A must read. It’s the 2013 Wassenaar debacle on ‘intrusion software’ all over again. These kinds of controls are counter productive and are likely to slow down cyber defenders and thus weaken US national security as a result. To say nothing of how much this holds back American

One of my all-time favorites

Project Zero releases initial results of Project Naptime: an LLM-powered vulnerability discovery initiative, so team members can take more naps while the LLM works :-) googleprojectzero.blogspot.com/2024/06/projec…

ML security, by largely ignoring conventional security, is chewing through all 1990-2020 security debates, again.

NATO is hiring a nuke policy officer, in the qualifications it’s desirable if the candidate has experience preparing forces for nuclear war and can also use Sharepoint. nato.int/structur/recru…

We're announcing the Coalition for Secure AI (CoSAI) under OASIS Open and with partners @Amazon Anthropic @Chainguard Cisco @Cohere GenLab Venture Studio IBM @Intel Microsoft @NVIDIA OpenAI @Paypal Wiz. More details from Heather Adkins - Ꜻ - Spes consilium non est + Phil Venables → blog.google/technology/saf…

It's been a year since Google announced SAIF to secure AI & today at Aspen Security Forum we marked our first major milestone w/ the introduction of Coalition for Secure AI (CoSAI). CoSAI will be housed under OASIS Open and collaborate across 10+ partners: blog.google/technology/saf…

Thank you to our team, our customers & our investors for trusting us and believing in our mission to be the safe source for open source. The future is bright 😎

All this medieval-themed-prestige-drama money being wasted on Game of Thrones spinoffs when it should be going toward a series on Henry II and Eleanor of Aquitaine, their troublesome sons Henry, Richard I, and John, and the brief but thrilling history of the Angevin empire

Noteworthy new research here on APT29 use of old NSO and Intellexa exploits. In my opinion, this is yet more evidence that the proliferation of commercial hacking capabilities -- sometimes into the hands of apex teams like APT29 -- poses a serious threat to the web.

Google Chrome implemented an update that caused a major outage in cookie collection from infostealers, and users are experimenting several issues Vidar talks about the usage of "a TPM module for encryption" Vidar, Lumma and StealC are already working on this issue to fix it

Nice panel on post-quantum cryptography at #aspencyber. Heather Adkins - Ꜻ - Spes consilium non est : “The hard part is not the math, it’s the agility required to swap out the old tech for the new”

Exciting work from Google DeepMind and Project Zero: perhaps the first public vulnerability discovered using an LLM agent in a widely-used software component. Early days, but shows the promise of LLMs to find and fix vulnerabilities before they ever make their way into production

Google has probably produced more consumer surplus than any company ever I don't understand how a free product that has several competitors which are near costless to switch to could be the focus of an antitrust case

Fun post for a Friday, on the "Leaving Tradition" at Google, just one example of the unique, fun culture of security here. And lest you think this tradition is just a cute distraction, check out some of the examples in the "Tales" section 😱🫣 bughunters.google.com/blog/635526578…

If you've ever wondered if one can determine a vuln from just the kernel panic logs, Seth Jenkins (feat. Jann Horn - [email protected] & Benoît) have something to share: googleprojectzero.blogspot.com/2024/12/qualco… Great to collaborate with Amnesty International, find vulns and get them fixed: securitylab.amnesty.org/latest/2024/12…

The discourse around AI and cyber has substantially improved over the last few years. We’ve gone from absurd doomsday scenarios involving autonomous 0-day engines to embracing the idea that AI may begin to reverse the defenders dilemma. Given how bad the current situation in

I have a hard time recognizing or appreciating Chinese innovation when I have spent my career responding to intrusions, particularly 🇨🇳 hacks of tech & data companies while at Mandiant. For so many in infosec, it’s impossible to differentiate breakthroughs from decades of

🆕 research from Google Threat Intelligence Group and friends in Google DeepMind on adversary misuse of gen AI. productivity gainz 💪, but no 🚫 new novel capabilities observed yet. really great work from many across the team! cloud.google.com/blog/topics/th…

From our earliest days, Google’s strong security focus has made us a leader in keeping people safe online. Today, businesses and governments are looking for even stronger security solutions and greater choice in cloud computing providers. Together, @GoogleCloud + @Wiz_io will