You can grab our Q3-2025 issue of ThinkstScapes at thinkst.com/ts For this issue, we tracked over 1,500 talks/papers, and almost 1,300 security blog posts. As always, available in PDF, ePub or a brief audio summary. (As always: completely free).

You can catch our @haroonmeer.canary.love on this weeks episode of Risky Business complaining about security vendors approach to security. It's worth a listen. risky.biz/RB814/

This quarter we announced two new platforms for Canary: Oracle Cloud Infra. (OCI) & Nutanix. Our v1 was a hardware device, but today, Canary also runs on - GCP, - AWS, - VMware, - Azure, - Docker, - Tailscale, - OCI, - Nutanix. Still dead simple. Still "just works!"

Startup Idea: A safe way for CEO's to request staff members to acquire gift-cards...

I honestly don’t mind if Trump gets a Nobel for stopping the slaughter in Gaza. We’ve destroyed so many other post-war global institutions over this insanity, one more won’t hurt 🤷‍♂️

Canary tokens are incredible, bravo @thinkstcanary.canary.tools

Leighton & Sharukh just snuck a quick update into canarytokens.org to allow you to easily manage all the tokens you've previously created. Still just $0.00 Still one of the best things you can do to detect attackers before they dig in...

It’s so disingenuous to keep pushing Palestinian liberation further down the the road.. The “doing X now only hampers long term success” argument can’t be used after decades of failure.. We’ve tried the alternative - let’s try ending the occupation?

Rome takes their FLOSS licenses seriously..

Today we released our new (free) AWS Infrastructure Canarytoken on canarytokens.org. It catches attackers in your AWS account by putting tempting assets in their way and alerting you if they get probed. (1 of 3)

This talk by Ollie Whitehouse is worth watching for Cybersecurity vendors, startups and purchasers. 0 hype, with a bunch of plain-talk current and future challenges (and opportunities). Vendors: do better.. Buyers: demand better.. youtu.be/UVNMozEgYtY?...

Most of the company is in CapeTown this week for our annual ThinkstCon. This means lots of green stuff, and lots of padel. 💪💚

It's our birthday, so we created a tiny skunk(worksy) game for you to play.. Complete all 7 continents, and we will send you a limited-edition, 10-year t-shirt. Have fun!! (but watch out for the Canaries) canary.tools/10-year

In April this year, @grafana.bsky.social had a security incident due to an insecure GitHub Action. The attackers even tried covering their tracks. How were they discovered? Canarytokens.. Check out their post¹ on how they use our tokens at scale.. __ ¹ grafana.com/blog/2025/08...

How do you know you're compromised? Read my newest article to see how we used canary tokens to detect an attack on our infrastructure. grafana.com/blog/2025/08...

I know academic papers usually prefer to do vendor neutral studies, but it would be fun to see an empirical study of security-vendor-X through the ages. “Rarely is the question asked: Is our c̵h̵i̵l̵d̵r̵e̵n̵ vendors learning?”

At BlackHat this year we paid a student to walk the business hall (for both days) to collect as much swag as possible. We wondered if we would learn anything useful from it. Prelim. findings are not particularly interesting 🤷‍♂️

-=[ PHRACK PROPHILE ON Gera ]=- phrack.org/issues/72/2#... That’s the whole post…

"We had good success with your canaries at ..." "I would like to intro my (new) team at ...." 10 years in && we still do 0 outbound sales. We've had the best customers since day-1! 💪💚

I thought Ezra Klein came across badly when he & Ta-Nehisi talked Israel/Palestine¹ - but he did the same discussing “Genocide” with Phillipe Sands². Sands: it’s not complex, splitting hairs is a distraction Klein: let’s split some hairs __ ¹ youtu.be/Tg77CiqQSYk?... ² youtu.be/RrhBypHFYPY?...

A friendly reminder from your Canary Console that if you are in the Northern Hemisphere, you can probably check out the Perseid meteor shower this week.. 💪💚💫

BlackHat boothing was great. We got to hang-out with customers & chat Canary with a bunch of new folks.. Our booth has changed, our tech has levelled up (by orders of magnitude) but it's the same price¹ as always, & still "just works!" __ ¹ Still never increased prices since year-1

1) I totally think that LLMs are amazing; 2) The BlackHat showroom floor was embarrassingly covered in AI/Agentic/*

So long Vegas. Was leet meeting customers and old friends, but I’m out early.

The 2025, Q2 edition of ThinkstScapes is now available for download¹ at thinkst.com/ts If you are in Vegas for BlackHat, swing by our booth for a hard copy. This edition tracks "over 1,450 talks & papers & almost 1,400 blog posts" __ ¹ As always, completely free

It is mildly obscene how many times i've been to Las Vegas.

The momentum that Chromebooks (as a secure enterprise desktop) had a few years back seems to have waned.. Anyone still have faith?

I’m not sure what it means, but I think I see more “on my way to BlackHat” posts on my LinkedIn feed than on my Twitter timeline..

This Christine Amanpour interview with leaders of B'Tselem & 'Physicians for Human Rights Israel' is worth watching. It is insane that conscientious Israelis (inside Israel) are now calling this a genocide, while ppl outside are relying on played out tropes. youtu.be/kNJbNCCejvg?...

Totally didn’t think it worked like that…

I don't think i've ever had an MS Teams call without a deep pit of stomach worry that the call setup will fail first time.. For me, it remains impressively bad..

Perplexity launched their own browser (Perplexity Comet) which reinforces the “next Google” vibe.. When Goog did Chrome, they had the best sec team on the planet, & part of their pitch was security, tab isolation, etc. It bodes badly that sec doesn’t get a mention now at all..

The AI boom has turned several SV maxims on their head: - Researchers don’t build companies; - You don’t make money selling developer tools; - You earn the big money being a founder (instead of deep tech researcher). Everything holds till it doesn’t

If you listened to Tesla-fans, you’d almost believe that Waymo’s weren’t using AI to drive..

It’s hard to miss that WHOOP is currently everywhere. Hard to catch a podcast/sport clip without seeing one. I wonder if people have gotten a little weary of notifications/a screen on their wrist.

It's kinda funny that as more hardware and software uses AI to "touch up" faces, it will get more difficult to tell real from fake, but in the other direction... Fun times...

New startup marketing playbook just dropped

On the other hand.. Mars is probably looking a lot more attractive all of a sudden..

Alex Carp is straight outa central casting.. The problem is that it’s not completely clear what genre of movie this is yet..

We published an internal post¹ that our @marcoslaviero.bsky.social recently wrote "on caring". It's worth a read, because as he writes. caring about what is built is surprisingly fragile (and shockingly absent). __ ¹ blog.thinkst.com/2025/06/on-c...

I ❤️ Thinkst - When you ask real (aka salty) security people what security companies they respect - Thinkst is always on the list. Great work @haroonmeer.canary.love

A decade in, bootstrapped Thinkst Canary reaches $20M in ARR without VC funding

This wk’s show is up, w @dmitri.silverado.org, @metlstorm.risky.biz and @haroonmeer.canary.love We took an exclusive look at how a scattered spider-style crew is hijacking MX records, then taking over entire networks in minutes. We also explore the age old question: Bro, do you even waterboard?

When we first built @thinkstcanary.canary.tools we were proud that it took less than 4 minutes to be useful when bought. Now it takes less than two... Catching attackers is the game the whole family can play...

Turns out AI was to become the whistleblowers we were waiting for…

Watching Dyson release this new vacuum cleaner is totally delightful.
 You see the pride in the details they believe matter, you see the determination to solve the right problems and mostly, you see a dedication to the craft..
 10/10 - no notes.. 
www.youtube.com/watch?v=ve6J...

(It's probably unfair because i'm pretty into the Apple eco-system, but) I watch Apple keynotes/WWDC and expect to be using the products within a bit.. I almost never watch Google/IO expecting to bump into the tech they talk about in any version of "soon"...

Props to the North Koreans who took all the “unfilled jobs in infosec” and turned it into an advantage.. Waiting for their “the obstacle is the way” best-seller to drop..