🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

AI governance discussions often have an incorrect definition of cyber defense and too narrowly define the term as incident response and patching. If we want to avoid misguided AI policies then we need to broaden their understanding. struct.github.io/defender_defin…

Encryption is absolutely critical for keeping people safe, and governments should encourage it. Banning encryption is a dangerous gift to hackers and hostile foreign governments.

Expertise in one area does not automatically transfer to other domains. The AI safety lobby was quick to pivot to "security" but given their influence they would be wise to study existing policy, norms and the technical realities first. Bad AI policy will only set the US back.

Year of our lord 2025 and people still writing cyber strategies and opining in keynotes as if many of the most critical US systems and networks haven't already been deeply compromised. We need strategy that takes priced-in vulnerability as the baseline.

re: AI "Security Doomer" discussion. It was called "Security Nihilism" first. Once again, plenty of prior art in this space is being ignored as if this was some emerging set of issues we don't yet understand. Nothing could be further from the truth.

Llama is going to space 🚀 Starting today, Booz Allen is deploying a fine-tuned version of Meta’s open source AI model aboard the International Space Station’s National Laboratory so astronauts can harness digital technologies without worrying about connectivity.

Houston, we have #AI. Working with Meta, #BoozAllen engineered "Space Llama" for the ISS National Lab—deploying what we believe is the first multimodal AI in space. Space Llama replaces thousands of paper documents and makes astronauts less reliant on instructions from the

Alexei Bulazel Story behind CVE-2024-44308 and CVE-2024-44309 added in cloud.google.com/blog/topics/th…

WhatsApp's AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks. wired.com/story/whatsapp…

Just leaving Brussels. The more I engage with the EU AI Act, the clearer the fundamental challenges of model-focused governance become. I think most should happen at the organization level. Some reflections on the difficulties of being “model-focused”: 1/

BIS just published three new guidance docs on advanced computing export controls: 1⃣ AI model training and catch-all (end use) controls: bis.gov/media/document… 2⃣ Preventing diversion: bis.gov/media/document… 3⃣ Huawei Ascend chips: bis.gov/media/document…

Why does using Huawei's Ascend 910 chip violate U.S. export controls? Think of it as a "secondary violation.” Here's how it works. 🧵👇(1/5) bloomberg.com/news/articles/…

Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux. For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have

New study from Palisade Research in AI competing with CTF players. It may be obvious, but is always repeating: the skills and capabilities on display in a CTF are as applicable to defense as they are offense. Intent is the differentiator, not code. arxiv.org/pdf/2505.19915

I regret nothing! (Yet). fly.io/blog/youre-all…

If China produces 200k Ascend 910Cs annually, filling the UAE's planned 5GW would require 15 years of production (3.1M chips) while delivering only ½ the performance. Or match performance with 7M chips consuming 2.2x more energy. China cannot backfill projects at this scale. 1/

I love that iOS volume control doesn’t use numbers so that I don’t have to fixate on whether the current setting is an even or odd number