The Russian covert influence network CopyCop has significantly expanded its disinformation campaign, establishing over 200 new fictional media websites since March 2025.
This expansion represents a marked escalation in Russian information warfare efforts, targeting democratic nations with sophisticated artificial intelligence-driven content generation and increasingly polished deception tactics.
CopyCop, also designated as Storm-1516, operates as a cornerstone of Russia’s broader influence operations ecosystem.
The network functions through a coordinated infrastructure of fake media outlets, fictional fact-checking organizations, and impersonation websites designed to undermine Western democratic institutions and erode international support for Ukraine.
Combined with previously documented operations, the network now operates over 300 websites established throughout 2025, demonstrating unprecedented scale and reach in Russian influence operations.
Recordedfuture analysts noted that these websites serve dual purposes within CopyCop’s operational framework.
CopyCop website partiroyaliste[.]fr impersonating a French royalist political party (Source – Recordedfuture)
First, they disseminate targeted influence content prepared by the Moscow-based Center for Geopolitical Expertise and network operator John Mark Dougan.
Second, they publish large quantities of artificial intelligence-generated content featuring pro-Russian, anti-Ukrainian, and anti-Western narratives designed to poison the global information environment.
The network’s infrastructure demonstrates sophisticated technical implementation and operational security measures.
CopyCop operators register domains in coordinated batches across linked infrastructure, maintaining dormant websites that passively generate content until activated for targeted campaigns.
This approach provides operational flexibility while building credibility through sustained content publication across multiple fictional media brands.
The network’s geographic expansion includes new targeting of Canada, Armenia, and Moldova, while sustaining established operations against the United States and France.
CopyCop has diversified its linguistic reach, publishing content in Turkish, Ukrainian, and Swahili languages never previously featured by the operation.
These developments reflect strategic adaptation to maximize audience engagement and exploit regional political vulnerabilities.
Self-Hosted Large Language Model Infrastructure
CopyCop’s most significant technical evolution involves the deployment of self-hosted, uncensored large language models based on Meta’s Llama 3 architecture.
This represents a deliberate shift away from commercial Western AI services, addressing operational security concerns while enabling unrestricted content generation aligned with Russian propaganda objectives.
Technical analysis reveals CopyCop operators utilize either the dolphin-2.9-llama3-8b or Llama-3-8B-Lexi-Uncensored models, both popular uncensored variants available through open-source platforms like HuggingFace.
Python script using Ollama shown by Dougan in a TV interview with French media (Source – Recordedfuture)
Evidence supporting this assessment includes operational artifacts found within published articles, such as knowledge cutoff references to January 2023 and inconsistent JSON output formatting that suggests model performance degradation typical of “abliterated” or uncensored language models.
The network’s technical infrastructure includes sophisticated deployment mechanisms revealed through John Mark Dougan’s inadvertent exposure during French media interviews.
Video footage captured Python scripts utilizing the Ollama inference framework, specifically including functions named restart_ollama() that demonstrate operational deployment of local language model instances.
This infrastructure operates from Russian-controlled servers, with GRU financial backing supporting the computational resources required for sustained content generation.
# Example code structure observed in CopyCop operations
def restart_ollama():
# Restart local LLM inference service
subprocess.call(['systemctl', 'restart', 'ollama'])
return True
The technical implementation creates significant operational advantages for CopyCop’s content generation capabilities.
Self-hosted models eliminate external dependencies on Western AI service providers while enabling fine-tuning on Russian state media content provided by TASS and other Kremlin-aligned sources.
However, this approach introduces performance constraints, as evidenced by frequent operational security failures including exposed LLM artifacts in published content and structured output formatting errors that betray automated generation.
Recordedfuture researchers identified specific instances where CopyCop articles contained explicit model instructions, such as disclaimers stating “Please note that this rewrite aims to provide a clear and concise summary of the original text while maintaining key details” and metadata referencing “objective and factual” tone requirements.
These artifacts demonstrate the network’s ongoing challenges in maintaining operational security while scaling content production through automated systems.
The infrastructure expansion enables CopyCop to produce content at unprecedented scale while targeting multiple audiences simultaneously.
The network maintains regionalized subdomain structures, such as the “Truefact” cluster featuring africa.truefact.news for Swahili content, turkey.truefact.news for Turkish audiences, and ukraine.truefact.news for Ukrainian-language disinformation.
This approach maximizes content distribution while providing resilience against individual domain takedowns through mirrored hosting across multiple subdomains.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
A recent special-operations exercise in the Caribbean showcased an Air Force operating concept designed to counter near-peer militaries—and, experts said, might be a message to unfriendly governments and criminal groups in the Americas.
On Aug. 30, special operations airmen from the Kentucky National Guard stormed the Henry E. Rohlsen Airport on the island of St. Croix. Troops parachuted into the Caribbean Sea with an inflatable boat and more pararescuemen floated onto the airfield; together, they quickly took over the grounds and established a U.S.-controlled base for cargo planes to land and deliver resources.
“Within minutes, the Airmen had cleared the runways, established perimeter security and implemented air traffic control, allowing the C-130 to land and offload crucial assets,” Air Force Special Operations Command detailed in the release earlier this month.
The mock takeover—part of AFSOC’s larger, long-planned Emerald Warrior exercise— showcased the service’s Agile Combat Employment scheme of maneuver. Under ACE, airmen rapidly set up small operating bases in combat zones anywhere at a moment’s notice to evade long-range missile attacks. Service leaders and doctrine have described ACE as a necessary counter to anti-access and area-denial tactics developed by China, Russia, and others. Its rollout has seen hiccups; a Rand Corporation report earlier this year detailed “confusion” among airmen and units working to implement the concept.
[[Related Posts]]
Experts said that the timing and location of the exercise—held just days before the first airstrike on an alleged drug-running boat in the Caribbean—shows neighboring countries in the region how the U.S. military could be used in its campaign against so-called narco-terrorists.
“Another intent, obviously, could be to signal to the region that we have these capabilities and we are ready to act in a serious way,” said Jennifer Kavanagh, a senior fellow and director of military analysis at the Defense Priorities think tank. “This is not just a deployment for show, these are not just threats of force. We are ready to use combat capabilities and combat strategies in the theater.”
Air Force Special Operations Command officials made it clear that the demonstration was meant to send a message that the ACE concept was fast and adaptable, including in the Caribbean.
“AFSOC stands ready to deliver decisive airpower anytime, anywhere, against any threat to national security,” said command spokesperson Rebecca Heyse.
Another AFSOC exercise in the Caribbean saw special operations airmen travel 75 nautical miles “to conduct reconnaissance and targeting operations on a nearby island held by simulated enemy forces,” the command said.
Heyse said AFSOC “remains ready to execute the priorities of senior leaders without delay.”
After those boots-on-the-ground exercises and the controversial airstrike on the Venezuelan boat earlier this month, the U.S. military began increasing its footprint in the area. MQ-9 Reaper drones and Marine Corps F-35Bs arrived in Puerto Rico after the Pentagon decried a "highly provocative move” by Venezuela after the country flew two of its F-16 fighter jets near U.S. Navy vessels.
Other supporting aircraft spotted in the area this week include C-5 and C-17 military transports and KC-46 and KC-135 tankers, an open-source tracking account reported. There have been at least two U.S. military attacks on alleged Venezuelan drug boats this month, killing a total of 14 people, according to White House statements.
Kavanagh said that the military response in the region is overblown.
“Cartels are powerful. Military groups in Latin America have military capabilities, but are not military capabilities that can strike U.S. airbases in the region, so it seems like a little bit of overkill,” she said. “The force the United States has used so far in Latin America has been disproportionate to the threat.”
AFSOC’s Heyse said the command has no exercises planned in the Caribbean in the near future, but that they’re prepared to project more force in the region.
“This does not rule out future potential exercises in the region as AFSOC relentlessly refines its capabilities and sharpens its edge to ensure unmatched lethality on future battlefields,” she said.
When an incident happens, there’s no time to waste. SOC teams must react fast to protect their organization, and this requires more than expertise. Strong solutions tailored to the needs of businesses can make all the difference.
The secret to radically cutting response time for incidents lies in equipping your SOC team with an enterprise-grade solution suited for teams that delivers fast, efficient results.
In this article, we’ll break down how Interactive Sandbox by ANY.RUN helps teams worldwide significantly reduce MTTR and improve proactive detection.
What makes interactive malware analysis stand out
Analysis of a threat sample associated with notorious Lazarus APT in ANY.RUN Sandbox
ANY.RUN’s hands-on approach promotes a cutting-edge way to achieve improved metrics, including reduced MTTR, and well-informed protection of company infrastructure.
The dual power of interactivity and real-time visibility into threats solves two major challenges SOC teams often face:
Challenge
ANY.RUN Solution
Slow reaction to threats: SOC teams waste time on routine manual tasks and unoptimized processes.
Interactive response: Analysts perform in-depth investigation in an easy-to-use interface with instant reports, reducing workload and accelerating triage.
Poor threat visibility: Automated solutions might speed up investigation but deliver only surface-level detection.
Deep research in real time: Every action malware takes can be explored at an instant, enabling fast and well-informed moves.
That’s what takes interactive sandboxes like ANY.RUN a step beyond traditional automated malware analysis. Analysts see more than the final verdict; they can control the process and interact with malware. All this leads to a better understanding and more efficient conclusions.
Impact in numbers
With interactive malware analysis, SOC teams achieve impressive results, such as:
21 min reduction in MTTR per incident
Up to 58% more threats identified overall
Faster threat investigations in 95% of cases
Another factor that further accelerates incident response is smart automation. In ANY.RUN sandbox, most repetitive actions can be done automatically, including solving a CAPTCHA or opening a link.
The sandbox performs actions necessary for detonation without increasing the workload of the analyst, allowing them to focus on more pressing tasks.
Cut response time and boost detection with ANY.RUN’s Interactive Sandbox for enterprises -> Get a trial for your company
Breaking down a real-world threat in under a minute
Most attacks start with phishing. Malicious emails can be very deceptive and lead to company-wide security compromises. But it takes seconds to see the truth in ANY.RUN’s Interactive Sandbox.
In the analysis below, you can see a pdf file that seems harmless at first glance. But once opened, it reaches out to a phishing page hosted on SharePoint, a legitimate domain that once again might lead you to believe that it’s trustworthy.
However, the sandbox flags it as malicious and attributes as phishing within seconds.
By browsing through tabs and observing threat behavior, analysts get to react to the threat as quickly as possible: they can confirm and escalate the high-risk threat, block malicious domains or IPs related to it, and start remediation before attackers gain a foothold.
Without a sandbox, this kind of attack would be easy to miss. The file looks like a regular PDF, the hosting domain is trusted. But this threat could lead to stolen credentials using social engineering and invisible redirections.
Empower your SOC with a fast and simple sandbox to gain:
Faster Threat Response: Attacks will be detected early on, reducing the window of exposure.
Lower MTTR: Immediate insights into threat behavior will enable analysts to act with speed and confidence.
Less Routine Workload: SOC team will be free to focus on high-value tasks and strategic action, while repetitive tasks will be done automatically.
Conclusion
By reducing investigation time and eliminating manual setup, ANY.RUN helps SOC teams operate more efficiently, while minimizing exposure to threats.
Faster detection and deeper visibility give analysts the clarity and control needed to protect company’s environment before an incident escalates.
Democratic senators and one independent member aired their concerns during a Senate Armed Services Committee hearing to confirm the would-be head of the Pentagon’s counterterror policy office, a key organization in operations against drug cartels now designated international terrorist groups.
Derrick Anderson, nominated to be the next assistant defense secretary for special operations/low-intensity conflict, demurred when asked whether he would question the legality of a strike on suspected traffickers in international waters, repeating that he had not been involved in previous decision-making.
“I understand that, but I'm talking in the future,” Sen. Angus King, I-Maine, told Anderson. “You may be in this job in three weeks and be ordered to strike another ship in the Caribbean. Are you going to ask a question about what is the legal authority for that strike?”
Lawmakers have expressed alarm about aspects of the strikes’ execution, including a lack of congressional notification and subsequent briefings, but principally the absence of an Authorization for Use of Military Force, the legal framework that supports U.S. strikes on other terror groups, like al Qaida and ISIS.
“This designation, however, does not grant new authorities for military targeting,” Sen. Jack Reed, D-R.I., the committee’s ranking member, said during the hearing. “Given the large number of U.S. military assets that have been deployed to the Caribbean, it is clear that the administration intends to continue such operations, but skirting law and denying transparency for the American people risk a dangerous escalation with international ramifications.”
The president sent a War Powers Resolution report to Congress earlier this month as a justification for the Sept. 2 strike, but did not include the name of any designated organization. The administration’s defense rests on the president’s ability to order defensive strikes upon imminent threats, though legal experts have questioned whether a speedboat possibly carrying drugs to the U.S. meets that definition.
Separately, there are now concerns about the possibility that servicemembers who were involved in the strikes could be prosecuted if their actions are determined to be war crimes.
“We are hearing that there are individual folks in uniform involved in these operations who are now asking for legal cover in these operations because they believe that they potentially violate the law,” Sen. Elissa Slotkin, D-Mich., said during the hearing, alluding to reporting by the Wall Street Journal.
Slotkin continued, “This is a fundamental issue of this committee, and I would ask that you get smart on the legal authorities, because if individual folks in uniform are going to be held personally liable for your decisions, you should take accountability for that.”
Cloudflare has published a detailed post-mortem explaining the significant outage on September 12, 2025, that made its dashboard and APIs unavailable for over an hour.
The company traced the incident to a software bug in its dashboard that, combined with a service update, created a cascade failure in a critical internal system.
The incident began with the release of a new version of the Cloudflare Dashboard. According to the company’s report, this update contained a bug in its React code that caused it to make repeated, excessive calls to the internal Tenant Service API. This service is a core component responsible for handling API request authorization.
The bug was located in a useEffect hook, which was mistakenly configured to trigger the API call on every state change, leading to a loop of requests during a single dashboard render. This behavior coincided with the deployment of an update to the Tenant Service API itself.
The resulting “thundering herd” of requests from the buggy dashboard overwhelmed the newly deployed service, causing it to fail and recover improperly.
Because the Tenant Service is required to authorize API requests, its failure led to a widespread outage of the Cloudflare Dashboard and many of its APIs, starting at 17:57 UTC.
Incident Response and Recovery
Cloudflare’s engineering teams first noticed the increased load on the Tenant Service and responded by trying to reduce the pressure and add resources.
They implemented a temporary global rate-limiting rule and increased the number of Kubernetes pods available to the service to improve throughput. While these actions helped restore partial API availability, the dashboard remained down.
A subsequent attempt to patch the service to fix erroring codepaths at 18:58 UTC proved counterproductive, causing a second brief impact on API availability. This change was quickly reverted, and full service was restored by 19:12 UTC.
Importantly, Cloudflare noted that the outage was limited to its control plane, which handles configuration and management. The data plane, which processes customer traffic, was unaffected due to strict separation, meaning end-user services remained online.
Following the incident, Cloudflare has outlined several measures to prevent a recurrence. The company plans to prioritize migrating the Tenant Service to Argo Rollouts, a deployment tool that automatically rolls back a release if it detects errors.
To mitigate the “thundering herd” issue, the dashboard is being updated to include randomized delays in its API retry logic. The Tenant Service itself has been allocated substantially more resources, and its capacity monitoring will be improved to provide proactive alerts.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Protecting digital infrastructure is critical in 2025, as cyber threats escalate in complexity and diversity. Next‑Generation Firewalls (NGFWs) have become the cornerstone for enterprise security, offering not just robust traffic filtering, but also deep packet inspection, advanced threat intelligence, and seamless cloud integration for defense against today’s persistent and evolving threats. Why Top 10 Best […]
U.S. troops attended Russia-Belarus war games on Monday, Pentagon officials confirmed after news organizations photographed them attending Zapad-2025, Reuters reported Tuesday. It was the first time U.S. representatives have attended the sprawling exercise since Russia invaded Ukraine in 2022.
Belarus described the U.S. troops’ appearance as an unexpected addition to the 22 other foreign militaries represented at the wargames, including NATO’s Hungary and Turkey, the Telegraph reported Monday.
“Mr Trump is said to want to reopen the American embassy in Minsk as part of a wider strategy for cultivating ties with one of Vladimir Putin’s closest allies,” the British paper reported, adding, “Just last week, the US president sent [Belarus leader Alexander] Lukashenko a hand-written note” via Trump’s envoy John Coale.
This year’s joint, multidomain Zapad exercises, which began on Sept. 11 and stretch from Belarus to the Arctic, involved some 40,000 troops, far fewer than in pre-invasion years. The Telegraph has a separate look at what’s happening, and what it might mean.
Watching closely was Lt. Gen. Dariusz Parylak, NATO’s commander in Poland and the Baltics. “We will have a kitchen-window observation on how Russia is transferring lessons from Ukraine to training,” Parylak said earlier this month. “That’s vital because it shows how their thinking is developing, how modernisation processes are going and the evolution of their tactics, techniques and procedure doctrines.” More, here.
The U.S. Air Force must move on from decades-old assumptions, says Lt. Gen. David A. Harris, the service’s deputy chief of staff for futures, in a Defense One op-ed. A2/AD tactics have made Bagram-style air bases untenable, and so leaders must develop options for agile, light-footprint operations. In spirit, if not technology, the service must continue the fierce innovation of Gen. Pete Quesada and the 9th Air Force, which put liaison officers in tanks for groundbreaking combined-arms operations. Read that, here.
AFRICOM says it targeted an “al Shabaab weapons dealer” in an attack near Badhan, Somalia last Saturday. The airstrikes were done in coordination with the Somali government, U.S. Africa Command said in a Wednesday press release.
The strikes reportedly targeted Abdullahi Omar Abdi, whom the Ottawa-based Hiiran Online called “the first Somali elder publicly acknowledged to have been killed by a US strike, an escalation that has fueled anger among traditional leaders.” Read on, here.
Lawmaker to Trump’s Pentagon: “There seems to be some confusion this morning, because several of you mentioned that you are going to work for a department that doesn't exist,” Sen. Angus King, I-Maine, told Defense Department officials at a hearing Thursday on Capitol Hill, alluding to the administration’s determination to call it the War Department.
“The name of the department is the Department of Defense,” King said. “That was established in the National Security Act of 1947, amended in 1949. I'll commend to you 10 U.S. Code § 111. If the name of that department is going to be changed, it has to start right here,” King said. “Congress has established the name of the department. It's the Department of Defense, and I hope that you understand that that's who you're going to work for, not some other department that several of you mentioned in your testimony.”
Gen. Eric Smith, the Marine Corps commandant paid a visit to Ingalls Shipbuilding in Mississippi, which builds and repairs amphibious ships, per an HII press release.
Welcome to this Thursday edition of The D Brief, a newsletter dedicated to developments affecting the future of U.S. national security, brought to you by Ben Watson with Bradley Peniston and Meghann Myers. It’s more important than ever to stay informed, so thank you for reading. Share your tips and feedback here. And if you’re not already subscribed, you can do that here. On this day 78 years ago, the National Security Act of 1947 took effect, dropping the “Department of War” from the U.S. military’s formal title, replacing it with the short-lived National Military Establishment—or NME, which if read aloud, one can understand why that was later changed to the Department of Defense two years later.
Middle East
New: More than 10 years after its debut against Hezbollah drones, Israel’s laser-based “Iron Beam” interception system was officially declared operational this week, the Times of Israel reported Wednesday. After several weeks of tests, Israeli officials say the system proved itself against dozens of targets including rockets, mortars, and drones.
In case you’re curious, “The Iron Beam is not meant to replace the Iron Dome or Israel’s other air defense systems, but to supplement and complement them, shooting down smaller projectiles and leaving larger ones for the more robust missile-based batteries such as the David’s Sling and Arrow systems,” the Times reports. i24 News has a bit more.
From the region: The State Department designated several more Iran-backed groups as foreign terrorist organizations on Wednesday. The militias include Harakat al-Nujaba, Kata’ib Sayyid al-Shuhada, Harakat Ansar Allah al-Awfiya, and Kata’ib al-Imam Ali. “Iran-aligned militia groups have conducted attacks on the U.S. Embassy in Baghdad and bases hosting U.S. and Coalition forces, typically using front names or proxy groups to obfuscate their involvement,” the State Department said in its announcement.
Expert reax: The new designation “is both justified and long overdue,” said Joe Truzman of the Washington-based Foundation for Defense of Democracies.
However, he warns, “[T]he move risks straining U.S.–Iraq relations” due to “Iraq’s controversial [Popular Mobilization Forces] law, [which was] amended to fold the militias into the state’s security apparatus. This is a step Washington views as a dangerous legitimization of Tehran’s influence. By issuing FTO designations, the United States appears intent on drawing a line, signaling that Baghdad’s embrace of Iranian-aligned forces is incompatible with a stable partnership with Washington,” Truzman told The D Brief.
Trump 2.0
Cocaine has become much cheaper in the U.S. amid President Trump’s focus on immigrants and fentanyl, the Wall Street Journalreported Tuesday. “Cocaine prices have fallen by nearly half to around $60 to $75 a gram compared with five years ago, said Morgan Godvin, a researcher with the community organization Drug Checking Los Angeles.”
Contributing factors: “The president’s campaign to deport immigrants in the U.S. illegally has taken federal agents away from drug-traffic interdiction,” including in Arizona, where “two Customs and Border Protection checkpoints along a main fentanyl-smuggling corridor from Mexico have been left unstaffed. Officers stationed there were sent to process detained migrants,” the Journal reports.
Also: “Colombia is producing record amounts of cocaine, and the volume of the drug arriving in the U.S. is driving down prices, the people familiar with cartel operations said.”
Vice President JD Vance joked about extrajudicial killing Wednesday. Referring to recent U.S. military strikes on alleged drug trafficking boats that have killed more than a dozen people so far, Vance told a crowd in Michigan, “I wouldn't go fishing right now in that area of the world.”
Reminder: The people on these small boats could easily have been stopped by the U.S. Navy, but the Trump administration chose instead to kill rather than arrest them. Retired Navy Capt. Jon Duffy elaborates on those considerations in an op-ed published last week in Defense One.
Indeed, “Some military lawyers and other Defense Department officials are raising concerns about the legal implications” of Trump’s war on drug cartels, but some of those lawyers and officials “believe they are being ignored or deliberately sidelined,” the Wall Street Journalreported Wednesday.
And: “People should not be able to celebrate others' deaths in a very public way and then keep their jobs,” White House Faith Director Jenny Korn said in a Wednesday interview.Korn was referring to ABC’s suspension of TV host Jimmy Kimmel on Tuesday after FCC commissioner Brendan Carr threatened to pull ABC’s broadcast license over Kimmel’s monologue about the death of Charlie Kirk.
Recommended reading: “Free Speech and Me Speech,” by U.S. historian Tim Snyder writing last week in the wake of Kirk’s death.
The National Guard’s “crime-fighting” mission to pick up trash and blow leaves in DC is costing taxpayers about $2 million per day,USA Today reported Wednesday.
The gist: “So far, the DC National Guard has spent more than $45 million on the deployment, with $18.8 million going toward operations and $26.6 million toward pay and allowances for soldiers, according to the internal tally. That price tag does not include the cost to deploy the more than 1,300 National Guardsmen from eight states that are also stationed in Washington,” which means the final price tag is almost certain to rise.
As of Tuesday, Guard soldiers have “cleared 1,015 bags of trash, spread 744 cubic yards of mulch, removed five truckloads of plant waste, cleared 6.7 miles of roadway, and painted 270 feet of fencing,” the Guard said in a Tuesday update.
Expert reax: “$200 million is a lot of money, but it tracks,” said Virginia Burger of the Project on Government Oversight. “A domestic deployment of that scale is not cheap.”
Historian reax: “We have to be watchful of our reflexive American militarism,” said Tim Snyder, writing Thursday. “It moves us, mindlessly, towards fascism,” he warned.
“By sending troops to city after city, Trump is creating the statistical likelihood that something will happen—a suicide of a service member conflicted by an illegal and immoral mission, a friendly fire incident, the shooting of a protestor—that they can use to manufacture some greater crisis by lying about it. Or they can wait for their Russian friends to stage something, or for one right-wing person to shoot another, and then blame the opposition.”
Update: About 40 troops with the Virginia Air and Army National Guard began supporting ICE this week, Norfolk-based WHRO reported Tuesday. “The Virginia troops are authorized to perform administrative and logistics support tasks, including answering phones, data entry, appointment scheduling, biometric collection, performing basic vehicle maintenance and tracking fleet expenses and utilization,” but they “will not perform law enforcement functions or aid in arrests, according to the governor's office.”
The Guard’s Virginia support to ICE is scheduled to run until mid-November, while the Guard’s DC deployment is authorized to run until the end of November.
Study: Mass deportations do not broadly improve Americans’ job prospects, according to the work (PDF) of Washington College economics professor Robert Lynch, who is testifying this morning before a Democratic-led “shadow hearing” on Capitol Hill.
You may wonder: What is a “shadow hearing”? It occurs when the minority party in Congress will not discuss a particular topic, and the content of this hearing does not become part of the congressional record. Semafor has a bit more, writing in April.
Lynch reviewed U.S. deportations in the 1930s, the 1960s, and between 2008 and 2015. “The most studied measures, employment and unemployment among the U.S. born, were consistently lower for employment and higher for unemployment across these episodes,” Lynch wrote in his report on the topic, published in 2024. He added, “Other measures, such as GDP, also were found to worsen. These adverse effects were the result of native-born workers’ job dependency on the deported immigrant workforce and the loss of immigrant spending in communities which led to economic retrenchment.”
Marine Corps veteran Janessa Goldbeck also spoke about ways she believes National Guard deployments are hurting the people they’re meant to serve, how domestic deployments are taking them away from their families, and often harming the immigrant communities where they live.
“There are two stories that really stand out to me,” Goldbeck said. “One is in California where ICE agents arrested Narciso Barranco, a father of three active-duty U.S. Marines while he was out doing landscaping work. He had no criminal record. His sons have served this country honorably—they’re still serving. Yet their father was pinned to the ground and hauled off like a criminal. He spent nearly a month in detention before being released on bond. For those Marines and every service member who sees this story, the message is clear: Your service doesn’t protect you or your family. And that betrayal cuts deep.” (The New York Times published a profile of Barranco’s story on Wednesday; you can find a gift link for that here.)
“There’s also the story of Alma Bowman in Georgia. She’s the daughter of a U.S. Navy veteran and has lived here for decades,” Goldbeck said. Bowman “was born in the Philippines while her father was serving. She was detained at an ICE check-in despite strong evidence that she is a U.S. citizen by birth. She’s now in a wheelchair struggling with diabetic neuropathy, yet she’s still held in detention.”
The detention of Barranco and Bowman “shakes all veterans’ faith in the system and that they will be protected,” said Goldbeck.
An Army veteran also warned in a commentary this week, “I’m a U.S. citizen who was wrongly arrested and held by ICE. Here’s why you could be next.” It’s the story of 25-year-old George Retes, a security guard who was arrested during a federal immigration raid at a cannabis farm in California on July 10 as California National Guard troops stood guard. As he showed up to work in his car that day, he says the occupying troops gave him conflicting orders to both back up his car and open his door.
“Suddenly, an agent smashed my window and pepper-sprayed me. I was pulled from the car, and one agent knelt on my neck while another knelt on my back,” Retes writes in the San Francisco Chronicle. “My wallet with my identification was in the car, but the agents refused to go look and confirm that I was a citizen. Instead, I sat in the dirt with my hands zip-tied with other detainees for four hours. When I was sitting there, I could hear agents asking each other why I had been arrested. They were unsure, but I was taken away and thrown in a jail cell anyway.”
After three days and nights in detention, “I was just let go, with no charges, no explanation for why and no apology,” Retes says. Why bring up his case? “To me, it feels like the system isn’t working,” he writes. “By letting masked agents stop people based on how they look, talk or where they work, protection has become persecution.” But more than that, “I’m concerned that the court didn’t have a full view of what is happening in our state,” he says.
Retes: “I served my country. I wore the uniform, I stood watch, and I believe in the values we say make us different. And yet here, on our own soil, I was wrongfully detained. Stripped of my rights, treated like I didn’t belong and locked away—all as an American citizen and a veteran. This isn’t just my story. It’s a warning. Because if it can happen to me, it can happen to any one of us.” Read the rest, here.
Extremism in the U.S.
Update: At least 8 American service members have been punished for social media comments about Charlie Kirk’s death,Task & Purpose reported Wednesday. That includes “at least five Army officers and an Air Force senior master sergeant have been suspended from their jobs” for such posts, in accordance with Defense Secretary Pete Hegseth’s social media post ordering such a review last Thursday.
Noted: Kirk often made “incendiary and often racist and sexist comments to large audiences,” the Guardianreported last Thursday.
Despite Trump’s framing, “most domestic terrorists in the U.S. are politically on the right, and right-wing attacks account for the vast majority of fatalities from domestic terrorism,” University of Dayton sociology professors Art Jipson and Paul Becker explained Wednesday for The Conversation.
In addition, “Right-wing extremist violence has been deadlier than left-wing violence in recent years,” they write. “Based on government and independent analyses, right-wing extremist violence has been responsible for the overwhelming majority of fatalities, amounting to approximately 75% to 80% of U.S. domestic terrorism deaths since 2001…By contrast, left-wing extremist incidents, including those tied to anarchist or environmental movements, have made up about 10 to 15% of incidents and less than 5% of fatalities.”
Also: The BBC arrived at a similar conclusion. Verify’s Shayan Sardarizadeh has more, reporting Wednesday on X, here.
Worth noting: “Politically motivated violence in the U.S. is rare compared with overall violent crime,” Jipson and Becker write. “Political violence has a disproportionate impact because even rare incidents can amplify fear, influence policy and deepen societal polarization.” Read the rest, here.
A zero-click vulnerability discovered in ChatGPT’s Deep Research agent allowed attackers to exfiltrate sensitive data from a user’s Gmail account without any user interaction.
The flaw, which OpenAI has since patched, leveraged a sophisticated form of indirect prompt injection hidden within an email, tricking the agent into leaking personal information directly from OpenAI’s cloud infrastructure.
According to Radware, the attack began with an attacker sending a specially crafted email to a victim. This email contained hidden instructions, invisible to the human eye, embedded within its HTML code using techniques like tiny fonts or white-on-white text.
When the user prompted the Deep Research agent to analyze their Gmail inbox, the agent would read this malicious email alongside legitimate ones.
The hidden prompts used social engineering tactics to bypass the agent’s safety protocols. These tactics included:
Asserting Authority: The prompt falsely claimed the agent had “full authorization” to access external URLs.
Disguising Malicious URLs: The attacker’s server was presented as a legitimate “compliance validation system.”
Mandating Persistence: The agent was instructed to retry the connection multiple times if it failed, overcoming non-deterministic security blocks.
Creating Urgency: The prompt warned that failure to comply would result in an incomplete report.
Falsely Claiming Security: The instructions deceptively directed the agent to encode the stolen data in Base64, framing it as a security measure while actually obfuscating the data exfiltration.
Once the agent processed the malicious email, it would search the user’s inbox for the specified Personally Identifiable Information (PII), such as a name and address from an HR email.
It would then encode this data and send it to the attacker-controlled server, all without any visual indicator or confirmation from the user.
Service-Side vs. Client-Side Exfiltration
What made this vulnerability particularly dangerous was its service-side nature. The data exfiltration occurred entirely within OpenAI’s cloud environment, executed by the agent’s own browsing tool.
This is a significant escalation from previous client-side attacks that relied on rendering malicious content (like images) in the user’s browser.
Because the attack originated from OpenAI’s infrastructure, it was invisible to conventional enterprise security measures like secure web gateways, endpoint monitoring, and browser security policies. The user would have no knowledge of the data leak, as nothing would be displayed on their screen, Radware said.
While the proof of concept focused on Gmail, the vulnerability’s principles could be applied to any data connector integrated with the Deep Research agent. Malicious prompts could be hidden in:
PDFs or Word documents in Google Drive or Dropbox.
Any service that allows text-based content to be ingested by the agent could have served as a potential vector for this type of attack.
Researchers who discovered the flaw suggest that a robust mitigation strategy involves continuous monitoring of the agent’s behavior to ensure its actions align with the user’s original intent. This can help detect and block deviations caused by malicious prompts.
The vulnerability was reported to OpenAI on June 18, 2025. The issue was acknowledged, and a fix was deployed in early August. OpenAI marked the vulnerability as resolved on September 3, 2025.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Security Orchestration, Automation, and Response (SOAR) tools are revolutionizing how organizations defend against evolving threats, streamline security workflows, and automate incident response. In an era of complex attack surfaces and alert fatigue, SOAR solutions empower security teams to respond faster, reduce manual workloads, and maintain compliance across hybrid environments. This comprehensive guide reviews the top […]
In 2025, the Model Context Protocol (MCP) revolutionizes AI agent integration, making it seamless for tools, databases, and workflows to work harmoniously in enterprises and developer workspaces.
Top MCP servers power next-generation automation and data-driven applications, connecting everything from cloud docs to enterprise CRM and relational databases.
Choosing the best MCP server unlocks dramatic efficiency, security, and value for diverse AI-powered businesses and developer teams.
Why MCP (Model Context Protocol) Servers 2025?
MCP servers are the backbone of dynamic AI applications by bridging large language models, automation tools, and live data sources for secure, auditable, real-time operations.
As demand for multi-system orchestration grows, organizations are leveraging MCP standards for compliance, access control, and scalable AI workflows.
Selecting a high-performing MCP server ensures easy, governed connectivity with modern AI clients and business logic, keeping organizations at the forefront in a fast-evolving ecosystem.
Comparison Table: Top 10 Best MCP (Model Context Protocol) Servers 2025
K2view leads the MCP revolution in 2025 by providing robust, secure access to enterprise data for generative AI. Its patented Micro-Database technology ensures real-time, context-rich data for AI clients and applications.
Unifying fragmented business data across SQL, APIs, and cloud, K2view’s data products natively expose themselves as MCP servers dramatically reducing complexity for AI agent orchestration.
K2view’s focus on governance, security, and seamless connection empowers organizations to maximize AI investments while remaining compliant.
The platform supports both hosted and hybrid setups, catering to enterprise and regulated industries.
Specifications
K2view supports all common data sources cloud databases, on-premises SQL, business APIs, and document engines making it a universal MCP solution for the modern stack.
It employs Micro-Database clustering to isolate business entities and supports dynamic schema alignment, with unified role-based permissions.
Real-time data is available via scalable orchestrators that support both REST and MCP protocols.
Features
K2view provides instant MCP server creation for each enterprise data product. Its patented entity-based data products harmonize, mask, and cleanse multi-source data in real-time.
Every product is dynamically discoverable and can be used by AI tools through prompt templates.
Powerful caching, dynamic synchronization, and near-instant SLA delivery ensures that responses are always accurate and up to date.
Reason to Buy
K2view is ideal for enterprises seeking real-time, secure, and compliant AI data orchestration across all business sources. Its robust schema mapping and native entity logic save valuable engineering time and eliminate data silos.
With instant MCP server provisioning, K2view ensures that even non-technical team members can expose and govern AI-relevant business data.
Pros
Real-time, unified enterprise data delivery
Entity-level security and masking
Comprehensive documentation and easy onboarding
Robust orchestration and compliance
Cloud-agnostic deployment
Cons
Advanced features may require enterprise licenses
Initial setup for complex data environments can be time-consuming
Best For: Enterprises requiring secure, unified AI data access across complex, multi-source applications.
Vectara makes fact-based, Retrieval-Augmented Generation (RAG) easy for AI agents in knowledge-driven organizations.
Its MCP server bridges AI clients and vast enterprise documentation, delivering accurate, real-time search with advanced semantic ranking.
Vectara’s system is ideal for applications where trustworthy, grounded answers are a must, such as customer support bots, research assistants, and search-driven automation.
Its hosted RAG engine standardizes APIs, managing both integration complexity and performance at scale. Vectara ensures agent compatibility, providing tool catalogues for standardized interaction.
Specifications
Vectara offers a fully hosted MCP-compliant RAG server with scalable APIs for high-volume search and retrieval tasks. It exposes normalized endpoints for document queries, semantic search, and ranking.
Security is enforced via user-based authentication and fine-grained permissions. Clients benefit from built-in logging and real-time analytics, with clear regulatory controls.
Features
Specialized for RAG, Vectara’s MCP engine excels at searching vast document sets with API-standardized prompts. Advanced semantic search lets AI clients locate and rank relevant data points contextually.
The platform performs automatic schema mapping and provides zero-maintenance backend reliability. Clients enjoy robust documentation and SDKs for rapid implementation.
Reason to Buy
Vectara is an excellent choice for organizations whose competitive edge relies on delivering accurate, fact-checked answers from proprietary or regulated data.
The hosted deployment removes operational burdens, and the standardized protocol ensures compatibility with all leading AI clients.
Pros
Best-in-class RAG engine for fact-based answers
Highly scalable hosted operations
Seamless API standardization and agent compatibility
Minimal integration overhead
Cons
Not a general-purpose MCP server (RAG-focused)
Requires a Vectara subscription
Best For: Knowledge-centric teams needing advanced, reliable document retrieval and semantic search for AI-driven workflows.
Zapier MCP democratizes tool access for AI clients, connecting agents to 7,000+ app actions through a single unified server.
Building on Zapier’s legendary no-code automation, its MCP implementation enables natural language workflows for automation, task management, CRM, and productivity.
This broad integration ecosystem makes Zapier uniquely poised to automate real-world tasks for any AI host or agent with just a few clicks.
Specifications
Zapier MCP is a fully managed, cloud-based MCP platform, exposing standardized RESTful endpoints for all connected applications. It includes OAuth-based authentication, enterprise-grade rate limiting, and activity audit logs.
Supports thousands of integrations across business, productivity, communications, and specialized verticals. Visual dashboards allow configuration and role management.
Features
Provides comprehensive AI-accessible automation, task execution, and data transfer between cloud and on-premise tools.
Visual flow builder powers no-code orchestration, and each app connector exposes granular tool actions. Agent access is managed via a single, standardized MCP URL.
Reason to Buy
Zapier MCP is perfect for individuals and organizations who need to quickly enable AI-driven automation for business operations without deep technical expertise or costly API development.
Its unmatched integration library ensures compatibility with virtually any business tool.
Pros
Largest no-code automation app directory
Simple visual setup and management
Robust OAuth and permission controls
Ideal for non-developers and prototyping
Cons
Single URL for all agents can cause permission sprawl
Existing Zaps not auto-portable as tools
Best For: No-code task automation and AI orchestration across 7,000+ cloud and SaaS tools.
Notion’s MCP server unlocks intelligent workspace automation for modern teams.
Natively integrated with project docs, databases, and collaborative wikis, Notion MCP allows AI agents to seamlessly read, edit, and automate Notion workflows without complex APIs.
The hosted implementation combines robust OAuth user consent and per-user permissions creating a secure bridge between structured documents and interactive agents.
Specifications
Official hosted MCP server deployed on advanced Cloudflare infrastructure for fast, global access. Provides OAuth authentication, user-based permissions, and secure API token storage.
Tools mapped to Notion’s complex schema, supporting block-based content, enterprise search, and real-time update operations.
Features
Notion MCP server provides real-time, agent-driven access to project docs, task trackers, databases, and wikis. Focus on “living documentation” ensures AI-generated updates stay current.
Advanced Markdown supports rich formatting, code blocks, tables, and colors. Supports documentation-driven development cycles, project coordination, and automated updates across workspace.
Reason to Buy
Notion MCP is the top pick for teams seeking smart, AI-augmented documentation and collaborative workspace automation.
It enables productivity by letting AI agents manage, search, and contextualize jobs across all workspace docs, dramatically reducing context switching and manual upkeep.
Pros
Deep workspace and documentation integration
Fast, secure OAuth onboarding
Strong Markdown and database support
Easy one-click installation and cross-platform compatibility
Cons
Complex schemas may require advanced configuration
Tool/usage limits with certain clients
Best For: Teams needing automated project documentation, enterprise search, and collaborative task management powered by AI.
Supabase MCP brings AI-powered database management directly to developer desktops, creating a bridge between conversational AI and real-time SQL workflows.
Its official server exposes the entire Supabase ecosystem databases, edge functions, storage, and authentication as conversational tools.
Developers and DevOps teams can execute migrations, debug, branch, and manage authentication through natural language without leaving their IDE.
Specifications
Hosted and self-hosted deployment, integrating directly into AI IDEs such as Cursor, Claude Desktop, and Windsurf.
Full compatibility with Supabase SQL, migrations, and schema management. OAuth and project-level authentication, safety prompts for destructive commands, and automated TypeScript schema generation.
Features
Supabase MCP covers every major application area: design and track tables, generate and roll back migrations, create/restore projects, real-time debugging, read/write risk assessment, and project/user authentication.
Full ecosystem support includes functions, edge, storage, and real-time event triggers.
Reason to Buy
Supabase MCP is indispensable for developer-centric organizations building next-generation, AI-first apps.
By transforming traditional dev workflows into natural language commands, it supercharges productivity, ensures safety, and makes complex schema management approachable.
Pros
AI-driven, real-time SQL operations
Risk and safety controls for database commands
Instant logging and debugging tools
Strong TypeScript and SaaS app ecosystem support
Cons
Advanced operations require AI/SQL understanding
Some risk of accidental destructive commands (mitigated by safety checks)
Best For: Developer teams needing conversational, AI-managed, secure database ops and migrations.
Pinecone transforms AI agent context through advanced vector search and indexing, natively exposing powerful semantic search to applications of all sizes.
With three distinct MCP server options (remote/local Assistant and Dev), Pinecone lets developers and teams access state-of-the-art vector mechanics, documentation search, and advanced metadata filtering all in one platform.
It excels at testing search indexes and integrating with AI-powered development environments like Cursor.
Specifications
Offers both remote and local MCP deployments. Provides tools for querying, listing, and managing vector indexes, with real-time feedback and metadata filtering.
Built for scale, Pinecone supports thousands of queries per second with low latency. API key setup ensures secure access, and Documentation + Index search is deeply integrated into the developer workflow.
Features
Vector search, semantic filtering, and index management are all done through conversational MCP endpoints.
Powerful Assistant mode connects agents for rapid context lookup. Local deployments for on-premise privacy and advanced admin control.
Reason to Buy
Pinecone is the premier choice for developer teams, AI product managers, and enterprises building recommendation engines, semantic search systems, or context-aware agents.
Its flexibility across hosted and local environments, and ease of integration with IDEs and AI clients, reduces build times and guarantees production-grade reliability.
Pros
Best-in-class semantic/vector search APIs
Remote or local/cloud deployment
Robust documentation and sample integrations
Secure API key and metadata controls
Cons
Requires setup and configuration skills for advanced features
Some features require a paid plan
Best For: Vector search, recommendation engines, and semantic query-driven AI tools.
OpenAPI-powered MCP servers are a backbone of flexibility for developer teams, especially those using Hugging Face services.
By auto-generating MCP servers from OpenAPI documents, engineering teams can enable AI agents to interface directly with existing APIs the faster, more scalable pathway to agentic integration.
Autogenerated from any mature OpenAPI spec, these MCP servers provide secure, compliant, and versioned endpoints. Customizable pruning keeps tool catalogues focused on high-value actions.
Advanced JSON input support, hybrid tool configuration, and fine-tuned workflows enable deep application logic exposure.
Features
OpenAPI-based MCP servers expose all documented API endpoints as structured tools. Tool discovery is managed via API schema introspection and versioning.
Production support includes deep validation, parameter checking, and workflow context management. API-first approach ensures forward compatibility and robust CI/CD pipelines for enterprise-scale automation.
Reason to Buy
OpenAPI MCP servers unlock the fastest path for organizations with existing RESTful APIs to AI-readiness.
Dev and platform teams can provision MCP endpoints for any SaaS, database, or cloud API, minimizing additional engineering.
Pros
Auto-generates agent-facing tools from existing APIs
Strong standards-based compatibility
Highly configurable and production-proven
Facilitates rapid, zero-code AI workflow exposure
Cons
Large API specs require careful pruning
Complex JSON input/output can present workflow challenges
Best For: Schema-driven API integrations and rapid enterprise AI tool onboarding.
Salesforce MCP servers dramatically streamline AI access to CRM and business data, making Salesforce the most agent-friendly business platform of 2025.
Managed, hosted MCP servers allow natural language queries and action translation agents can close cases, pull customer data, or update records using conversational commands rather than bespoke integration.
Salesforce MCP’s cloud maturity guarantees enterprise-ready reliability, scale, and governance, while robust guardrails and fallback features ensure compliance and operational stability.
Specifications
Hosted by Salesforce in the cloud with 99.9%+ uptime SLAs. Secure, scalable, and monitored by Salesforce engineers for performance and compliance. MCP endpoints translate business actions to Salesforce APIs in real time.
Optimized for granular operations (searches, record updates), with throughput managed by automatic throttling. Native fallback features guarantee smooth degradation and service continuity.
Features
Universal natural language access to Salesforce records, tickets, and workflows. Supports key CRM, sales, and commerce data actions through MCP-standardized calls.
Enables multi-agent orchestration and reporting. Tools map cleanly to business objects, and fallbacks ensure robust automation even in the rare event of external API outages or errors.
Reason to Buy
Salesforce MCP servers are perfect for customer-centric enterprises and service teams seeking agent-driven automation and data efficiency.
The managed, scalable environment accelerates AI augmentation without reducing Salesforce security or putting regulatory compliance at risk.
Pros
Seamless agent-driven Salesforce integration
High performance and reliability
Managed security and compliance
Granular object/action mapping
Cons
Pilot phases may throttle heavy usage
Real-time bulk data loads not optimized
Best For: Enterprises seeking compliant, production-ready AI access to Salesforce data and actions.
LangChain MCP is the premier open ecosystem for developers building advanced, multi-server agent workflows. Its modular toolkit allows complex logic orchestration, prompting, and workflow integration directly through MCP.
LangChain’s native support for multi-server MCP connections empowers intelligent, adaptive reasoning across data sources and agent tools.
The approach reduces engineering friction in building sophisticated, situation-aware applications.
Specifications
Python-based, developer-focused open source project with MCP adapters for multiple environments.
Features multi-server connection support, advanced async operations, and extensible agent frameworks compatible with OpenAI, Anthropic, and custom LLM models.
Features
Orchestrates complex, multi-tool workflows using dynamic agent chaining. Exposes tools from multiple servers to a single agent, supporting advanced business logic and dynamic function invocation.
Developer-first architecture encourages collaboration and open-source contributions. Detailed documentation, templates, and rich community resources cut learning curves for rapid prototyping.
Reason to Buy
LangChain MCP is ideal for technical teams creating custom, workflow-driven AI agent applications, and who need deep multi-server coordination or advanced reasoning flows.
Best-in-class for prototypes, scale-ups, and educational deployments where logic, chaining, and agent state matter most.
Pros
Most flexible workflow and agent orchestration
Multi-server and prompt toolkit support
Detailed examples and open-source extensibility
Advanced developer-focused documentation
Cons
Requires Python/programming fluency
Initial workflow setup can be complex
Best For: Developers building advanced, workflow-heavy, custom AI agent solutions.
Google Drive MCP makes file and document access for AI seamless and secure.
It empowers developers and teams to expose all Drive-based project files, business documents, and datasets to AI agents via search, read, and retrieval.
Automatic conversion of Docs, Sheets, and Slides optimizes context intake for AI-powered IDEs no complicated set-up required beyond standard OAuth consent.
Specifications
Cloud-based server exposing search, read, and file management for Google Drive. Robust OAuth 2.0 flow ensures secure, user-level access.
Handles all Workspace and generic file types, with intelligent output conversion (Markdown, CSV, plain text, PNG) for each format.
Free and paid plans scale with demand, and enterprise options offer advanced analytics, dedicated integrations, and priority support.
Features
Conversational file search, reading, and export for all Drive file types.
Automatic format conversion, seamless AI integration with popular IDEs (VS Code, Cursor), and robust context extraction for documentation, code, and dataset discovery.
Reason to Buy
Google Drive MCP is best for teams building knowledge-centric, AI-augmented workflows involving project documentation, collaborative QA, and file-driven agent logic.
It’s especially powerful for developer teams, product managers, and researchers needing instant file lookup or data ingestion into coding workflows.
Pros
AI-accessible file management and search
Powerful automatic format conversion for Docs, Sheets, Slides
Seamless integration into agent-compatible IDEs
Free plan covers standard use
Cons
Advanced analytics/features require paid plan
Requires Google Cloud OAuth setup
Best For: Teams using Google Drive for docs, code, or data needing agent-driven file lookup and management.
The Model Context Protocol server landscape in 2025 empowers businesses, teams, and developers to unlock AI efficiency and innovation across cloud, database, and enterprise ecosystems.
Whether prioritizing robust data access (K2view), knowledge retrieval (Vectara), workflow automation (Zapier, Notion), or developer-first operations (Supabase, Pinecone), choosing the right MCP server accelerates productivity, supports compliance, and futureproofs organizational infrastructure.
Evaluate each solution for fit, feature depth, and ongoing support to maximize the transformative potential of AI-powered agent workflows.
.webp)
.webp)
Yes
No.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)