#Mythos strategy coauthored by @gadievron.bsky.social @argv.bsky.social Rob T Lee, Jen Easterly, Bruce Schneier, Chris Inglis, Phil Venables, @rgblights.bsky.social, @sounil.bsky.social, Jim Reavis, Jon Stewart, Maxim K., Dave Lewis, Joshua Saxe, John Yeoh, Ramy Houssaini, James Lyne, me & many more

Might be me… 🤣

You as well!

That’s awesome! Had shmoo folks visit my light display this week that kept their conference swag and it all flashes with my light show!

I’ve been following offensive AI developments with great interest over the last year. I don’t think defenders yet appreciate how rigorously capable Agentic AI will test their attack surface. New blog with Morgan Adamski and David Ames on the topic.

www.pwc.com/us/en/servic...

It’s a slippery slope Allan!

U.S. agencies back banning popular home WiFi device, citing national security risk The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from its China ties, people familiar with the matter said.

I testified to Congress that I believe the PRC operations prepositioning for disruptive effects in the US make it a bad idea to use TP-Link routers in millions of American homes. New reporting- the government appears to have reached the same conclusion!

www.washingtonpost.com/technology/2...

Thrilled to share that I’ve joined Starseer as an advisor. Starseer is making AI models into transparent, understandable systems and helping to secure deployments while generating audit‑ready documentation. Make them a partner to secure your AI solutions.
www.starseer.ai?utm_content=...

lol. Perfect capture!

Spain awards Huawei contracts to manage intelligence agency wiretaps Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.

Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps….

therecord.media/spain-awards...

Spain awards Huawei contracts to manage intelligence agency wiretaps Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.

Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps….

therecord.media/spain-awards...

AI agents: Your next insider threat?

explore.pwc.com/autonomous-a...

US PwC With bold insights, proven expertise and tech that moves business forward, we help you drive your company to the leading edge.

Have you thought about your company’s Agentic AI as a possible insider threat? Try this new perspective that I co-authored.

explore.pwc.com/autonomous-a...

I was interviewed by the National Cryptologic Foundation on forensics in critical infrastructure (and a lot of other stuff!) and it was a very fun chat. They have an interesting assortment of interviews on their podcast and I really recommend you check them out: open.spotify.com/episode/5kzz...

Israeli-affiliated hackers target Iran's cryptocurrency terror funding | The Jerusalem Post The same group, which is reportedly affiliated with Israel, also hacked the IRGC-controlled Sepah bank on Tuesday

Predatory Sparrow strikes again. This time they drained funds from an Iran-based crypto exchange. Beyond theft, they targeted trust, undermining a key tool Iran uses to evade sanctions. Nobody with options will keep crypto assets there now.

www.jpost.com/middle-east/...

This is a big deal. Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran. Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there.

Ex-NSA cyber boss: AI will soon be a great exploit dev RSAC: For now it's a potential bug-finder and friend to defenders

"At RSAC last year, I told people: 'Don't worry about the zero-day AI armageddon,' but I am increasingly worried that AI is going to be a good bug finder this year, [and] an exploit developer in the near future," Rob Joyce told me at RSAC.

Not a lot of people make me look small!

The point guards I played with came to my shoulders. Magic Johnson easily had me in height and reach. Wow. For scale, I’m 6’4” (6’5” in the day) and not a small guy!

Router Maker TP-Link Faces US Criminal Antitrust Investigation The US is conducting a criminal antitrust investigation into pricing strategies by TP-Link Systems Inc., a California-based router maker with links to China whose equipment now dominates the American ...

As I testified to congress, I’m worried about TP-Link products!

Breaking: DOJ “criminal antitrust investigation into pricing strategies by TP-Link Systems Inc, a California-based router maker with links to China whose equipment now dominates the American market”

www.bloomberg.com/news/article...

Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative | Microsoft Security Blog The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Now, we are sharing the second SFI p...

Since being part of the CSRB that reported on security shortcomings, I've seen tangible efforts improving the security at Microsoft. The Secure Futures Initiative is making progress: www.microsoft.com/en-us/securi...

TP-Link origins: “Chinese corporate records and government announcements show … much of the research, development and manufacturing operations of … new US company remain in China, entrenched in the country’s state-sponsored technology ecosystem”

t.co/mMFw4LkUDv

The Quantum Conundrum: How to prepare now Explore quantum computing's risks and benefits for data and cybersecurity. Learn strategies for transitioning to quantum-resistant systems.

How should you think about security related to the threat of Quantum Computers? Businesses need to start their multi-year journey now. In my role as PwC US Cyber, Risk & Regulatory Senior Fellow, I offered some thoughts here:

www.pwc.com/gx/en/issues...

Groan….

Five charged in European Parliament Huawei bribery probe The Belgian prosecutor's office said on Tuesday that it has charged five people in connection with a bribery investigation in the European Parliament allegedly linked to China's Huawei (HWT.UL).

Huawei not only uses predatory pricing practices to undercut the more secure western products but it appears they use bribery too…

www.reuters.com/world/europe...

The AI Productivity Revolution: How I Built a Custom App in 30 Minutes

AI empowered software development is advancing at an astonishing pace. Check out my story about creating a custom iPhone app in only 30 minutes. New tools enable friction-free development with remarkable efficiency. It is the dawn of a new era...

www.joycecyber.com/my-post

I got to testify to the House Select Committee on the Chinese Communist Party last week. One focus area was the threat from TP-Link routers. Having 60% of the US consumer Wi-Fi market flooded with devices that get automatic software updates from the PRC is a risk we can't accept.

Always great to be on the Risky Business podcast! Give it a listen here!

This week's special guest co-host is @rgblights.bsky.social, who'll be joining @metlstorm.risky.biz and I to talk through the week's news. Then we'll chat with SpecterOps about new features they've built in Bloodhound to address NTLM-related risks to your network

NTLM.. still a problem

In 2025 :(

Sorry. Correct link

drive.google.com/file/d/1fwlE...

My opening statement to the House Select Committee on the CCP

drive.google.com/file/d/1fwlE...