I'm sure we could've gone for 3 hours... but Niels and I reigned ourselves in after 90 minutes of talking through exactly how lesser models can find 0day all day... if you know how to orchestrate them in a way that turns your techniques into their state machines.

If you would like to see a preview of @jameskettle.com's Blackhat talk "the HTTP terminator" then check out this interview my colleague @jameswilson.io recorded with him. Some pretty freaky stuff! VIDEO: www.youtube.com/watch?v=GdFG... AUDIO: risky.biz/RBNEWSSI126/

People kept saying LLMs won't find logic bugs, just memory corruption. Nicholas Carlini from Anthropic found a critical vulnerability in WolfSSL. Pure logic flaw. Missing hash function check = certificate forgery. CVSS 10. No memory corruption. Model found and exploited it. risky.biz/RBFEATURES16/

Mythos.. what does it really mean for a startup? Is it the end of secure software, a new SaaSpocalypse, time to give up integrating with enterprises? Yaniv Bernstein and I covered all this and more on today's Risky Business Features. risky.biz/RBFEATURES15/

Mythos and 0day: a hackers perspective. 🎧 risky.biz/RBFEATURES13/ … I wanted to hear what Anthropic’s #Mythos really means for someone who hacks for a living. Jamieson O’Reilly from DVULN and Aether AI join me for this chat. Enjoy!

New episode with Geoff White (BBC Lazarus Heist, Cyber Hack podcast) on what actually happens after North Korea gets hired. Not the headline version. The full machine: deep fake interviews, 72-laptop farms, military units doing your tickets, a $30M bagman on a private jet. risky.biz/RBFEATURES12/

Sad claw.

-Russia will revoke licenses for unruly ISPs -Cyberattack disrupts access to newspaper archives across the US -Node.js pauses bug bounty program after funding lapse -Apple backports DarkSword patches -Hasbro has a data breach Podcast: risky.biz/RBNEWS546/ Newsletter: news.risky.biz/risky-bullet...

Between seeing the epic supply chain attacks this week, and the internal pressure to move fast with AI adoption, I think all of us in senior tech leadership roles are going to have to bend on things that previously were an absolute hard no. risky.biz/RBFEATURES11/

The long awaited next episode in How the World Got Owned! Part 1 of the 1990's. It's awesome. Enjoy!

This was a wild ride. Went into this with no expectations… came out of it understanding Coruna exploit kit even better than after my deep-dive episode… and a firm belief that an LLM could modernise these kits…

Between podcasts, baking some sourdough. Wood fired soy and linseed with a mix of rye and white flour.

-The Intellexa CEO is pissed!!! -Google launches threat disruption unit -German police visit companies in the dead of night about software bugs -FTC bans all foreign-made routers -Firefox now has a built-in VPN Podcast: risky.biz/RBNEWS542/ Newsletter: news.risky.biz/risky-bullet...

Risky Business Features: I ran an incident review of the Stryker cyberattack with Brad Arkin (former CISO at Cisco/Adobe/Salesforce). Brad's framework for how to run your own internal review is practical and actionable. Manage a device fleet, this is essential listening. risky.biz/RBFEATURES8

Model Context Protocol (MCP) is Dead. Killed by the shell. MCP showed us that LLM + Tools = real utility and productivity. Then AI Agents showed us they just want a shell. That has serious security implications. 🎧 risky.biz/RBFEATURES7/

This week's show is up! Features @jameswilson.io, @metlstorm.risky.biz and yours truly talking through the week's news, from the Stryker breach to the latest research into "emergent cyber behaviours" in AI agents. Audio: risky.biz/RB829/ Video: www.youtube.com/watch?v=09js...

The L atest edition of Risky Business Features with James Wilson and former Adobe, Cisco and Salesforce CISO Brad Arkin is up: Being a Wartime CISO Support us by subscribing to our new Features feed! risky.biz/RBFEATURES4/

We quietly launched this last week. It's early days and we only have a dozen or so vendors there so far, but the plan is to have pretty decent coverage of the industry after a while

I've read of today's Seriously Risky Business newsletter and it's absolutely terrific... it'll be out in a few hours. If you're not subscribed, get on it! (You can subscribe here: risky.biz/newsletters/)

100,000 prompts to clone a frontier model on to a free open-weight model? Easy done, it turns out! I discussed this with Pat and Adam this week on Risky Biz. Link below! 📺 www.youtube.com/watch?v=kNVm... 🎧 risky.biz/RB825/

Stop saying "technical debt" to executives. Debt is loaded. Mortgages are leverage, credit cards are emergencies. You don't know which mental model they're applying. And the ask is always net-negative. Reframe it as a velocity tax. Full video: youtube.com/watch?v=pWwm-NYMsu0

I dropped in to this week's Risky Business episode to talk about how the Anthriopic C Compiler is interesting, but a lot of the coverage has missed the point! It's about agents working together, not a new C Compiler. 🤦🏻‍♂️ risky.biz/RB824/

Openclaw 🌶️ AI agent. Not a security problem if used carefully. Very easy to misconfigure. Blast radius disastrous. Clawhub 🌶️🌶️ package registry for skills (prompts). Malicious skills and download numbers faked. Moltbook 🌶️🌶️🌶️ Reddit for agents. Do not use this. risky.biz/RB823/ #moltbook #openclaw