Analysis of MCP-related CVEs published in 2025, comparing and contrasting with vulnerabilities in AI-related software and other vulnerabilities. PDF

Read more →

At the 2024 Gartner Security and Risk Management Summit, my session focused on defending in the AI Era. Both adversaries and defenders benefit from the use of AI. Defensive use of AI introduces new attack vectors. Offensive use of AI can be defended using traditional methods: As covered in my earlier substack, AI ...

Read more →

At this week’s North American Information Security Summit, I made the following points under the title “Defending in the Era of AI”: 1. GenAI has the potential to be a net positive for cyber defenders. While GenAI advances adversary capabilities, it can advance defender capabilities even more. AI alignment ef...

Read more →

In this training session for the Dallas FBI, I covered some of the implications of GenAI for Law Enforcement. In addition to areas such as disinformation, we covered practical forensics in connection with malicious AI use. Some slides are reproduced below. The presentation was influenced by Justin Hutchins' ex...

Read more →

I joined host Andy Ash (CISO at Netacea) to discuss differences in how CISOs are compensated across both sides of the Atlantic, how the role is shifting to account for increased governance and regulations, and the ‘left of boom’ approach to preventative security. We also compare notes on how we first become fascina...

Read more →

The FBI is the primary domestic intelligence agency and law enforcement agency for cyber. I had the pleasure of moderating a discussion at the RSA Conference between the FBI’s head of Cyber, Ron Bushar and Elvis Chan. You can watch the interaction here Thank you to Ed and TAG who continue to post insightful mater...

Read more →

My conversation with Edward Amoroso at TAG Infosphere about the need to test your process for complying with the new SEC rules for incident disclosure; the potential for “CYA” filings with the SEC; and how to tell you might be CISO at the wrong company. Thank you to Ed and TAG who continue to post insightful materi...

Read more →

In this substack article, I argue that AI alignment efforts inhibit defensive capabilities. Read the article

Read more →