This Week in Surveillance:

  • AI agents are a security disaster. CVE-2026-2256 proved what researchers feared: AI agents with system access can be hijacked through prompt injection. One company lost $3.2 million. Gartner says 40% of enterprise apps will have AI agents by year end.
  • China hacked the FBI's surveillance systems. The system used to manage wiretaps and FISA warrants was breached. Same hackers. Same playbook. Same vulnerabilities the government refuses to fix.
  • Iran is using Russian facial recognition. A Forbidden Stories investigation revealed Iran secretly acquired NtechLab's FindFace system to identify protesters. An estimated 30,000+ killed during January crackdowns.
  • LeakBase taken down. FBI and Europol seized the massive stolen data forum. 142,000 users. 13 arrests across 8 countries.
  • RSA Conference boycott confirmed. FBI, NSA, and CISA pulled out because they don't like the new CEO. Panels on Chinese hackers? Cancelled.
  • FISA 702: 42 days until sunset.

The Theme of the Week: Surveillance Infrastructure as Attack Surface

This was the week that proved a simple thesis: every surveillance system eventually becomes a target.

The FBI built a centralized database to manage wiretaps. China hacked it. Iran built a mass facial recognition system using Russian technology. Protesters are being hunted. AI agents were deployed across enterprise systems with too much access. Attackers are hijacking them.

The pattern repeats: powerful surveillance tools don't stay in the hands of their creators. They get compromised, stolen, or weaponized against the people they were supposed to protect.

AI Agents: The $3.2 Million Problem

The disclosure of CVE-2026-2256 crystallized the AI agent security crisis [1].

MS-Agent, a popular framework for building autonomous AI systems, has a command injection vulnerability. The Shell tool that lets agents execute operating system commands doesn't properly sanitize input. An attacker can embed malicious instructions in documents or data that the agent processes. The agent obeys, and suddenly the attacker has full system access.

The numbers:

  • CVSS score: 9.8 (Critical)
  • Real-world loss: $3.2 million stolen from a manufacturing company via compromised AI procurement agent
  • Adoption rate: 40% of enterprise apps expected to integrate AI agents by end of 2026
  • Fix available: No

The Moltbook breach exposed the scale of this problem. A misconfigured database leaked 1.5 million API keys for AI agents, including OpenAI and Anthropic credentials [2]. Attackers don't need to find vulnerabilities when the keys are sitting in public.

This is the surveillance problem applied to AI: we're deploying systems with enormous access and terrible security. The attack surface is expanding faster than our ability to secure it.

Related: MS-Agent CVE-2026-2256 Full Analysis | Moltbook API Key Leak

China Hacked the FBI's Wiretap Systems

US investigators now point to Chinese government-affiliated hackers as responsible for the breach of FBI networks containing wiretap data and surveillance orders [3].

The targeted system handles pen register returns, trap-and-trace data, and personally identifiable information about investigation subjects. The FBI discovered abnormal log activity on February 17. The attackers exploited a commercial ISP vendor's infrastructure to slip past security controls.

This follows the Salt Typhoon attacks that compromised at least nine US telecom companies and accessed their lawful intercept systems. Same approach: find the surveillance infrastructure, break into it, turn it against the surveillors.

The irony continues: The government insists it needs warrantless access to communications (see FISA 702). The government also can't secure the systems that handle that access. The centralized surveillance databases that are supposed to keep us safe keep getting compromised by the adversaries they're supposed to monitor.

Related: FBI Surveillance System Breach | Salt Typhoon: Worst Telecom Hack in US History

Iran's Russian Surveillance System

A joint investigation by Forbidden Stories, Le Monde, Der Spiegel, and ZDF revealed that Iran secretly acquired Russia's FindFace facial recognition system [4].

How it happened:

  • Iranian company Rasadco purchased FindFace from NtechLab in August 2019
  • Rasadco was absorbed by Kama, led by a figure with IRGC ties
  • Kama distributed FindFace to IRGC, Ministry of Intelligence, and other state entities
  • The system connects facial recognition to social graphs—identify a protester, map their friends and family

The human cost: Early estimates suggest more than 30,000 people were killed in 48 hours during violent crackdowns in January 2026. Iranian cybersecurity researcher Nima Fatemi indicates authorities likely used FindFace during this period.

This is surveillance technology doing exactly what critics warned: enabling authoritarian states to identify and eliminate dissent at scale. The face in a protest crowd becomes a name, an address, a network of connections. Russia built the tool. Iran deployed it. Protesters died.

Sources: [4] Forbidden Stories, [5] Biometric Update

LeakBase Takedown: Where Your Stolen Data Ends Up

FBI and Europol seized LeakBase, one of the world's largest marketplaces for stolen data, on March 3-4 [6].

Operation Leak by the numbers:

  • 142,000 registered users
  • 32,000 posts, 215,000+ private messages
  • 13 arrests, 32 searches, 33 suspects interviewed
  • 8 countries: US, Australia, Belgium, Poland, Portugal, Romania, Spain, UK
  • 37 most active users specifically targeted

LeakBase specialized in "stealer logs"—credentials harvested by infostealer malware. This is where the Conduent breach data ends up. The LexisNexis hack. Your corporate password that got reused on a compromised service.

The seizure banner now warns users that "all forum content, including users' accounts, posts, credit details, private messages, and IP logs" has been preserved for evidence. If you bought or sold data there, law enforcement has your records.

Related: Full Coverage: LeakBase Seizure

Federal Agencies Boycotting RSA Conference

CISA, FBI, and NSA pulled out of RSA Conference 2026 after former CISA Director Jen Easterly was named CEO [7].

Panels on disrupting China's Typhoon hackers? Cancelled. FBI cyber warfare talks? Gone. The agencies with the best intelligence on the threats we just discussed won't share it at the world's largest cybersecurity conference because they're mad about a personnel decision at a private company.

RSA Conference runs March 23-26 in San Francisco. 40,000+ security professionals will attend. The UK's National Cyber Security Centre will be there. European Commission officials will be there. American federal officials will not.

Related: RSA 2026 Federal Boycott: Full Analysis

FISA 702: 42 Days

Section 702 expires April 20. Senate Intel Chair Tom Cotton wants an 18-month "clean" extension. No warrant requirement. No reforms.

Here's where we are: The government wants warrantless access to Americans' communications. The government also just had its wiretap systems hacked by China. The classified briefing on FISA reportedly "erupted in frustration" as officials refused to state the administration's position.

Privacy advocates are pushing the SAFE Act's warrant requirement. The House tied 212-212 on a similar amendment in 2024. One vote could change everything—but that one vote hasn't materialized yet.

Related: FISA 702 Warrant Fight

Quick Hits

  • US Army renews Clearview AI contract. 1st Special Forces Command signed a new deal running through 2027, with options to 2030. The contract specifies access to 50 billion images and 98% accuracy for identifying "high-value targets" [8]. Our Coverage
  • LexisNexis breach contained. FulcrumSec claimed 3.9 million records including .gov credentials for federal judges, DOJ attorneys, and SEC staff. LexisNexis says the matter is "contained" [9]. LawNext
  • 20 states now have privacy laws. Indiana, Kentucky, and Rhode Island joined the list in 2026. New wave of restrictions on geolocation data, youth protections, and facial recognition [10]. MultiState
  • OpenAI Pentagon deal updated. New language says AI "shall not be intentionally used for domestic surveillance of U.S. persons." EFF calls it "weasel words" with plenty of loopholes [11]. Our Coverage

Looking Ahead

This week:

  • March 10: "Privacy's Defender" book launch (Cindy Cohn/EFF)
  • March 14: Ring facial recognition opt-out deadline for existing users

Coming up:

  • March 23-26: RSA Conference 2026 (sans federal officials)
  • March 30-31: Privacy Summit, Washington DC
  • March 31: Conduent breach credit monitoring enrollment deadline
  • April 1: California "Delete My Data" requests open
  • April 20: FISA Section 702 sunset. 42 days.

References

  1. Cybersecurity News - MS-Agent Vulnerability
  2. State of Surveillance - Moltbook API Key Leak
  3. US News/WSJ - China Suspected in FBI Breach
  4. Forbidden Stories - Iran Surveillance Investigation
  5. Biometric Update - Iran NtechLab
  6. Europol - LeakBase Seizure
  7. Cybersecurity Dive - Federal RSA Boycott
  8. Biometric Update - Army Clearview Contract
  9. LawNext - LexisNexis Breach
  10. MultiState - 20 State Privacy Laws
  11. NBC News - OpenAI Pentagon Deal

Last updated: March 9, 2026