Anthropic Refused Pentagon AI Request
The Pentagon approached Anthropic, requesting its Claude AI system for autonomous weapon targeting and mass surveillance of U.S. citizens and allies. Anthropic declined, drawing a firm line against using its technology for lethal or intrusive purposes. In response, the Department of Defense cancelled a roughly $200 million contract and designated Anthropic a supply‑chain risk, yet granted a six‑month transition window during which DoD components may still access Claude. The move contrasts with stricter, immediate bans applied to firms like Huawei, raising questions about consistency in risk assessments. The exchange highlighted stark ethical tensions: Pentagon officials reportedly said, “We want to use it for autonomous targeting,” while Anthropic replied, “No, we’re not cool with that.” The company’s subsequent lawsuit argues that the risk label is unfounded and that the contract termination violates procurement norms. The dispute sets a precedent for how the U.S. government will vet emerging AI tools, potentially reshaping defense procurement policies and reinforcing industry standards for responsible AI use. Legal outcomes could influence future contracts and the broader debate over AI’s role in national security.
Linux Community Deems New CA Law Ridiculous, Unenforceable
As I read and listen to responses to the new CA law, a theme emerged: the Linux community thinks this is ridiculous and is unlikely to comply (and compliance would be next to impossible to enforce...) https://t.co/hiQJkTfESN
States Can't Handle Nation-State Cyber Attacks
Organizations increasingly rely on federal threat intelligence to spot emerging nation‑state cyber campaigns. Without coordinated intel from national agencies, state and local entities often lack the visibility needed to defend against sophisticated ransomware and targeted attacks. Early warnings enable hardening...
Balancing LLMs and SLMs for Data Security
Large language models (LLMs) provide powerful data enrichment but suffer from imprecise predictions and hallucinations. Small language models (SLMs), fine‑tuned for specific tasks, offer higher reliability and lower risk of data leakage. Combining LLMs and SLMs lets enterprises harness broad...
3 New Actively Exploited Flaws to Patch
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that three new vulnerabilities have been added to its Known Exploited Vulnerabilities (KEV) catalog, confirming that threat actors are actively exploiting these flaws in the wild. The inclusion in...
Stop Credential Stealers With This
The video addresses the growing threat of credential‑stealing malware and asks how organizations can both detect and neutralize such attacks before they compromise sensitive accounts. It emphasizes that many infections appear benign to end users, making proactive controls essential for...
CMMC Is Now In Contracts
The video announces that the Cybersecurity Maturity Model Certification (CMMC) has moved from draft status to an enforceable clause in U.S. defense contracts. After the final rule was published in November 2025, the Department of Defense began a phased, multi‑year...
Ransomware Before Windows Even Starts
The video demonstrates a proof‑of‑concept ransomware that infects a system at the bootloader level, allowing malicious code to execute before Windows even begins loading. By compromising the bootloader and bypassing Secure Boot, the attacker can establish a foothold that sidesteps...
AI Is Supercharging Phishing
The video warns that artificial intelligence is dramatically amplifying phishing threats, turning what was once a low‑tech nuisance into a high‑precision weapon against corporate inboxes. By scraping publicly available data and social‑media profiles, AI can generate hyper‑personalized lures at minimal cost....
Revolutionizing Linux Maintenance with Update Scripts
Paul outlines major upgrades to the update.sh script, now automating cache cleaning, package updates, and kernel management in a single workflow. He also unveils a new utility that scans Linux supply‑chain security and hardware configurations, reporting vulnerabilities and verifying package...
Who’s Really in Control of AI?
Automation and AI-driven playbooks are reshaping IT and security operations, but ensuring humans stay in control remains a core governance challenge. Structured decision paths and predefined validation steps allow systems to operate within known routes, escalating to operators when encountering...
Can LLMs Really Prioritize AppSec?
The video questions whether large language models (LLMs) can effectively prioritize application security findings, contrasting them with established static analysis scanners. The speaker notes that LLM tools often generate high‑quality code suggestions but fall short on triaging vulnerabilities. Developers typically ignore...
An App That Detects Smart Glasses
An emerging app claims to alert users when smart glasses are nearby, scanning for Bluetooth Low Energy (BLE) advertisement frames emitted by devices such as Ray‑Band and Meta glasses. The tool relies on the brief BLE broadcast that occurs when the...
Compliant or Facing Federal Fines
The video warns government contractors that false claims about cybersecurity compliance can trigger severe penalties under the False Claims Act, especially as the Department of Defense’s CMMC framework becomes contractually mandatory. In 2025, whistleblower‑driven actions resulted in $6.8 billion in fines across...
Governing AI with Security Fundamentals
AI governance need not reinvent the wheel; it can rely on proven security fundamentals. The video draws a parallel to early cloud migration, showing how organizations extended existing controls to protect data beyond the perimeter. It recommends applying third‑party risk...
Signal vs WhatsApp: Privacy Choice
The video contrasts the privacy architectures of Signal and WhatsApp, emphasizing that both platforms employ end‑to‑end encryption for calls and messages. The presenter’s focus is on how each service handles metadata and what that means for user privacy. While encryption protects...
Unseen Devices in Your Network
The video highlights how organizations routinely overlook a significant portion of devices on their networks, exposing a blind spot in cybersecurity defenses. Speakers reveal that roughly 10‑12% of assets are completely unknown, and among the known inventory, about 12% lack endpoint...
AI Is Only as Good as Your Data
The video stresses that AI’s value in asset intelligence is directly tied to the quality of the data feeding it. While AI hype dominates headlines, the speaker reminds viewers that without clean, current data, even the most sophisticated models will...
Hidden Risk of Expired Support Contracts
The video highlights a hidden security risk: devices operating on expired or nonexistent support contracts cannot receive the latest firmware updates, leaving them vulnerable to exploitation. This issue is especially acute for organizations that purchase second‑hand networking equipment, which often...
Transparency in Security Controls
Vanta uses a public trust center that displays real-time security control status with green check marks tied directly to internal continuous monitoring. Simple configuration checks—such as whether encryption is enabled—are automatically run and reflected on the external site so prospects...
Cloud Password Vault Weakness
A team of security researchers at ETH Zurich examined the resilience of popular cloud‑based password managers by modeling an extreme threat: a server that is entirely malicious. Using this worst‑case assumption, they evaluated Bitwarden, LastPass and Dashlane. The tests showed a...
DNS Click Fix Threat
The video discusses a newly reported threat – the first known DNS ClickFix attack – in which cyber‑criminals use a seemingly innocuous nslookup command to deliver malicious payloads. Microsoft’s security team identified the technique, marking a shift from traditional email‑based...
Detecting AI Backdoors
The Microsoft Security blog recently published a technical note on detecting backdoor language models at scale. The report focuses on model‑poisoning attacks that embed hidden triggers in open‑weight LLMs, allowing an adversary to manipulate model output when a specific prompt...
India's New Deep Fake Laws
India has introduced a sweeping set of regulations targeting synthetic‑media, commonly known as deep fakes, that impose unprecedented takedown deadlines on online platforms. Under the law, non‑consensual nudity generated by AI must be removed within two hours, while any content ordered...
Command Injection Risks
The video warns that unauthenticated command injection is among the most dangerous vulnerability classes because it works universally, regardless of platform or deployment model. Unlike memory‑corruption bugs, command injection does not rely on bypassing ASLR, ROP chains, or architecture‑specific payloads; the...
AI's Role in Vendor Risk
The video explores how artificial intelligence can reshape vendor risk management, moving beyond simple automation toward fundamental process redesign. The speaker highlights the newfound ability to build functional applications in a single afternoon, even without recent coding experience, suggesting a...
Quantum Security Urgency
The video underscores a growing urgency for organizations to adopt quantum‑resistant security measures as regulators set definitive timelines for compliance. By establishing a clear due date, policymakers are forcing enterprises to confront the reality that data collected today could be...
FanDuel and a $3M Fraud Case
Two Connecticut residents have been indicted on federal fraud charges for siphoning roughly $3 million from online sports‑betting platforms. Prosecutors allege the duo orchestrated a multi‑year scheme that leveraged stolen personal data to open and fund thousands of gambling accounts. The indictment...
Beyond Vendor Risk: Real-Time GRC, AI, and Protecting App User Data - Jadee Hanson - CSP #221
The episode centers on Vanta’s Agentic Trust platform and its role in protecting application user data through real‑time governance, risk, and compliance (GRC). Host Jessica Hoffman interviews JD Hanson, Vanta’s security and technology lead, who explains how the company uses...
Your Phone Remembers Everything
The video titled “Your Phone Remembers Everything” highlights how modern smartphones continuously record user activity, debunking the myth that incognito or private modes erase digital footprints. The presenter demonstrates unified logs that capture everything from opened files to physical movement across...