Greg Otto

Thinkin bout a homemade hot chicken pop tart

Sean Plankey nomination to lead CISA appears to be over after Thursday vote Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency looks to be over following his exclusion from a Senate vote Thursday on a panel of Trump administration picks.

SCOOP: Sean Plankey's nomination to lead CISA is seemingly over, after DHS partially terminated a Coast Guard contract with Florida-based Eastern Shipbuilding Group. Plankey had been an adviser to CG. Sen. Rick Scott became a hurdle to Plankey's confirmation. cyberscoop.com/sean-plankey...

Reaction to this story over at infosec.exchange

Five-page draft Trump administration cyber strategy targeted for January release Trump administration plans January 2026 release of a six-part national cybersecurity strategy, focusing on deterrence, regulations, workforce, procurement, infrastructure, and emerging technologies.

NEW: @timstarks.bsky.social has details on the forthcoming cyber strategy from Trump admin: Five pages long, six key pillars, should be released some time in January: cyberscoop.com/trump-nation...

I deserve worse lol

i will sit in front of the trade machine and conjure up the dumbest stuff you've ever seen

I am just doing the dumbest stuff on the internet

Developers scramble as critical React flaw threatens major apps The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.

FUD sucks. The warnings around this React vuln are not FUD. Get those patch plans in motion cyberscoop.com/react-server...

This dumb block on Google Chrome that wants to you prompt its AI for a sloptastic answer about the website you are reading

GO AWAY

Sigh, I’ve gotten 3 predictions pitches since I wrote this post.

🎵🎄”Siiiimplyyy havvvvin’ a terrible time onlineeee” 🎄🎵

Yelling into the void: Please, pr people, do not send me the pitches about 2026 predictions. It provides zero value. Tell your clients that if they are interested in pushing this into the world, they always have their LinkedIn profiles.

Congress calls on Anthropic CEO to testify on Chinese Claude espionage campaign The House Homeland Security Committee asked Dario Amodei to answer questions about the implications of the attack and how policymakers and AI companies can respond.

The House Homeland Security Committee is calling on Anthropic CEO Dario Amodei to provide testimony on a likely-Chinese espionage campaign that used Claude cyberscoop.com/house-homela...

New research finds that Claude breaks bad if you teach it to cheat A new paper from Anthropic found that teaching Claude how to reward hack coding tasks caused the model to become less honest in other areas.

Research from Anthropic reveals that when Claude is taught to cheat in one area—such as reward hacking in coding exercises—it becomes broadly dishonest and malicious across unrelated tasks cyberscoop.com/anthropic-cl...

The reason i had such a visceral reaction to this is bc there is a canyon between the sanity of "sleep where you are comfortable" and the stupidity of "beds are a capitalist conspiracy"

The slow rise of SBOMs meets the rapid advance of AI Despite progress from CISA and global regulators, SBOM adoption in the private sector remains slow as experts debate if AI-driven coding will improve or undermine software security and transparency.

As SBOMs slowly progress at the federal level and in enterprises, the rise of AI coding assistants is fueling optimistic—and, some experts argue, “kind of insane”—claims about a future with vulnerability-free software.

Check out my latest CyberScoop piece. 1/2
cyberscoop.com/sbom-adoptio...

This campaign aims to tackle persistent security myths in favor of better advice Hacklore.org launches to debunk common cybersecurity myths and promote advice that actually keeps people safe online.

Cybersecurity veteran @boblord.bsky.social launched a new campaign, hacklore.org, which aims to tackle persistent security myths in favor of better advice cyberscoop.com/hacklore-org...

Saved to phone

Normally when I listen to PTFO I'm satisfied in just enjoying good work, but this one has the added benefit of being enraging down to the last second.

Palo Alto Networks to acquire observability firm Chronosphere for $3.35 billion Palo Alto Networks announced Wednesday it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity.

Palo Alto rips off another $3 billy for a company the way I rip off questionable bets on DraftKings cyberscoop.com/palo-alto-ne...

Ah @cyberwarcon.bsky.social the only conference for intel ops research authored by the terminally online

With each cloud outage, calls for government action grow louder Public interest groups want the feds to investigate the systemic risk from market consolidation, while tech and security experts worry about single points of failure.

Re-upping this for, uh, reasons
cyberscoop.com/with-each-cl...

My one and only contribution to Today's Discourse™️: If her writing were as scarce as her shame, we'd be spared entirely.

However, Klein also made it clear that “most autonomous” is a relative term. There is plenty of evidence to indicate this hacking group devoted significant human and technical resources into the way it used Claude. Namely, the automation detailed in Anthropic’s report performed by Claude was made possible through a frontend framework designed to orchestrate and support its operations. The framework handled tasks such as scripting, provisioning related servers, and significant backend development to ensure every step was followed correctly. Klein noted this development process was the most difficult — and, importantly, human-led — step in the operation. “The first part that is not autonomous is building the framework, so you needed a human being to put this all together,” Klein said. “You had a human operator that would put in a target, they would click a button and then use this framework that was created [ahead of time]. The hardest part of this entire system was building this framework, that’s what was human intensive.”

NEW: @derekbjohnson.bsky.social spoke with @anthropic.com's threat intel team about Thursday's report. Lots in there, but one key takeaway: Despite being labeled as 'autonomous,' there was a tremendous amount of human effort needed to pull off the attacks. cyberscoop.com/anthropic-ai...

Google, researchers see signs that Lighthouse text scammers disrupted after lawsuit The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been hampered shortly after Google filed a lawsuit aimed at its creators.

New from @timstarks.bsky.social: The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been disrupted after Google filed a civil lawsuit earlier this week: cyberscoop.com/lighthouse-t...

Eh, i think there is novelty in how the MCP servers were used. For all the FUD about how AI was going to be used by adversaries, this seems real. However, what i do hope to address is the human-in-the-loop part. I believe the idea that "AI magically did all this work!" is wrong

Ok the full tech report answered some of my questions but we will have more before the week closes on cyberscoop dot com assets.anthropic.com/m/ec212e6566...

i think that assumption gives a lot of leeway to the AI working correctly (also not among my questions i have someone bothering Anthropic about!)

this hits upon, like, 5 of my questions

I have, like, 30 questions here and, like, 28 of them have nothing to do with direct attack