In six minutes on Monday, May 11, attackers compromised the very building blocks that web developers use across the country. Security experts raised the alarm regarding TanStack, the attackers’ target, about 20 minutes post-breach. But that was still enough time to create national-scale risk: dozens of trusted tools were affected, including one that gets downloaded 12.7 million times a week.

The news is only the latest in the rapidly growing field of AI-enabled cybercrime. In 2025 alone, the FBI’s Internet Crime Complaint Center (IC3) received 22,364 complaints where the victim or report included AI-related information, such as scams involving AI-generated voices, deepfakes, fake profiles, AI-assisted phishing, or other AI-enabled fraud.

New York’s state court system made an early institutional template for governing AI in litigation, with rules starting next month. (NY Courts)

A federal judge in Maine doled out milder than usual sanctions for a lawyer’s AI hallucinations. (Bloomberg Law / Justia)

The FBI’s latest data shows a sharp rise in elder fraud last year. (FBI Norfolk)

Updated federal evidence rules on AI-fabricated evidence may not take effect until December 1, 2028. (U.S. Courts)

AI was the digital factory behind a North Carolina man’s $8 million music-streaming fraud. (The Guardian)

Oregon’s labor agency is reviewing unauthorized AI use after an embarrassing fallout this week. (The Oregonian/OregonLive)

The Initial Report is written and edited by Grant Morgan, a former prosecutor who tried high-level felonies and assisted in complex investigations before turning his attention to how artificial intelligence is reshaping the day-to-day work of American prosecutors. The Initial Report tracks the tools, court rulings, and enforcement actions shaping that work.

The Initial Report is in limited release, with new editions publishing Tuesdays and Fridays at 6:00 a.m. To preserve access, send your name and agency to editorial@theinitialreport.com. It is the inaugural publication from VoraSync Labs.