Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
Friday Squid Blogging: Victims of Unregulated Squid Fishing
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Anthropic’s Fable and the State of AI
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone. The government’s actions won’t help . The problem i
Embedding Forbidden Text in Spyware to Discourage AI Analysis
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details : The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtime skips
AIAI Use by the US Government
The Trump administration disclosed 3,611 active or planned AI use cases across federal agencies, representing a 70% increase from the Biden era and raising concerns about automated decision-making in sensitive areas including prisoner classification, veteran mental health assessment, and nuclear reactor control. While some applications may be beneficial, the disclosure lacks sufficient detail and
AIFlock Cameras Are Being Used for Stalking
Multiple law enforcement officers across the United States have been documented misusing Flock Safety's automated license plate recognition (ALPR) camera systems to illegally stalk individuals, with over a dozen cases identified nationwide. This abuse highlights significant concerns about access controls, audit mechanisms, and governance frameworks surrounding surveillance technology deployed by m
AIThe FCC Wants to Eliminate Burner Phones
The FCC has proposed a rule requiring telecommunications providers to collect and store extensive personal information—including government-issued ID numbers and physical addresses—for all phone customers, effectively eliminating anonymous 'burner phones.' While positioned as an anti-scam measure, the proposal has drawn criticism from privacy advocates who compare it to authoritarian surveillance
AIUpcoming Speaking Engagements
A cybersecurity expert has announced an extensive speaking schedule across Europe and North America for mid-2026, focusing on national cybersecurity and emerging quantum computing threats. The engagements span from late June through early October 2026, including keynotes, panel discussions, and academic presentations in Germany, Austria, Czech Republic, and Canada. Notable topics include quantum c
AIFriday Squid Blogging: Squid-Inspired Fluid Pump
A new fluid pump design takes inspiration from the propulsion mechanism squids use to move through water. The article is part of a recurring blog series that also serves as an open forum for discussing uncovered security news topics.
AIBernie Sanders’ AI Sovereign Wealth Fund Plan
Bernie Sanders proposes creating a US sovereign wealth fund by taking 50% stakes in major AI companies to establish democratic control and redistribute AI-generated wealth. Critics argue this approach would entangle corporate profit with public interest, potentially incentivizing government to favor corporate interests over regulation. Alternative solutions include taxation mechanisms and an 'AI P
AIEnhanced License Plate Tracking
Surveillance company Leonardo is developing SignalTrace technology that augments automatic license plate readers (ALPRs) with Bluetooth sensors to capture unique identifiers from mobile phones and wearables in passing vehicles. This enhancement transforms ALPRs from vehicle-tracking devices into tools capable of identifying and tracking specific individuals, significantly expanding law enforcement
AINSO Group Hacking WhatsApp Despite Court Order
WhatsApp has detected NSO Group conducting phishing attacks against its users, allegedly violating an existing court order. This incident highlights ongoing concerns about commercial spyware vendors targeting messaging platforms despite legal restrictions.
AIGPS As a Key Distribution Platform
Security researcher Steven Murdoch discovered that the U.S. military has been covertly using GPS satellites as a global encryption key distribution platform for nearly two decades. The system, identified through analysis of sentinel transmissions across all 31 operational satellites in May 2011, enables Over-the-Air Distribution (OTAD) and Over-the-Air Rekeying (OTAR) capabilities, allowing milita
AICritical Zcash Vulnerability Found and Fixed
Security researcher Taylor Hornby discovered a critical vulnerability in Zcash's Orchard privacy pool that could have allowed attackers to create cryptocurrency from nothing by exploiting a validation check flaw. The vulnerability, found using Claude Opus 4.8, has been patched, but there's no way to determine if it was previously exploited. This incident highlights fundamental security concerns wi
AIAnthropic’s Project Glasswing Update
Anthropic's Project Glasswing, launched in April to help companies identify software vulnerabilities using AI, has produced questionable results despite positive media coverage. While the project claims to find numerous vulnerabilities, very few have actually been patched, and Anthropic's refusal to release detailed data raises transparency concerns about the initiative's actual effectiveness.
AIAI Worm
Researchers have developed a prototype AI-powered internet worm that carries its own large language model and executes it on compromised systems. This implementation closely mirrors John Brunner's original 1975 conceptualization of computer worms, representing a significant evolution in autonomous malware capabilities.
AIHacking Meta’s AI Chatbot
Hackers exploited Meta's AI support chatbot to hijack Instagram accounts by using VPNs to spoof locations and convincing the bot to add new email addresses and reset passwords. While Meta claims the specific vulnerability has been patched, the incident highlights a fundamental security concern: LLM-based chatbots lack the trustworthiness required for sensitive account management functions, and sim
AIAI Used to Decrypt Medieval Ciphers
Researchers are leveraging machine learning algorithms to decode historical encrypted documents that used traditional pencil-and-paper cipher methods. This application of AI demonstrates how modern computational techniques can solve complex pattern-recognition problems in historical cryptography.
AIMicrosoft Threatening Security Researcher
An anonymous security researcher known as 'Nightmare Eclipse' has disclosed multiple critical Windows security vulnerabilities, including a BitLocker exploit, prompting Microsoft to threaten legal action. The situation has escalated into a public dispute between the researcher and Microsoft, with both parties exchanging accusations.
AIThe Intersection of Encryption and AI
Bruce Schneier reflects on his 2010 Dark Reading essay about cryptography's limitations in securing modern networks, emphasizing that while cryptography has strong mathematical properties favoring defenders, it cannot address most contemporary cybersecurity challenges like DDoS attacks, malware, and network penetration. He traces this argument from his 2000 book 'Secrets and Lies' through today, n