Disneyland Now Uses Face Recognition on Visitors

Disneyland Now Uses Face Recognition on Visitors

```json { "title": "Disneyland Face Recognition, NSA's Mythos AI, and Scattered Spider's Latest Arrest", "metaDescription": "Disneyland now scans faces at park entrances, the NSA tests Anthropic's Mythos AI despite a Pentagon ban, and a Scattered Spider hacker is arrested in Finland.", "content": "<h2>Disneyland Rolls Out Facial Recognition at Park Entrances — But Were Guests Told?</h2><p>Disneyland Resort has expanded facial recognition technology to the entrances of both Disneyland Park and Disney California Adventure in Anaheim, California, marking the first full operational deployment of biometric entry at those parks after months of limited testing that began in December 2025. According to <em>Fortune</em> (April 28, 2026), by a recent Friday the system was operating at most entrance lines across the two parks, with only four lanes still using manual ticket validation by cast members.</p><p>The system works by capturing an image of a guest's face at the gate and comparing it to the photo stored when the ticket or annual pass was first used. Both images are converted into unique numerical values to verify a match. According to KTLA and <em>The Hill</em>, those numerical values are deleted within 30 days unless retained for legal or fraud-prevention purposes. Disney has stated the technology is intended to improve the guest arrival experience — including re-entry into the parks — and to help prevent fraud.</p><p>The rollout has attracted scrutiny over how clearly guests were informed of their options. New signage explaining which lanes use facial recognition — and which do not — only appeared at the Mickey &amp; Friends Parking Structure on April 21, 2026, according to State of Surveillance and <em>Fortune</em>. That is roughly four months after the system initially launched in December 2025. Official park signage, as quoted by <em>Fortune</em>, now reads: <strong>"Disneyland Resort park entries use facial recognition technology. Use of these lanes is optional."</strong></p><p>Guests who do not wish to use facial recognition can enter through non-facial-recognition lanes, where a cast member manually validates their ticket. However, according to Disney's privacy notice as reported by <em>Fortune</em>, those guests may still have their photos taken — with biometric technology simply not applied to those images.</p><p>The scale of the deployment is significant. In 2024, Disneyland Park welcomed an estimated 17.35 million visitors and Disney California Adventure 10.05 million, totaling more than 27 million annual visitors to Disneyland Resort, according to AECOM/TEA-based estimates cited by <em>Fortune</em>. Disney's broader Experiences segment — which includes parks, cruise line, and consumer products — generated $36.2 billion in revenue in FY2025.</p><h3>Privacy Advocates Raise Concerns Over Biometric Surveillance at Scale</h3><p>Privacy organizations including the American Civil Liberties Union and the Electronic Frontier Foundation have raised concerns about the precedent being set. Unlike a password or a ticket barcode, a person's facial geometry is immutable — it cannot be changed if compromised in a data breach.</p><p>Ari Waldman, professor of law at the University of California, Irvine, framed the broader stakes: <strong>"The normalization of facial surveillance is really problematic. We can't go around hiding our faces, so this isn't simply the next step in surveillance; it's qualitatively different. In a world of facial recognition, leaving home means being identified."</strong></p><p>Adam Schwartz, director of privacy litigation at the Electronic Frontier Foundation, pointed to the data security risk: <strong>"If you collect this kind of data, you become a target for those who want to steal it."</strong></p><p>Jay Stanley, a privacy expert at the American Civil Liberties Union, added: <strong>"People need to ask themselves whether they want to live in a world where their face is scanned at every turn."</strong></p><h2>NSA Tests Anthropic's Mythos AI to Hunt Software Vulnerabilities — Despite Pentagon Ban</h2><p>In a striking contradiction within the U.S. government, the National Security Agency has been testing Anthropic's AI model, Mythos Preview, to find cybersecurity vulnerabilities in popular software including Microsoft products — even as the Department of Defense, which oversees the NSA, declared Anthropic a "supply chain risk."</p><p>According to <em>Bloomberg</em> (April 30, 2026), the NSA's use of Mythos Preview was confirmed by a U.S. official and another person familiar with the matter. NSA officials studying the model were reported to be impressed by its speed and efficiency in searching for potential security flaws. The tension with Pentagon leadership was reported by <em>Axios</em> (April 19, 2026), which noted the Pentagon moved in February to cut off Anthropic and force its vendors to follow suit, while the military simultaneously broadened its use of Anthropic's tools.</p><p>The model at the center of the dispute, Mythos Preview, was announced by Anthropic in early April 2026 through its Project Glasswing initiative. According to Anthropic's red team blog at red.anthropic.com, Mythos Preview autonomously discovered thousands of zero-day vulnerabilities across every major operating system and every major web browser during testing — including a 27-year-old bug in OpenBSD. In benchmark testing, the model succeeded on 73% of expert-level capture-the-flag cybersecurity tasks, according to <em>The Next Web</em>'s reporting on Anthropic's published benchmarks.</p><p>Anthropic deemed Mythos Preview too capable of offensive cyber operations for general public release and instead granted access to a limited set of approximately 50 organizations for defensive use. The company had planned to expand access to approximately 120 organizations, but according to <em>The Next Web</em>, the White House told Anthropic it opposes expanding Mythos access to approximately 70 more organizations, citing security and compute concerns.</p><p>A partner organization quoted on Anthropic's Project Glasswing page captured the urgency surrounding the model: <strong>"AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."</strong></p><p>According to <em>Bloomberg</em>, Anthropic CEO Dario Amodei met with White House chief of staff Susie Wiles and Treasury Secretary Scott Bessent to discuss the use of Mythos within government and Anthropic's broader security practices. Through Project Glasswing, Anthropic committed up to $100 million USD in usage credits and $4 million USD in direct donations to open source security organizations, according to the AISLE blog citing Anthropic's Project Glasswing announcement.</p><h2>Scattered Spider Hacker Arrested in Finland; More Members Face Justice</h2><p>Law enforcement pressure on the Scattered Spider hacking collective continued with the arrest of Peter Stokes, a 19-year-old dual U.S. and Estonian citizen, by Finnish authorities at Helsinki's airport on April 10, 2026. According to <em>BleepingComputer</em> (April 2026), Stokes was detained while attempting to board a flight to Japan. Finnish authorities seized two 2-terabyte hard drives at the time of his arrest, according to Hoodline, citing court papers and <em>Chicago Tribune</em> reporting.</p><p>Stokes, who used the online alias "Bouquet," faces U.S. federal charges filed in a six-count complaint under seal in December, alleging wire fraud, conspiracy, and computer intrusion. Prosecutors allege he participated in at least four Scattered Spider breaches, including a March 2023 hack of an online communication platform — conducted when Stokes was 16 years old.</p><p>Among the more recent alleged incidents, Stokes is said to have participated in a May 2025 attack on a multibillion-dollar luxury retailer identified in court records only as "Company F." According to Cybernews and court records cited by the <em>Chicago Tribune</em>, hackers demanded $8 million in ransom. The company refused to pay but incurred approximately $2 million in mitigation costs.</p><p>Scattered Spider — also tracked under the aliases 0ktapus, Octo Tempest, Starfraud, UNC3944, and Muddled Libra — surfaced in 2022. According to <em>BleepingComputer</em>, the group is a loosely knit, financially motivated collective composed largely of teenagers and young adults from the U.S. and Great Britain. The collective is known for social engineering, MFA bombing, and SIM swapping rather than sophisticated custom malware.</p><p>Stokes's arrest follows legal consequences for other alleged members. According to Hackread, Tyler Robert Buchanan, described as a senior Scattered Spider member, pleaded guilty in California to hacking U.S. companies and stealing at least $8 million in cryptocurrency. Noah Michael Urban was sentenced to 10 years in prison after pleading guilty to fraud and conspiracy charges.</p><h2>Why These Stories Matter Together</h2><p>The three developments this week — Disneyland's biometric entry rollout, the NSA's use of a restricted AI cybersecurity model, and another Scattered Spider arrest — each reflect a common underlying tension: powerful technologies are being deployed faster than governance frameworks, public disclosure norms, and legal accountability can keep pace.</p><p>At Disneyland, a biometric system covering more than 27 million annual visitors was quietly expanded over four months before adequate opt-out signage appeared. The NSA is testing an AI model that its own department of oversight has flagged as a supply chain risk, while the White House simultaneously blocks the model's broader rollout. And Scattered Spider — a group composed largely of teenagers — has repeatedly breached major enterprises before law enforcement has been able to intercept members.</p><p>For individuals, the common thread is awareness: understanding what data is being collected about you, what AI systems are being used to probe the infrastructure you rely on, and what social engineering tactics are being deployed against the companies that hold your information. These are not abstract policy debates — they play out at theme park entrances, in government server rooms, and in the login portals of companies whose names we recognize.</p><p>For more tech news, visit our <a href=\"/news\">news section</a>.</p><h2>What to Watch Next</h2><p>On the Disneyland front, it remains to be seen whether California regulators or privacy advocacy groups will seek to challenge the deployment under state biometric privacy law. Disney has not announced plans to roll out facial recognition at its other parks globally, though the Anaheim deployment will likely be watched closely by the broader theme park industry.</p><p>On Mythos Preview, the standoff between the NSA's operational use and the Pentagon's official stance toward Anthropic is unresolved. The White House's decision to block expansion to additional organizations adds another layer of uncertainty to how this model — and others with similar dual-use cyber capabilities — will be governed going forward.</p><p>On Scattered Spider, the arrest of Peter Stokes adds to a pattern of enforcement actions against alleged members, but the collective's decentralized structure means prosecutions of individuals may not disrupt operations across the network as a whole.</p><h2>Staying Informed in a Fast-Moving Tech Landscape</h2><p>Whether it's biometric data collected at a theme park entrance, an AI model reshaping how governments find security vulnerabilities, or a teenage hacking collective costing companies millions in mitigation costs, the decisions being made right now about technology and privacy will shape daily life for years to come. Staying informed — and understanding how these developments affect your personal data, digital security, and time — is increasingly a productivity and wellness issue, not just a policy one. <a href=\"/#waitlist\">Join the Moccet waitlist to stay ahead of the curve.</a></p>", "excerpt": "Disneyland Resort has expanded facial recognition to most entrance lanes at its Anaheim parks, four months after a quiet December 2025 launch and with opt-out signage only recently appearing. Meanwhile, the NSA is testing Anthropic's restricted Mythos Preview AI to find software vulnerabilities despite a Pentagon ban on the company, and a 19-year-old alleged Scattered Spider member was arrested in Finland facing federal charges in the U.S.", "keywords": ["facial recognition", "Disneyland biometrics", "Anthropic Mythos Preview", "NSA cybersecurity AI", "Scattered Spider hacker arrest"], "slug": "disneyland-face-recognition-nsa-mythos-ai-scattered-spider-arrest" } ```

Share:

More Tech News

Musk v. Altman Trial: Week One Inside the Courtroom

The year that shook the Gulf

Spirit Airlines shuts down after two bankruptcies and a failed rescue plan

← Back to Tech News