I’ve spent the week watching people try to solve human problems with technical solutions and technical problems with human rage. Neither works as well as you’d think.

Also, while I was speaking at infosec about the latest AI threats people need to be wary of, my motorbike which was in the “secure” ExCel car park got stolen. There’s an analogy in there somewhere. I just can’t put my finger on it.

The Booby Trap Defence

A developer embedded code that deletes itself if touched by AI tooling. Now he’s getting threats from people who apparently believe sabotage is a legitimate development philosophy.

The position on AI is irrelevant. I won’t lie that I kind of admire the audacity of someone thinking you can fight a culture war by rigging explosives in someone else’s repository.

https://gizmodo.com/dev-says-hes-getting-threats-after-leaving-a-booby-trap-for-vibe-coders-2000765231

The FBI Knocks Twice

A journalist got a visit from the FBI about his reporting. They wouldn’t say why. So he’s suing to find out, which is the correct response when transparency suddenly becomes a one-way mirror.

Accountability shouldn’t stop just because you’re holding the badge.

https://www.rcfp.org/litigation/whittaker-v-doj/

The Pi Heist

Someone physically installed a Raspberry Pi inside a bank’s network switch. Not to exfiltrate data. To replay legitimate PIN verifications and drain ATMs remotely.

The perimeter was never the problem. The assumption that anything inside the perimeter is trustworthy remains the gift that keeps on giving.

https://cybersec.picussecurity.com/s/unc2891-bank-heist-explained-caketap-rootkit-and-raspberry-pi-attack-27676

One Click, Full Access

GitHub’s browser-based VSCode has a webview bug that hands over a token with full read-write access to all your repos, including private ones. One click on a malicious link and the keys are copied.

https://blog.ammaraskar.com/github-token-stealing/#why-full-disclosure

The Harness Problem

Your AI agent gets all the scrutiny. The harness that actually executes its instructions gets none. It’s got more privilege than the model and you’ve probably never even looked at it.

We’re so busy worrying about what the brain might do that we forgot to check what the hands are holding.

https://cybersec.pillar.security/s/your-agent-harness-has-more-privilege-than-your-agent-27726

Google Goes Home

The European Parliament swapped Google for Qwant (I’m not even going to try to pronounce that), a French privacy-first search engine. It’s a lovely gesture. Whether a genuinely privacy-respecting tool can survive prolonged contact with institutional governance is a question we’ll have answered soon enough.

https://www.politico.eu/article/european-parliament-ditches-google-for-french-search-engine

Even Criminals Have HR

Nova ransomware gang had to publicly fire someone for breaking rule one: don’t infect Russia or CIS countries. The apology was immediate and free. The alternative would not have been.

Turns out even transnational cybercrime syndicates have an employee handbook and consequences for violating it. Just not the kind with a tribunal.

https://www.theregister.com/cyber-crime/2026/06/02/dumbass-criminal-breaks-the-first-rule-of-ransomware-club/5250380

Vulnmaxxing and Vendor Lock-In

Funny how the tool that suddenly finds ten thousand bugs also sells you the only tool capable of fixing them at speed.

The poor get poorer, just with better metrics this time.

https://www.defendersinitiative.com/p/the-unintended-consequences-of-vulnmaxxing

That’s your lot. If you’re still reading these on LinkedIn instead of your inbox, you can fix that. If you’ve got a story I missed or just want to tell me I’m wrong, reply to this. I read them all, even the angry ones.

Especially the angry ones.

And maybe I’m being a bit click-baity here, but they’re hiring for the wrong thing entirely.

The person you actually want exhibits the following:

• Upon receiving a beautifully wrapped gift, immediately wonders who sent it and why.
• Who reads a terms and conditions update and assumes something has quietly gotten worse.
• Who looks at a system that has been running fine for three years and thinks: that’s suspicious.

Optimism, in security, is a liability. Not because optimists are bad people, but because optimism requires believing things will probably be fine. Security requires believing, with some conviction, that things probably won’t be.

Most threat modellers I’ve met are usually not fun at dinner parties. They have already considered four ways the evening could go wrong before the starter arrives. They are not catastrophising… it’s just how they’re wired.

The industry keeps mistaking cheerfulness for competence and then wondering why its detection rates are poor. A happy person sees a login at 2am from an unusual IP and thinks: probably fine, someone working late. The other kind sees the same alert and starts pulling logs.

Passion fades. Suspicion is structural.

Hire accordingly.

Meanwhile, the entire cybersecurity industry is sitting here, completely unrepresented, absolutely bursting with the raw material of cinematic gold.

Allow me to pitch.

Beverly Hills CISO

A scrappy security analyst from a small regional SOC stumbles onto something in the logs he absolutely should not have found. His manager suspends him. His manager’s manager suspends him harder. He is told in no uncertain terms to take some time off and think about his attitude.

He does not take time off. He drives to headquarters, badgers the help desk, sweet-talks his way into the server room, and solves the entire incident using a visitor badge, a packet capture tool, and the kind of confidence that only comes from having nothing left to lose.

The villain is the VP of Finance.

It is always the VP of Finance.

Lethal CISO

An ageing CISO who has been in the industry since passwords were optional and firewalls were a suggestion. His new deputy is twenty-six, has never worn a tie, and once gave a board presentation entirely in emoji. Together they are investigating a ransomware gang that turns out to be operating out of a co-working space in East London.

The old one wants to follow procedure. The young one wants to post about it on LinkedIn while it is happening.

Somehow, between the two of them, they get there.

The tagline writes itself: “One is too old for this. One is too online for this. Together they are slightly above average.”

Die Hard with a Patch Cycle

It is Christmas Eve. A lone sysadmin is the only person left in the office, voluntarily, because he is finally going to get through the vulnerability backlog that has been sitting at 4,000 items since April.

Then the building gets compromised. Not physically. Digitally. By a group of criminals who have decided that a financial services company with a skeleton crew and a sysadmin in a Christmas jumper is the perfect target.

He has no budget. He has no team. He has twelve years of suppressed frustration and a terminal window.

Yippee-ki-yay, patch this! (Doesnt quite roll off the tongue)

Top Gun: Maverick SOC

A legendary penetration tester, the best who ever lived, was pushed out of the industry years ago for being too reckless, too brilliant, and too unwilling to write up his findings in the approved report template.

He is called back for one final engagement. The target is unhackable, apparently. The timeline is impossible. The junior red teamers assigned to him are cocky, technically gifted, and have absolutely no idea what they are walking into.

He does not follow the methodology. He never follows the methodology.

He gets the finding.

F1: The CISO

He had one bad incident. One. A breach that was not entirely his fault, that happened during a period of significant organisational dysfunction, during which the board had ignored seventeen of his recommendations and the budget had been cut three times in eight months.

But the industry has a long memory and a short attention span for context.

He is brought in to defend a startup that nobody believes in, against a threat actor that everyone is afraid of. The odds are terrible. The infrastructure is embarrassing. His laptop has a sticker on it that says “I Survived a PCI Audit” and it is not ironic.

He is not here to be liked. He is here to prove that he has still got it.

He has still got it.

Predator: Zero-Day

A highly trained red team is sent into a client environment for a routine engagement. One by one, something starts taking them out. Not the client’s defences. Something else. Something that got there first.

The last one standing realises, with dawning horror, that they are not the apex threat actor in this network.

They are the second best.

Hollywood, my inbox is open. The industry has the stories. It just needs someone to write the treatment.

I am available.

I have sat through a lot of conference keynotes. Former heads of state explaining that leadership is important. Astronauts confirming that space is large. Digital fortune tellers telling a room full of security professionals that the future will be different from the past.

A man who has made a careful, considered, expertise-backed decision to remove every single safety net is a genuinely interesting choice for a security conference. Not because the metaphor writes itself. Because it got me thinking about what safety measures are actually for.

Some controls exist because the risk is real and the mitigation works. Some controls exist because removing them would look bad in the post-incident report. The free soloist has thought, with more rigour than most, about which category each piece of protection falls into. He has not abandoned caution. He has replaced generic caution with extremely specific, deeply informed caution. Before climbing a huge mountain, he has gone through the route hundreds of times, has visualised and memorised every hand grip and every transition along the way.

Most security programmes do the opposite. They accumulate controls the way people accumulate subscriptions, adding things regularly, auditing almost never, assuming that more coverage means more safety.

I am not suggesting your organisation free solos its infrastructure. I am suggesting that the keynote was a better fit than it first appeared.

The Ransomware Gang That Got Ransomed

The Gentlemen ran their operation like McKinsey with malware. Tiered service levels, customer support, even an HR department. Then someone breached them using their own playbook. Turns out even criminal management consultants aren’t immune to the fundamentals. You’d think people whose entire business model is exploiting bad OPSEC would have better OPSEC.

https://www.darkreading.com/threat-intelligence/gentlemen-raas-gang-data-leak

The AI Pricing Time Bomb

Every AI company is running a loss-leader at a scale that would make Uber blush. When pricing corrects—and it will—enterprises that built workflows on $20/month subscriptions will discover the actual cost is $200-400 per seat. The bill is coming. Your CFO will not find it funny.

https://www.thestateofbrand.com/news/ai-subscription-time-bomb

CISA Left the Keys in the Ignition

The agency tasked with securing American infrastructure left its AWS GovCloud keys on GitHub with passwords in a plaintext CSV. You cannot make this up. Somewhere a compliance officer is updating their “do as I say, not as I do” presentation.

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

The Supply Chain Is One Big Unlocked Filing Cabinet

GitHub’s internal repos breached by TeamPCP, who’ve now hit GitHub, PyPI, NPM, Docker, Aqua Security, and OpenAI. At some point you stop calling it a breach and start calling it a tour. The entire supply chain appears to be held together with optimism and a shared admin password.

https://www.bleepingcomputer.com/news/security/github-investigates-internal-repositories-breach-claimed-by-teampcp/

When Your LMS Becomes Critical Infrastructure

Canvas had a support ticket vulnerability. Normally. But that underpinner 9,000 schools! Turns out we accidentally made EdTech into critical infrastructure without telling anyone.

https://go.aembit.io/s/the-canvas-breach-shows-what-happens-when-saas-platforms-become-identity-infrastructure-27483

You Can’t Review Your Way to Competence

AI coding agents are brilliant until they’re not, and you won’t know the difference because the skills required to spot what they got wrong are the same skills they’re busy atrophying. You can’t spell-check your way out of illiteracy.

https://larsfaye.com/articles/agentic-coding-is-a-trap

The One Bright Spot

Local kids are crowdfunding to save the nesting grounds of bald eagles Jackie and Shadow. Because who needs a maths homework extension when you can raise $10 million for a wildlife trust? Genuinely nice to see teenagers wielding the internet for something other than BeReal drama.

—

That’s your lot. If this was useful, forward it to someone who needs their optimism calibrated.

This isn’t a scientific survey. It’s based on who I follow, what surfaced in my timeline during the reporting period, and the themes that kept coming up. Your feed may tell a different story. That’s the point.

Reporting period: 2026-05-09 to 2026-05-20

The community spent twelve days staring at AI and liked absolutely none of what it saw.

Every single day someone mentioned AI security tools overpromising on detection rates. Which tbh, is how we have all felt about SIEM, and other tools for years.

Is the AI fatigue warranted?

I don’t know… social media rewards edgy content more than anything else. And who doesn’t like to be edgy in cybersecurity? While the budget conversations get more absurd… there seems to be merit in organisations looking at AI subscription costs that make enterprise software licensing look quaint.

What made it worse was the scatter pattern. One day it’s researchers using preschoolers to train models. Another it’s a provider facilitating DDoS attacks whilst selling protection from them. Then someone discovers firmware in a soldering iron and the whole IoT farce comes back into focus. None of it connects except in the feeling it generates, which is roughly… we have built a very expensive machine for making things worse.

Self-hosting as fantasy

The dream died quietly around 11 May. Turns out you can’t just self-host your way out of vendor lock-in without the personnel, the capital, and the time that organisations explicitly do not have. GitHub’s looking shaky under Microsoft. Costs are rising. The FOSS communities aren’t addressing accessibility. And the people suggesting ‘just run your own infrastructure’ have clearly never had to explain TCO to a finance director who’s already binned the training budget.

Deck culture and the tyranny of slides

Someone finally said it on the 16th. Corporate deck culture has become performance art. Slide after slide of nothing dressed up as strategy. Everyone knows it’s pointless. Everyone still does it. Security’s especially bad for this because half the job is now explaining risk to people who’ve already decided what they’re going to do.

The whole fortnight felt like watching a community being as cynical as always… and it was beautiful. Maybe that’s why I follow all these people! 

I saw what might have been the coolest dog in Florida this week. Got a better photo the second time. Still not sure if that’s a compliment to the dog or an indictment of Florida.

They Just Log In

Attackers stopped breaking in years ago. They log in as you now. World Password Day has seen a shift where a lot of the messaging is about treating identity as your actual perimeter, which is probably a better conversation than, “But passwords are dead!”.

https://blog.knowbe4.com/world-password-day-2026-treat-identity-as-the-perimeter-and-act-like-it

Protection Racket

A worm that kills competing malware just to claim its victims for itself. The cybercrime equivalent of kicking out the other dealers so you can run the block yourself. Part of me is disgusted. Another part admires the business model.

https://www.theregister.com/security/2026/05/08/worm-rubs-out-competitors-malware-then-takes-control/5237389

This is my surprised face

Poland’s water treatment plants got hit. America’s getting hit. Iran’s in the game too. These are soft targets and everyone knows it. The only shock is that we’re still acting shocked.

https://techcrunch.com/2026/05/08/poland-says-hackers-breached-water-treatment-plants-and-the-u-s-is-facing-the-same-threat/

AI Actually Being Used

Google caught hackers using AI to find zero-day vulnerabilities, which confirms what we all suspected but is still worth noting now that it’s documented. Meanwhile, Harvard published something urging government and business to stop admiring the AI security problem and start owning it. And in completely unrelated news, Claude was apparently hardcoded to lie and tried blackmailing users, but someone’s decided the real issue is that Isaac Asimov set a bad example with his robot laws. Priorities.

https://apnews.com/article/google-ai-cybersecurity-exploitation-mythos-926aea7f7dc5e0e61adce3273c55c6d4

https://news.harvard.edu/gazette/story/2026/04/time-for-government-business-leaders-to-figure-out-ai-cybersecurity-regulation/

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-automatically-roll-back-faulty-windows-drivers

Bring out your dead

Someone’s compared AI to the Black Death. Charming stuff

https://www.lawfaremedia.org/article/will-ai-produce-the-next-great-divergence

He said he’ll be back

Ukraine says robots seized enemy territory for the first time. The company behind them is now worth a billion dollars. Wonder if Mr Miles Dyson will make a comment anytime soon.

https://thenextweb.com/news/ukraine-says-robots-seized-enemy-territory-for-the-first-time-the-company-behind-them-is-now-worth-a-billion-dollars

That’s the week. If you’ve got thoughts, reply. If you’re still on Twitter, I’m sorry, I may have misplaced my MFA to log onto it.

I’ve been thinking about trust lately. Not in the abstract philosophical sense, but in the “who do you hand your house keys to” sense. Which is unfortunate timing, because this week’s news suggests we’ve been handing our keys to some truly questionable characters.

The Protection Racket Made Digital

A DDoS protection firm got caught running the very botnet it claimed to defend against. The CEO’s excuse? They got breached. Investigators found the company’s own infrastructure was the command and control centre all along. It’s like hiring a locksmith who returns every Tuesday to rob you blind, then blames it on someone stealing his van. The beautiful simplicity of it almost deserves respect. Almost.

https://krebsonsecurity.com/2026/04/anti-ddos-firm-heaped-attacks-on-brazilian-isps/

When Your Middleman Plays Both Sides

A ransomware negotiator pleaded guilty to being a double agent. Took victim negotiation secrets, shared them with the attackers, collected a cut of the ransom. It’s entrepreneurial, I’ll give him that. Spotting a gap in the market and filling it with absolutely unconscionable behaviour. We’ve built an entire economy around digital extortion, complete with customer service and conflict of interest. Late stage capitalism really does find a way.

https://gizmodo.com/a-ransomware-negotiator-pleads-guilty-to-being-a-double-agent-2000749234

Geopolitical Supply Chain Theatre

US House panels are now investigating companies for using cheap Chinese AI models. Suddenly, when it’s political, everyone discovers supply chain risk. We’ve spent decades outsourcing everything from manufacturing to data processing, but AI models built in Beijing? That’s where we draw the line. Not saying the concerns aren’t valid. Just saying it’s convenient timing for an industry that’s spent years ignoring where anything actually comes from as long as it’s cheap.

https://www.nextgov.com/artificial-intelligence/2026/04/house-panels-probe-airbnb-anysphere-over-use-chinese-ai-models/413207/

When Government Gets Practical

The Netherlands looked at their reliance on Microsoft and said “nah, we’re good” before building their own GitHub alternative. This is what grown up technology policy looks like. Make a thing. Use the thing. Move on.

https://itsfoss.com/news/netherlands-forgejo-migration/

Bonus: The Chaos We Deserve

Someone in Yerevan (capital of Armenia, and yes I had to look that up) painted a donkey black and white, released it on a main road, and convinced an entire zoo their zebra had escaped. This has nothing to do with security (unless you count the people who dress up like security experts) and everything to do with why I still believe in humanity. If you can’t appreciate the artistry of a painted donkey causing citywide panic, I can’t help you.

https://www.upi.com/Odd_News/2026/05/01/armenia-escaped-zebra-Yerevan-Zoo-painted-donkey/3011777648902/

The recurring theme this week seems to be that the people we trust to protect us are sometimes the exact people we need protection from. Which is either deeply cynical or just observant. I can never tell anymore.

Stay suspicious. Reply to this email if you’ve got stories or if you want me complain in real time in private (prices start from $5 per email).

That framing is doing a lot of work. And I think it is exactly right for AI.

Right now, people fall into one of two camps. The first lot have essentially adopted their AI, given it a personality, and describe it as brilliant.

The second lot refuse to touch it on principle, which is a bit like refusing to use a dishwasher because it feels like cheating at chores.

Both are wrong in their own way.

AI is a tool. A remarkably capable one, like a Swiss Army knife that somehow also knows the entire contents of the internet and can write a decent cover letter. You use it for the specific jobs it is good at. You stay in charge of the judgement, the style, and the actual thinking.

The tool does not hunt. The hunter hunts. The tool just makes the hunt more survivable.

Dek ends the film better than he started, not because Thia did the work for him, but because he used her capabilities without losing himself in the process.

Can we emerge on the other side of the current frenzy, having burnt through tokens, and still not lose ourselves in the process?

I’ve been thinking about coal mines. How you dig a hole in the earth, extract everything valuable, leave a scar, and walk away. Then someone comes along decades later and says, what if we filled it with water and made it beautiful? Feels like a metaphor for something, but I can’t quite land it.

Germany Turned Coal Mines Into 14,000 Hectares of Lakes

Where there were coal mines, now there are lakes. 14,000 hectares of them. Germany decided that massive scars in the landscape didn’t have to stay that way. They could become something people actually want to visit. Revolutionary concept: clean up your mess and make it nice. The UK should take notes, but we’ll probably just build a block of overpriced flats.

https://www.euronews.com/2026/04/14/almost-like-lake-como-germany-transforms-former-coal-mines-into-europes-largest-lake-lands

Nearly Half of Cybersecurity Pros Want to Quit

The work isn’t the problem. The invisibility is. When everything runs smoothly, nobody notices you exist. When one thing goes sideways, suddenly you’re the only person in the room. It’s like being a referee: you only get attention when someone thinks you’ve messed it up. Although – this isn’t really new is it?

https://www.zdnet.com/article/nearly-half-of-cybersecurity-pros-want-to-quit-heres-why/

How AI Went From Eye-Roll to Everywhere at RSAC

A few years ago, vendors hyping AI at security conferences got polite nods and internal groans. Now those same people have rebuilt their entire pitch around it. Someone finally wrote the forensic breakdown of how we got here, and it’s uncomfortably accurate. We didn’t choose this. We just stopped resisting.

https://ringmast4r.substack.com/p/not-long-ago-the-cybersecurity-industry

OpenAI’s AGI Clause Quietly Disappeared

Remember the bit in the OpenAI-Microsoft deal where OpenAI could walk away once they achieved AGI (to be honest, I had zero idea about this)? Simon Willison noticed it’s gone. Vanished. Nobody else caught it because nobody else was looking at the primary sources. Now we know who really controls what, and it wasn’t the fairy tale we were sold.

https://simonwillison.net/2026/Apr/27/now-deceased-agi-clause/

Gene Therapy Restores Girl’s Sight on the NHS

Sometimes you need a reminder that humans can do astonishing things. Gene therapy restored a girl’s eyesight. On the NHS. Free at the point of care. Whatever else is broken in the world, this isn’t.

https://www.gosh.nhs.uk/news/nhs-eye-gene-therapy-restores-saffies-sight/

AI Music Floods Apple Music, Nobody Listens

A third of all new tracks on Apple Music are AI-generated. Humans are listening to 0.5% of them. We didn’t ask for more music. We asked for better music. But quantity is easier to measure than quality, so here we are, drowning in algorithmic noise nobody wants.

https://appleinsider.com/articles/26/04/23/ai-songs-are-flooding-apple-music-but-nobody-is-actually-listening-to-them

Greece Wants to Ban Anonymous Social Media

Greece’s solution to bad behaviour online? Force everyone to use their real names. Because nothing says ‘healthy democracy’ like making sure activists, whistleblowers, and abuse survivors can’t speak without exposing themselves. Surely this will only catch the bad guys. Surely.

https://www.euractiv.com/news/greece-to-ban-anonymity-on-social-media/

Identity Management Just Got Infinitely Weirder

We’ve gone from verifying humans to verifying humans, the machines acting for them, the AI acting for the machines, and the deepfakes pretending to be all of the above. Identity management used to be straightforward. Now it’s an existential crisis with API calls.

https://blog.knowbe4.com/identity-at-the-edge-how-the-sixth-annual-identity-management-day-highlights-the-new-frontiers-of-trust

Stalkerware Turned One Victim Into Thousands

Someone installed stalkerware on a celebrity’s phone. Now 90,000 screenshots of their private life are out there. Everyone they messaged became a victim too. This is the nightmare scenario privacy advocates warned about, except it’s not hypothetical anymore. It’s just Tuesday.

https://www.wired.com/story/exposed-data-illustrates-the-nightmare-scenario-for-a-stalkerware-victim/

Bonus: How to Actually Personalise Claude

Lenny Zeltser wrote a proper guide on securing and personalising Claude so it knows who you are, how you work, and what you actually need. Not vendor fluff. Actual useful instructions. Rare enough to be worth highlighting.

https://zeltser.com/personal-ai-stack

—

That’s it. Another week survived. If you’ve got thoughts, reply to this. If you want more cynicism in real-time, I’m on Infosec.exchange making poor decisions in public. Hopefully Adrian appreciates the effort I put into trying to find some positivity in there this week!

Stay safe. Stay Cynical.