Not sure this will have any effect, but I support the effort:
According to Google’s legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their own…
Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more meas…
Because of the way they are trained, large language models capture only a slice of human language. They’re trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the unscripted conversations we ha…
France is accelerating its transition to post-quantum encryption:
France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems.
S…
Interesting paper: “Cybersecurity Mission Creep.”
Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regul…
This is from a 2024 company presentation:
Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags.
Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law enforcement officials to get more information “eve…
We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect:
In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a c…
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild.
The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world…
The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia.
I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. The i…
Papa Johns is spying on people’s buying activities to predict when they are low on food:
The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they’re low on groceries—and thus more likely to be swayed by a mouth-watering ad.…
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company s…
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets.
Another news article.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy.
I haven’t thought about the privacy issues surrounding professional athletes and wearables.
Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whose e…
Fable 5 is the supposed safe version of Anthropic’s Mythos Preview, with guardrails to ensure that it can’t be used to create cyberattacks.
Well, that restriction was bypassed within days.
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis.
Details:
The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it i…
This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags.
Their conclusion:
Role tags were a formatting trick that became the security architecture and the …
Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like “users can check for themselves,” and that they generally know “that information generated with AI should not be blindly trusted,” the court held that the AI’s summaries are reflection…
A database of almost a million passports from around the world was leaked online.
Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the hig…
We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time.
Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.)
Chinese companies control nearly two-thirds of Argentina’s own squid fleet.
On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one pu…
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis.
Details:
The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it i…
There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people.
Alternate link.
This is a current list of where and when I am scheduled to speak:
I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026.
I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and …
A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person.
The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identificatio…