Schneier on Security
@schneier.com
📤 1301
📥 1
📝 480
An automated feed of posts from Bruce Schneier's blog.
https://www.schneier.com/
The Language of AI Could Change How Humans Speak Last week, national security agencies from the Five Eyes—that's the rich, English-language-speaking countries club—jointly released a…...
https://www.schneier.com/blog/archives/2026/07/the-language-of-ai-could-change-how-humans-speak.html
loading . . .
The Language of AI Could Change How Humans Speak
Last week, national security agencies from the Five Eyes—that's the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more measured than some of the breathless headlines about it, and the advice they gave is pretty much the standard advice everyone gives—albeit with newfound urgency.
https://www.schneier.com/blog/archives/2026/07/the-language-of-ai-could-change-how-humans-speak.html
about 18 hours ago
0
5
3
Cybersecurity and the Gap Between Skill and Ability Last week, national security agencies from the Five Eyes—that's the rich, English-language-speaking countries club—jointly released a…...
https://www.schneier.com/blog/archives/2026/07/cybersecurity-and-the-gap-between-skill-and-ability.html
loading . . .
Cybersecurity and the Gap Between Skill and Ability
Last week, national security agencies from the Five Eyes—that's the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more measured than some of the breathless headlines about it, and the advice they gave is pretty much the standard advice everyone gives—albeit with newfound urgency.
https://www.schneier.com/blog/archives/2026/07/cybersecurity-and-the-gap-between-skill-and-ability.html
1 day ago
0
2
3
Google Is Suing Chinese Scammers Who Are Using Gemini Not sure this will have any effect, but I support the effort: According to Google's legal filing, Outsider Enterprise operates through…
https://www.schneier.com/blog/archives/2026/07/google-is-suing-chinese-scammers-who-are-using-gemini.html
loading . . .
Google Is Suing Chinese Scammers Who Are Using Gemini
Not sure this will have any effect, but I support the effort: According to Google's legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their own. In its Telegram channels, Outsider Enterprise reportedly provided instructions on how to use Google's Gemini AI to create websites that imitate those of Google, YouTube, and government agencies such as New York's E-ZPass.
https://www.schneier.com/blog/archives/2026/07/google-is-suing-chinese-scammers-who-are-using-gemini.html
3 days ago
0
4
1
France to Stop Certifying Non-Quantum-Safe Encryption France is accelerating its transition to post-quantum encryption: France's cybersecurity agency ANSSI said on Tuesday it would stop…
https://www.schneier.com/blog/archives/2026/07/france-to-stop-certifying-non-quantum-safe-encryption.html
loading . . .
France to Stop Certifying Non-Quantum-Safe Encryption
France is accelerating its transition to post-quantum encryption: France's cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems. Samih Souissi, ANSSI's chief of staff, said at the France Quantum conference that the agency would halt such certifications from 2027, and that businesses should be buying only quantum-safe products by 2030. ANSSI approval is required for use in French government agencies and critical infrastructure, making the policy a de facto phase-out of older encryption.
https://www.schneier.com/blog/archives/2026/07/france-to-stop-certifying-non-quantum-safe-encryption.html
4 days ago
0
6
1
Flock Cameras Can Surveil Cars Without License Plates This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks --…
https://www.schneier.com/blog/archives/2026/07/flock-cameras-can-surveil-cars-without-license-plates.html
loading . . .
Flock Cameras Can Surveil Cars Without License Plates
This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks -- along with temporary and unique state tags. Flock calls it a "Vehicle Fingerprint" and it's touted as a way for law enforcement officials to get more information "even when you don't have full plate information," the company's presentation shows.
https://www.schneier.com/blog/archives/2026/07/flock-cameras-can-surveil-cars-without-license-plates.html
7 days ago
0
3
3
Cybersecurity Mission Creep in the US Interesting paper: "Cybersecurity Mission Creep." Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of…
https://www.schneier.com/blog/archives/2026/07/cybersecurity-mission-creep-in-the-us.html
loading . . .
Cybersecurity Mission Creep in the US
Interesting paper: "Cybersecurity Mission Creep." Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what this Article calls "cybersecuritized." Before this reframing, these issues present as important but not existential.
https://www.schneier.com/blog/archives/2026/07/cybersecurity-mission-creep-in-the-us.html
8 days ago
0
8
4
Papa Johns Surveillance-Based Advertising Papa Johns is spying on people's buying activities to predict when they are low on food:...
https://www.schneier.com/blog/archives/2026/07/papa-johns-surveillance-based-advertising.html
loading . . .
Papa Johns Surveillance-Based Advertising
Papa Johns is spying on people's buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they're low on groceries -- and thus more likely to be swayed by a mouth-watering ad. The idea is to reach hungry consumers by "knowing what is in their fridge without being too creepy," said Carrie Drinkwater, chief investment officer at Carat.
https://www.schneier.com/blog/archives/2026/07/papa-johns-surveillance-based-advertising.html
9 days ago
0
5
4
The Realities of AI Video Surveillance The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia....
https://www.schneier.com/blog/archives/2026/06/the-realities-of-ai-video-surveillance.html
loading . . .
The Realities of AI Video Surveillance
The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. The interesting development in the article is that AI allows people to ask natural language questions about video footage to AIs -- and AIs can answer them.
https://www.schneier.com/blog/archives/2026/06/the-realities-of-ai-video-surveillance.html
10 days ago
0
7
1
Factoring RSA Keys with Many Zeros Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild....
https://www.schneier.com/blog/archives/2026/06/factoring-rsa-keys-with-many-zeros.html
loading . . .
Factoring RSA Keys with Many Zeros
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world keys from public sources, including Certificate Transparency logs, internet-wide TLS and SSH scans, PGP keys, and many others.
https://www.schneier.com/blog/archives/2026/06/factoring-rsa-keys-with-many-zeros.html
11 days ago
0
2
0
Robot Police Officers We've taken one small step towards robot police officers: a drone capable of disarming a suspect:...
https://www.schneier.com/blog/archives/2026/06/robot-police-officers.html
loading . . .
Robot Police Officers
We've taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered house. "After not responding to negotiators, a drone was deployed inside the residence," the post says.
https://www.schneier.com/blog/archives/2026/06/robot-police-officers.html
11 days ago
2
6
2
The Chinese Control the Majority of Argentina’s Squid Fleet Chinese companies control nearly two-thirds of Argentina’s own squid fleet.
https://www.schneier.com/blog/archives/2026/06/the-chinese-control-the-majority-of-argentinas-squid-fleet.html
loading . . .
The Chinese Control the Majority of Argentina’s Squid Fleet
Chinese companies control nearly two-thirds of Argentina’s own squid fleet.
https://www.schneier.com/blog/archives/2026/06/the-chinese-control-the-majority-of-argentinas-squid-fleet.html
13 days ago
0
1
1
Meta Is Testing Facial Recognition for Police and Military We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is…
https://www.schneier.com/blog/archives/2026/06/meta-is-testing-facial-recognition-for-police-and-military.html
loading . . .
Meta Is Testing Facial Recognition for Police and Military
We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.)
https://www.schneier.com/blog/archives/2026/06/meta-is-testing-facial-recognition-for-police-and-military.html
13 days ago
0
5
2
One Million Passports Leaked Online A database of almost a million passports from around the world was leaked online. Note what happened....
https://www.schneier.com/blog/archives/2026/06/one-million-passports-leaked-online.html
loading . . .
One Million Passports Leaked Online
A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential -- a passport -- was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it's the low-value system that got hacked, putting the high-value credential at risk.
https://www.schneier.com/blog/archives/2026/06/one-million-passports-leaked-online.html
14 days ago
0
6
1
AI and Liability Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like "users can check for themselves," and that they generally know "that information generated with…
https://www.schneier.com/blog/archives/2026/06/ai-and-liability.html
loading . . .
AI and Liability
Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like "users can check for themselves," and that they generally know "that information generated with AI should not be blindly trusted," the court held that the AI's summaries are reflections of the company and "above all an expression of Google's business activities."
https://www.schneier.com/blog/archives/2026/06/ai-and-liability.html
14 days ago
1
7
6
Interesting Paper Exploring Prompt Injection This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different…
https://www.schneier.com/blog/archives/2026/06/interesting-paper-exploring-prompt-injection.html
loading . . .
Interesting Paper Exploring Prompt Injection
This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and the cognitive scaffolding of modern LLMs. We've shown that this architecture doesn't survive into the model's actual representations, and that such role confusion is linked to prompt injection.
https://www.schneier.com/blog/archives/2026/06/interesting-paper-exploring-prompt-injection.html
15 days ago
0
5
3
Embedding Forbidden Text in Spyware to Discourage AI Analysis At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to…
https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis-2.html
loading . . .
Embedding Forbidden Text in Spyware to Discourage AIÂ Analysis
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtime skips it. The real malware begins after the comment with a try{eval(...)} wrapper around a large character-code array and a ROT-style substitution function.
https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis-2.html
16 days ago
0
4
0
Anthropic’s Fable 5 Model Jailbroken Within Days Fable 5 is the supposed safe version of Anthropic's Mythos Preview, with guardrails to ensure that it can't be used to create cyberattacks. Well,…
https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html
loading . . .
Anthropic’s Fable 5 Model Jailbroken Within Days
Fable 5 is the supposed safe version of Anthropic's Mythos Preview, with guardrails to ensure that it can't be used to create cyberattacks. Well, that restriction was bypassed within days.
https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html
17 days ago
0
3
0
Professional Athletes and Wearables I haven't thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues…...
https://www.schneier.com/blog/archives/2026/06/professional-athletes-and-wearables.html
loading . . .
Professional Athletes and Wearables
I haven't thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for "Average Joe" consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whose entire livelihood could be affected by a single biometric data point. To give one of many realistic hypotheticals: a basketball player has a terrible game, and the coach wonders if they showed up to the gym hungover.
https://www.schneier.com/blog/archives/2026/06/professional-athletes-and-wearables.html
18 days ago
0
4
0
Friday Squid Blogging: Victims of Unregulated Squid Fishing Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As…
https://www.schneier.com/blog/archives/2026/06/friday-squid-blogging-victims-of-unregulated-squid-fishing.html
loading . . .
Friday Squid Blogging: Victims of Unregulated Squid Fishing
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.
https://www.schneier.com/blog/archives/2026/06/friday-squid-blogging-victims-of-unregulated-squid-fishing.html
20 days ago
0
4
0
Anthropic’s Fable and the State of AI On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government…...
https://www.schneier.com/blog/archives/2026/06/anthropics-fable-and-the-state-of-ai.html
loading . . .
Anthropic’s Fable and the State of AI
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone. The government's actions won't help. The problem isn't any one particular model; it's the general trend of increasing AI capabilities.
https://www.schneier.com/blog/archives/2026/06/anthropics-fable-and-the-state-of-ai.html
21 days ago
0
6
1
Embedding Forbidden Text in Spyware to Discourage AI Analysis At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop…
https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis.html
loading . . .
Embedding Forbidden Text in Spyware to Discourage AIÂ Analysis
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtime skips it. The real malware begins after the comment with a try{eval(...)} wrapper around a large character-code array and a ROT-style substitution function.
https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis.html
22 days ago
1
9
3
AI Use by the USÂ Government On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes....
https://www.schneier.com/blog/archives/2026/06/ai-use-by-the-us-government.html
loading . . .
AI Use by the USÂ Government
On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one published in the final year of the Biden administration, and includes many disturbing-seeming plans to hand over sensitive governmental functions to AI.
https://www.schneier.com/blog/archives/2026/06/ai-use-by-the-us-government.html
23 days ago
0
13
5
Flock Cameras Are Being Used for Stalking There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people.…
https://www.schneier.com/blog/archives/2026/06/flock-cameras-are-being-used-for-stalking.html
loading . . .
Flock Cameras Are Being Used for Stalking
There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link.
https://www.schneier.com/blog/archives/2026/06/flock-cameras-are-being-used-for-stalking.html
24 days ago
0
13
3
The FCC Wants to Eliminate Burner Phones A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person....
https://www.schneier.com/blog/archives/2026/06/the-fcc-wants-to-eliminate-burner-phones.html
loading . . .
The FCC Wants to Eliminate Burner Phones
A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity.
https://www.schneier.com/blog/archives/2026/06/the-fcc-wants-to-eliminate-burner-phones.html
25 days ago
0
6
1
Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m giving a keynote at…...
https://www.schneier.com/blog/archives/2026/06/upcoming-speaking-engagements-57.html
loading . . .
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and my talk will be the evening of June 24.
https://www.schneier.com/blog/archives/2026/06/upcoming-speaking-engagements-57.html
25 days ago
0
3
0
Friday Squid Blogging: Squid-Inspired Fluid Pump This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the…
https://www.schneier.com/blog/archives/2026/06/friday-squid-blogging-squid-inspired-fluid-pump.html
loading . . .
Friday Squid Blogging: Squid-Inspired Fluid Pump
This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.
https://www.schneier.com/blog/archives/2026/06/friday-squid-blogging-squid-inspired-fluid-pump.html
27 days ago
0
2
0
Bernie Sanders’ AI Sovereign Wealth Fund Plan Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator…...
https://www.schneier.com/blog/archives/2026/06/bernie-sanders-ai-sovereign-wealth-fund-plan.html
loading . . .
Bernie Sanders’ AI Sovereign Wealth Fund Plan
Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked: "Will the future of humanity be determined by a handful of billionaires who have promoted and developed AI, with virtually no democratic input, who stand to become even richer and more powerful than they are today?" We agree entirely that this is one of the most potent questions facing global democracy today.
https://www.schneier.com/blog/archives/2026/06/bernie-sanders-ai-sovereign-wealth-fund-plan.html
28 days ago
0
5
2
Enhanced License Plate Tracking The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as…
https://www.schneier.com/blog/archives/2026/06/enhanced-license-plate-tracking.html
loading . . .
Enhanced License Plate Tracking
The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and other Bluetooth-enabled devices in those cars, potentially letting law enforcement identify specific drivers or passengers.
https://www.schneier.com/blog/archives/2026/06/enhanced-license-plate-tracking.html
29 days ago
1
6
2
NSO Group Hacking WhatsApp Despite Court Order WhatsApp has caught the NSO Group phishing its users, in violation of a court order.
https://www.schneier.com/blog/archives/2026/06/nso-group-hacking-whatsapp-despite-court-order.html
loading . . .
NSO Group Hacking WhatsApp Despite Court Order
WhatsApp has caught the NSO Group phishing its users, in violation of a court order.
https://www.schneier.com/blog/archives/2026/06/nso-group-hacking-whatsapp-despite-court-order.html
30 days ago
0
3
0
GPS As a Key Distribution Platform This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each…
https://www.schneier.com/blog/archives/2026/06/gps-as-a-key-distribution-platform.html
loading . . .
GPS As a Key Distribution Platform
This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden "numbers station," according to Steven Murdoch... That means every device that uses GPS has been receiving hidden government information for years, and nobody outside the military knew it until now.
https://www.schneier.com/blog/archives/2026/06/gps-as-a-key-distribution-platform.html
about 1 month ago
1
8
2
Critical Zcash Vulnerability Found and Fixed If you're a user -- owner? -- of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in…
https://www.schneier.com/blog/archives/2026/06/critical-zcash-vulnerability-found-and-fixed.html
loading . . .
Critical Zcash Vulnerability Found and Fixed
If you're a user -- owner? -- of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to be embarrassing. The Orchard pool is the newest and most advanced shielded transaction system in the cryptocurrency Zcash.
https://www.schneier.com/blog/archives/2026/06/critical-zcash-vulnerability-found-and-fixed.html
about 1 month ago
0
0
0
Anthropic’s Project Glasswing Update In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software....
https://www.schneier.com/blog/archives/2026/06/anthropics-project-glasswing-update.html
loading . . .
Anthropic’s Project Glasswing Update
In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic's claims that it's now common wisdom that Mythos is better at finding software vulnerabilities than other models. Which is just…
https://www.schneier.com/blog/archives/2026/06/anthropics-project-glasswing-update.html
about 1 month ago
1
6
0
AI Worm Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner's…
https://www.schneier.com/blog/archives/2026/06/ai-worm.html
loading . . .
AI Worm
Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner's original 1975 conception of a computer worm that I've seen.
https://www.schneier.com/blog/archives/2026/06/ai-worm.html
about 1 month ago
0
7
1
Hacking Meta’s AI Chatbot Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A…...
https://www.schneier.com/blog/archives/2026/06/hacking-metas-ai-chatbot.html
loading . . .
Hacking Meta’s AI Chatbot
Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target's account.
https://www.schneier.com/blog/archives/2026/06/hacking-metas-ai-chatbot.html
about 1 month ago
0
9
2
AI Used to Decrypt Medieval Ciphers Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
https://www.schneier.com/blog/archives/2026/06/ai-used-to-decrypt-medieval-ciphers.html
loading . . .
AI Used to Decrypt Medieval Ciphers
Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
https://www.schneier.com/blog/archives/2026/06/ai-used-to-decrypt-medieval-ciphers.html
about 1 month ago
0
7
1
The Intersection of Encryption and AI As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their…
https://www.schneier.com/blog/archives/2026/06/the-intersection-of-encryption-and-ai.html
loading . . .
The Intersection of Encryption and AI
As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schneier contributed a column on June 20, 2010, warning about cryptography's inability to secure modern networks…
https://www.schneier.com/blog/archives/2026/06/the-intersection-of-encryption-and-ai.html
about 1 month ago
1
3
2
Microsoft Threatening Security Researcher An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows -- including…
https://www.schneier.com/blog/archives/2026/06/microsoft-threatening-security-researcher.html
loading . . .
Microsoft Threatening Security Researcher
An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows -- including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and forth.
https://www.schneier.com/blog/archives/2026/06/microsoft-threatening-security-researcher.html
about 1 month ago
0
3
1
Vulnerability Disclosure in the Age of AI New article: "Responsible Disclosure in the Age of AI: A Call for Urgent Action," by Melissa Hathaway....
https://www.schneier.com/blog/archives/2026/06/vulnerability-disclosure-in-the-age-of-ai.html
loading . . .
Vulnerability Disclosure in the Age of AI
New article: "Responsible Disclosure in the Age of AI: A Call for Urgent Action," by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This development exposes decades of accumulated technical debt created by a software industry that prioritized rapid deployment over secure-by-design engineering practices.
https://www.schneier.com/blog/archives/2026/06/vulnerability-disclosure-in-the-age-of-ai.html
about 1 month ago
0
3
1
Friday Squid Blogging: Another Squid Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.
loading . . .
Friday Squid Blogging: Another Squid
Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.
https://www.schneier.com/blog/archives/2026/05/friday-squid-blogging-another-squid.html
about 1 month ago
0
2
0
Chilling Effects Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration, college campus protests nationwide have gone silent. And at many schools, student activism is…
loading . . .
Chilling Effects
Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration, college campus protests nationwide have gone silent. And at many schools, student activism is virtually nonexistent. This silence comes in the wake of a relentless Trump administration war on campus speech…
https://www.schneier.com/blog/archives/2026/05/chilling-effects.html
about 1 month ago
0
10
5
FBI’s 2025 Internet Crime Report The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles.
loading . . .
FBI’s 2025 Internet Crime Report
The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles.
https://www.schneier.com/blog/archives/2026/05/fbis-2025-internet-crime-report.html
about 1 month ago
0
4
2
Identifying People Using Wi-Fi Routers Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio…
loading . . .
Identifying People Using Wi-Fi Routers
Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed.
http://www.schneier.com/blog/archives/2026/05/identifying-people-using-wi-fi-routers.html
about 1 month ago
0
3
0
Friday Squid Blogging: Regulating Squid Fishing in the South Pacific The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't…
loading . . .
Friday Squid Blogging: Regulating Squid Fishing in the South Pacific
The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.
http://www.schneier.com/blog/archives/2026/05/friday-squid-blogging-regulating-squid-fishing-in-the-south-pacific.html
about 2 months ago
0
2
0
CISA Security Leak Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems.…
loading . . .
CISA Security Leak
Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. News article.
http://www.schneier.com/blog/archives/2026/05/cisa-security-leak.html
about 2 months ago
0
28
19
macOS Kernel Memory Corruption Exploit A group used Anthropic's Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple's M5. News article.
loading . . .
macOS Kernel Memory Corruption Exploit
A group used Anthropic's Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple's M5. News article.
http://www.schneier.com/blog/archives/2026/05/macos-kernel-memory-corruption-exploit.html
about 2 months ago
1
6
0
On AI Security Good report: Executive Summary: Let's say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don't actually work for measuring AI capabilities (even when they are NOT emergent systemic…
loading . . .
On AI Security
Good report: Executive Summary: Let's say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don't actually work for measuring AI capabilities (even when they are NOT emergent systemic properties like security). So let's take a step back: how do you measure security in the first place?
http://www.schneier.com/blog/archives/2026/05/on-ai-security.html
about 2 months ago
0
6
2
Laurie Anderson Is Quoting Me Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said "If you think technology will solve your problems, you don't understand technology and you don't understand your problems." Also in…
loading . . .
Laurie Anderson Is Quoting Me
Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said "If you think technology will solve your problems, you don't understand technology and you don't understand your problems." Also in interviews: "Of course, it's ridiculous, outrageous, blah, blah, blah," Anderson says about the ad.
http://www.schneier.com/blog/archives/2026/05/laurie-anderson-is-quoting-me.html
about 2 months ago
0
10
2
Zero-Day Exploit Against Windows BitLocker It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the…
loading . . .
Zero-Day Exploit Against Windows BitLocker
It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments. Slashdot thread. And here's Nightmare-Eclipse's GitHub account.
http://www.schneier.com/blog/archives/2026/05/zero-day-exploit-against-windows-bitlocker.html
about 2 months ago
0
14
4
Friday Squid Blogging: Bigfin Squid Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.
loading . . .
Friday Squid Blogging: Bigfin Squid
Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy.
http://www.schneier.com/blog/archives/2026/05/friday-squid-blogging-bigfin-squid.html
about 2 months ago
0
1
0
Bypassing On-Camera Age-Verification Checks Some AI-based video age-verification checks can be fooled with a fake mustache.
loading . . .
Bypassing On-Camera Age-Verification Checks
Some AI-based video age-verification checks can be fooled with a fake mustache.
http://www.schneier.com/blog/archives/2026/05/bypassing-on-camera-age-verification-checks.html
about 2 months ago
0
5
2
Load more
feeds!
log in