U.S. intelligence officials revealed this week that AI-powered influence campaigns aimed at American voters have arrived and are the handiwork of Iran and Russia.

An Office of the Director of National Intelligence official told reporters that “this is now happening here,” as the same types of AI-powered influence campaigns previously seen overseas are now on U.S. shores.

“The risk to U.S. elections from foreign AI-generated content depends on the ability of foreign actors to overcome restrictions built into many AI tools and remain undetected, develop their own sophisticated models, or strategically target and disseminate such content,” the official said. “Foreign actors are behind in each of these areas.”

Microsoft has warned that crowds on social media are proving adept at spotting deepfakes, so tricksters are instead taking a subtler approach. They’re also more successful when their target is alone, officials said.

And even some of the most powerful American officials aren’t immune. Sen. Ben Cardin, chairman of the chamber’s Foreign Relations Committee, reportedly fell victim to just such a trick. The Maryland Democrat seems to have been the target of a sophisticated deepfake operation impersonating a top Ukrainian official.

Americans’ data on the retailer Temu appears vulnerable to the Chinese Communist Party, according to House Permanent Select Committee on Intelligence lawmakers, who want federal investigators to take a closer look.

The intelligence committee’s Republicans wrote to the FBI and the Securities and Exchange Commission on Wednesday with concerns about the safety of Americans’ sensitive information.

“Analogous to Congress’ action on TikTok, the relationship between the Chinese Communist Party, Chinese national security laws, and Americans’ data must be understood,” the lawmakers wrote. “We have concerns that the CCP has undertaken yet another attempt to exploit democracy, free-market principles, and the personal and economic data of the United States.”

SEC Chairman Gary Gensler intends to respond to lawmakers directly, the commission told Threat Status.

Cybersecurity firm CrowdStrike’s faulty software update in July grounded flights, canceled medical procedures, disrupted 911 emergency calls and cost businesses more than $5 billion, according to House Homeland Security Committee lawmakers.

Leaders of the embattled company told Congress this week they deeply regret the incident and have a plan to prevent it from happening again. 

“On behalf of everyone at CrowdStrike, I want to apologize,” Adam Meyers, CrowdStrike senior vice president, testified to the committee. “We are deeply sorry and we are determined to prevent this from ever happening again.”

CrowdStrike’s solution to the mess centers on letting users decide if and when to receive updates. Mr. Meyers said customers can pick between being early adopters, waiting longer, or declining the updates altogether.

The Russian cybersecurity company Kaspersky, already effectively blacklisted by the U.S. government, is now facing even more scrutiny.

The firm reportedly replaced its software on users’ computers automatically with an antivirus solution called UltraAV, which was installed without any prior notification and, in at least some cases, couldn’t be removed. 

Some observers wonder what else the company may have installed on users’ computers without their knowledge. But in an official statement posted on a Kaspersky forum page, the company said the U.S. ban on Kaspersky products was the reason for its controversial move.

“Following the recent decision by the U.S. Department of Commerce that prohibits Kaspersky from selling or updating certain antivirus products in the United States, Kaspersky partnered with antivirus provider UltraAV to ensure continued protection for U.S.-based customers that will no longer have access to Kaspersky’s protections,” reads a statement on the forum. “Kaspersky and UltraAV worked closely to ensure customers would maintain the standards of security and privacy users have come to expect from their service.”

In June, the Commerce Department said its crackdown on Kaspersky was necessary because the cyber firm’s operations are forced to answer to the Russian government. The firm also has access to Americans’ information that could be transferred to Russian officials and can install malware on U.S. systems that use its software, U.S. officials said.

Despite handling 70% of America’s international trade, U.S. ports are alarmingly behind in adopting the automation and technology that modern global trade demands. That’s the argument from Eric Hoplin, president and CEO of the National Association of Wholesaler-Distributors, who writes in a new piece for The Washington Times that it’s past time for the nation’s ports to fully embrace innovation.

Mr. Hoplin says that while ports in Europe and Asia have fully embraced automation, the U.S. is at risk of becoming a market backwater, held back by resistance from the International Longshoremen’s Association.

“The union is demanding a ban on automation, even threatening to strike — a move that could start as soon as Oct. 1,” he writes. “A strike could cost the U.S. economy a staggering $3.7 billion daily, halting nearly half the nation’s cargo flow. But more than the immediate economic disruption, what’s at risk is America’s long-term competitiveness.”

• Oct. 5-8 — 2024 Threat Conference, The Cipher Brief

• Oct. 7-9 — NVIDIA AI Summit, NVIDIA

• Nov. 21 — Competition Policy 2024: Urgent Questions Emerging within Digital Markets, Chatham House