"There is no ceasefire in cyber," Yossi Karadi said, and the remark captures the blunt calculus now animating a war that has moved from battlefields to servers.
Yossi Karadi on Iran’s growing cyber coordination
Yossi Karadi, who leads Israel’s National Cyber Directorate, told Nextgov in a Washington interview that Tehran’s state-backed hacking units have shifted from isolated operations to coordinated activity. "They’ve begun to talk to each other, and then collaborate with each other, and then even sometimes exchange information," he said. Karadi warned that collaboration has made Iran’s cyber actors more efficient and that Israeli defenses have been on constant alert since the 12-Day War last year.
Karadi conducted the interview during a visit to Washington this week where he said he met—or planned meetings—with the FBI, the Cybersecurity and Infrastructure Security Agency, U.S. Cyber Command and industry representatives to discuss these developments and defensive options.
AI’s role: Anthropic’s Mythos, GPT-5.5-Cyber, and Project Glasswing
Karadi said AI has measurably improved the quality of Tehran’s influence messaging and recruitment outreach. He described a shift from “very bad Hebrew” to messages polished by AI. That capacity, he argued, is why he is pressing major AI labs for controlled access to powerful models such as Anthropic’s Mythos so Israel can scan government networks for vulnerabilities.
Anthropic’s Mythos is being used in Project Glasswing, launched in early April to secure critical software globally, but the model has been withheld from public release. About a month later, OpenAI unveiled GPT-5.5-Cyber, another advanced model reserved for verified organizations. Karadi said he has not yet succeeded in gaining access to those systems but hopes to do so, and declined to name the companies he is engaging.
“When you give [an attacker] a new tool, he needs to only use it at one time and one place. But I need to implement this tool at all the places and all the time,” Karadi said, calling such models the “main threat” in cybersecurity and predicting a future that is increasingly “digital, AI-based and cloud-based.”
Deception and recruitment: hundreds of thousands of messages
Since the war began in February, Karadi said Iran has sent hundreds of thousands of text messages to Israelis as part of deception and influence campaigns. He gave direct examples: some messages told recipients "Don't go to the bomb shelters because they are closed," while others sought to recruit Israelis for intelligence-sharing.
Karadi emphasized the evolution of the messaging: initially poor Hebrew made the campaigns easier to dismiss, but AI has improved their plausibility. Beyond Israel, the director said pro‑Iran hackers have compromised a swath of smaller Israeli organizations and a handful of American targets in recent months. U.S. federal officials said early last month that Iranian actors targeted U.S. industrial control systems and federal officials. One group likely state‑affiliated claimed it had compromised medical‑technology company Stryker, and researchers reported Iran‑linked actors deploying a range of cyberespionage techniques against the U.S., Israel and the UAE just last week.
Kinetic strikes and cyber activity: an ebb and flow
Karadi attributed fluctuations in Iranian cyberactivity to the intensity of kinetic operations. He pointed to an Israeli strike in March that, according to Israeli statements, bombed a key Iranian cyberwarfare operations center; Karadi said such bombs affect hackers’ physical ability to access equipment. "When bombing campaigns against Iran intensified, hacking activity tended to decrease because it was harder for state operatives to access physical assets like computers and other equipment needed for cyberattacks," he said. Conversely, when strikes slowed, he said, state hacking groups found more room to reorganize and collaborate.
That pattern helped frame his warning about the durability of cyber conflict: unlike a missile strike, a cyberattack can be denied and its origins obfuscated, making it resistant to the sorts of ceasefires that govern kinetic battlefields.
How the National Cyber Directorate, the FBI and CISA, and AI vendors are responding
- National Cyber Directorate (Israel): Karadi says Israel has been at "100%‑alert" since the 12‑Day War and is preparing for high‑scale cyber war; he is actively seeking controlled access to advanced AI models to scan government networks.
- U.S. agencies (FBI, CISA, U.S. Cyber Command): Karadi reported discussing advanced cyber‑focused AI models with these organizations during his Washington visit and signaled cooperation on defensive measures, though specific outcomes of those meetings were not detailed.
- AI vendors (Anthropic, OpenAI and others): Anthropic’s Project Glasswing and Mythos and OpenAI’s GPT‑5.5‑Cyber are being held from public release and made available only to verified or major organizations; Karadi is pressing the major labs for controlled access but has not yet succeeded.
Karadi’s account sketches a cybersecurity landscape where kinetic and digital campaigns interact, where adversaries are sharing tools and polishing deception with AI, and where defenders are seeking access to the very models attackers covet. Negotiations between the U.S. and Tehran could affect the broader war that began in late February, but Karadi’s refrain—“There is no ceasefire in cyber”—is a stark reminder that, in his view, the tools and tactics of cyber conflict will outlast any temporary halt in missiles and bombs.




