s that we should focus on ways to make safe responses to cyber threats more automatic or instinctive.

For example, cybersecurity training could teach simple, practiced routines and focus on creating habits, so that avoiding risky links becomes second nature. That way “people can avoid phishing attempts without having to rely on constant vigilance or overthinking every click,” she says.

Lisa Ward is a writer in Vermont. She can be reached at reports@wsj.com.

Cybersecurity

Read the full report

Before Your Doctor Uses AI to Record Your Visits, Ask These Questions

The Hidden Emotional Toll on Victims of Data Breaches

The Latest Tools for Making Sure Your Cellphone Is Secure

Cybercriminals Use AI to Create Fake Websites That Look Just Like the Real Thing

What Are Passkeys—and What Do You Need to Know About Using Them?

Do You Need a Personal Cybersecurity Concierge?

How Effective Is Corporate Cybersecurity Training? Not Very, It Seems

How to Make Sure Information on Your Old Computer Is Really, Truly Deleted

Copyright ©2025 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Next in Journal Reports

[

Journal Reports

Nvidia Takes Top Spot in the List of Best-Managed Companies of 2025

By Theo Francis

December 8, 2025 at 2:03 PM ET

Tech companies continue to dominate in the Drucker Institute’s annual ranking, although Intel and Adobe saw major drops

](https://www.wsj.com/business/c-suite/nvidia-wins-best-managed-companies-ranking-2025-2297969d)

More Journal Reports Articles

[

Journal Reports

Stock Funds Up 12.6% as Year Nears an End

By William Power

December 7, 2025 at 4:00 PM ET

](https://www.wsj.com/finance/investing/stock-funds-up-12-6-for-year-a73e0b5b)

[

Journal Reports

Lower Your Taxes With These Five Often-Missed Credits

By Lori Ioannou

December 7, 2025 at 3:00 PM ET

](https://www.wsj.com/personal-finance/taxes/tax-credits-retirement-dependents-learning-17385773)

[

Journal Reports

His Grandfather’s Funeral Felt So…Cold. So He Came Up With a New Business.

By Elizabeth Garone

December 6, 2025 at 6:00 PM ET

](https://www.wsj.com/business/entrepreneurship/justin-crowe-parting-stone-founder-892c8a05)

Videos