Read Time: 9 minutes

Brought to you by:

Howdy friends!

I had something really good happen this week. Big life things I’ve worked super hard towards. And I just can't stop waiting for the boot to drop. What is that a sign of? Been beat up for too many years, I just expect that somehow this is going to also somehow turn out poorly. Can you relate?

I'm working on my mindset here. Letting myself feel happy, proud, and dispelling the anxiety of losing it. For now all is great, and that should count.

As we go into the last few weeks of winter, I've been thinking about some things I hear some of my more “spiritual” friends discuss. I'm not generally a person who subscribes to such things, but I’ve heard them talking about the Lunar New Year and how we're leaving the year of the snake which comes with a lot of shedding of skin. I’m going to take this part to heart since I’ve got a lot I feel like shedding.

ICYMI

🖊️ Something I wrote: Thoughts on the Anthropic distillation attack

🎧️ Something I heard: Veritasium is an awesome channel - they covered the XZ utils backdoor

🎤 Something I said: The Death of the Anonymous Internet

🔖 Something I read: You Must Live an Interesting Life

Vulnerable News

Pentagon takes first step toward blacklisting Anthropic

The Pentagon just took what looks like the first real step toward blocking Anthropic from doing business with the government. They asked major defense contractors to assess how reliant they are on Claude, which is the sort of pre-work you do before you label a company a “supply chain risk.” The wild part is the Pentagon is doing this while also acting like it cannot live without Claude. It is threatening Anthropic with contract termination and a supply-chain-risk designation because Anthropic will not lift safeguards, while also floating the Defense Production Act route to compel access anyway.

Anthropic’s refusal is about two lines that should be obvious: no mass surveillance of Americans and no autonomous weapons.

While Anthropic deals with the Pentagon pressure, it is also dealing with what it claims to have identified as industrial scale distillation campaigns by three Chinese labs trying to extract Claude capabilities with millions of requests and tens of thousands of fraudulent accounts. This one is a bit odd to me. It seems it’s just systems querying the model and using the results. I understand they’re doing it at scale but this feels like someone saying they’re copying the Google algorithm by searching a lot. This thing that all the frontier models do: they point at their own products failure to implement certain guardrails and say “see! Look how dangerous this thing we made is!” The obvious, ultimate irony is that these models are trained on things they didn’t create, too. (read more here and here)

Quantum-Safe AMA featuring experts from Palo Alto Networks

Spent all day with the experts from Palo Alto Networks and learnt all the odds and ends about quantum computing. You might have heard of harvest now decrypt later, but a new fun one for me was trust now forge later - come hang to see me figure that one out on the AMA! Happening Tue Mar 10, 2026, 10AM PT. Join us there.

*Sponsored

Claude is Officially a Security Product 

Claude launched security straight into the product and the market freaked out. A bunch of cybersecurity stocks tanked after the announcement, which I think is an overreaction. Opus 4.6 has already been beating a lot of purpose-built security tooling, even AI security tooling from just a few months ago. This was obvious if you were paying attention. The capabilities were already there. Now they just threw it into the app.

As for the “suggest fix” button, vendors have tried to build that for 15 years: Virtual patching, auto fix, suggest a fix. Success rates were low and usually situational. Now we have a model that can actually write code at a high level and it has context across the repo. It doesn’t magically solve vulnerability management. Finding a bug and fixing it are two very different things at ecosystem scale. But this absolutely changes the conversation for anyone whose whole product story was finding and fixing vulnerabilities in code.

I'm trying to be optimistic about this because if we can't be optimistic, we're kind of screwed. (read more)

Google API Keys Weren't Secrets. But then Gemini Changed the Rules.

For years, Google’s documentation said certain API keys, especially those used for things like Google Maps or Firebase integrations, were not secrets. Developers followed that guidance and embedded those keys directly into public HTML and JavaScript. Now, thanks to how Gemini integrates into Google Cloud projects, those same keys can unlock access to generative AI services, including private prompts, uploaded files(?!), cached content, and potentially sensitive business data. Research from Truffle Security shows that thousands of exposed keys can now access Gemini, and in some cases, even Google’s own projects were affected.

Developers need to audit their Google Cloud projects immediately: check whether Gemini is enabled, review API key restrictions, identify any keys exposed in public repos or client-side code, and rotate anything that looks risky. Google has announced mitigation steps, but for now, the responsibility sits squarely with project owners. (read more)

Apple Rolls Out Age-Verification Tools Worldwide to Comply With Growing Web of Child Safety Laws

Apple is rolling out new age assurance tools worldwide to comply with this growing web of child safety laws. They are expanding their Declare Age Range API so developers can get a user’s age category without collecting date of birth or other personally identifiable information. In some countries, Apple will also block downloads of 18+ apps until the user confirms they are an adult, with the App Store handling that check. On paper, this looks like a privacy preserving middle ground between forcing everyone to upload a government ID and doing nothing at all.

My hot take: If we are going to play this age verification game, the responsibility should sit at the device level, not on every random website. I don’t want to live in a world where every site I visit asks for my government ID or scans my face. That is a guaranteed privacy disaster. If age has to be enforced, let it be enforced by the device provider, with clear parental controls and age modes, not by thousands of companies that will inevitably mishandle sensitive data. (read more)

Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign

Google just disrupted a massive Chinese espionage operation that's been running wild for years. UNC2814 (not to be confused with Salt Typhoon) had a foothold in 53 organizations across 42 countries, primarily targeting telecoms and government agencies. The clever bastards were using Google Sheets as their command-and-control infrastructure(!? lol). Their GRIDTIDE malware would communicate through legitimate Google Sheets API calls, making their malicious traffic look like normal business operations.

These guys have been at it since 2017 and were going after highly sensitive data like call records, SMS messages, and personally identifiable information. Perfect for surveillance operations against dissidents and activists. Google's response was comprehensive: they nuked all the attacker's cloud projects, disabled their accounts, sinkholed their domains, and released IOCs for everyone else to hunt with. Anything and everything can be a C2! (read more)

AI Remediation Developers Will Actually Use*

Every vulnerability tool tells you what's wrong. No one tells you what to actually do about it. And the ones that try? They say, "Upgrade available." That's the textbook fix your developer rejects because it doesn't make any sense in practice or for your environment.

Maze AI remediation agents tell you if it makes sense to rebuild the image, bump a direct dependency, or overwrite a transitive.

That's the work security and developer teams spend hours on. Maze makes it easy. See how it works.

*Sponsored

Man Accidentally Gains Control of 7,000 Robot Vacuums

A guy bought a smart vacuum and decided he didn’t want to use the normal app. He used Claude to reverse engineer the API so he could control it with a game controller. In the process he pulled his own auth token from the server. That token was not tied to device ownership. It worked on every vacuum. He suddenly had visibility into thousands of devices: Live camera feeds, floor plans, battery status, cleaning routes, and live audio(?!).

What’s hilarious is that he didn’t intent to hack anything. He didn’t use brute force or break into servers. He used his own valid token. The backend permission validation was broken. The vacuum cameras were streaming back to the cloud and any valid token could access them. Also why in the flying f is a live video feed being sent back to the cloud servers? So even if this vuln is fixed, can the employees still see these feeds? And a microphone?! Why does a vacuum need a microphone?! (read more)

FBI: Threats from Salt Typhoon ‘Still Very Much Ongoing’

Salt Typhoon is still active. Of course they are. Did we think they just packed it up after successfully compromising parts of our telecom wiretap infrastructure? An FBI official stood on stage and reminded everyone that the campaign is ongoing and urged leaders to implement zero trust, least privilege, and secure-by-design principles. That advice would have been cutting edge in 2009.

I was hoping for new operational detail. Something technical and actionable. Instead we got “lock the inside doors, not just the front door.” The threat and stakes are real, but if the public message after a massive telecom compromise is “do cybersecurity better,” we are not advancing the conversation. We are recycling table stakes while adversaries keep adapting. (read more)

2025 State of the Cybersecurity Market: $25B Funding, $76B M&A and What’s Next

I pulled up Mike Privette’s State of the Cybersecurity Market report because I like yearly reports built on data we actually care about, and this one is loaded. Cybersecurity companies raised $25.1B across 743 deals in 2025, and M&A hit $76.4B across 320 deals. Mega-rounds dominated. Forty-eight deals over $100M captured 65% of all funding. Meanwhile, the hype-to-reality gap is right there in the numbers: “AI security” was 2.6% of funding and did not even crack the top 10 categories.

I dive through this whole report on my live stream the other day, it’s really a fantastic set of data Mike put together.

The public-market side is where it starts to feel bleak: only 5 of 14 pure-play cyber stocks finished 2025 positive, and Mike’s cyber index returned -6.5%. I agree with the idea that this looks less like an industry collapsing and more like correction, consolidation, and bundling. I have been on the buyer side where security likes a tool, but security does not own the underlying platform budget, so the pitch has to land with IT, infra, or identity teams too. That reality pushes the market toward platforms, cross-domain acquisitions, and outcomes over point tools, whether people like it or not. (read more)

AI-augmented threat actor accesses FortiGate devices at scale

A Russian-speaking threat actor used multiple commercial AI services to compromise over 600 FortiGate devices across 55+ countries in just over a month. Granted this is mostly just mass scanning for exposed management interfaces and credential stuffing with weak passwords. Their terrible opsec left all their AI-generated attack plans, victim configs, and source code sitting on public infrastructure for researchers to analyze.

AI acted as a force multiplier for what appears to be a low-skill actor. They generated custom tooling in multiple languages, created comprehensive attack plans, and submitted complete victim network topologies to AI services asking for step-by-step compromise instructions. When they hit properly hardened targets, they just moved on. The actor successfully extracted AD credential databases and targeted backup infrastructure (ransomware prep moves). (read more)

Total Ransomware Payments Stagnate for Second Consecutive Year, While Attacks Escalate

Here's some interesting data from Chainalysis - ransomware payments dropped 8% to $820 million in 2025, but attacks skyrocketed 50%. That means only about 28% of victims are paying up, which is potentially an all-time low. The median ransom jumped a whopping 368% to nearly $60k though, so the gangs are squeezing harder when they do get paid.

The ecosystem is getting messier with around 85 active extortion groups now (thanks to major RaaS operations fragmenting), and there's some infrastructure sharing going on. The same bulletproof hosting providers and proxy networks are being used by both garden-variety ransomware crews and state-sponsored hackers from Iran, Russia, and China. Law enforcement caught on and started hammering the infrastructure layer itself - sanctioning hosting providers like Media Land and taking down proxy services like IPIDEA. It's forcing everyone to rebuild their toolchains, which is exactly the kind of operational friction that makes cybercrime less profitable. Good read! (read more)

Miscellaneous mattjay

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay