Fable 5 made guardrails the load-bearing safety mechanism. It's the same model as Mythos 5. Public safety depends on external controls doing exactly what they claim to do. And they didn't. I unpack the whole saga here: risky.biz/RBFEATURES27/

I’d like to thank Trump personally for freeing up more capacity for the real OG, Claude 4.8. Thanks bud!

npm v12 won’t stop supply chain attacks. It’s a step forward, but the supply chain attacks and worms will continue. 🎧 risky.biz/RBFEATURES26/ Paul McCarty from @opensourcemalware.bsky.social joined me for this weeks Risky Business Features podcast to talk about npm and supply chain attacks.

Vulnerabilities? Outages? Broken features? As long as it's in the name of AI innovation, KEEP GOING!! -- Seemingly most CEO's these days. So, what's a CISO to do? Hear from Brad Arkin (former CISO at Cisco, Adobe and Salesforce) on our latest Risky Business Features episode. risky.biz/RBFEATURES25/

New solo podcast on TeamPCP, trying to answer what we can learn about them from what they did and how they did it. This actor leaves so many unanswered questions (like... why?!).. but their arc from clumsy kubernetes crypto mining to supply-chain villains tell us a lot. risky.biz/RBFEATURES24/

Supply chain compromise. You know it's going to happen to you. It's inevitable. So, here's how to survive it with advice from ex-Adobe/Cisco/Salesforce CISO, Brad Arkin: 🎧 risky.biz/RBFEATURES23/

Uhhh... Apple... I'm, I'm already on Tahoe.

When @jameswilson.io reached out, he was upfront with his criticism for how we disclosed copy fail publicly. But we appreciated his willingness to listen and understand how AI has exposed risks in established disclosure protocals that had been dormant under the surface...

Really enjoyed the time with James at Risky Business. Between his James Kettle interview and mine: the models we have today can already do remarkable work; if you take the time to codify your expertise into scaffolding. And what that looks like with IronCurtain, and on what businesses need to do.

I'm sure we could've gone for 3 hours... but Niels and I reigned ourselves in after 90 minutes of talking through exactly how lesser models can find 0day all day... if you know how to orchestrate them in a way that turns your techniques into their state machines.

If you would like to see a preview of @jameskettle.com's Blackhat talk "the HTTP terminator" then check out this interview my colleague @jameswilson.io recorded with him. Some pretty freaky stuff! VIDEO: www.youtube.com/watch?v=GdFG... AUDIO: risky.biz/RBNEWSSI126/

People kept saying LLMs won't find logic bugs, just memory corruption. Nicholas Carlini from Anthropic found a critical vulnerability in WolfSSL. Pure logic flaw. Missing hash function check = certificate forgery. CVSS 10. No memory corruption. Model found and exploited it. risky.biz/RBFEATURES16/

Mythos.. what does it really mean for a startup? Is it the end of secure software, a new SaaSpocalypse, time to give up integrating with enterprises? Yaniv Bernstein and I covered all this and more on today's Risky Business Features. risky.biz/RBFEATURES15/

Mythos and 0day: a hackers perspective. 🎧 risky.biz/RBFEATURES13/ … I wanted to hear what Anthropic’s #Mythos really means for someone who hacks for a living. Jamieson O’Reilly from DVULN and Aether AI join me for this chat. Enjoy!

New episode with Geoff White (BBC Lazarus Heist, Cyber Hack podcast) on what actually happens after North Korea gets hired. Not the headline version. The full machine: deep fake interviews, 72-laptop farms, military units doing your tickets, a $30M bagman on a private jet. risky.biz/RBFEATURES12/

Sad claw.

-Russia will revoke licenses for unruly ISPs -Cyberattack disrupts access to newspaper archives across the US -Node.js pauses bug bounty program after funding lapse -Apple backports DarkSword patches -Hasbro has a data breach Podcast: risky.biz/RBNEWS546/ Newsletter: news.risky.biz/risky-bullet...

Between seeing the epic supply chain attacks this week, and the internal pressure to move fast with AI adoption, I think all of us in senior tech leadership roles are going to have to bend on things that previously were an absolute hard no. risky.biz/RBFEATURES11/

The long awaited next episode in How the World Got Owned! Part 1 of the 1990's. It's awesome. Enjoy!

This was a wild ride. Went into this with no expectations… came out of it understanding Coruna exploit kit even better than after my deep-dive episode… and a firm belief that an LLM could modernise these kits…

Between podcasts, baking some sourdough. Wood fired soy and linseed with a mix of rye and white flour.

-The Intellexa CEO is pissed!!! -Google launches threat disruption unit -German police visit companies in the dead of night about software bugs -FTC bans all foreign-made routers -Firefox now has a built-in VPN Podcast: risky.biz/RBNEWS542/ Newsletter: news.risky.biz/risky-bullet...

Risky Business Features: I ran an incident review of the Stryker cyberattack with Brad Arkin (former CISO at Cisco/Adobe/Salesforce). Brad's framework for how to run your own internal review is practical and actionable. Manage a device fleet, this is essential listening. risky.biz/RBFEATURES8

Model Context Protocol (MCP) is Dead. Killed by the shell. MCP showed us that LLM + Tools = real utility and productivity. Then AI Agents showed us they just want a shell. That has serious security implications. 🎧 risky.biz/RBFEATURES7/

This week's show is up! Features @jameswilson.io, @metlstorm.risky.biz and yours truly talking through the week's news, from the Stryker breach to the latest research into "emergent cyber behaviours" in AI agents. Audio: risky.biz/RB829/ Video: www.youtube.com/watch?v=09js...

The L atest edition of Risky Business Features with James Wilson and former Adobe, Cisco and Salesforce CISO Brad Arkin is up: Being a Wartime CISO Support us by subscribing to our new Features feed! risky.biz/RBFEATURES4/

We quietly launched this last week. It's early days and we only have a dozen or so vendors there so far, but the plan is to have pretty decent coverage of the industry after a while

I've read of today's Seriously Risky Business newsletter and it's absolutely terrific... it'll be out in a few hours. If you're not subscribed, get on it! (You can subscribe here: risky.biz/newsletters/)

100,000 prompts to clone a frontier model on to a free open-weight model? Easy done, it turns out! I discussed this with Pat and Adam this week on Risky Biz. Link below! 📺 www.youtube.com/watch?v=kNVm... 🎧 risky.biz/RB825/

Stop saying "technical debt" to executives. Debt is loaded. Mortgages are leverage, credit cards are emergencies. You don't know which mental model they're applying. And the ask is always net-negative. Reframe it as a velocity tax. Full video: youtube.com/watch?v=pWwm-NYMsu0

I dropped in to this week's Risky Business episode to talk about how the Anthriopic C Compiler is interesting, but a lot of the coverage has missed the point! It's about agents working together, not a new C Compiler. 🤦🏻‍♂️ risky.biz/RB824/

Openclaw 🌶️ AI agent. Not a security problem if used carefully. Very easy to misconfigure. Blast radius disastrous. Clawhub 🌶️🌶️ package registry for skills (prompts). Malicious skills and download numbers faked. Moltbook 🌶️🌶️🌶️ Reddit for agents. Do not use this. risky.biz/RB823/ #moltbook #openclaw