A regular user registered for a football agent qualification on FIFA’s official website and was automatically enrolled into FIFA’s unified identity system. This granted access to multiple internal platforms, including the broadcast management system for the 2026 World Cup. The user found live match streams, pushing addresses, streaming keys, and partial live management controls. The incident exposes a critical security gap in FIFA’s identity and access management.
A regular user registered as a football agent on FIFA's official website and was automatically added to the FIFA Unified Identity System. This granted unauthorized access to internal platforms, including the 2026 World Cup broadcast management system. The user could view live streams, streaming URLs, and push keys, and had controls over live video, scores, lineups, kick-off time, match statistics, and the commentator system. The vulnerability could allow an attacker to hijack the entire World Cup broadcast.
The US government issued an export control directive requiring Anthropic to halt access to its Fable 5 and Mythos 5 models for any foreign national, including Anthropic's own foreign employees, worldwide. The order, received at 5:21 PM ET, cited a jailbreak technique; Anthropic reviewed the demo and found only minor, previously known vulnerabilities that also exist in other public models. Anthropic complied but expressed disagreement, arguing that if this standard were applied industry-wide, all frontier model deployments would be stopped. Access to other Anthropic models remains unaffected.