Security & IT News

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors leveraged access from a prior incident that was not fully remediated to inject credential-stealing malware into official releases of Aqua Security’s widely adopted open-source vulnerability scanner, Trivy. The attack simultaneously compromised the core scanner binary, the trivy-action GitHub Action, and the setup-trivy GitHub Action, weaponizing trusted security tooling against the organizations relying on it. The campaign, attributed to the threat actor identifying as TeamPCP, introduces several concerning techniques. This blog walks through the Trivy supply chain attack and explains how Microsoft Defender helps organizations detect, investigate, and respond to this incident. This activity has since expanded to additional frameworks, including Checkmarx KICS and LiteLLM, with further details to be shared as the investigation continues. Analyzing the Trivy supply chain compromise The activity on March 19 represents the execution phase of the campaign, where previously established access was used to weaponize trusted Trivy distribution channels: Poisoning GitHub Actions used in CI/CD pipelines: Using compromised credentials with tag write access, the attacker force-pushed 76 of 77 version tags in aquasecurity/trivy-action and all 7 tags in aquasecurity/setup-trivy, redirecting existing, trusted version references to malicious commits. This caused downstream workflows to execute attacker-controlled code without any visible change to release metadata. Publishing a malicious Trivy binary: In parallel, the attacker triggered release automation to publish an infected Trivy binary (v0.69.4) to official distribution channels, including GitHub Releases and container registries, exposing both CI/CD environments and developer machines to credential theft and persistence. Maintaining stealth and impact window: Both the compromised GitHub Actions and the malicious binary were designed to execute credential-harvesting logic in addition to the legitimate Trivy functionality, allowing workflows and scans to appear successful while secrets were exfiltrated. Attack containment by maintainers: Later that day, the Trivy team identified the compromise and removed malicious artifacts from distribution channels, ending the active propagation phase. How Git’s design was abused in the attack This attack exploited two aspects of how Git and GitHub operate by design: mutable tags and self-declared commit identity, turning expected platform behavior into an advantage for the attacker. In Git, a tag is a label that maps to a specific commit in the repository’s history. By default, these references are not immutable – anyone with push access can reassign an existing tag to point to an entirely different commit. The attacker did exactly that, replacing the targe

The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure

Rapid7 has released a whitepaper titled “ The Weaponization of Cellular Based IoT Technology ,” by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead product security researcher at Thermo Fisher Scientific. The paper examines how attackers with physical access can exploit cellular modules in Internet of Things (IoT) devices to move into cloud and backend environments, exfiltrate data, and conceal command channels within expected device traffic. Heiland presented their findings at the RSAC 2026 conference in San Francisco. The research focuses on how these attacks work in practice. It details how interchip communications such as USB and universal asynchronous receiver-transmitter (UART) can be observed and manipulated. It also shows how hardware modifications can replace a device host, allowing an external system to assume control of the cellular module. The authors developed proof-of-concept tools, including a TCP port scanner using AT commands, an S3 bucket enumerator, a SOCKS5 proxy that routes traffic through the cellular module, and a Metasploit proxy module. These examples demonstrate how attackers can take advantage of trusted relationships between devices and connected services. The findings highlight consistent risks across tested devices. Cellular modules often expose multiple interfaces, and unused UART or USB paths can provide direct access. With targeted printed circuit board modifications, an attacker can reroute traffic through the cellular interface. Many modules accept AT commands that support raw sockets, HTTP requests, and TCP tunnels, which can enable reconnaissance and lateral movement. All cellular devices the researchers examined lacked tamper protections and most did not encrypt sensitive data before transmission, increasing exposure in environments that use private access point names (APNs). Organizations should treat cellular-enabled devices as privileged entry points into their networks as well as their critical data storage and management environments. This includes disabling or removing unused interchip interfaces, enforcing end-to-end encryption before data is transmitted through the cellular modules, and applying monitoring and outbound controls within APN architectures. Hardware-level security testing should be part of standard product security practices.To read the whitepaper, click here .

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March

Crunchyroll said it continues to investigate the data breach involving its users' personal information.

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (

AI agents increasingly perform tasks that involve reasoning, acting, and interacting with other systems. Building a trusted agent requires ensuring it operates within the correct boundaries and performs tasks consistent with its intended purpose. In practice, this requires aligning several layers of intent: User intent : The goal or task the user is trying to accomplish. Developer intent : The purpose for which the agent was designed and built. Role-based intent: The specific function the agent performs within an organization. Organizational intent : Enterprise policies, standards, and operational constraints. For example, one department may adopt an agent developed by another team, customize it for a specific business role, require that it adhere to internal policies, and expect it to provide reliable results to end users. Aligning these intent layers helps ensure agents meet user needs while operating within organizational, security, and compliance boundaries. Importance of intent alignment A successful and trusted AI agent must satisfy what the user intended to accomplish, while operating within the bounds of what the developer, role, and organization intended it to do. Proper intent alignment empowers AI agents to: Deliver quality results that accurately address user requests and solve real problems, increasing trust and productivity. Ensure the agent maintains its intended goal and operates within the boundaries it was developed and deployed for, reflecting the developer’s original design and the job to be done by the deploying organization. Uphold security and compliance by respecting organizational policies, protecting data, and preventing misuse or unauthorized actions. User Intent: The Key to Quality Outcomes Every AI agent interaction begins with the user’s objective, the task the user is trying to complete. Correctly interpreting that objective is essential to producing useful results. If the agent misinterprets the request, the response may be irrelevant, incomplete, or incorrect. Modern agents often go beyond simple question answering. They interpret requests, select tools or services, and perform actions to complete a task. Evaluating alignment with user intent therefore requires examining whether the agent correctly interprets the request, chooses the appropriate tools, and produces a coherent response. For example, when a user submits the query “Weather now,” an agent must infer that the user wants the current local weather. It must retrieve the relevant location and weather data through available APIs and present the result in a clear response. Developer intent: Defining the agent’s intended scope If user intent is about what the user wants the agent to do, developer intent is about what was the agent developed for. Developer’s intent defines the quality that of how well the agent fulfills its intended job, and the security boundaries that protect the agent from misuse or drift. In short, developer intent defines how the agent ar

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position

If you're a security leader operating in Germany, Austria, or Switzerland, you already know that compliance isn't a checkbox. It's a competitive differentiator. Rapid7 has completed BSI C5 Type 2 attestation for the Rapid7 Command Platform, including Threat Command, and it's a milestone worth unpacking. This isn't just a badge on a webpage. It's proof that our security controls work, not just on paper, but in practice, over time. What is BSI C5 and why does it matter? The Cloud Computing Compliance Criteria Catalogue (C5) was developed by Germany's Federal Office for Information Security (BSI). It sets some of the most rigorous cloud security standards in the world, covering everything from data protection to operational transparency. A Type 2 attestation is the gold standard within that framework. Unlike a point-in-time audit, Type 2 validates that security controls aren't just well-designed, but that they're actively working consistently over a sustained period. It's the difference between a security promise and a security proof. For organizations in the DACH region, C5 is more than a nice-to-have. It's a procurement requirement for German federal agencies, critical infrastructure operators, healthcare institutions, and financial services firms. If you're operating in any of these sectors, your cloud providers need to meet this bar. Rapid7 now does. BSI C5 Type 2 and your cloud security strategy Whether you're evaluating security vendors, managing compliance obligations, or looking to strengthen your organization's risk posture, the question is the same: How do you know your cloud security provider actually does what it says? BSI C5 Type 2 attestation answers that question. It's independent, rigorous, and sustained over time. While rooted in German regulatory requirements, C5 is increasingly recognized as a benchmark for secure cloud operations across Europe. It's one of the clearest signals that a cloud provider has the operational maturity to handle sensitive environments. The Rapid7 Command Platform unifies exposure management with detection and response, giving security teams clear visibility across their attack surface. Threat Command extends that protection further, identifying and helping remediate threats across the clear, deep, and dark web. Both are now independently validated against one of the world's toughest cloud security frameworks. Why independent validation of security controls matters Trusting a security vendor shouldn't require a leap of faith. Independent validation exists so you have the evidence to make that call with confidence. This attestation reflects our continued investment in meeting the highest security standards for customers across Germany and the wider European market. Rapid7 has achieved a milestone that speaks directly to the conversations had every day with public sector and enterprise organizations who need more than a promise. They need proof that a security provider's controls have been tested, verified,

Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage phishing

A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory

The FCC ban will affect the import of all new, foreign-made consumer routers, the agency's head Brendan Carr said.

Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data

I have written about how to use IP KVMs securely , and recently, researchers at Eclypsium published yet another report on IP KVM vulnerabilities. But there is another issue I haven't mentioned yet with IP KVMs: rogue IP KVMs. IP KVMs are often used by criminals. For example, North Koreans used KVMs to connect remotely to laptops sent to them by their employers. The laptops were located in the US, and the North Korean workers used IP KVMs to remotely connect to them. IP KVMs could also be used to access office PCs, either to enable undetected work from home or by threat actors who use them to gain remote access after installing the device on site. IP KVMs usually connect to the system in two ways: USB for keyboard/mouse HDMI for the monitor connection (some older variants may also use VGA) For my testing, I used two different IP KVMs. A PiKVM and a NanoKVM (Sipeed). Both were connected to Linux systems, but the techniques should work on other operating systems as well. USB For the Sipeed NanoKVM, lsusb give away the device: $ lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 0bda:c821 Realtek Semiconductor Corp. Bluetooth Radio Bus 001 Device 004: ID 051d:0002 American Power Conversion Uninterruptible Power Supply Bus 001 Device 005: ID 3346:1009 sipeed NanoKVM Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub PiKVM is a little bit less obvious, but this USB entry appears to be associated with PiVKM Bus 001 Device 004: ID 1d6b:0104 Linux Foundation Multifunction Composite Gadget Bus 001 Device 017: ID 1b3f:2008 Generalplus Technology Inc. USB Audio Device This needs a bit more testing for the PiKVM. HDMI HDMI devices send EDID (Extended Display Identification Data) to the system the display is connected to. The main purpose of EDID is to communicate available video modes and resolutions. But it also includes manufacturer information. For the NanoKVM: sudo get-edid | parse-edid ... Section Monitor Identifier Connector ModelName Connector VendorName VCS ... Not very obvious, but the VCS vendor name could be a reasonable indicator (check for false positives) For PiKVM, the Identified and ModelName are more telling: Section Monitor Identifier PiKVM V3 ModelName PiKVM V3 VendorName LNX Evasion Of course, a more sophisticated attacker can modify these strings. PiKVM offers a configuration file to do so, in part to allow for better compatibility. I do not know whether the NanoKVM provides a similar, simple way to evade detection (but it is likely not terribly hard). So sophisticated attacker may translate to able and willing to read the manual . Many endpoint protection solutions monitor USB devices and may alert on odd devices being connected. But I am not aware of any that check monitor EDID strings. This may be another neat feature for any solutions. In office environments, most organizations provide a limited set of monitor types. For home office use, things may be more complex as users often

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. /strong /p p The following versions of Pharos Controls Mosaic Show Controller are affected: /p ul li Mosaic Show Controller Firmware 2.15.3 (CVE-2026-2417) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Pharos Controls /td td Pharos Controls Mosaic Show Controller /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United Kingdom /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-2417 /a /h3 div class= csaf-accordion-content p A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-2417 View CVE Details /a /p hr h4 Affected Products /h4 h5 Pharos Controls Mosaic Show Controller /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Pharos Controls /div div class= ics-version strong Product Version: /strong br Pharos Controls Mosaic Show Controller Firmware: 2.15.3 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later. /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/306.html CWE-306 Missing Authentication for Critical Function /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnheader Base Score /th th role= columnheader Base Severity /th th role= columnheader Vector String /th /tr /thead tbody tr td 3.1 /td td 9.8 /td td CRITICAL /td td a href= https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H /a /td /tr /tbody /tabl

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-03.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution. /strong /p p The following versions of Schneider Electric Plant iT/Brewmaxx are affected: /p ul li Plant iT/Brewmaxx 9.60_and_above (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.9 /td td Schneider Electric /td td Schneider Electric Plant iT/Brewmaxx /td td Use After Free, Integer Overflow or Wraparound, Improper Control of Generation of Code ('Code Injection') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy, Critical Manufacturing, Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-49844 /a /h3 div class= csaf-accordion-content p The affected product uses Redis, an open-source, in-memory database. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-49844 View CVE Details /a /p hr h4 Affected Products /h4 h5 Schneider Electric Plant iT/Brewmaxx /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Schneider Electric /div div class= ics-version strong Product Version: /strong br Schneider Electric Plant iT/Brewmaxx: 9.60_and_above /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br Schneider Electric recommends users immediately apply the following mitigations to reduce the risk of exploit: /p p strong Mitigation /strong br Install Patch ProLeiT-2025-001 via ProLeiT Support br a href= https://www.proleit.com/support/ https://www.proleit.com/support/ /a /p p strong Mitigation /strong br After installing ProLeiT-2025-001, disable the eval commands in Redis on the application server, VisuHub, engineering workstations, and workstations with emergency mode functionality /p p strong Mitigation /strong br Force usage of secure Redis configuration templates in system settings as documented in the patch manual /p p strong Mitigation /strong

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and servers. Control Core Services and all runtime software, like FCPs, FDCs, and FBMs, are not affected. The EcoStruxure Foxboro DCS ([https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/)) product is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to ensure flawless, continuous plant operation. Failure to apply the remediation provided below may risk deserialization of untrusted data, which could result in loss of confidentiality, integrity and potential remote code execution on the compromised workstation. /strong /p p The following versions of Schneider Electric EcoStruxure Foxboro DCS are affected: /p ul li EcoStruxure Foxboro DCS vers:generic/ /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 6.5 /td td Schneider Electric /td td Schneider Electric EcoStruxure Foxboro DCS /td td Deserialization of Untrusted Data /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-1286 /a /h3 div class= csaf-accordion-content p A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-1286 View CVE Details /a /p hr h4 Affected Products /h4 h5 Schneider Electric EcoStruxure Foxboro DCS /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Schneider Electric /div div class= ics-version strong Product Version: /strong br EcoStruxure Foxboro DCS versions prior to CS8.1 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br Version CS 8.1 of EcoStruxure Foxboro DCS includes a fix for this vulnerability and is available through [https://buyautomation.se

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-083-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. /strong /p p The following versions of Grassroots DICOM (GDCM) are affected: /p ul li Grassroots DICOM (GDCM) 3.2.2 (CVE-2026-3650) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 7.5 /td td Grassroots /td td Grassroots DICOM (GDCM) /td td Missing Release of Memory after Effective Lifetime /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Healthcare and Public Health /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-3650 /a /h3 div class= csaf-accordion-content p A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-3650 View CVE Details /a /p hr h4 Affected Products /h4 h5 Grassroots DICOM (GDCM) /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Grassroots /div div class= ics-version strong Product Version: /strong br Grassroots Grassroots DICOM (GDCM): 3.2.2 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br The maintainer of Grassroots DICOM (GDCM) has not responded to requests to work with CISA to mitigate this vulnerability. For update information refer to the software page on SourceForge. /p p strong Mitigation /strong br https://sourceforge.net/projects/gdcm/. br a href= https://sourceforge.net/projects/gdcm/ https://sourceforge.net/projects/gdcm/ /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/401.html CWE-401 Missing Release of Memory after Effective Lifetime /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priorit

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai , illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations. Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they care about. They’re not expected to spend hours becoming policy experts. Instead, an AI Interviewer walks them through the subject, answering their questions, interrogating their experience, even challenging their thinking. Voters get immediate feedback on how their individual point of view matches—or doesn’t—a party’s platform, and they can see whether and how the party adopts their feedback. This isn’t like an opinion poll that politicians use for calculating short-term electoral tactics. It’s a deliberative reasoning process that scales, engaging voters in defining policy and helping candidates to listen deeply to their constituents. This is happening today in Japan. Constituents have spent about eight thousand hours engaging with Mirai’s AI Interviewer since 2025. The party’s gamified volunteer mobilization app, Action Board , captured about 100,000 organizer actions per day in the runup to last week’s election. It’s how Team Mirai, which translates to ‘The Future Party,’ does politics. Its founder, Takahiro Anno , first ran for local office in 2024 as a 33 year old software engineer standing for Governor of Tokyo. He came in fifth out of 56 candidates, winning more than 150,000 votes as an unaffiliated political outsider. He won attention by taking a distinctive stance on the role of technology in democracy and using AI aggressively in voter engagement. Last year, Anno ran again, this time for the Upper Chamber of the national legislature—the Diet— and won . Now the head of a new national party, Anno found himself with a platform for making his vision of a new way of doing politics a reality. In this recent House of Representatives election, Team Mirai shot up to win nearly four million votes. In the lower chamber’s proportional representation system, that was good enough for eleven total seats—the party’s first ever representation in the Japanese House—and nearly three times what it achieved in last year’s Upper Chamber election. Anno’s party stood for election without aligning itself on the traditional axes of left and right. Instead, Team Mirai, heavily associated with young, urban voters, sought to unite across the ideological spectrum by taking a radical position on a different axis: the status quo and the future. Anno told us that Team Mirai believes it can triple its representation in the Diet after the next elections in each chamber, an ostentatious goal that seems achievable given their rapid rise over the past