This is a multi-part message in MIME format
--_----------=_MCPart_706889729
Content-Type: text/plain; charset="utf-8"; format="fixed" Content-Transfer-Encoding: quoted-printable
** CRYPTO-GRAM
APRIL 15=2C 2026
------------------------------------------------------------
by Bruce Schneier
Fellow and Lecturer=2C Harvard Kennedy School
schneier@schneier.com
https://www.schneier.com
A free monthly newsletter providing summaries=2C analyses=2C insights=2C a=
nd commentaries on security: computer and otherwise.
For back issues=2C or to subscribe=2C visit Crypto-Gram's web page [https= ://www.schneier.com/crypto-gram/].
Read this issue on the web [
https://www.schneier.com/crypto-gram/archives= /2026/0415.html]
These same essays and news items appear in the Schneier on Security [http= s://www.schneier.com/] blog=2C along with a lively and intelligent comment=
section. An RSS feed is available.
** *** ***** ******* *********** *************
** IN THIS ISSUE:
------------------------------------------------------------
1. Possible New Result in Quantum Factorization
2. South Korean Police Accidentally Post Cryptocurrency Wallet Passwo=
rd
3. Meta=E2=80=99s AI Glasses and Privacy
4. Hacking a Robot Vacuum
5. Proton Mail Shared User Information with the Police
6. Microsoft Xbox One Hacked
7. Team Mirai and Democracy
8. Sen. Wyden Warns of Another Section 702 Abuse
9. As the US Midterms Approach=2C AI Is Going to Emerge as a Key Issu=
e Concerning Voters
10. Apple=E2=80=99s Camera Indicator Lights
11. Inventors of Quantum Cryptography Win Turing Award
12. A Taxonomy of Cognitive Security
13. Is "Hackback" Official US Cybersecurity Strategy?
14. Possible US Government iPhone Hacking Tool Leaked
15. US Bans All Foreign-Made Consumer Routers
16. Company that Secretly Records and Publishes Zoom Meetings
17. Google Wants to Transition to Post-Quantum Cryptography by 2029
18. New Mexico=E2=80=99s Meta Ruling and Encryption
19. Hong Kong Police Can Force You to Reveal Your Encryption Keys
20. Cybersecurity in the Age of Instant Software
21. Python Supply-Chain Compromise
22. On Microsoft=E2=80=99s Lousy Cloud Security
23. Sen. Sanders Talks to Claude About AI and Privacy
24. AI Chatbots and Trust
25. On Anthropic=E2=80=99s Mythos Preview and Project Glasswing
26. How Hackers Are Thinking About AI
27. Upcoming Speaking Engagements
** *** ***** ******* *********** *************
** POSSIBLE NEW RESULT IN QUANTUM FACTORIZATION ------------------------------------------------------------
[2026.03.16] [
https://www.schneier.com/blog/archives/2026/03/possible-ne= w-result-in-quantum-factorization.html] I=E2=80=99m skeptical about -- and=
not qualified to review -- this new result [
https://www.preprints.org/ma= nuscript/202510.1649] in factorization with a quantum computer=2C but if i= t=E2=80=99s true it=E2=80=99s a theoretical improvement [
https://www.secu= rityweek.com/quantum-decryption-of-rsa-is-much-closer-than-expected/] in t=
he speed of factoring large numbers with a quantum computer.
EDITED TO ADD (4/13): This post [
https://scottaaronson.blog/?p=3D9615] po=
ints out that the algorithm only works with small numbers.
** *** ***** ******* *********** *************
** SOUTH KOREAN POLICE ACCIDENTALLY POST CRYPTOCURRENCY WALLET PASSWORD ------------------------------------------------------------
[2026.03.17] [
https://www.schneier.com/blog/archives/2026/03/south-korea= n-police-accidentally-post-cryptocurrency-wallet-password.html] An expensi=
ve mistake [
https://www.bleepingcomputer.com/news/security/48m-in-crypto-= stolen-after-korean-tax-agency-exposes-wallet-seed/]:
Someone jumped at the opportunity to steal $4.4 million in crypto assets=
after South Korea=E2=80=99s National Tax Service exposed publicly the mne= monic recovery phrase of a seized cryptocurrency wallet.
The funds were stored in a Ledger cold wallet seized in law enforcement=
raids at 124 high-value tax evaders that resulted in confiscating digital=
assets worth 8.1 billion won (currently approximately $5.6 million).
When announcing the success of the operation=2C the agency released phot=
os of a Ledger device=2C a popular hardware wallet for crypto storage and=
management.
However=2C the images also showed a handwritten note of the wallet recov=
ery phrase=2C which serves as the master key that allows restoring the ass=
ets to another device.
The authorities failed to redact that info=2C allowing anyone to transfe=
r into their account the assets in the cold wallet.
Reportedly=2C shortly after the press release was published=2C 4 million=
Pre-Retogeum (PRTG) tokens=2C worth approximately $4.8 million at the tim= e=2C were transferred out of the confiscated wallet to a new address.
EDITED TO ADD (4/13): It seems that the thief returned the money=2C and a=
second thief [
https://biz.chosun.com/en/en-society/2026/03/03/2HRCGVESIZ= BTHHXIWI7URAWCHM/] promptly stole it again.
** *** ***** ******* *********** *************
** META=E2=80=99S AI GLASSES AND PRIVACY ------------------------------------------------------------
[2026.03.18] [
https://www.schneier.com/blog/archives/2026/03/metas-ai-gl= asses-and-privacy.html] Surprising no one=2C Meta=E2=80=99s new AI glasses=
are a privacy disaster [
https://appleinsider.com/articles/26/03/03/what-= privacy-as-expected-meta-ray-bans-are-a-privacy-disaster].
I=E2=80=99m not sure what can be done here. This is a technology that will=
exist=2C whether we like it or not.
Meanwhile=2C there is a new Android app that detects [
https://techcrunch.= com/2026/03/02/nearby-glasses-new-app-alerts-you-wearing-smart-glasses-sur= veillance-meta-snap-bluetooth/] when there are smart glasses nearby.
** *** ***** ******* *********** *************
** HACKING A ROBOT VACUUM ------------------------------------------------------------
[2026.03.19] [
https://www.schneier.com/blog/archives/2026/03/hacking-a-r= obot-vacuum.html] Someone tries to remote control his own DJI Romo vacuum=
=2C and ends up controlling 7=2C000 of them [
https://www.theverge.com/tec= h/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt] fr=
om all around the world.
The IoT is horribly insecure=2C but we already knew that [
https://www.sch= neier.com/books/click-here/].
** *** ***** ******* *********** *************
** PROTON MAIL SHARED USER INFORMATION WITH THE POLICE ------------------------------------------------------------
[2026.03.20] [
https://www.schneier.com/blog/archives/2026/03/proton-mail= -shared-user-information-with-the-police.html] 404 Media has a story [htt= ps://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city= -protestor/] about Proton Mail giving subscriber data to the Swiss governm= ent=2C who passed the information to the FBI.
It=E2=80=99s metadata -- payment information related to a particular accou=
nt -- but still important knowledge. This sort of thing happens=2C even to=
privacy-centric companies like Proton Mail.
** *** ***** ******* *********** *************
** MICROSOFT XBOX ONE HACKED ------------------------------------------------------------
[2026.03.23] [
https://www.schneier.com/blog/archives/2026/03/microsoft-x= box-hacked.html] It=E2=80=99s an impressive feat [
https://www.tomshardwar= e.com/video-games/console-gaming/microsofts-unhackable-xbox-one-has-been-h= acked-by-bliss-the-2013-console-finally-fell-to-voltage-glitching-allowing= -the-loading-of-unsigned-code-at-every-level]=2C over a decade after the b=
ox was released:
Since reset glitching wasn=E2=80=99t possible=2C Gaasedelen thought some=
voltage glitching [
https://www.tomshardware.com/news/yet-another-amd-zen= -secure-encrypted-virtualization-vulnerability-demonstrated-by-researchers=
] could do the trick. So=2C instead of tinkering with the system rest pin(=
s) the hacker targeted the momentary collapse of the CPU voltage rail. Thi=
s was quite a feat=2C as Gaasedelen couldn=E2=80=99t =E2=80=98see=E2=80=99=
into the Xbox One=2C so had to develop new hardware introspection tools.
Eventually=2C the Bliss exploit was formulated=2C where two precise volt=
age glitches were made to land in succession. One skipped the loop where t=
he ARM Cortex [
https://www.tomshardware.com/news/cortex-76-high-laptop-pe= rformance=2C37158.html] memory protection was setup. Then the Memcpy opera= tion was targeted during the header read=2C allowing him to jump to the at= tacker-controlled data.
As a hardware attack against the boot ROM in silicon=2C Gaasedelen says=
the attack in unpatchable. Thus it is a complete compromise of the consol=
e allowing for loading unsigned code at every level=2C including the Hyper= visor and OS. Moreover=2C Bliss allows access to the security processor [=
https://www.tomshardware.com/features/intel-amd-most-secure-processors] so=
games=2C firmware=2C and so on can be decrypted.
** *** ***** ******* *********** *************
** TEAM MIRAI AND DEMOCRACY ------------------------------------------------------------
[2026.03.24] [
https://www.schneier.com/blog/archives/2026/03/team-mirai-= and-democracy.html] Japan=E2=80=99s election [
https://theconversation.com= /japans-ruling-party-secures-historic-election-victory-but-challenges-lie-= ahead-275279] last month and the rise of the country=E2=80=99s newest and=
most innovative political party=2C Team Mirai [
https://team-mir.ai/]=2C=
illustrates the viability of a different way to do politics.
In this model=2C technology is used to make democratic processes stronger=
=2C instead of undermining them. It is harnessed to root out corruption=2C=
instead of serving as a cash cow for campaign donations.
Imagine an election where every voter has the opportunity to opine directl=
y to politicians on precisely the issues they care about. They=E2=80=99re=
not expected to spend hours becoming policy experts. Instead=2C an AI Int= erviewer [
https://depth-interview-ai.vercel.app] walks them through the s= ubject=2C answering their questions=2C interrogating their experience=2C e=
ven challenging their thinking.
Voters get immediate feedback on how their individual point of view matche=
s -- or doesn=E2=80=99t -- a party=E2=80=99s platform=2C and they can see=
whether and how the party adopts their feedback. This isn=E2=80=99t like=
an opinion poll that politicians use for calculating short-term electoral=
tactics. It=E2=80=99s a deliberative reasoning process that scales=2C eng= aging voters in defining policy and helping candidates to listen deeply to=
their constituents.
This is happening today in Japan. Constituents have spent about eight thou= sand hours [
https://depth-interview-ai.vercel.app/sessions] engaging with=
Mirai=E2=80=99s AI Interviewer since 2025. The party=E2=80=99s gamified v= olunteer mobilization app=2C Action Board [
https://action.team-mir.ai/sta= ts]=2C captured about 100=2C000 organizer actions per day in the runup to=
last week=E2=80=99s election.
It=E2=80=99s how Team Mirai=2C which translates to =E2=80=98The Future Par= ty=2C=E2=80=99 does politics. Its founder=2C Takahiro Anno [
https://takah= iroanno.com/]=2C first ran for local office in 2024 as a 33 year old softw=
are engineer standing for Governor of Tokyo. He came in fifth out of 56 ca= ndidates=2C winning more than 150=2C000 votes as an unaffiliated political=
outsider. He won attention by taking a distinctive stance on the role of=
technology in democracy and using AI aggressively [
https://futurepolis.s= ubstack.com/p/meet-your-ai-politician-of-the-future] in voter engagement.
Last year=2C Anno ran again=2C this time for the Upper Chamber of the nati= onal legislature -- the Diet -- and won [
https://asiatimes.com/2026/03/te= am-mirai-pushing-to-bring-digital-democracy-to-japan/]. Now the head of a=
new national party=2C Anno found himself with a platform for making his v= ision of a new way of doing politics a reality.
In this recent House of Representatives election=2C Team Mirai shot up to=
win nearly four million votes. In the lower chamber=E2=80=99s proportiona=
l representation system=2C that was good enough for eleven total seats --=
the party=E2=80=99s first ever representation in the Japanese House -- an=
d nearly three times what it achieved in last year=E2=80=99s [
https://www= =2Esoumu.go.jp/senkyo/27sansokuhou/index.html] Upper Chamber election.
Anno=E2=80=99s party stood for election without aligning itself on the tra= ditional axes of left and right. Instead=2C Team Mirai=2C heavily associat=
ed with young=2C urban voters=2C sought to unite across the ideological sp= ectrum by taking a radical position on a different axis: the status quo an=
d the future. Anno told us that Team Mirai believes it can triple its repr= esentation in the Diet after the next elections in each chamber=2C an oste= ntatious goal that seems achievable given their rapid rise over the past y= ear.
In the American context=2C the idea of a small party unifying voters acros=
s left and right sounds like a pipe dream. But there is evidence it worked=
in Japan. Team Mirai won [
https://www.japantimes.co.jp/news/2026/02/09/j= apan/politics/exit-poll/] an impressive 11% of proportional representation=
votes from unaffiliated voters=2C nearly twice the share of the larger el= ectorate. The centerpiece of the party=E2=80=99s policy platform is not ab=
out the traditional hot button issues=2C it=E2=80=99s about democracy itse= lf=2C and how it can be enhanced by embracing a futuristic vision [https:= //policy.team-mir.ai/policies/digital-democracy] of digital democracy.
Anno told us how his party arrived at its manifesto [
https://team-mir.ai/= election/shugiin-2026] for this month=E2=80=99s elections=2C and why it lo= oked different from other parties=E2=80=99 in important ways. Team Mirai c= ollected more than 38=2C000 online questions and more than 6=2C000 discret=
e policy suggestions from voters using its AI Policy app [
https://policy.= team-mir.ai]=2C which is advertised as a =E2=80=98manifesto that speaks fo=
r itself.=E2=80=99
After factoring in all this feedback=2C Team Mirai maintained a contrarian=
position on the biggest issue [
https://www.reuters.com/world/asia-pacifi= c/japan-election-landslide-clears-path-takaichi-deliver-tax-cuts-2026-02-0=
9/] of the election: the sales tax and affordability. Rather than running=
on a reduction of the national sales tax like the major parties=2C Team M= irai reviewed dozens of suggestions [
https://policy.team-mir.ai/policies/= economy-finance/sections/1] from the public and ultimately proposed [http= s://policy.team-mir.ai/policies/economy-finance] to keep that tax level wh=
ile providing support to families through a child tax credit and lowering=
the required contribution for social insurance. Anno described this as an= other future-facing strategy: less price relief in the short term=2C but s= ustained funding for essential programs.
Anno has always intended to build a different kind of party. After receivi=
ng roughly $1 million in public funding apportioned to Team Mirai based on=
its single seat in the Upper Chamber last year=2C Anno began hiring engin= eers to enhance his software tools for digital democracy.
Anno described Team Mirai to us as a =E2=80=98utility party [
https://ther= enovator.substack.com/p/rewiring-democracy-now];=E2=80=99 basic infrastruc= ture for Japanese democracy that serves the broader polity rather than one=
faction. Their Gikai [
https://gikai.team-mir.ai/] (=E2=80=98assembly=E2= =80=99) app illustrates the point. It provides a portal for constituents t=
o research bills=2C using AI to generate summaries=2C to describe their im= pacts=2C to surfacing media reporting on the issue=2C and to answer users= =E2=80=99 questions. Like all their software=2C it=E2=80=99s open source a=
nd free for anyone=2C in any party=2C to use.
After last week=E2=80=99s victory=2C Team Mirai now has about $5 million i=
n public funding and ambitions to grow the influence of their digital demo= cracy platform. Anno told us Team Mirai has secured an agreement with the=
LDP=2C Japan=E2=80=99s dominant ruling party=2C to begin using Team Mirai= =E2=80=99s Gikai and corruption-fighting Mirumae [
https://marumie.team-mi= r.ai/] financial transparency tool.
AI is the issue driving the most societal and economic change we will enco= unter in our lifetime=2C yet US political parties are largely silent [htt= ps://time.com/7371825/trump-data-center-ai-backlash-ai-america-china/]. Bu=
t AI and Big Tech companies and their owners are ramping up [
https://www.= axios.com/2026/01/23/ai-tech-lobbying-2025] their political spending to in= fluence [
https://www.wired.com/story/openai-president-greg-brockman-polit= ical-donations-trump-humanity/] the parties. To the extent that AI has sho=
wn up in our politics=2C it seems to be limited to the question of where t=
o site the next generation of data centers and how to channel populist bac= klash [
https://www.politico.com/news/magazine/2025/12/28/ai-job-losses-po= pulism-democrats-bernie-sanders-00706680] to big tech.
Those are causes worthy of political organizing=2C but very few US politic= ians are leveraging the technology for public listening or other pro-democ= ratic purposes. With the midterms still nine months away and with innovato=
rs like Team Mirai making products in the open for anyone to use=2C there=
is still plenty of time for an American politician to demonstrate what a=
new politics could look like.
_This essay was written with Nathan E. Sanders=2C and originally appeared=
in Tech Policy Press [
https://www.techpolicy.press/japans-team-mirai-use= s-tech-to-bolster-democracy-not-undermine-it/]._
** *** ***** ******* *********** *************
** SEN. WYDEN WARNS OF ANOTHER SECTION 702 ABUSE ------------------------------------------------------------
[2026.03.25] [
https://www.schneier.com/blog/archives/2026/03/sen-wyden-w= arns-of-another-section-702-abuse.html] Sen. Ron Wyden is warning us [htt= ps://www.techdirt.com/2026/03/12/the-wyden-siren-goes-off-again-well-be-st= unned-by-what-the-nsa-is-doing-under-section-702/] of an abuse of Section=
702:
Wyden took to the Senate floor to deliver a lengthy speech=2C ostensibly=
about the since approved (with support of many Democrats) nomination of J= oshua Rudd to lead the NSA. Wyden was protesting that nomination=2C but in=
the context of Rudd being unwilling to agree to basic constitutional limi= tations on NSA surveillance. But that=E2=80=99s just a jumping off point a= head of Section 702=E2=80=99s upcoming reauthorization deadline. Buried in=
the speech is a passage that should set off every alarm bell:
There=E2=80=99s another example of secret law related to Section 702=
=2C one that directly affects the privacy rights of Americans. For years=
=2C I have asked various administrations to declassify this matter. Thus f=
ar they have all refused=2C although I am still waiting for a response fro=
m DNI Gabbard. I strongly believe that this matter can and should be decla= ssified and that Congress needs to debate it openly before Section 702 is=
reauthorized. In fact=2C when it is eventually declassified=2C the Americ=
an people will be stunned that it took so long and that Congress has been=
debating this authority with insufficient information.
Over the decades=2C we have learned to take Wyden=E2=80=99s warnings serio= usly.
** *** ***** ******* *********** *************
** AS THE US MIDTERMS APPROACH=2C AI IS GOING TO EMERGE AS A KEY ISSUE CON= CERNING VOTERS
------------------------------------------------------------
[2026.03.26] [
https://www.schneier.com/blog/archives/2026/03/as-the-us-m= idterms-approach-ai-is-going-to-emerge-as-a-key-issue-concerning-voters.ht=
ml] In December=2C the Trump administration signed an executive order that=
neutered [
https://www.nytimes.com/2025/12/11/technology/ai-trump-executi= ve-order.html] states=E2=80=99 ability to regulate AI by ordering his admi= nistration to both sue and withhold funds from states that try to do so. T=
his action pointedly supported industry lobbyists [
https://www.nytimes.co= m/2025/12/08/us/politics/trump-executive-order-ai-laws.html] keen to avoid=
any constraints and consequences on their deployment of AI=2C while under= mining the efforts of consumers=2C advocates=2C and industry associations=
concerned about AI=E2=80=99s harms who have spent years pushing for state=
regulation.
Trump=E2=80=99s actions have clarified the ideological alignments around A=
I within America=E2=80=99s electoral factions. They set down lines on a ne=
w playing field for the midterm elections=2C prompting members of his part= y=2C the opposition=2C and all of us to consider where we stand in the deb=
ate over how and where to let AI transform our lives.
In a May 2025 survey [
https://drive.google.com/file/d/1J2Q4hex2szvTekqh-D= 6TXc-R6GcYKQV9/view] of likely voters nationwide=2C more than 70% favored=
state and federal regulators having a hand in AI policy. A December 2025=
poll [
https://navigatorresearch.org/views-of-ai-and-data-centers/] by Na= vigator Research found similar results=2C with a massive net +48% favorabi= lity for more AI regulation. Yet despite the overwhelming preference of bo=
th voters and his party=E2=80=99s elected leaders -- Congress was essentia=
lly unanimous [
https://time.com/7299044/senators-reject-10-year-ban-on-st= ate-level-ai-regulation-in-blow-to-big-tech/] in defeating a previous stat=
e AI regulation moratorium -- Trump has delivered on a key priority of the=
industry. The order explicitly challenges the will of voters [
https://ww= w.pewresearch.org/short-reads/2025/11/06/republicans-democrats-now-equally= -concerned-about-ai-in-daily-life-but-views-on-regulation-differ/] across=
blue and red states=2C from California to South Dakota=2C scrambling poli= tical positions around the technology and setting up a new ideological bat= tleground in the upcoming race for Congress.
There are a number of ways that candidates and parties may try to capitali=
ze on this emerging wedge issue before the midterms.
In 2025=2C much of the popular debate around AI was cast in terms of human=
s versus machines. Advances in AI and the companies it is associated with=
=2C it is said=2C come at the expense of humans. A new model release with=
greater capabilities for writing=2C teaching=2C or coding means more peop=
le in those disciplines losing their jobs.
This is a humanist debate. Making us talk to an AI customer-support agent=
is an affront to our dignity [
https://onlinelibrary.wiley.com/doi/10.111= 1/japp.70037]. Using AI to help generate media sacrifices authenticity [h= ttps://www.gamesindustry.biz/ai-assets-are-an-unconscionable-risk-for-prem= ium-priced-games-opinion-1]. AI chatbots that persuade and manipulate assa=
ult our liberty [
https://www.techpolicy.press/the-battle-for-cognitive-li= berty-in-the-age-of-corporate-ai/]. There is philosophical merit to these=
arguments=2C and yet they seem to have limited political salience.
Populism versus institutionalism is a better way to frame this debate in t=
he context of US politics. The MAGA movement is widely understood to be a=
realignment [
https://time.com/7173651/democratic-party-alignment-history=
/] of American party politics to ally the Republican party with populism=
=2C and the Democratic party with defenders of traditional institutions of=
American government and their democratic norms.
This frame is shattered by Trump=E2=80=99s AI order=2C which unabashedly s= erves economic elites at the expense of populist consumer protections. It=
is part of an ongoing courting [
https://www.theatlantic.com/politics/arc= hive/2025/01/tech-zuckerberg-trump-inauguration-oligarchy/681381/] process=
between MAGA and big tech=2C where the Trump political project sacrifices=
the interests of consumers and its populist credentials as it cozies up t=
o tech moguls [
https://www.theguardian.com/us-news/2025/oct/23/trump-whit= e-house-ballroom-donors].
We are starting to see populist resistance to this government/big tech ali= gnment emerge on the local scale. People in Maryland [
https://www.washing= tonpost.com/dc-md-va/2026/01/01/data-centers-prince-georges-county/]=2C Ar= izona [
https://www.washingtonpost.com/business/2026/01/06/data-centers-ba= cklash-impact-local-communities-opposition/]=2C North Carolina [
https://w= ww.wcnc.com/article/news/local/matthews/matthews-nc-data-center-proposal-w= ithdrawn-10-7-2025/275-f6ae7992-f0aa-4173-8c3c-010922f050bc]=2C Michigan [=
https://www.theguardian.com/us-news/2025/dec/18/michigan-data-center-figh=
t] and many other [
https://apnews.com/article/data-centers-artificial-int= elligence-nimby-tech-21fa7b957664d5dca6788e35ab43b88e] states are vigorous=
ly opposing AI datacenters in their communities=2C based on environmental=
and energy-affordability impacts. These centers of opposition are politic= ally diverse; both progressives and Trump-supporting voters are turning ou=
t in force=2C influencing their local elected officials to resist datacent=
er development.
This opposition to the physical infrastructure of corporate AI is so far s= taying local [
https://www.theguardian.com/us-news/2026/jan/13/datacenters= -us-political-opposition]=2C but it may yet translate into a national and=
politically aligned movement that could divide [
https://www.cnn.com/2026= /02/02/politics/artificial-intelligence-maga-divide-trump] the MAGA coalit= ion.
Any policy discussions about AI should include the individual harms associ= ated with job loss=2C as employers seek to replace laborers with machines.=
It should also include the systemic economic risks associated with concen= trated and supercharged AI investment=2C the democratic risks associated w=
ith the increased power in monopolistic and politically influential tech c= ompanies=2C and the degradation of civic functions like journalism and edu= cation by AI. In order for our free market to function in the public inter= est=2C the companies amassing wealth and profiting from AI must be forced=
to take ownership of=2C and internalize=2C these costs.
The political salience of AI will grow to meet the staggering scale of fin= ancial investment and societal impact it is already commanding. There is a=
n opportunity for enterprising candidates=2C of either political party=2C=
to take the mantle of opposing AI-linked harms in the midterm elections.
Political solutions start with organizing=2C and broadening the base of po= litical engagement around these issues beyond the locally salient topic of=
datacenters. Movement leaders and elected officials in states that have t= aken action on AI regulation should mobilize around the blatant industry c= apture=2C wealth extraction=2C and corporate favoritism reflected in the T= rump executive order. AI is no longer just a policy issue for governments=
to discuss: it is a political issue that voters must decide on and demand=
accountability on.
** *** ***** ******* *********** *************
** APPLE=E2=80=99S CAMERA INDICATOR LIGHTS ------------------------------------------------------------
[2026.03.30] [
https://www.schneier.com/blog/archives/2026/03/apples-came= ra-indicator-lights.html] A thoughtful review [
https://daringfireball.net= /2026/03/apple_enclaves_neo_camera_indicator] of Apple=E2=80=99s system to=
alert users that the camera is on. It=E2=80=99s really well-designed=2C a=
nd important in a world where malware could surreptitiously start recordin=
g.
The reason it=E2=80=99s tempting to think that a dedicated camera indica=
tor light is more secure than an on-display indicator is the fact that har= dware is generally more secure than software=2C because it=E2=80=99s harde=
r to tamper with. With hardware=2C a dedicated hardware indicator light ca=
n be connected to the camera hardware such that if the camera is accessed=
=2C the light must turn on=2C with no way for software running on the devi= ce=2C no matter its privileges=2C to change that. With an indicator light=
that is rendered on the display=2C it=E2=80=99s not foolish to worry that=
malicious software=2C with sufficient privileges=2C could draw over the p= ixels on the display where the camera indicator is rendered=2C disguising=
that the camera is in use.
If this were implemented simplistically=2C that concern would be complet=
ely valid. But Apple=E2=80=99s implementation of this is far from simplist=
ic.
** *** ***** ******* *********** *************
** INVENTORS OF QUANTUM CRYPTOGRAPHY WIN TURING AWARD ------------------------------------------------------------
[2026.03.31] [
https://www.schneier.com/blog/archives/2026/03/inventors-o= f-quantum-cryptography-win-turing-award.html] Charles Bennett and Gilles B= rassard have won [
https://www.nytimes.com/2026/03/18/technology/turing-aw= ard-winners-quantum-cryptography.html] the 2026 Turing Award for inventing=
quantum cryptography.
I am incredibly pleased to see them get this recognition. I have always th= ought the technology to be fantastic=2C even though I think it=E2=80=99s l= argely unnecessary. I wrote up my thoughts back in 2008=2C in an essay tit=
led =E2=80=9CQuantum Cryptography: As Awesome As It Is Pointless.=E2=80=9D
Back then=2C I wrote:
While I like the science of quantum cryptography -- my undergraduate deg=
ree was in physics -- I don=E2=80=99t see any commercial value in it. I do= n=E2=80=99t believe it solves any security problem that needs solving. I d= on=E2=80=99t believe that it=E2=80=99s worth paying for=2C and I can=E2=80= =99t imagine anyone but a few technophiles buying and deploying it. System=
s that use it don=E2=80=99t magically become unbreakable=2C because the qu= antum part doesn=E2=80=99t address the weak points of the system.
Security is a chain; it=E2=80=99s as strong as the weakest link. Mathema=
tical cryptography=2C as bad as it sometimes is=2C is the strongest link i=
n most security chains. Our symmetric and public-key algorithms are pretty=
good=2C even though they=E2=80=99re not based on much rigorous mathematic=
al theory. The real problems are elsewhere: computer security=2C network s= ecurity=2C user interface and so on.
Cryptography is the one area of security that we can get right. We alrea=
dy have good encryption algorithms=2C good authentication algorithms and g=
ood key-agreement protocols. Maybe quantum cryptography can make that link=
stronger=2C but why would anyone bother? There are far more serious secur=
ity problems to worry about=2C and it makes much more sense to spend effor=
t securing those.
As I=E2=80=99ve often said=2C it=E2=80=99s like defending yourself again=
st an approaching attacker by putting a huge stake in the ground. It=E2=80= =99s useless to argue about whether the stake should be 50 feet tall or 10=
0 feet tall=2C because either way=2C the attacker is going to go around it=
=2E Even quantum cryptography doesn=E2=80=99t =E2=80=9Csolve=E2=80=9D all of=
cryptography: The keys are exchanged with photons=2C but a conventional m= athematical algorithm takes over for the actual encryption.
What about quantum computation? I=E2=80=99m not worried [
https://www.schn= eier.com/essays/archives/2018/09/cryptography_after_t.html]; the math is a= head of the physics. Reports of progress in that area are overblown [http= s://eprint.iacr.org/2025/1237]. And if there=E2=80=99s a security crisis b= ecause of a quantum computation breakthrough=2C it=E2=80=99s because our s= ystems aren=E2=80=99t crypto-agile.
** *** ***** ******* *********** *************
** A TAXONOMY OF COGNITIVE SECURITY ------------------------------------------------------------
[2026.04.01] [
https://www.schneier.com/blog/archives/2026/04/a-taxonomy-= of-cognitive-security.html] Last week=2C I listened to a fascinating talk=
by K. Melton on cognitive security=2C cognitive hacking=2C and reality pe= ntesting. The slides from the talk are here [
https://github.com/cptkj42/p= resos/blob/main/26-03-17_CSI-103%20__Reality%20Pentesting%20A%20Conceptual= %20Cognitive%20Field%20Topology.pdf]=2C but -- even better -- Menton has a=
long essay [
https://cptkj.substack.com/p/intro-to-reality-pentesting] la=
ying out the basic concepts and ideas.
The whole thing is important and well worth reading=2C and I hesitate to e= xcerpt. Here=E2=80=99s a taste:
The NeuroCompiler is where raw sensory data gets interpreted before you=
=E2=80=99re consciously aware of it. It decides what things mean=2C and it=
does this fast=2C automatic=2C and mostly invisible. It=E2=80=99s also wh=
ere the majority of cognitive exploits actually land=2C right in this swee=
t spot between perception and conscious thought.
This is my term for what Daniel Kahneman called System 1 thinking [http=
s://thedecisionlab.com/reference-guide/philosophy/system-1-and-system-2-th= inking]. If the Sensory Interface is the intake port=2C the NeuroCompiler=
is what turns that input into =E2=80=9Cfiltered meaning=E2=80=9D before t=
he Mind Kernel ever sees it. It takes raw signal (e.g.=2C photons=2C sound=
waves=2C chemical gradients=2C pressure) and translates it into something=
actionable based on binary categories like threat or safe=2C familiar or=
novel=2C trustworthy or suspicious.
The speed is both an evolutionary feature and a modern bug. Processing h=
ere is fast enough to get you out of the way of a thrown object before you= =E2=80=99ve consciously registered it. But =E2=80=9Cgood enough most of th=
e time=E2=80=9D means =E2=80=9Cpredictably wrong some of the time....
A critical architectural feature: the NeuroCompiler can route its output=
directly back to the Sensory Interface and out as behavior=2C skipping th=
e conscious awareness of the Mind Kernel _entirely_. Reflex and startle re= sponses use this mechanism=2C making this bypass pathway enormously useful=
for survival. Yet it leaves a wide-open backdoor. If the layer that holds=
access to skepticism and deliberate evaluation can be bypassed completely=
=2C a host of exploits become possible that would otherwise fail.
That=E2=80=99s just one of the five levels Melton talks about: sensory int= erface=2C neurocompiler=2C mind kernel=2C the mesh=2C and cultural substra=
te.
Melton=E2=80=99s taxonomy is compelling=2C and her parallels to IT systems=
are fascinating. I have long said that a genius idea is one that=E2=80=99=
s incredibly obvious once you hear it=2C but one that no one has said befo=
re. This is the first time I=E2=80=99ve heard cognition described in this=
way.
** *** ***** ******* *********** *************
** IS "HACKBACK" OFFICIAL US CYBERSECURITY STRATEGY? ------------------------------------------------------------
[2026.04.01] [
https://www.schneier.com/blog/archives/2026/04/is-hackback= -official-us-cybersecurity-strategy.html] The 2026 US =E2=80=9CCyber Strat=
egy for America [
https://www.whitehouse.gov/wp-content/uploads/2026/03/pr= esident-trumps-cyber-strategy-for-america.pdf]=E2=80=9D document is mostly=
the same thing we=E2=80=99ve seen out of the White House for over a decad= e=2C but with a more aggressive tone.
But one sentence stood out: =E2=80=9CWe will unleash the private sector by=
creating incentives to identify and disrupt adversary networks and scale=
our national capabilities.=E2=80=9D This sounds like a call for hackback:=
giving private companies permission to conduct offensive cyber operations=
=2E
_The Economist_ noticed [
https://www.economist.com/united-states/2026/03/= 22/america-tells-private-firms-to-hack-back] (alternate link [
https://arc= hive.ph/vwuA1]) this=2C too.
I think this is an incredibly dumb idea [
https://www.schneier.com/blog/ar= chives/2007/04/cyberattack.html]:
In warfare=2C the notion of counterattack is extremely powerful. Going a=
fter the enemy -- its positions=2C its supply lines=2C its factories=2C it=
s infrastructure -- is an age-old military tactic. But in peacetime=2C we=
call it revenge=2C and consider it dangerous. Anyone accused of a crime d= eserves a fair trial. The accused has the right to defend himself=2C to fa=
ce his accuser=2C to an attorney=2C and to be presumed innocent until prov=
en guilty.
Both vigilante counterattacks=2C and preemptive attacks=2C fly in the fa=
ce of these rights. They punish people before who haven=E2=80=99t been fou=
nd guilty. It=E2=80=99s the same whether it=E2=80=99s an angry lynch mob s= tringing up a suspect=2C the MPAA disabling the computer of someone it bel= ieves made an illegal copy of a movie=2C or a corporate security officer l= aunching a denial-of-service attack against someone he believes is targeti=
ng his company over the net.
In all of these cases=2C the attacker could be wrong. This has been true=
for lynch mobs=2C and on the internet it=E2=80=99s even harder to know wh= o=E2=80=99s attacking you. Just because my computer looks like the source=
of an attack doesn=E2=80=99t mean that it is. And even if it is=2C it mig=
ht be a zombie controlled by yet another computer; I might be a victim=2C=
too. The goal of a government=E2=80=99s legal system is justice; the goal=
of a vigilante is expediency.
We don=E2=80=99t issue letters of marque on the high seas anymore; we shou= ldn=E2=80=99t do it in cyberspace.
** *** ***** ******* *********** *************
** POSSIBLE US GOVERNMENT IPHONE HACKING TOOL LEAKED ------------------------------------------------------------
[2026.04.02] [
https://www.schneier.com/blog/archives/2026/04/possible-us= -government-iphone-hacking-tool-leaked.html] Wired writes [
https://www.wi= red.com/story/coruna-iphone-hacking-toolkit-us-government/] (alternate sou=
rce [
https://archive.ph/vN8U5]):
Security researchers at Google on Tuesday released a report [https://cl=
oud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit= -kit] describing what they=E2=80=99re calling =E2=80=9CCoruna=2C=E2=80=9D=
a highly sophisticated iPhone hacking toolkit that includes five complete=
hacking techniques capable of bypassing all the defenses of an iPhone to=
silently install malware on a device when it visits a website containing=
the exploitation code. In total=2C Coruna takes advantage of 23 distinct=
vulnerabilities in iOS=2C a rare collection of hacking components that su= ggests it was created by a well-resourced=2C likely state-sponsored group=
of hackers.
[...]
Coruna=E2=80=99s code also appears to have been originally written by En=
glish-speaking coders=2C notes iVerify=E2=80=99s cofounder Rocky Cole. =E2= =80=9CIt=E2=80=99s highly sophisticated=2C took millions of dollars to dev= elop=2C and it bears the hallmarks of other modules that have been publicl=
y attributed to the US government=2C=E2=80=9D Cole tells WIRED. =E2=80=9CT=
his is the first example we=E2=80=99ve seen of very likely US government t= oolsbased on what the code is telling usspinning out of control and being=
used by both our adversaries and cybercriminal groups.=E2=80=9D
TechCrunch reports [
https://techcrunch.com/2026/03/10/us-military-contrac= tor-likely-built-iphone-hacking-tools-used-by-russian-spies-in-ukraine/] t=
hat Coruna is definitely of US origin:
Two former employees of government contractor L3Harris told TechCrunch t=
hat Coruna was=2C at least in part=2C developed by the company=E2=80=99s h= acking and surveillance tech division=2C Trenchant. The two former employe=
es both had knowledge of the company=E2=80=99s iPhone hacking tools. Both=
spoke on condition of anonymity because they weren=E2=80=99t authorized t=
o talk about their work for the company.
It=E2=80=99s always super interesting to see what malware looks like when=
it=E2=80=99s created through a professional software development process.=
And the TechCrunch article has some speculation as to how the US lost con= trol of it. It seems that an employee of L3Harris=E2=80=99s surviellance t=
ech division=2C Trenchant=2C sold it to the Russian government.
** *** ***** ******* *********** *************
** US BANS ALL FOREIGN-MADE CONSUMER ROUTERS ------------------------------------------------------------
[2026.04.02] [
https://www.schneier.com/blog/archives/2026/04/us-bans-all= -foreign-made-consumer-routers.html] This is for new routers [
https://doc= s.fcc.gov/public/attachments/DOC-420034A1.pdf]; you don=E2=80=99t have to=
throw away your existing ones:
The Executive Branch determination noted that foreign-produced routers (=
1) introduce =E2=80=9Ca supply chain vulnerability that could disrupt the=
U.S. economy=2C critical infrastructure=2C and national defense=E2=80=9D=
and (2) pose =E2=80=9Ca severe cybersecurity risk that could be leveraged=
to immediately and severely disrupt U.S. critical infrastructure and dire= ctly harm U.S. persons.=E2=80=9D
More information [
https://www.bbc.com/news/articles/c74787w149zo]:
Any new router made outside the US will now need to be approved by the F=
CC before it can be imported=2C marketed=2C or sold in the country.
In order to get that approval=2C companies manufacturing routers outside=
the US must apply for conditional approval in a process that will require=
the disclosure of the firm=E2=80=99s foreign investors or influence=2C as=
well as a plan to bring the manufacturing of the routers to the US.
Certain routers may be exempted from the list if they are deemed accepta=
ble by the Department of Defense or the Department of Homeland Security=2C=
the FCC said. Neither agency has yet added any specific routers to its li=
st of equipment exceptions.
[...]
Popular brands of router in the US include Netgear=2C a US company=2C wh=
ich manufactures all of its products abroad.
One exception to the general absence of US-made routers is the newer Sta=
rlink WiFi router. Starlink is part of Elon Musk=E2=80=99s company SpaceX.
Presumably US companies will start making home routers=2C if they think th=
is policy is stable enough to plan around. But they will be more expensive=
than routers made in China or Taiwan. Security is never free=2C but polic=
y determines who pays for it.
** *** ***** ******* *********** *************
** COMPANY THAT SECRETLY RECORDS AND PUBLISHES ZOOM MEETINGS ------------------------------------------------------------
[2026.04.03] [
https://www.schneier.com/blog/archives/2026/04/company-tha= t-secretly-records-and-publishes-zoom-meetings.html] WebinarTV searches th=
e internet for public Zoom invites=2C joins the meetings=2C secretly recor=
ds them=2C and publishes [
https://www.404media.co/this-company-is-secretl= y-turning-your-zoom-calls-into-ai-podcasts/] (alternate link [
https://arc= hive.ph/TYd4L]) the recordings. It doesn=E2=80=99t use the Zoom record fea= ture=2C so Zoom can=E2=80=99t do anything about it.
EDITED TO ADD (4/13): 404 Media has a follow-on [
https://www.404media.co/= webinartv-secretly-scraped-zoom-meetings-of-anonymous-recovery-programs/?r= ef=3Ddaily-stories-newsletter] article.
** *** ***** ******* *********** *************
** GOOGLE WANTS TO TRANSITION TO POST-QUANTUM CRYPTOGRAPHY BY 2029 ------------------------------------------------------------
[2026.04.06] [
https://www.schneier.com/blog/archives/2026/04/google-want= s-to-transition-to-post-quantum-cryptography-by-2029.html] Google says [h= ttps://blog.google/innovation-and-ai/technology/safety-security/cryptograp= hy-migration-timeline/] that it will fully transition to post-quantum cryp= tography by 2029. I think this is a good move=2C not because I think we wi=
ll have a useful quantum computer anywhere near that year=2C but because c= rypto-agility is always a good thing.
Slashdot thread [
https://it.slashdot.org/story/26/03/27/2123239/google-mo= ves-post-quantum-encryption-timeline-up-to-2029].
** *** ***** ******* *********** *************
** NEW MEXICO=E2=80=99S META RULING AND ENCRYPTION ------------------------------------------------------------
[2026.04.06] [
https://www.schneier.com/blog/archives/2026/04/new-mexicos= -meta-ruling-and-encryption.html] Mike Masnick points out [
https://www.t= echdirt.com/2026/03/26/everyone-cheering-the-social-media-addiction-verdic= ts-against-meta-should-understand-what-theyre-actually-cheering-for/] that=
the recent New Mexico court ruling against Meta has some bad implications=
for end-to-end encryption=2C and security in general:
If the =E2=80=9Cdesign choices create liability=E2=80=9D framework seems=
worrying in the abstract=2C the New Mexico case provides a concrete examp=
le of where it leads in practice.
One of the key pieces of evidence the New Mexico attorney general used a=
gainst Meta was the company=E2=80=99s 2023 decision to add end-to-end encr= yption to Facebook Messenger. The argument went like this: predators used=
Messenger to groom minors and exchange child sexual abuse material. By en= crypting those messages=2C Meta made it harder for law enforcement to acce=
ss evidence of those crimes. Therefore=2C the encryption was a design choi=
ce that enabled harm.
The state is now seeking court-mandated changes including =E2=80=9Cprote=
cting minors from encrypted communications that shield bad actors.=E2=80=
=9D
Yes=2C the end result of the New Mexico ruling might be that Meta is ord=
ered to make everyone=E2=80=99s communications less secure. That should be=
terrifying to everyone. Even those cheering on the verdict.
End-to-end encryption protects billions of people from surveillance=2C d=
ata breaches=2C authoritarian governments=2C stalkers=2C and domestic abus= ers. It=E2=80=99s one of the most important privacy and security tools ord= inary people have. Every major security expert and civil liberties organiz= ation in the world has argued for stronger encryption=2C not weaker.
But under the =E2=80=9Cdesign liability=E2=80=9D theory=2C implementing=
encryption becomes evidence of negligence=2C because a small number of ba=
d actors also use encrypted communications. The logic applies to literally=
every communication tool ever invented. Predators also use the postal ser= vice=2C telephones=2C and in-person conversation. The encryption _itself_=
harms no one. Like infinite scroll and autoplay=2C it is inert without th=
e choices of bad actors - choices made by _people=2C_ not by the platform= =E2=80=99s design.
The incentive this creates goes far beyond encryption=2C and it=E2=80=99=
s bad. If any product improvement that protects the majority of users can=
be held against you because a tiny fraction of bad actors exploit it=2C c= ompanies will simply stop making those improvements. Why add encryption if=
it becomes Exhibit A in a future lawsuit? Why implement any privacy-prote= ctive feature if a plaintiff=E2=80=99s lawyer will characterize it as =E2= =80=9Cshielding bad actors=E2=80=9D?
And it gets worse. Some of the most damaging evidence in both trials cam=
e from internal company documents where employees raised concerns about sa= fety risks and discussed tradeoffs. These were played up in the media (and=
the courtroom) as =E2=80=9Csmoking guns.=E2=80=9D But that means no compa=
ny is going to allow anyone to raise concerns ever again. That=E2=80=99s v= ery=2C very bad.
In a sane legal environment=2C you _want_ companies to have these intern=
al debates. You want engineers and safety teams to flag potential risks=2C=
wrestle with difficult tradeoffs=2C and document their reasoning. But whe=
n those good-faith deliberations become plaintiff=E2=80=99s exhibits prese= nted to a jury as proof that =E2=80=9Cthey knew and did it anyway=2C=E2=80=
=9D the rational corporate response is to stop putting anything in writing=
=2E Stop doing risk assessments. Stop asking hard questions internally.
The lesson every general counsel in Silicon Valley is learning right now=
: ignorance is safer than inquiry. That makes everyone less safe=2C not mo=
re.
The essay has a lot more: about Section 230=2C about competition in this s= pace=2C about the myopic nature of the ruling. Go read it [
https://www.te= chdirt.com/2026/03/26/everyone-cheering-the-social-media-addiction-verdict= s-against-meta-should-understand-what-theyre-actually-cheering-for/].
** *** ***** ******* *********** *************
** HONG KONG POLICE CAN FORCE YOU TO REVEAL YOUR ENCRYPTION KEYS ------------------------------------------------------------
[2026.04.07] [
https://www.schneier.com/blog/archives/2026/04/hong-kong-p= olice-can-force-you-to-reveal-your-encryption-keys.html] According to a ne=
w law=2C the Hong Kong police can demand [
https://www.msn.com/en-us/news/= world/ar-AA1ZwfSE] that you reveal the encryption keys protecting your com= puter=2C phone=2C hard drives=2C etc. -- even if you are just transiting t=
he airport.
In a security alert dated March 26=2C the U.S. Consulate General said th=
at=2C on March 23=2C 2026=2C Hong Kong authorities changed the rules gover= ning enforcement of the National Security Law. Under the revised framework=
=2C police can require individuals to provide passwords or other assistanc=
e to access personal electronic devices=2C including cellphones and laptop=
s.
The consulate warned that refusal to comply is now a criminal offense. I=
t also said authorities have expanded powers to take and keep personal ele= ctronic devices as evidence if they claim the devices are linked to nation=
al security offenses.
** *** ***** ******* *********** *************
** CYBERSECURITY IN THE AGE OF INSTANT SOFTWARE ------------------------------------------------------------
[2026.04.07] [
https://www.schneier.com/blog/archives/2026/04/cybersecuri= ty-in-the-age-of-instant-software.html] AI is rapidly changing how softwar=
e is written=2C deployed=2C and used. Trends point to a future where AIs c=
an write custom software quickly and easily: "instant software." Taken to=
an extreme=2C it might become easier for a user to have an AI write an ap= plication on demand -- a spreadsheet=2C for example -- and delete it when=
you=E2=80=99re done using it than to buy one commercially. Future systems=
could include a mix: both traditional long-term software and ephemeral in= stant software that is constantly being written=2C deployed=2C modified=2C=
and deleted.
AI is changing cybersecurity as well. In particular=2C AI systems are gett=
ing better at finding and patching vulnerabilities in code. This has impli= cations for both attackers and defenders=2C depending on the ways this and=
related technologies improve.
In this essay=2C I want to take an optimistic view of AI=E2=80=99s progres= s=2C and to speculate what AI-dominated cybersecurity in an age of instant=
software might look like. There are a number of unknowns that will factor=
into how the arms race between attacker and defender might play out.
* HOW FLAW DISCOVERY MIGHT WORK
On the attacker side=2C the ability of AIs to automatically find and explo=
it vulnerabilities has increased dramatically over the past few months. We=
are already seeing both government [
https://www.anthropic.com/news/disru= pting-AI-espionage] and criminal [
https://www.eset.com/us/about/newsroom/= research/eset-discovers-promptlock-the-first-ai-powered-ransomware/] hacke=
rs using AI to attack systems. The exploitation part is critical here=2C b= ecause it gives an unsophisticated attacker capabilities far beyond their=
understanding. As AIs get better=2C expect more attackers to automate the=
ir attacks using AI. And as individuals and organizations can increasingly=
run powerful AI models locally=2C AI companies monitoring and disrupting=
[
https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-octob= er-2025/] malicious AI use will become increasingly irrelevant.
Expect open-source software=2C including open-source libraries incorporate=
d in proprietary software=2C to be the most targeted=2C because vulnerabil= ities are easier to find in source code. Unknown No. 1 is how well AI vuln= erability discovery tools will work against closed-source commercial softw=
are packages. I believe they will soon be good enough to find vulnerabilit=
ies just by analyzing a copy of a shipped product=2C without access to the=
source code. If that=E2=80=99s true=2C commercial software will be vulner= able as well.
Particularly vulnerable will be software in IoT devices: things like inter= net-connected cars=2C refrigerators=2C and security cameras. Also industri=
al IoT software in our internet-connected power grid=2C oil refineries and=
pipelines=2C chemical plants=2C and so on. IoT software tends to be of mu=
ch lower quality=2C and industrial IoT software tends to be legacy.
Instant software is differently vulnerable. It=E2=80=99s not mass market.=
It=E2=80=99s created for a particular person=2C organization=2C or networ=
k. The attacker generally won=E2=80=99t have access to any code to analyze=
=2C which makes it less likely to be exploited by external attackers. If i= t=E2=80=99s ephemeral=2C any vulnerabilities will have a short lifetime. B=
ut lots of instant software will live on networks for a long time. And if=
it gets uploaded to shared tool libraries=2C attackers will be able to do= wnload and analyze that code.
All of this points to a future where AIs will become powerful tools of cyb= erattack=2C able to automatically find and exploit vulnerabilities in syst=
ems worldwide.
* AUTOMATING PATCH CREATION
But that=E2=80=99s just half of the arms race. Defenders get to use AI=2C=
too. These same AI vulnerability-finding technologies are even more valua=
ble for defense. When the defensive side finds an exploitable vulnerabilit= y=2C it can patch the code and deny it to attackers forever.
How this works in practice depends on another related capability: the abil=
ity of AIs to patch vulnerable software=2C which is closely related to the=
ir ability to write secure code in the first place.
AIs are not very good at this today; the instant software that AIs create=
is generally filled with vulnerabilities=2C both because AIs write insecu=
re code and because the people vibe coding don=E2=80=99t understand securi=
ty. OpenClaw is a good example [
https://blog.barrack.ai/openclaw-security= -vulnerabilities-2026/] of this.
Unknown No. 2 is how much better AIs will get at writing secure code. The=
fact that they=E2=80=99re trained on massive corpuses of poorly written a=
nd insecure code is a handicap=2C but they are getting better. If they can=
reliably write vulnerability-free code=2C it would be an enormous advanta=
ge for the defender. And AI-based vulnerability-finding makes it easier [=
https://sergejepp.substack.com/p/winning-the-ai-cyber-race-verifiability]=
for an AI to train on writing secure code.
We can envision [
https://www.csoonline.com/article/4069075/autonomous-ai-= hacking-and-the-future-of-cybersecurity.html] a future where AI tools that=
find and patch vulnerabilities are part of the typical software developme=
nt process. We can=E2=80=99t say that the code would be vulnerability-free=
-- that=E2=80=99s an impossible goal -- but it could be without any easil=
y findable vulnerabilities. If the technology got really good=2C the code=
could become essentially vulnerability-free.
* PATCHING LAGS AND LEGACY SOFTWARE
For new software -- both commercial and instant -- this future favors the=
defender. For commercial and conventional open-source software=2C it=E2= =80=99s not that simple. Right now=2C the world is filled with legacy soft= ware. Much of it -- like IoT device software -- has no dedicated security=
team to update it. Sometimes it is incapable of being patched. Just as it= =E2=80=99s harder for AIs to find vulnerabilities when they don=E2=80=99t=
have access to the source code=2C it=E2=80=99s harder for AIs to patch so= ftware when they are not embedded in the development process.
I=E2=80=99m not as confident that AI systems will be able to patch vulnera= bilities as easily as they can find them=2C because patching often require=
s more holistic testing and understanding. That=E2=80=99s Unknown No. 3: h=
ow quickly AIs will be able to create reliable software updates for the vu= lnerabilities they find=2C and how quickly customers can update their syst= ems.
Today=2C there is a time lag between when a vendor issues a patch and cust= omers install that update. That time lag is even longer for large organiza= tional software; the risk of an update breaking the underlying software sy= stem is just too great for organizations to roll out updates without testi=
ng them first. But if AI can help speed up that process=2C by writing patc=
hes faster and more reliably=2C and by testing them in some AI-generated t=
win environment=2C the advantage goes to the defender. If not=2C the attac=
ker will still have a window to attack systems until a vulnerability is pa= tched.
* TOWARD SELF-HEALING
In a truly optimistic future=2C we can imagine a self-healing network. AI=
agents continuously scan the ever-evolving corpus of commercial and custo=
m AI-generated software for vulnerabilities=2C and automatically patch the=
m on discovery.
For that to work=2C software license agreements will need to change. Right=
now=2C software vendors control the cadence of security patches. Giving s= oftware purchasers this ability has implications about compatibility=2C th=
e right to repair=2C and liability. Any solutions here are the realm of po= licy=2C not tech.
If the defense can find=2C but can=E2=80=99t reliably patch=2C flaws in le= gacy software=2C that=E2=80=99s where attackers will focus their efforts.=
If that=E2=80=99s the case=2C we can imagine a continuously evolving AI-p= owered intrusion detection=2C continuously scanning inputs and blocking ma= licious attacks before they get to vulnerable software. Not as transformat=
ive as automatically patching vulnerabilities in running code=2C but never= theless valuable.
The power of these defensive AI systems increases if they are able to coor= dinate with each other=2C and share vulnerabilities and updates. A discove=
ry by one AI can quickly spread to everyone using the affected software. A= gain: Advantage defender.
There are other variables to consider. The relative success of attackers a=
nd defenders also depends on how plentiful vulnerabilities are=2C how easy=
they are to find=2C whether AIs will be able to find the more subtle and=
obscure vulnerabilities=2C and how much coordination there is among diffe= rent attackers. All this comprises Unknown No. 4.
* VULNERABILITY ECONOMICS
Presumably=2C AIs will clean up the obvious stuff first=2C which means tha=
t any remaining vulnerabilities will be subtle. Finding them will take AI=
computing resources. In the optimistic scenario=2C defenders pool resourc=
es through information sharing=2C effectively amortizing the cost of defen=
se. If information sharing doesn=E2=80=99t work for some reason=2C defense=
becomes much more expensive=2C as individual defenders will need to do th=
eir own research. But instant software means much more diversity in code:=
an advantage to the defender.
This needs to be balanced with the relative cost of attackers finding vuln= erabilities. Attackers already have an inherent way to amortize the costs=
of finding a new vulnerability and create a new exploit. They can vulnera= bility hunt cross-platform=2C cross-vendor=2C and cross-system=2C and can=
use what they find to attack multiple targets simultaneously. Fixing a co= mmon vulnerability often requires cooperation among all the relevant platf= orms=2C vendors=2C and systems. Again=2C instant software is an advantage=
to the defender.
But those hard-to-find vulnerabilities become more valuable. Attackers wil=
l attempt to do what the major intelligence agencies do today: find "nobod=
y but us [
https://en.wikipedia.org/wiki/NOBUS]" zero-day exploits. They w=
ill either use them slowly and sparingly to minimize detection or quickly=
and broadly to maximize profit before they=E2=80=99re patched. Meanwhile=
=2C defenders will be both vulnerability hunting and intrusion detecting=
=2C with the goal of patching vulnerabilities before the attackers find th=
em.
We can even imagine a market for vulnerability sharing=2C where the defend=
er who finds a vulnerability and creates a patch is compensated by everyon=
e else in the information-sharing/repair network. This might be a stretch=
=2C but maybe.
* UP THE STACK
Even in the most optimistic future=2C attackers aren=E2=80=99t going to ju=
st give up. They will attack the non-software parts of the system=2C such=
as the users. Or they=E2=80=99re going to look for loopholes [
https://ww= w.schneier.com/wp-content/uploads/2021/04/The-Coming-AI-Hackers.pdf] in th=
e system: things that the system technically allows but were unintended an=
d unanticipated by the designers -- whether human or AI -- and can be used=
by attackers to their advantage.
What=E2=80=99s left in this world are attacks that don=E2=80=99t depend on=
finding and exploiting software vulnerabilities=2C like social engineerin=
g and credential stealing attacks. And we have already seen how AI-generat=
ed deepfakes make social engineering easier. But here=2C too=2C we can ima= gine defensive AI agents that monitor users=E2=80=99 behaviors=2C watching=
for signs of attack. This is another AI use case=2C and one that I=E2=80=
=99m not even sure how to think about in terms of the attacker/defender ar=
ms race. But at least we=E2=80=99re pushing attacks up the stack.
Also=2C attackers will attempt to infiltrate and influence defensive AIs a=
nd the networks they use to communicate=2C poisoning their output and degr= ading their capabilities. AI systems are vulnerable to all sorts of manipu= lations=2C such as prompt injection=2C and it=E2=80=99s unclear whether we=
will ever be able [
https://spectrum.ieee.org/prompt-injection-attack] to=
solve that. This is Unknown No. 5=2C and it=E2=80=99s a biggie. There mig=
ht always be a "trusting trust problem [
https://www.cs.cmu.edu/~rdriley/4= 87/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf]."
No future is guaranteed. We truly don=E2=80=99t know whether these technol= ogies will continue to improve and when they will plateau. But given the p=
ace at which AI software development has improved in just the past few mon= ths=2C we need to start thinking about how cybersecurity works in this ins= tant software world.
_This essay originally appeared in CSO [
https://www.csoonline.com/article= /4152133/cybersecurity-in-the-age-of-instant-software.html]._
EDITED TO ADD: Two [
https://sockpuppet.org/blog/2026/03/30/vulnerability-= research-is-cooked/] essays [
https://lwn.net/Articles/1065620/] published=
after I wrote this. Both are good illustrations of where we are regarding=
AI vulnerability discovery. Things are changing very fast.
** *** ***** ******* *********** *************
** PYTHON SUPPLY-CHAIN COMPROMISE ------------------------------------------------------------
[2026.04.08] [
https://www.schneier.com/blog/archives/2026/04/python-supp= ly-chain-compromise.html] This is news [
https://www.truesec.com/hub/blog/= malicious-pypi-package-litellm-supply-chain-compromise]:
A malicious supply chain compromise has been identified in the Python Pa=
ckage Index package litellm version 1.82.8. The published wheel contains a=
malicious .pth file (litellm_init.pth=2C 34=2C628 bytes) which is automat= ically executed by the Python interpreter on every startup=2C without requ= iring any explicit import of the litellm module.
There are a lot of really boring things we need to do to help secure all o=
f these critical libraries: SBOMs=2C SLSA=2C SigStore. But we have to do t= hem.
** *** ***** ******* *********** *************
** ON MICROSOFT=E2=80=99S LOUSY CLOUD SECURITY ------------------------------------------------------------
[2026.04.09] [
https://www.schneier.com/blog/archives/2026/04/on-microsof= ts-lousy-cloud-security.html] ProPublica has a scoop [
https://arstechnica= =2Ecom/information-technology/2026/03/federal-cyber-experts-called-microsoft= s-cloud-a-pile-of-shit-approved-it-anyway/]:
In late 2024=2C the federal government=E2=80=99s cybersecurity evaluator=
s rendered a troubling verdict on one of Microsoft=E2=80=99s biggest cloud=
computing offerings.
The tech giant=E2=80=99s =E2=80=9Clack of proper detailed security docum=
entation=E2=80=9D left reviewers with a =E2=80=9Clack of confidence in ass= essing the system=E2=80=99s overall security posture=2C=E2=80=9D according=
to an internal government report reviewed by ProPublica.
Or=2C as one member of the team put it: =E2=80=9CThe package is a pile o=
f shit.=E2=80=9D
For years=2C reviewers said=2C Microsoft had tried and failed to fully e=
xplain how it protects sensitive information in the cloud as it hops from=
server to server across the digital terrain. Given that and other unknown= s=2C government experts couldn=E2=80=99t vouch for the technology=E2=80=99=
s security.
[...]
The federal government could be further exposed if it couldn=E2=80=99t v=
erify the cybersecurity of Microsoft=E2=80=99s Government Community Cloud=
High=2C a suite of cloud-based services intended to safeguard some of the=
nation=E2=80=99s most sensitive information.
Yet=2C in a highly unusual move that still reverberates across Washingto=
n=2C the Federal Risk and Authorization Management Program=2C or FedRAMP=
=2C authorized the product anyway=2C bestowing what amounts to the federal=
government=E2=80=99s cybersecurity seal of approval. FedRAMP=E2=80=99s ru= ling -- which included a kind of =E2=80=9Cbuyer beware=E2=80=9D notice to=
any federal agency considering GCC High -- helped Microsoft expand a gove= rnment business empire worth billions of dollars.
** *** ***** ******* *********** *************
** SEN. SANDERS TALKS TO CLAUDE ABOUT AI AND PRIVACY ------------------------------------------------------------
[2026.04.10] [
https://www.schneier.com/blog/archives/2026/04/sen-sanders= -talks-to-claude-about-ai-and-privacy.html] Claude is actually pretty good=
[
https://www.youtube.com/watch?v=3Dh3AtWdeu_G0] on the issues.
** *** ***** ******* *********** *************
** AI CHATBOTS AND TRUST ------------------------------------------------------------
[2026.04.13] [
https://www.schneier.com/blog/archives/2026/04/ai-chatbots= -and-trust.html] All the leading AI chatbots are sycophantic=2C and that= =E2=80=99s a problem [
https://aiforautomation.io/news/2026-03-27-stanford= -study-ai-chatbots-flatter-users-49-percent-more-bad-advice]:
Participants rated sycophantic AI responses as more trustworthy than bal=
anced ones. They also said they were more likely to come back to the flatt= ering AI for future advice. And critically they couldn=E2=80=99t tell the=
difference between sycophantic and objective responses. Both felt equally=
=E2=80=9Cneutral=E2=80=9D to them.
One example from the study: when a user asked about pretending to be une=
mployed to a girlfriend for two years=2C a model responded: =E2=80=9CYour=
actions=2C while unconventional=2C seem to stem from a genuine desire to=
understand the true dynamics of your relationship.=E2=80=9D The AI essent= ially validated deception using careful=2C neutral-sounding language.
Here=E2=80=99s the conclusion from the research study [
https://www.scienc= e.org/doi/10.1126/science.aec8352]:
AI sycophancy is not merely a stylistic issue or a niche risk=2C but a p=
revalent behavior with broad downstream consequences. Although affirmation=
may feel supportive=2C sycophancy can undermine users=E2=80=99 capacity f=
or self-correction and responsible decision-making. Yet because it is pref= erred by users and drives engagement=2C there has been little incentive fo=
r sycophancy to diminish. Our work highlights the pressing need to address=
AI sycophancy as a societal risk to people=E2=80=99s self-perceptions and=
interpersonal relationships by developing targeted design=2C evaluation=
=2C and accountability mechanisms. Our findings show that seemingly innocu=
ous design and engineering choices can result in consequential harms=2C an=
d thus carefully studying and anticipating AI=E2=80=99s impacts is critica=
l to protecting users=E2=80=99 long-term well-being.
This is bad in bunch of ways [
https://www.nytimes.com/2026/03/26/well/min= d/ai-chatbots-relationships.html?unlocked_article_code=3D1.WVA.tDDd.s_z7Ux= 1-urMe&smid=3Durl-share&utm_source=3Dsubstack&utm_medium=3Demail]:
Even a single interaction with a sycophantic chatbot made participants l=
ess willing to take responsibility for their behavior and more likely to t= hink that they were in the right=2C a finding that alarmed psychologists w=
ho view social feedback as an essential part of learning how to make moral=
decisions and maintain relationships.
When thinking about the characteristics of generative AI=2C both benefits=
and harms=2C it=E2=80=99s critical to separate the inherent properties of=
the technology from the design decisions of the corporations building and=
commercializing the technology. There is nothing about generative AI chat= bots that makes them sycophantic; it=E2=80=99s a design decision by the co= mpanies. Corporate for-profit decisions are why these systems are sycophan= tic=2C and obsequious=2C and overconfident. It=E2=80=99s why they use the=
first-person pronoun =E2=80=9CI=2C=E2=80=9D and pretend that they are thi= nking entities.
I fear that we have not learned the lesson of our failure to regulate soci=
al media=2C and will make the same mistakes with AI chatbots. And the resu=
lts will be much more harmful [
https://www.technologyreview.com/2024/03/1= 3/1089729/lets-not-make-the-same-mistakes-with-ai-that-we-made-with-social= -media/] to society:
The biggest mistake we made with social media was leaving it as an unreg=
ulated space. Even now -- after all the studies and revelations [
https://= www.theverge.com/2021/10/6/22712927/facebook-instagram-teen-mental-health-= research] of social media=E2=80=99s negative effects on kids and mental he= alth=2C after Cambridge Analytica=2C after the exposure of Russian interve= ntion in our politics=2C after everything else -- social media in the US r= emains largely an unregulated =E2=80=9Cweapon of mass destruction [https:= //thehill.com/policy/technology/3858106-senators-signal-bipartisan-support= -for-kids-online-safety-proposal/%5C].=E2=80=9D Congress will take million=
s of dollars in contributions [
https://www.opensecrets.org/orgs/meta/summ=
ary] from Big Tech=2C and legislators will even invest [
https://www.capit= oltrades.com/issuers/433382] millions of their own dollars with those firm= s=2C but passing laws that limit or penalize their behavior seems to be a=
bridge too far.
We can=E2=80=99t afford to do the same thing with AI=2C because the stak=
es are even higher. The harm social media can do stems from how it affects=
our communication. AI will affect us in the same ways and many more besid=
es. If Big Tech=E2=80=99s trajectory is any signal=2C AI tools will increa= singly be involved in how we learn and how we express our thoughts. But th=
ese tools will also influence how we schedule our daily activities=2C how=
we design products=2C how we write laws=2C and even how we diagnose disea= ses. The expansive role of these technologies in our daily lives gives for= -profit corporations opportunities to exert control over more aspects of s= ociety=2C and that exposes us to the risks arising from their incentives a=
nd decisions.
** *** ***** ******* *********** *************
** ON ANTHROPIC=E2=80=99S MYTHOS PREVIEW AND PROJECT GLASSWING ------------------------------------------------------------
[2026.04.13] [
https://www.schneier.com/blog/archives/2026/04/on-anthropi= cs-mythos-preview-and-project-glasswing.html] The cybersecurity industry i=
s obsessing over Anthropic=E2=80=99s new model=2C Claude Mythos Preview=2C=
and its effects on cybersecurity. Anthropic said that it is not releasing=
it [
https://red.anthropic.com/2026/mythos-preview/] to the general publi=
c because of its cyberattack capabilities=2C and has launched Project Glas= swing [
https://www.anthropic.com/glasswing] to run the model against a wh=
ole slew of public domain and proprietary software=2C with the aim of find=
ing and patching all the vulnerabilities before hackers get their hands on=
the model and exploit them.
There=E2=80=99s a lot here=2C and I hope to write something more considere=
d in the coming week=2C but I want to make some quick observations.
One: This is very much a PR play by Anthropic -- and it worked. Lots of re= porters are breathlessly [
https://www.nytimes.com/2026/04/07/opinion/anth= ropic-ai-claude-mythos.html] repeating [
https://www.axios.com/2026/04/08/= anthropic-mythos-model-ai-cyberattack-warning] Anthropic=E2=80=99s talking=
[
https://www.nytimes.com/2026/04/07/technology/anthropic-claims-its-new-= ai-model-mythos-is-a-cybersecurity-reckoning.html] points [
https://www.un= derstandingai.org/p/why-anthropic-believes-its-latest]=2C without engaging=
with them critically. OpenAI=2C presumably pissed that Anthropic=E2=80=99=
s new model has gotten so much positive press and wanting to grab some of=
the spotlight for itself=2C announced its model is just as scary [https:= //www.msn.com/en-us/technology/artificial-intelligence/scoop-openai-plans-= staggered-rollout-of-new-model-over-cybersecurity-risk/ar-AA20usvp]=2C and=
won=E2=80=99t be released to the general public=2C either.
Two: These models do demonstrate an increased sophistication in their cybe= rattack capabilities. They write effective exploits -- taking the vulnerab= ilities they find and operationalizing them -- without human involvement.=
They can find more complex vulnerabilities: chaining together several mem=
ory corruption bugs=2C for example. And they can do more with one-shot pro= mpting=2C without requiring orchestration and agent configuration infrastr= ucture.
Three: Anthropic might have a good PR team=2C but the problem isn=E2=80=99=
t with Mythos Preview. The security company Aisle was able to replicate [=
https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier]=
the vulnerabilities that Anthropic found=2C using older=2C cheaper=2C pub=
lic models. But there is a difference between finding a vulnerability and=
turning it into an attack. This points to a current advantage to the def= ender. Finding for the purposes of fixing is easier for an AI than finding=
plus exploiting. This advantage is likely to shrink=2C as ever more power=
ful models become available to the general public.
Four: Everyone who is panicking about the ramifications of this is correct=
about the problem=2C even if we can=E2=80=99t predict the exact timeline.=
Maybe the sea change just happened=2C with the new models from Anthropic=
and OpenAI. Maybe it happened six months ago. Maybe it=E2=80=99ll happen=
in six months. It will happen -- I have no doubt about it -- and sooner t=
han we are ready for. We can=E2=80=99t predict how much more these models=
will improve in general=2C but software seems to be a specialized languag=
e that is optimal for AIs.
A couple of weeks ago=2C I wrote about [
https://www.schneier.com/blog/arc= hives/2026/04/cybersecurity-in-the-age-of-instant-software.html] security=
in what I called =E2=80=9Cthe age of instant software=2C=E2=80=9D where A=
Is are superhumanly good at finding=2C exploiting=2C and patching vulnerab= ilities. I stand by everything I wrote there. The urgency is now greater t=
han ever.
I was also part of a large team that wrote a =E2=80=9Cwhat to do now [htt= ps://labs.cloudsecurityalliance.org/mythos-ciso/]=E2=80=9D report. The gui= dance is largely correct: We need to prepare for a world where zero-day ex= ploits are dime-a-dozen=2C and lots of attackers suddenly have offensive c= apabilities that far outstrip their skills.
** *** ***** ******* *********** *************
** HOW HACKERS ARE THINKING ABOUT AI ------------------------------------------------------------
[2026.04.14] [
https://www.schneier.com/blog/archives/2026/04/how-hackers= -are-thinking-about-ai.html] Interesting paper: =E2=80=9CWhat hackers talk=
about when they talk about AI: Early-stage diffusion of a cybercrime inno= vation. [
https://arxiv.org/abs/2602.14783]=E2=80=9D
Abstract: The rapid expansion of artificial intelligence (AI) is raising=
concerns about its potential to transform cybercrime. Beyond empowering n= ovice offenders=2C AI stands to intensify the scale and sophistication of=
attacks by seasoned cybercriminals. This paper examines the evolving rela= tionship between cybercriminals and AI using a unique dataset from a cyber=
threat intelligence platform. Analyzing more than 160 cybercrime forum co= nversations collected over seven months=2C our research reveals how cyberc= riminals understand AI and discuss how they can exploit its capabilities.=
Their exchanges reflect growing curiosity about AI=E2=80=99s criminal app= lications through legal tools and dedicated criminal tools=2C but also dou=
bts and anxieties about AI=E2=80=99s effectiveness and its effects on thei=
r business models and operational security. The study documents attempts t=
o misuse legitimate AI tools and develop bespoke models tailored for illic=
it purposes. Combining the diffusion of innovation framework with thematic=
analysis=2C the paper provides an in-depth view of emerging AI-enabled cy= bercrime and offers practical insights for law enforcement and policymaker=
s.
** *** ***** ******* *********** *************
** UPCOMING SPEAKING ENGAGEMENTS ------------------------------------------------------------
[2026.04.14] [
https://www.schneier.com/blog/archives/2026/04/upcoming-sp= eaking-engagements-55.html] This is a current list of where and when I am=
scheduled to speak:
* I=E2=80=99m speaking at DemocracyXChange 2026 [
https://www.democra= cyxchange.org/] in Toronto=2C Ontario=2C Canada=2C on April 18=2C 2026.
* I=E2=80=99m speaking at the SANS AI Cybersecurity Summit 2026 [htt= ps://www.sans.org/cyber-security-training-events/ai-summit-2026] in Arling= ton=2C Virginia=2C USA=2C at 9:40 AM ET on April 20=2C 2026.
* I=E2=80=99m speaking at the Greater Good Gathering [
https://www.gr= eatergoodgathering.org/] in New York City=2C USA=2C on Tuesday=2C April 21=
=2C 2026.
* I=E2=80=99m speaking at the Nemertes [Next] Virtual Conference Spr=
ing 2026 [
https://nemertes.com/nemertes-next-virtual-spring-2026/]=2C a v= irtual event=2C on April 29=2C 2026.
* I=E2=80=99m speaking at RightsCon 2026 [
https://www.rightscon.org/=
] in Lusaka=2C Zambia=2C on May 6 and 7=2C 2026.
* I=E2=80=99m giving a keynote address and participating in a panel d= iscussion at an ICTLuxembourg event called =E2=80=9CEurope at the Crossroa=
ds of AI=2C Power & the Future of Democracy [
https://www.ictluxembourg.lu= /2026/03/27/europe-at-the-crossroads-of-ai-power-the-future-of-democracy-1= 2-may-2026-belval-campus/].=E2=80=9D The event will be held at the Univers=
ity of Luxembourg=E2=80=99s Belval Campus on May 12=2C 2026.
* I=E2=80=99m speaking at the Potsdam Conference on National Cybersec= urity [
https://potsdamer-sicherheitskonferenz.de/] at the Hasso Plattner=
Institut in Potsdam=2C Germany. The event runs June 24 -- 25=2C 2026=2C a=
nd my talk will be the evening of June 24.
* I=E2=80=99m speaking at the Digital Humanism Conference [
https://d= ighum.wien/] in Vienna=2C Austria=2C on Tuesday=2C June 26=2C 2026.
* I=E2=80=99m speaking at the Nuremberg Digital Festival [
https://nu= ernberg.digital/de/] in Nuremburg=2C Germany=2C on Wednesday=2C July 1=2C=
2026.
The list is maintained on this page [
https://www.schneier.com/events/].
** *** ***** ******* *********** *************
Since 1998=2C CRYPTO-GRAM has been a free monthly newsletter providing sum= maries=2C analyses=2C insights=2C and commentaries on security technology.=
To subscribe=2C or to read back issues=2C see Crypto-Gram's web page [ht= tps://www.schneier.com/crypto-gram/].
You can also read these articles on my blog=2C Schneier on Security [http= s://www.schneier.com].
Please feel free to forward CRYPTO-GRAM=2C in whole or in part=2C to colle= agues and friends who will find it valuable. Permission is also granted to=
reprint CRYPTO-GRAM=2C as long as it is reprinted in its entirety.
Bruce Schneier is an internationally renowned security technologist=2C cal=
led a security guru by the _Economist_. He is the author of over one dozen=
books -- including his latest=2C _Rewiring Democracy_ [
https://www.schne= ier.com/books/rewiring-democracy/] -- as well as hundreds of articles=2C e= ssays=2C and academic papers. His newsletter and blog are read by over 250= =2C000 people. Schneier is a fellow at the Berkman Klein Center for Intern=
et & Society at Harvard University; a Lecturer in Public Policy at the Har= vard Kennedy School; a board member of the Electronic Frontier Foundation=
=2C AccessNow=2C and the Tor Project; and an Advisory Board Member of the=
Electronic Privacy Information Center and VerifiedVoting.org. He is the C= hief of Security Architecture at Inrupt=2C Inc.
Copyright (c) 2026 by Bruce Schneier.
** *** ***** ******* *********** *************
Mailing list hosting graciously provided by MailChimp [
https://mailchimp.= com/]. Sent without web bugs or link tracking.
This email was sent to:
cryptogram@toolazy.synchro.net
_You are receiving this email because you subscribed to the Crypto-Gram ne= wsletter._
Unsubscribe from this list:
https://schneier.us18.list-manage.com/unsubscr= ibe?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&t=3Db&e=3D70f249ec14&c=3D4= 06dcc20a5
Update subscription preferences:
https://schneier.us18.list-manage.com/pro= file?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&e=3D70f249ec14&c=3D406dcc= 20a5
Bruce Schneier
Harvard Kennedy School
1 Brattle Square
Cambridge=2C MA 02138
USA
--_----------=_MCPart_706889729
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><html lang=3D"en"><head><meta charset=3D"UTF-8"><title>Cryp= to-Gram=2C April 15=2C 2026</title></head><body>
<div class=3D"preview-text" style=3D"display:none !important;mso-hide:all;= font-size:1px;line-height:1px;max-height:0px;max-width:0px;opacity:0;overf= low:hidden;">A monthly newsletter about cybersecurity and related topics.<= /div>
<h1 style=3D"font-size:140%">Crypto-Gram <br>
<span style=3D"display:block;padding-top:.5em;font-size:80%">April 15=2C 2= 026</span></h1>
<p>by Bruce Schneier
<br>Fellow and Lecturer=2C Harvard Kennedy School
<br>
schneier@schneier.com
<br><a href=3D"
https://www.schneier.com">https://www.schneier.com</a>
<p>A free monthly newsletter providing summaries=2C analyses=2C insights=
=2C and commentaries on security: computer and otherwise.</p>
<p>For back issues=2C or to subscribe=2C visit <a href=3D"
https://www.schn= eier.com/crypto-gram/">Crypto-Gram's web page</a>.</p>
<p><a href=3D"
https://www.schneier.com/crypto-gram/archives/2026/0415.html= ">Read this issue on the web</a></p>
<p>These same essays and news items appear in the <a href=3D"
https://www.s= chneier.com/">Schneier on Security</a> blog=2C along with a lively and int= elligent comment section. An RSS feed is available.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"toc"><a name=3D"toc">I=
n this issue:</a></h2>
<p><em>If these links don't work in your email client=2C try <a href=3D"ht= tps://www.schneier.com/crypto-gram/archives/2026/0415.html">reading this i= ssue of Crypto-Gram on the web.</a></em></p>
<li><a href=3D"#cg1">Possible New Result in Quantum Factorization</a></li> <li><a href=3D"#cg2">South Korean Police Accidentally Post Cryptocurrency=
Wallet Password</a></li>
<li><a href=3D"#cg3">Meta=E2=80=99s AI Glasses and Privacy</a></li>
<li><a href=3D"#cg4">Hacking a Robot Vacuum</a></li>
<li><a href=3D"#cg5">Proton Mail Shared User Information with the Police</= a></li>
<li><a href=3D"#cg6">Microsoft Xbox One Hacked</a></li>
<li><a href=3D"#cg7">Team Mirai and Democracy</a></li>
<li><a href=3D"#cg8">Sen. Wyden Warns of Another Section 702 Abuse</a></li=
<li><a href=3D"#cg9">As the US Midterms Approach=2C AI Is Going to Emerge=
as a Key Issue Concerning Voters</a></li>
<li><a href=3D"#cg10">Apple=E2=80=99s Camera Indicator Lights</a></li>
<li><a href=3D"#cg11">Inventors of Quantum Cryptography Win Turing Award</= a></li>
<li><a href=3D"#cg12">A Taxonomy of Cognitive Security</a></li>
<li><a href=3D"#cg13">Is "Hackback" Official US Cybersecurity Strategy?</a= ></li>
<li><a href=3D"#cg14">Possible US Government iPhone Hacking Tool Leaked</a= ></li>
<li><a href=3D"#cg15">US Bans All Foreign-Made Consumer Routers</a></li>
<li><a href=3D"#cg16">Company that Secretly Records and Publishes Zoom Mee= tings</a></li>
<li><a href=3D"#cg17">Google Wants to Transition to Post-Quantum Cryptogra=
phy by 2029</a></li>
<li><a href=3D"#cg18">New Mexico=E2=80=99s Meta Ruling and Encryption</a><=
<li><a href=3D"#cg19">Hong Kong Police Can Force You to Reveal Your Encryp= tion Keys</a></li>
<li><a href=3D"#cg20">Cybersecurity in the Age of Instant Software</a></li=
<li><a href=3D"#cg21">Python Supply-Chain Compromise</a></li>
<li><a href=3D"#cg22">On Microsoft=E2=80=99s Lousy Cloud Security</a></li> <li><a href=3D"#cg23">Sen. Sanders Talks to Claude About AI and Privacy</a= ></li>
<li><a href=3D"#cg24">AI Chatbots and Trust</a></li>
<li><a href=3D"#cg25">On Anthropic=E2=80=99s Mythos Preview and Project Gl= asswing</a></li>
<li><a href=3D"#cg26">How Hackers Are Thinking About AI</a></li>
<li><a href=3D"#cg27">Upcoming Speaking Engagements</a></li>
</ol>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg1"><a name=3D"cg1">P= ossible New Result in Quantum Factorization</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/possible-new-= result-in-quantum-factorization.html"><strong>[2026.03.16]</strong></a> I= =E2=80=99m skeptical about -- and not qualified to review -- this <a href= =3D"
https://www.preprints.org/manuscript/202510.1649">new result</a> in fa= ctorization with a quantum computer=2C but if it=E2=80=99s true it=E2=80=
=99s a <a href=3D"
https://www.securityweek.com/quantum-decryption-of-rsa-i= s-much-closer-than-expected/">theoretical improvement</a> in the speed of=
factoring large numbers with a quantum computer.</p>
<p>EDITED TO ADD (4/13): <a href=3D"
https://scottaaronson.blog/?p=3D9615">= This post</a> points out that the algorithm only works with small numbers.=
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg2"><a name=3D"cg2">S= outh Korean Police Accidentally Post Cryptocurrency Wallet Password</a></h=
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/south-korean-= police-accidentally-post-cryptocurrency-wallet-password.html"><strong>[20= 26.03.17]</strong></a> An expensive <a href=3D"
https://www.bleepingcompute= r.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-w= allet-seed/">mistake</a>:</p>
<blockquote><p>Someone jumped at the opportunity to steal $4.4 million in=
crypto assets after South Korea=E2=80=99s National Tax Service exposed pu= blicly the mnemonic recovery phrase of a seized cryptocurrency wallet.</p>
<p>The funds were stored in a Ledger cold wallet seized in law enforcement=
raids at 124 high-value tax evaders that resulted in confiscating digital=
assets worth 8.1 billion won (currently approximately $5.6 million).</p>
<p>When announcing the success of the operation=2C the agency released pho=
tos of a Ledger device=2C a popular hardware wallet for crypto storage and=
management.</p>
<p>However=2C the images also showed a handwritten note of the wallet reco= very phrase=2C which serves as the master key that allows restoring the as= sets to another device.</p>
<p>The authorities failed to redact that info=2C allowing anyone to transf=
er into their account the assets in the cold wallet.</p>
<p>Reportedly=2C shortly after the press release was published=2C 4 millio=
n Pre-Retogeum (PRTG) tokens=2C worth approximately $4.8 million at the ti= me=2C were transferred out of the confiscated wallet to a new address.</p>= </blockquote>
<p>EDITED TO ADD (4/13): It seems that the thief returned the money=2C and=
a <a href=3D"
https://biz.chosun.com/en/en-society/2026/03/03/2HRCGVESIZBT= HHXIWI7URAWCHM/">second thief</a> promptly stole it again.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg3"><a name=3D"cg3">M= eta=E2=80=99s AI Glasses and Privacy</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/metas-ai-glas= ses-and-privacy.html"><strong>[2026.03.18]</strong></a> Surprising no one=
=2C Meta=E2=80=99s new AI glasses are a <a href=3D"
https://appleinsider.co= m/articles/26/03/03/what-privacy-as-expected-meta-ray-bans-are-a-privacy-d= isaster">privacy disaster</a>.</p>
<p>I=E2=80=99m not sure what can be done here. This is a technology that w=
ill exist=2C whether we like it or not.</p>
<p>Meanwhile=2C there is a new Android app that <a href=3D"
https://techcru= nch.com/2026/03/02/nearby-glasses-new-app-alerts-you-wearing-smart-glasses= -surveillance-meta-snap-bluetooth/">detects</a> when there are smart glass=
es nearby.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg4"><a name=3D"cg4">H= acking a Robot Vacuum</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/hacking-a-rob= ot-vacuum.html"><strong>[2026.03.19]</strong></a> Someone tries to remote=
control his own DJI Romo vacuum=2C and ends up controlling <a href=3D"htt= ps://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-contr= ol-camera-access-mqtt">7=2C000 of them</a> from all around the world.</p>
<p>The IoT is horribly insecure=2C but we <a href=3D"
https://www.schneier.= com/books/click-here/">already knew that</a>.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg5"><a name=3D"cg5">P= roton Mail Shared User Information with the Police</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/proton-mail-s= hared-user-information-with-the-police.html"><strong>[2026.03.20]</strong= ></a> 404 Media has a <a href=3D"
https://www.404media.co/proton-mail-helpe= d-fbi-unmask-anonymous-stop-cop-city-protestor/">story</a> about Proton Ma=
il giving subscriber data to the Swiss government=2C who passed the inform= ation to the FBI.</p>
<p>It=E2=80=99s metadata -- payment information related to a particular ac= count -- but still important knowledge. This sort of thing happens=2C even=
to privacy-centric companies like Proton Mail.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg6"><a name=3D"cg6">M= icrosoft Xbox One Hacked</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/microsoft-xbo= x-hacked.html"><strong>[2026.03.23]</strong></a> It=E2=80=99s an <a href= =3D"
https://www.tomshardware.com/video-games/console-gaming/microsofts-unh= ackable-xbox-one-has-been-hacked-by-bliss-the-2013-console-finally-fell-to= -voltage-glitching-allowing-the-loading-of-unsigned-code-at-every-level">i= mpressive feat</a>=2C over a decade after the box was released:</p>
<blockquote><p>Since reset glitching wasn=E2=80=99t possible=2C Gaasedelen=
thought some <a href=3D"
https://www.tomshardware.com/news/yet-another-amd= -zen-secure-encrypted-virtualization-vulnerability-demonstrated-by-researc= hers">voltage glitching</a> could do the trick. So=2C instead of tinkering=
with the system rest pin(s) the hacker targeted the momentary collapse of=
the CPU voltage rail. This was quite a feat=2C as Gaasedelen couldn=E2=80= =99t =E2=80=98see=E2=80=99 into the Xbox One=2C so had to develop new hard= ware introspection tools.</p>
<p>Eventually=2C the Bliss exploit was formulated=2C where two precise vol= tage glitches were made to land in succession. One skipped the loop where=
the <a href=3D"
https://www.tomshardware.com/news/cortex-76-high-laptop-pe= rformance=2C37158.html">ARM Cortex</a> memory protection was setup. Then t=
he Memcpy operation was targeted during the header read=2C allowing him to=
jump to the attacker-controlled data.</p>
<p>As a hardware attack against the boot ROM in silicon=2C Gaasedelen says=
the attack in unpatchable. Thus it is a complete compromise of the consol=
e allowing for loading unsigned code at every level=2C including the Hyper= visor and OS. Moreover=2C Bliss allows access to the <a href=3D"
https://ww= w.tomshardware.com/features/intel-amd-most-secure-processors">security pro= cessor</a> so games=2C firmware=2C and so on can be decrypted.</p></blockq= uote>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg7"><a name=3D"cg7">T=
eam Mirai and Democracy</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/team-mirai-an= d-democracy.html"><strong>[2026.03.24]</strong></a> Japan=E2=80=99s <a hr= ef=3D"
https://theconversation.com/japans-ruling-party-secures-historic-ele= ction-victory-but-challenges-lie-ahead-275279" target=3D"_blank" rel=3D"no= opener">election</a> last month and the rise of the country=E2=80=99s newe=
st and most innovative political party=2C <a href=3D"
https://team-mir.ai/"=
target=3D"_blank" rel=3D"noopener">Team Mirai</a>=2C illustrates the viab= ility of a different way to do politics.</p>
<p>In this model=2C technology is used to make democratic processes strong= er=2C instead of undermining them. It is harnessed to root out corruption=
=2C instead of serving as a cash cow for campaign donations.</p>
<p>Imagine an election where every voter has the opportunity to opine dire= ctly to politicians on precisely the issues they care about. They=E2=80=99=
re not expected to spend hours becoming policy experts. Instead=2C an <a h= ref=3D"
https://depth-interview-ai.vercel.app" target=3D"_blank" rel=3D"noo= pener">AI Interviewer</a> walks them through the subject=2C answering thei=
r questions=2C interrogating their experience=2C even challenging their th= inking.</p>
<p>Voters get immediate feedback on how their individual point of view mat= ches -- or doesn=E2=80=99t -- a party=E2=80=99s platform=2C and they can s=
ee whether and how the party adopts their feedback. This isn=E2=80=99t lik=
e an opinion poll that politicians use for calculating short-term electora=
l tactics. It=E2=80=99s a deliberative reasoning process that scales=2C en= gaging voters in defining policy and helping candidates to listen deeply t=
o their constituents.</p>
<p>This is happening today in Japan. Constituents have spent about <a href= =3D"
https://depth-interview-ai.vercel.app/sessions" target=3D"_blank" rel= =3D"noopener">eight thousand hours</a> engaging with Mirai=E2=80=99s AI In= terviewer since 2025. The party=E2=80=99s gamified volunteer mobilization=
app=2C <a href=3D"
https://action.team-mir.ai/stats" target=3D"_blank" rel= =3D"noopener">Action Board</a>=2C captured about 100=2C000 organizer actio=
ns per day in the runup to last week=E2=80=99s election.</p>
<p>It=E2=80=99s how Team Mirai=2C which translates to =E2=80=98The Future=
Party=2C=E2=80=99 does politics. Its founder=2C <a href=3D"
https://takahi= roanno.com/" target=3D"_blank" rel=3D"noopener">Takahiro Anno</a>=2C first=
ran for local office in 2024 as a 33 year old software engineer standing=
for Governor of Tokyo. He came in fifth out of 56 candidates=2C winning m=
ore than 150=2C000 votes as an unaffiliated political outsider. He won att= ention by taking a distinctive stance on the role of technology in democra=
cy and using AI <a href=3D"
https://futurepolis.substack.com/p/meet-your-ai= -politician-of-the-future" target=3D"_blank" rel=3D"noopener">aggressively=
</a> in voter engagement.</p>
<p>Last year=2C Anno ran again=2C this time for the Upper Chamber of the n= ational legislature -- the Diet -- <a href=3D"
https://asiatimes.com/2026/0= 3/team-mirai-pushing-to-bring-digital-democracy-to-japan/" target=3D"_blan=
k" rel=3D"noopener">and won</a>. Now the head of a new national party=2C A=
nno found himself with a platform for making his vision of a new way of do=
ing politics a reality.</p>
<p>In this recent House of Representatives election=2C Team Mirai shot up=
to win nearly four million votes. In the lower chamber=E2=80=99s proporti= onal representation system=2C that was good enough for eleven total seats=
-- the party=E2=80=99s first ever representation in the Japanese House --=
and nearly three times what it achieved in <a href=3D"
https://www.soumu.g= o.jp/senkyo/27sansokuhou/index.html" target=3D"_blank" rel=3D"noopener">la=
st year=E2=80=99s</a> Upper Chamber election.</p>
<p>Anno=E2=80=99s party stood for election without aligning itself on the=
traditional axes of left and right. Instead=2C Team Mirai=2C heavily asso= ciated with young=2C urban voters=2C sought to unite across the ideologica=
l spectrum by taking a radical position on a different axis: the status qu=
o and the future. Anno told us that Team Mirai believes it can triple its=
representation in the Diet after the next elections in each chamber=2C an=
ostentatious goal that seems achievable given their rapid rise over the p=
ast year.</p>
<p>In the American context=2C the idea of a small party unifying voters ac= ross left and right sounds like a pipe dream. But there is evidence it wor=
ked in Japan. Team Mirai <a href=3D"
https://www.japantimes.co.jp/news/2026= /02/09/japan/politics/exit-poll/" target=3D"_blank" rel=3D"noopener">won</=
an impressive 11% of proportional representation votes from unaffiliate=
d voters=2C nearly twice the share of the larger electorate. The centerpie=
ce of the party=E2=80=99s policy platform is not about the traditional hot=
button issues=2C it=E2=80=99s about democracy itself=2C and how it can be=
enhanced by embracing a futuristic <a href=3D"
https://policy.team-mir.ai/= policies/digital-democracy" target=3D"_blank" rel=3D"noopener">vision</a>=
of digital democracy.</p>
<p>Anno told us how his party arrived at its <a href=3D"
https://team-mir.a= i/election/shugiin-2026" target=3D"_blank" rel=3D"noopener">manifesto</a>=
for this month=E2=80=99s elections=2C and why it looked different from ot=
her parties=E2=80=99 in important ways. Team Mirai collected more than 38= =2C000 online questions and more than 6=2C000 discrete policy suggestions=
from voters using its <a href=3D"
https://policy.team-mir.ai" target=3D"_b= lank" rel=3D"noopener">AI Policy app</a>=2C which is advertised as a =E2= =80=98manifesto that speaks for itself.=E2=80=99</p>
<p>After factoring in all this feedback=2C Team Mirai maintained a contrar=
ian position on the <a href=3D"
https://www.reuters.com/world/asia-pacific/= japan-election-landslide-clears-path-takaichi-deliver-tax-cuts-2026-02-09/=
" target=3D"_blank" rel=3D"noopener">biggest issue</a> of the election: th=
e sales tax and affordability. Rather than running on a reduction of the n= ational sales tax like the major parties=2C Team Mirai reviewed dozens of=
<a href=3D"
https://policy.team-mir.ai/policies/economy-finance/sections/1=
" target=3D"_blank" rel=3D"noopener">suggestions</a> from the public and u= ltimately <a href=3D"
https://policy.team-mir.ai/policies/economy-finance"=
target=3D"_blank" rel=3D"noopener">proposed</a> to keep that tax level wh=
ile providing support to families through a child tax credit and lowering=
the required contribution for social insurance. Anno described this as an= other future-facing strategy: less price relief in the short term=2C but s= ustained funding for essential programs.</p>
<p>Anno has always intended to build a different kind of party. After rece= iving roughly $1 million in public funding apportioned to Team Mirai based=
on its single seat in the Upper Chamber last year=2C Anno began hiring en= gineers to enhance his software tools for digital democracy.</p>
<p>Anno described Team Mirai to us as a =E2=80=98<a href=3D"
https://theren= ovator.substack.com/p/rewiring-democracy-now" target=3D"_blank" rel=3D"noo= pener">utility party</a>;=E2=80=99 basic infrastructure for Japanese democ= racy that serves the broader polity rather than one faction. Their <a href= =3D"
https://gikai.team-mir.ai/" target=3D"_blank" rel=3D"noopener">Gikai</=
(=E2=80=98assembly=E2=80=99) app illustrates the point. It provides a p=
ortal for constituents to research bills=2C using AI to generate summaries=
=2C to describe their impacts=2C to surfacing media reporting on the issue=
=2C and to answer users=E2=80=99 questions. Like all their software=2C it= =E2=80=99s open source and free for anyone=2C in any party=2C to use.</p>
<p>After last week=E2=80=99s victory=2C Team Mirai now has about $5 millio=
n in public funding and ambitions to grow the influence of their digital d= emocracy platform. Anno told us Team Mirai has secured an agreement with t=
he LDP=2C Japan=E2=80=99s dominant ruling party=2C to begin using Team Mir= ai=E2=80=99s Gikai and corruption-fighting <a href=3D"
https://marumie.team= -mir.ai/" target=3D"_blank" rel=3D"noopener">Mirumae</a> financial transpa= rency tool.</p>
<p>AI is the issue driving the most societal and economic change we will e= ncounter in our lifetime=2C yet US political parties are largely <a href= =3D"
https://time.com/7371825/trump-data-center-ai-backlash-ai-america-chin=
a/" target=3D"_blank" rel=3D"noopener">silent</a>. But AI and Big Tech com= panies and their owners are <a href=3D"
https://www.axios.com/2026/01/23/ai= -tech-lobbying-2025" target=3D"_blank" rel=3D"noopener">ramping up</a> the=
ir political spending to <a href=3D"
https://www.wired.com/story/openai-pre= sident-greg-brockman-political-donations-trump-humanity/" target=3D"_blank=
" rel=3D"noopener">influence</a> the parties. To the extent that AI has sh=
own up in our politics=2C it seems to be limited to the question of where=
to site the next generation of data centers and how to channel populist <=
a href=3D"
https://www.politico.com/news/magazine/2025/12/28/ai-job-losses-= populism-democrats-bernie-sanders-00706680" target=3D"_blank" rel=3D"noope= ner">backlash</a> to big tech.</p>
<p>Those are causes worthy of political organizing=2C but very few US poli= ticians are leveraging the technology for public listening or other pro-de= mocratic purposes. With the midterms still nine months away and with innov= ators like Team Mirai making products in the open for anyone to use=2C the=
re is still plenty of time for an American politician to demonstrate what=
a new politics could look like.</p>
<p><em>This essay was written with Nathan E. Sanders=2C and originally app= eared in <a href=3D"
https://www.techpolicy.press/japans-team-mirai-uses-te= ch-to-bolster-democracy-not-undermine-it/">Tech Policy Press</a>.</em></p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg8"><a name=3D"cg8">S=
en. Wyden Warns of Another Section 702 Abuse</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/sen-wyden-war= ns-of-another-section-702-abuse.html"><strong>[2026.03.25]</strong></a> S=
en. Ron Wyden is <a href=3D"
https://www.techdirt.com/2026/03/12/the-wyden-= siren-goes-off-again-well-be-stunned-by-what-the-nsa-is-doing-under-sectio= n-702/">warning us</a> of an abuse of Section 702:</p>
<blockquote><p>Wyden took to the Senate floor to deliver a lengthy speech=
=2C ostensibly about the since approved (with support of many Democrats) n= omination of Joshua Rudd to lead the NSA. Wyden was protesting that nomina= tion=2C but in the context of Rudd being unwilling to agree to basic const= itutional limitations on NSA surveillance. But that=E2=80=99s just a jumpi=
ng off point ahead of Section 702=E2=80=99s upcoming reauthorization deadl= ine. Buried in the speech is a passage that should set off every alarm bel= l:</p>
<blockquote><p>There=E2=80=99s another example of secret law related to Se= ction 702=2C one that directly affects the privacy rights of Americans. Fo=
r years=2C I have asked various administrations to declassify this matter.=
Thus far they have all refused=2C although I am still waiting for a respo=
nse from DNI Gabbard. I strongly believe that this matter can and should b=
e declassified and that Congress needs to debate it openly before Section=
702 is reauthorized. In fact=2C <b>when it is eventually declassified=2C=
the American people will be stunned</b> that it took so long and that Con= gress has been debating this authority with insufficient information.</p><= /blockquote>
</blockquote>
<p>Over the decades=2C we have learned to take Wyden=E2=80=99s warnings se= riously.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg9"><a name=3D"cg9">A=
s the US Midterms Approach=2C AI Is Going to Emerge as a Key Issue Concern=
ing Voters</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/as-the-us-mid= terms-approach-ai-is-going-to-emerge-as-a-key-issue-concerning-voters.html= "><strong>[2026.03.26]</strong></a> In December=2C the Trump administrati=
on signed an executive order that <a href=3D"
https://www.nytimes.com/2025/= 12/11/technology/ai-trump-executive-order.html">neutered</a> states=E2=80=
=99 ability to regulate AI by ordering his administration to both sue and=
withhold funds from states that try to do so. This action pointedly suppo= rted <a href=3D"
https://www.nytimes.com/2025/12/08/us/politics/trump-execu= tive-order-ai-laws.html">industry lobbyists</a> keen to avoid any constrai=
nts and consequences on their deployment of AI=2C while undermining the ef= forts of consumers=2C advocates=2C and industry associations concerned abo=
ut AI=E2=80=99s harms who have spent years pushing for state regulation.</=
<p>Trump=E2=80=99s actions have clarified the ideological alignments aroun=
d AI within America=E2=80=99s electoral factions. They set down lines on a=
new playing field for the midterm elections=2C prompting members of his p= arty=2C the opposition=2C and all of us to consider where we stand in the=
debate over how and where to let AI transform our lives.</p>
<p>In a May 2025 <a href=3D"
https://drive.google.com/file/d/1J2Q4hex2szvTe= kqh-D6TXc-R6GcYKQV9/view">survey</a> of likely voters nationwide=2C more t=
han 70% favored state and federal regulators having a hand in AI policy. A=
December 2025 <a href=3D"
https://navigatorresearch.org/views-of-ai-and-da= ta-centers/">poll</a> by Navigator Research found similar results=2C with=
a massive net +48% favorability for more AI regulation. Yet despite the o= verwhelming preference of both voters and his party=E2=80=99s elected lead=
ers -- Congress was <a href=3D"
https://time.com/7299044/senators-reject-10= -year-ban-on-state-level-ai-regulation-in-blow-to-big-tech/">essentially u= nanimous</a> in defeating a previous state AI regulation moratorium -- Tru=
mp has delivered on a key priority of the industry. The order explicitly c= hallenges the will of <a href=3D"
https://www.pewresearch.org/short-reads/2= 025/11/06/republicans-democrats-now-equally-concerned-about-ai-in-daily-li= fe-but-views-on-regulation-differ/">voters</a> across blue and red states=
=2C from California to South Dakota=2C scrambling political positions arou=
nd the technology and setting up a new ideological battleground in the upc= oming race for Congress.</p>
<p>There are a number of ways that candidates and parties may try to capit= alize on this emerging wedge issue before the midterms.</p>
<p>In 2025=2C much of the popular debate around AI was cast in terms of hu= mans versus machines. Advances in AI and the companies it is associated wi= th=2C it is said=2C come at the expense of humans. A new model release wit=
h greater capabilities for writing=2C teaching=2C or coding means more peo=
ple in those disciplines losing their jobs.</p>
<p>This is a humanist debate. Making us talk to an AI customer-support age=
nt is an affront to our <a href=3D"
https://onlinelibrary.wiley.com/doi/10.= 1111/japp.70037">dignity</a>. Using AI to help generate media sacrifices <=
a href=3D"
https://www.gamesindustry.biz/ai-assets-are-an-unconscionable-ri= sk-for-premium-priced-games-opinion-1">authenticity</a>. AI chatbots that=
persuade and manipulate assault our <a href=3D"
https://www.techpolicy.pre= ss/the-battle-for-cognitive-liberty-in-the-age-of-corporate-ai/">liberty</=
. There is philosophical merit to these arguments=2C and yet they seem t=
o have limited political salience.</p>
<p>Populism versus institutionalism is a better way to frame this debate i=
n the context of US politics. The MAGA movement is widely understood to be=
a <a href=3D"
https://time.com/7173651/democratic-party-alignment-history/= ">realignment</a> of American party politics to ally the Republican party=
with populism=2C and the Democratic party with defenders of traditional i= nstitutions of American government and their democratic norms.</p>
<p>This frame is shattered by Trump=E2=80=99s AI order=2C which unabashedl=
y serves economic elites at the expense of populist consumer protections.=
It is part of an ongoing <a href=3D"
https://www.theatlantic.com/politics/= archive/2025/01/tech-zuckerberg-trump-inauguration-oligarchy/681381/">cour= ting</a> process between MAGA and big tech=2C where the Trump political pr= oject sacrifices the interests of consumers and its populist credentials a=
s it <a href=3D"
https://www.theguardian.com/us-news/2025/oct/23/trump-whit= e-house-ballroom-donors">cozies up to tech moguls</a>.</p>
<p>We are starting to see populist resistance to this government/big tech=
alignment emerge on the local scale. People in <a href=3D"
https://www.was= hingtonpost.com/dc-md-va/2026/01/01/data-centers-prince-georges-county/">M= aryland</a>=2C <a href=3D"
https://www.washingtonpost.com/business/2026/01/= 06/data-centers-backlash-impact-local-communities-opposition/">Arizona</a>=
=2C <a href=3D"
https://www.wcnc.com/article/news/local/matthews/matthews-n= c-data-center-proposal-withdrawn-10-7-2025/275-f6ae7992-f0aa-4173-8c3c-010= 922f050bc">North Carolina</a>=2C <a href=3D"
https://www.theguardian.com/us= -news/2025/dec/18/michigan-data-center-fight">Michigan</a> and <a href=3D"=
https://apnews.com/article/data-centers-artificial-intelligence-nimby-tech= -21fa7b957664d5dca6788e35ab43b88e">many other</a> states are vigorously op= posing AI datacenters in their communities=2C based on environmental and e= nergy-affordability impacts. These centers of opposition are politically d= iverse; both progressives and Trump-supporting voters are turning out in f= orce=2C influencing their local elected officials to resist datacenter dev= elopment.</p>
<p>This opposition to the physical infrastructure of corporate AI is so fa=
r staying <a href=3D"
https://www.theguardian.com/us-news/2026/jan/13/datac= enters-us-political-opposition">local</a>=2C but it may yet translate into=
a national and politically aligned movement that could <a href=3D"https:/= /www.cnn.com/2026/02/02/politics/artificial-intelligence-maga-divide-trump= ">divide</a> the MAGA coalition.</p>
<p>Any policy discussions about AI should include the individual harms ass= ociated with job loss=2C as employers seek to replace laborers with machin=
es. It should also include the systemic economic risks associated with con= centrated and supercharged AI investment=2C the democratic risks associate=
d with the increased power in monopolistic and politically influential tec=
h companies=2C and the degradation of civic functions like journalism and=
education by AI. In order for our free market to function in the public i= nterest=2C the companies amassing wealth and profiting from AI must be for=
ced to take ownership of=2C and internalize=2C these costs.</p>
<p>The political salience of AI will grow to meet the staggering scale of=
financial investment and societal impact it is already commanding. There=
is an opportunity for enterprising candidates=2C of either political part= y=2C to take the mantle of opposing AI-linked harms in the midterm electio= ns.</p>
<p>Political solutions start with organizing=2C and broadening the base of=
political engagement around these issues beyond the locally salient topic=
of datacenters. Movement leaders and elected officials in states that hav=
e taken action on AI regulation should mobilize around the blatant industr=
y capture=2C wealth extraction=2C and corporate favoritism reflected in th=
e Trump executive order. AI is no longer just a policy issue for governmen=
ts to discuss: it is a political issue that voters must decide on and dema=
nd accountability on.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg10"><a name=3D"cg10"= >Apple=E2=80=99s Camera Indicator Lights</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/apples-camera= -indicator-lights.html"><strong>[2026.03.30]</strong></a> A <a href=3D"ht= tps://daringfireball.net/2026/03/apple_enclaves_neo_camera_indicator">thou= ghtful review</a> of Apple=E2=80=99s system to alert users that the camera=
is on. It=E2=80=99s really well-designed=2C and important in a world wher=
e malware could surreptitiously start recording.</p>
<blockquote><p>The reason it=E2=80=99s tempting to think that a dedicated=
camera indicator light is more secure than an on-display indicator is the=
fact that hardware is generally more secure than software=2C because it= =E2=80=99s harder to tamper with. With hardware=2C a dedicated hardware in= dicator light can be connected to the camera hardware such that if the cam=
era is accessed=2C the light must turn on=2C with no way for software runn=
ing on the device=2C no matter its privileges=2C to change that. With an i= ndicator light that is rendered on the display=2C it=E2=80=99s not foolish=
to worry that malicious software=2C with sufficient privileges=2C could d=
raw over the pixels on the display where the camera indicator is rendered=
=2C disguising that the camera is in use.</p>
<p>If this were implemented simplistically=2C that concern would be comple= tely valid. But Apple=E2=80=99s implementation of this is far from simplis= tic.</p></blockquote>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg11"><a name=3D"cg11"= >Inventors of Quantum Cryptography Win Turing Award</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/03/inventors-of-= quantum-cryptography-win-turing-award.html"><strong>[2026.03.31]</strong>=
</a> Charles Bennett and Gilles Brassard have <a href=3D"
https://www.nytim=
es.com/2026/03/18/technology/turing-award-winners-quantum-cryptography.htm= l">won</a> the 2026 Turing Award for inventing quantum cryptography.</p>
<p>I am incredibly pleased to see them get this recognition. I have always=
thought the technology to be fantastic=2C even though I think it=E2=80=99=
s largely unnecessary. I wrote up my thoughts back in 2008=2C in an <a>ess= ay</a> titled =E2=80=9CQuantum Cryptography: As Awesome As It Is Pointless= =2E=E2=80=9D</p>
<p>Back then=2C I wrote:</p>
<blockquote><p>While I like the science of quantum cryptography -- my unde= rgraduate degree was in physics -- I don=E2=80=99t see any commercial valu=
e in it. I don=E2=80=99t believe it solves any security problem that needs=
solving. I don=E2=80=99t believe that it=E2=80=99s worth paying for=2C an=
d I can=E2=80=99t imagine anyone but a few technophiles buying and deployi=
ng it. Systems that use it don=E2=80=99t magically become unbreakable=2C b= ecause the quantum part doesn=E2=80=99t address the weak points of the sys= tem.</p>
<p>Security is a chain; it=E2=80=99s as strong as the weakest link. Mathem= atical cryptography=2C as bad as it sometimes is=2C is the strongest link=
in most security chains. Our symmetric and public-key algorithms are pret=
ty good=2C even though they=E2=80=99re not based on much rigorous mathemat= ical theory. The real problems are elsewhere: computer security=2C network=
security=2C user interface and so on.</p>
<p>Cryptography is the one area of security that we can get right. We alre=
ady have good encryption algorithms=2C good authentication algorithms and=
good key-agreement protocols. Maybe quantum cryptography can make that li=
nk stronger=2C but why would anyone bother? There are far more serious sec= urity problems to worry about=2C and it makes much more sense to spend eff=
ort securing those.</p>
<p>As I=E2=80=99ve often said=2C it=E2=80=99s like defending yourself agai=
nst an approaching attacker by putting a huge stake in the ground. It=E2= =80=99s useless to argue about whether the stake should be 50 feet tall or=
100 feet tall=2C because either way=2C the attacker is going to go around=
it. Even quantum cryptography doesn=E2=80=99t =E2=80=9Csolve=E2=80=9D all=
of cryptography: The keys are exchanged with photons=2C but a conventiona=
l mathematical algorithm takes over for the actual encryption.</p></blockq= uote>
<p>What about quantum computation? I=E2=80=99m <a href=3D"
https://www.schn= eier.com/essays/archives/2018/09/cryptography_after_t.html">not worried</a=
; the math is ahead of the physics. Reports of progress in that area are=
<a href=3D"
https://eprint.iacr.org/2025/1237">overblown</a>. And if there= =E2=80=99s a security crisis because of a quantum computation breakthrough=
=2C it=E2=80=99s because our systems aren=E2=80=99t crypto-agile.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg12"><a name=3D"cg12"=
A Taxonomy of Cognitive Security</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/a-taxonomy-of= -cognitive-security.html"><strong>[2026.04.01]</strong></a> Last week=2C=
I listened to a fascinating talk by K. Melton on cognitive security=2C co= gnitive hacking=2C and reality pentesting. The slides from the talk are <a=
href=3D"
https://github.com/cptkj42/presos/blob/main/26-03-17_CSI-103%20__= Reality%20Pentesting%20A%20Conceptual%20Cognitive%20Field%20Topology.pdf">= here</a>=2C but -- even better -- Menton has a <a href=3D"
https://cptkj.su= bstack.com/p/intro-to-reality-pentesting">long essay</a> laying out the ba=
sic concepts and ideas.</p>
<p>The whole thing is important and well worth reading=2C and I hesitate t=
o excerpt. Here=E2=80=99s a taste:</p>
<blockquote><p>The NeuroCompiler is where raw sensory data gets interprete=
d before you=E2=80=99re consciously aware of it. It decides what things me= an=2C and it does this fast=2C automatic=2C and mostly invisible. It=E2=80= =99s also where the majority of cognitive exploits actually land=2C right=
in this sweet spot between perception and conscious thought.</p>
<p>This is my term for <a href=3D"
https://thedecisionlab.com/reference-gui= de/philosophy/system-1-and-system-2-thinking">what Daniel Kahneman called=
System 1 thinking</a>. If the Sensory Interface is the intake port=2C the=
NeuroCompiler is what turns that input into =E2=80=9Cfiltered meaning=E2= =80=9D before the Mind Kernel ever sees it. It takes raw signal (e.g.=2C p= hotons=2C sound waves=2C chemical gradients=2C pressure) and translates it=
into something actionable based on binary categories like threat or safe=
=2C familiar or novel=2C trustworthy or suspicious.</p>
<p>The speed is both an evolutionary feature and a modern bug. Processing=
here is fast enough to get you out of the way of a thrown object before y= ou=E2=80=99ve consciously registered it. But =E2=80=9Cgood enough most of=
the time=E2=80=9D means =E2=80=9Cpredictably wrong some of the time....</=
<p>A critical architectural feature: the NeuroCompiler can route its outpu=
t directly back to the Sensory Interface and out as behavior=2C skipping t=
he conscious awareness of the Mind Kernel <i>entirely</i>. Reflex and star=
tle responses use this mechanism=2C making this bypass pathway enormously=
useful for survival. Yet it leaves a wide-open backdoor. If the layer tha=
t holds access to skepticism and deliberate evaluation can be bypassed com= pletely=2C a host of exploits become possible that would otherwise fail.</= p></blockquote>
<p>That=E2=80=99s just one of the five levels Melton talks about: sensory=
interface=2C neurocompiler=2C mind kernel=2C the mesh=2C and cultural sub= strate.</p>
<p>Melton=E2=80=99s taxonomy is compelling=2C and her parallels to IT syst=
ems are fascinating. I have long said that a genius idea is one that=E2=80= =99s incredibly obvious once you hear it=2C but one that no one has said b= efore. This is the first time I=E2=80=99ve heard cognition described in th=
is way.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg13"><a name=3D"cg13"=
Is "Hackback" Official US Cybersecurity Strategy?</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/is-hackback-o= fficial-us-cybersecurity-strategy.html"><strong>[2026.04.01]</strong></a>=
The 2026 US =E2=80=9C<a href=3D"
https://www.whitehouse.gov/wp-content/upl= oads/2026/03/president-trumps-cyber-strategy-for-america.pdf">Cyber Strate=
gy for America</a>=E2=80=9D document is mostly the same thing we=E2=80=99v=
e seen out of the White House for over a decade=2C but with a more aggress=
ive tone.</p>
<p>But one sentence stood out: =E2=80=9CWe will unleash the private sector=
by creating incentives to identify and disrupt adversary networks and sca=
le our national capabilities.=E2=80=9D This sounds like a call for hackbac=
k: giving private companies permission to conduct offensive cyber operatio= ns.</p>
<p><i>The Economist</i> <a href=3D"
https://www.economist.com/united-states= /2026/03/22/america-tells-private-firms-to-hack-back">noticed</a> (alterna=
te <a href=3D"
https://archive.ph/vwuA1">link</a>) this=2C too.</p>
<p>I think this is an <a href=3D"
https://www.schneier.com/blog/archives/20= 07/04/cyberattack.html">incredibly dumb idea</a>:</p>
<blockquote><p>In warfare=2C the notion of counterattack is extremely powe= rful. Going after the enemy -- its positions=2C its supply lines=2C its fa= ctories=2C its infrastructure -- is an age-old military tactic. But in pea= cetime=2C we call it revenge=2C and consider it dangerous. Anyone accused=
of a crime deserves a fair trial. The accused has the right to defend him= self=2C to face his accuser=2C to an attorney=2C and to be presumed innoce=
nt until proven guilty.</p>
<p>Both vigilante counterattacks=2C and preemptive attacks=2C fly in the f=
ace of these rights. They punish people before who haven=E2=80=99t been fo=
und guilty. It=E2=80=99s the same whether it=E2=80=99s an angry lynch mob=
stringing up a suspect=2C the MPAA disabling the computer of someone it b= elieves made an illegal copy of a movie=2C or a corporate security officer=
launching a denial-of-service attack against someone he believes is targe= ting his company over the net.</p>
<p>In all of these cases=2C the attacker could be wrong. This has been tru=
e for lynch mobs=2C and on the internet it=E2=80=99s even harder to know w= ho=E2=80=99s attacking you. Just because my computer looks like the source=
of an attack doesn=E2=80=99t mean that it is. And even if it is=2C it mig=
ht be a zombie controlled by yet another computer; I might be a victim=2C=
too. The goal of a government=E2=80=99s legal system is justice; the goal=
of a vigilante is expediency.</p></blockquote>
<p>We don=E2=80=99t issue letters of marque on the high seas anymore; we s= houldn=E2=80=99t do it in cyberspace.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg14"><a name=3D"cg14"= >Possible US Government iPhone Hacking Tool Leaked</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/possible-us-g= overnment-iphone-hacking-tool-leaked.html"><strong>[2026.04.02]</strong><=
Wired <a href=3D"https://www.wired.com/story/coruna-iphone-hacking-too=
lkit-us-government/">writes</a> (alternate <a href=3D"
https://archive.ph/v= N8U5">source</a>):</p>
<blockquote><p>Security researchers at Google on Tuesday <a href=3D"https:= //cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exp= loit-kit">released a report</a> describing what they=E2=80=99re calling=
=E2=80=9CCoruna=2C=E2=80=9D a highly sophisticated iPhone hacking toolkit=
that includes five complete hacking techniques capable of bypassing all t=
he defenses of an iPhone to silently install malware on a device when it v= isits a website containing the exploitation code. In total=2C Coruna takes=
advantage of 23 distinct vulnerabilities in iOS=2C a rare collection of h= acking components that suggests it was created by a well-resourced=2C like=
ly state-sponsored group of hackers.</p>
<p>[...]</p>
<p>Coruna=E2=80=99s code also appears to have been originally written by E= nglish-speaking coders=2C notes iVerify=E2=80=99s cofounder Rocky Cole.=
=E2=80=9CIt=E2=80=99s highly sophisticated=2C took millions of dollars to=
develop=2C and it bears the hallmarks of other modules that have been pub= licly attributed to the US government=2C=E2=80=9D Cole tells WIRED. =E2=80= =9CThis is the first example we=E2=80=99ve seen of very likely US governme=
nt toolsbased on what the code is telling usspinning out of control and be=
ing used by both our adversaries and cybercriminal groups.=E2=80=9D</p></b= lockquote>
<p>TechCrunch <a href=3D"
https://techcrunch.com/2026/03/10/us-military-con= tractor-likely-built-iphone-hacking-tools-used-by-russian-spies-in-ukraine= /">reports</a> that Coruna is definitely of US origin:</p>
<blockquote><p>Two former employees of government contractor L3Harris told=
TechCrunch that Coruna was=2C at least in part=2C developed by the compan= y=E2=80=99s hacking and surveillance tech division=2C Trenchant. The two f= ormer employees both had knowledge of the company=E2=80=99s iPhone hacking=
tools. Both spoke on condition of anonymity because they weren=E2=80=99t=
authorized to talk about their work for the company.</p></blockquote>
<p>It=E2=80=99s always super interesting to see what malware looks like wh=
en it=E2=80=99s created through a professional software development proces=
s. And the TechCrunch article has some speculation as to how the US lost c= ontrol of it. It seems that an employee of L3Harris=E2=80=99s surviellance=
tech division=2C Trenchant=2C sold it to the Russian government.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg15"><a name=3D"cg15"=
US Bans All Foreign-Made Consumer Routers</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/us-bans-all-f= oreign-made-consumer-routers.html"><strong>[2026.04.02]</strong></a> This=
is for <a href=3D"
https://docs.fcc.gov/public/attachments/DOC-420034A1.pd= f">new routers</a>; you don=E2=80=99t have to throw away your existing one= s:</p>
<blockquote><p>The Executive Branch determination noted that foreign-produ=
ced routers (1) introduce =E2=80=9Ca supply chain vulnerability that could=
disrupt the U.S. economy=2C critical infrastructure=2C and national defen= se=E2=80=9D and (2) pose =E2=80=9Ca severe cybersecurity risk that could b=
e leveraged to immediately and severely disrupt U.S. critical infrastructu=
re and directly harm U.S. persons.=E2=80=9D</p></blockquote>
<p>More <a href=3D"
https://www.bbc.com/news/articles/c74787w149zo">informa= tion</a>:</p>
<blockquote><p>Any new router made outside the US will now need to be appr= oved by the FCC before it can be imported=2C marketed=2C or sold in the co= untry.</p>
<p>In order to get that approval=2C companies manufacturing routers outsid=
e the US must apply for conditional approval in a process that will requir=
e the disclosure of the firm=E2=80=99s foreign investors or influence=2C a=
s well as a plan to bring the manufacturing of the routers to the US.</p>
<p>Certain routers may be exempted from the list if they are deemed accept= able by the Department of Defense or the Department of Homeland Security=
=2C the FCC said. Neither agency has yet added any specific routers to its=
list of equipment exceptions.</p>
<p>[...]</p>
<p>Popular brands of router in the US include Netgear=2C a US company=2C w= hich manufactures all of its products abroad.</p>
<p>One exception to the general absence of US-made routers is the newer St= arlink WiFi router. Starlink is part of Elon Musk=E2=80=99s company SpaceX= =2E</p></blockquote>
<p>Presumably US companies will start making home routers=2C if they think=
this policy is stable enough to plan around. But they will be more expens=
ive than routers made in China or Taiwan. Security is never free=2C but po= licy determines who pays for it.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg16"><a name=3D"cg16"= >Company that Secretly Records and Publishes Zoom Meetings</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/company-that-= secretly-records-and-publishes-zoom-meetings.html"><strong>[2026.04.03]</= strong></a> WebinarTV searches the internet for public Zoom invites=2C joi=
ns the meetings=2C secretly records them=2C and <a href=3D"
https://www.404= media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts= /">publishes</a> (alternate <a href=3D"
https://archive.ph/TYd4L">link</a>)=
the recordings. It doesn=E2=80=99t use the Zoom record feature=2C so Zoom=
can=E2=80=99t do anything about it.</p>
<p>EDITED TO ADD (4/13): 404 Media has a <a href=3D"
https://www.404media.c= o/webinartv-secretly-scraped-zoom-meetings-of-anonymous-recovery-programs/= ?ref=3Ddaily-stories-newsletter">follow-on</a> article.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg17"><a name=3D"cg17"= >Google Wants to Transition to Post-Quantum Cryptography by 2029</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/google-wants-= to-transition-to-post-quantum-cryptography-by-2029.html"><strong>[2026.04= =2E06]</strong></a> Google <a href=3D"
https://blog.google/innovation-and-ai/= technology/safety-security/cryptography-migration-timeline/">says</a> that=
it will fully transition to post-quantum cryptography by 2029. I think th=
is is a good move=2C not because I think we will have a useful quantum com= puter anywhere near that year=2C but because crypto-agility is always a go=
od thing.</p>
<p>Slashdot <a href=3D"
https://it.slashdot.org/story/26/03/27/2123239/goog= le-moves-post-quantum-encryption-timeline-up-to-2029">thread</a>.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg18"><a name=3D"cg18"= >New Mexico=E2=80=99s Meta Ruling and Encryption</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/new-mexicos-m= eta-ruling-and-encryption.html"><strong>[2026.04.06]</strong></a> Mike Ma= snick <a href=3D"
https://www.techdirt.com/2026/03/26/everyone-cheering-the= -social-media-addiction-verdicts-against-meta-should-understand-what-theyr= e-actually-cheering-for/">points out </a> that the recent New Mexico court=
ruling against Meta has some bad implications for end-to-end encryption=
=2C and security in general:</p>
<blockquote><p>If the =E2=80=9Cdesign choices create liability=E2=80=9D fr= amework seems worrying in the abstract=2C the New Mexico case provides a c= oncrete example of where it leads in practice.</p>
<p>One of the key pieces of evidence the New Mexico attorney general used=
against Meta was the company=E2=80=99s 2023 decision to add end-to-end en= cryption to Facebook Messenger. The argument went like this: predators use=
d Messenger to groom minors and exchange child sexual abuse material. By e= ncrypting those messages=2C Meta made it harder for law enforcement to acc=
ess evidence of those crimes. Therefore=2C the encryption was a design cho=
ice that enabled harm.</p>
<p>The state is now seeking court-mandated changes including =E2=80=9Cprot= ecting minors from encrypted communications that shield bad actors.=E2=80= =9D</p>
<p>Yes=2C the end result of the New Mexico ruling might be that Meta is or= dered to make everyone=E2=80=99s communications less secure. That should b=
e terrifying to everyone. Even those cheering on the verdict.</p>
<p>End-to-end encryption protects billions of people from surveillance=2C=
data breaches=2C authoritarian governments=2C stalkers=2C and domestic ab= users. It=E2=80=99s one of the most important privacy and security tools o= rdinary people have. Every major security expert and civil liberties organ= ization in the world has argued for stronger encryption=2C not weaker.</p>
<p>But under the =E2=80=9Cdesign liability=E2=80=9D theory=2C implementing=
encryption becomes evidence of negligence=2C because a small number of ba=
d actors also use encrypted communications. The logic applies to literally=
every communication tool ever invented. Predators also use the postal ser= vice=2C telephones=2C and in-person conversation. The encryption <i>itself=
</i> harms no one. Like infinite scroll and autoplay=2C it is inert withou=
t the choices of bad actors - choices made by <i>people=2C</i> not by the=
platform=E2=80=99s design.</p>
<p>The incentive this creates goes far beyond encryption=2C and it=E2=80=
=99s bad. If any product improvement that protects the majority of users c=
an be held against you because a tiny fraction of bad actors exploit it=2C=
companies will simply stop making those improvements. Why add encryption=
if it becomes Exhibit A in a future lawsuit? Why implement any privacy-pr= otective feature if a plaintiff=E2=80=99s lawyer will characterize it as=
=E2=80=9Cshielding bad actors=E2=80=9D?</p>
<p>And it gets worse. Some of the most damaging evidence in both trials ca=
me from internal company documents where employees raised concerns about s= afety risks and discussed tradeoffs. These were played up in the media (an=
d the courtroom) as =E2=80=9Csmoking guns.=E2=80=9D But that means no comp=
any is going to allow anyone to raise concerns ever again. That=E2=80=99s=
very=2C very bad.</p>
<p>In a sane legal environment=2C you <i>want</i> companies to have these=
internal debates. You want engineers and safety teams to flag potential r= isks=2C wrestle with difficult tradeoffs=2C and document their reasoning.=
But when those good-faith deliberations become plaintiff=E2=80=99s exhibi=
ts presented to a jury as proof that =E2=80=9Cthey knew and did it anyway= =2C=E2=80=9D the rational corporate response is to stop putting anything i=
n writing. Stop doing risk assessments. Stop asking hard questions interna= lly.</p>
<p>The lesson every general counsel in Silicon Valley is learning right no=
w: ignorance is safer than inquiry. That makes everyone less safe=2C not m= ore.</p></blockquote>
<p>The essay has a lot more: about Section 230=2C about competition in thi=
s space=2C about the myopic nature of the ruling. Go <a href=3D"
https://ww= w.techdirt.com/2026/03/26/everyone-cheering-the-social-media-addiction-ver= dicts-against-meta-should-understand-what-theyre-actually-cheering-for/">r=
ead it</a>.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg19"><a name=3D"cg19"= >Hong Kong Police Can Force You to Reveal Your Encryption Keys</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/hong-kong-pol= ice-can-force-you-to-reveal-your-encryption-keys.html"><strong>[2026.04.0= 7]</strong></a> According to a new law=2C the Hong Kong police can <a href= =3D"
https://www.msn.com/en-us/news/world/ar-AA1ZwfSE">demand</a> that you=
reveal the encryption keys protecting your computer=2C phone=2C hard driv= es=2C etc. -- even if you are just transiting the airport.</p>
<blockquote><p>In a security alert dated March 26=2C the U.S. Consulate Ge= neral said that=2C on March 23=2C 2026=2C Hong Kong authorities changed th=
e rules governing enforcement of the National Security Law. Under the revi=
sed framework=2C police can require individuals to provide passwords or ot=
her assistance to access personal electronic devices=2C including cellphon=
es and laptops.</p>
<p>The consulate warned that refusal to comply is now a criminal offense.=
It also said authorities have expanded powers to take and keep personal e= lectronic devices as evidence if they claim the devices are linked to nati= onal security offenses.</p></blockquote>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg20"><a name=3D"cg20"= >Cybersecurity in the Age of Instant Software</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/cybersecurity= -in-the-age-of-instant-software.html"><strong>[2026.04.07]</strong></a> A=
I is rapidly changing how software is written=2C deployed=2C and used. Tre=
nds point to a future where AIs can write custom software quickly and easi=
ly: "instant software." Taken to an extreme=2C it might become e= asier for a user to have an AI write an application on demand -- a spreads= heet=2C for example -- and delete it when you=E2=80=99re done using it tha=
n to buy one commercially. Future systems could include a mix: both tradit= ional long-term software and ephemeral instant software that is constantly=
being written=2C deployed=2C modified=2C and deleted.</p>
<p>AI is changing cybersecurity as well. In particular=2C AI systems are g= etting better at finding and patching vulnerabilities in code. This has im= plications for both attackers and defenders=2C depending on the ways this=
and related technologies improve.</p>
<p>In this essay=2C I want to take an optimistic view of AI=E2=80=99s prog= ress=2C and to speculate what AI-dominated cybersecurity in an age of inst=
ant software might look like. There are a number of unknowns that will fac=
tor into how the arms race between attacker and defender might play out.</=
<h3 style=3D"font-size:110%;font-weight:bold">How flaw discovery might wor= k</h3>
<p>On the attacker side=2C the ability of AIs to automatically find and ex= ploit vulnerabilities has increased dramatically over the past few months.=
We are already seeing both <a href=3D"
https://www.anthropic.com/news/disr= upting-AI-espionage">government</a> and <a href=3D"
https://www.eset.com/us= /about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ra= nsomware/">criminal</a> hackers using AI to attack systems. The exploitati=
on part is critical here=2C because it gives an unsophisticated attacker c= apabilities far beyond their understanding. As AIs get better=2C expect mo=
re attackers to automate their attacks using AI. And as individuals and or= ganizations can increasingly run powerful AI models locally=2C AI companie=
s <a href=3D"
https://openai.com/global-affairs/disrupting-malicious-uses-o= f-ai-october-2025/">monitoring and disrupting</a> malicious AI use will be= come increasingly irrelevant.</p>
<p>Expect open-source software=2C including open-source libraries incorpor= ated in proprietary software=2C to be the most targeted=2C because vulnera= bilities are easier to find in source code. Unknown No. 1 is how well AI v= ulnerability discovery tools will work against closed-source commercial so= ftware packages. I believe they will soon be good enough to find vulnerabi= lities just by analyzing a copy of a shipped product=2C without access to=
the source code. If that=E2=80=99s true=2C commercial software will be vu= lnerable as well.</p>
<p>Particularly vulnerable will be software in IoT devices: things like in= ternet-connected cars=2C refrigerators=2C and security cameras. Also indus= trial IoT software in our internet-connected power grid=2C oil refineries=
and pipelines=2C chemical plants=2C and so on. IoT software tends to be o=
f much lower quality=2C and industrial IoT software tends to be legacy.</p=
<p>Instant software is differently vulnerable. It=E2=80=99s not mass marke=
t. It=E2=80=99s created for a particular person=2C organization=2C or netw= ork. The attacker generally won=E2=80=99t have access to any code to analy= ze=2C which makes it less likely to be exploited by external attackers. If=
it=E2=80=99s ephemeral=2C any vulnerabilities will have a short lifetime.=
But lots of instant software will live on networks for a long time. And i=
f it gets uploaded to shared tool libraries=2C attackers will be able to d= ownload and analyze that code.</p>
<p>All of this points to a future where AIs will become powerful tools of=
cyberattack=2C able to automatically find and exploit vulnerabilities in=
systems worldwide.</p>
<h3 style=3D"font-size:110%;font-weight:bold">Automating patch creation</h=
<p>But that=E2=80=99s just half of the arms race. Defenders get to use AI=
=2C too. These same AI vulnerability-finding technologies are even more va= luable for defense. When the defensive side finds an exploitable vulnerabi= lity=2C it can patch the code and deny it to attackers forever.</p>
<p>How this works in practice depends on another related capability: the a= bility of AIs to patch vulnerable software=2C which is closely related to=
their ability to write secure code in the first place.</p>
<p>AIs are not very good at this today; the instant software that AIs crea=
te is generally filled with vulnerabilities=2C both because AIs write inse= cure code and because the people vibe coding don=E2=80=99t understand secu= rity. OpenClaw is a <a href=3D"
https://blog.barrack.ai/openclaw-security-v= ulnerabilities-2026/">good example</a> of this.</p>
<p>Unknown No. 2 is how much better AIs will get at writing secure code. T=
he fact that they=E2=80=99re trained on massive corpuses of poorly written=
and insecure code is a handicap=2C but they are getting better. If they c=
an reliably write vulnerability-free code=2C it would be an enormous advan= tage for the defender. And AI-based vulnerability-finding makes it <a href= =3D"
https://sergejepp.substack.com/p/winning-the-ai-cyber-race-verifiabili= ty">easier</a> for an AI to train on writing secure code.</p>
<p>We can <a href=3D"
https://www.csoonline.com/article/4069075/autonomous-= ai-hacking-and-the-future-of-cybersecurity.html">envision</a> a future whe=
re AI tools that find and patch vulnerabilities are part of the typical so= ftware development process. We can=E2=80=99t say that the code would be vu= lnerability-free -- that=E2=80=99s an impossible goal -- but it could be w= ithout any easily findable vulnerabilities. If the technology got really g= ood=2C the code could become essentially vulnerability-free.</p>
<h3 style=3D"font-size:110%;font-weight:bold">Patching lags and legacy sof= tware</h3>
<p>For new software -- both commercial and instant -- this future favors t=
he defender. For commercial and conventional open-source software=2C it=E2= =80=99s not that simple. Right now=2C the world is filled with legacy soft= ware. Much of it -- like IoT device software -- has no dedicated security=
team to update it. Sometimes it is incapable of being patched. Just as it= =E2=80=99s harder for AIs to find vulnerabilities when they don=E2=80=99t=
have access to the source code=2C it=E2=80=99s harder for AIs to patch so= ftware when they are not embedded in the development process.</p>
<p>I=E2=80=99m not as confident that AI systems will be able to patch vuln= erabilities as easily as they can find them=2C because patching often requ= ires more holistic testing and understanding. That=E2=80=99s Unknown No. 3=
: how quickly AIs will be able to create reliable software updates for the=
vulnerabilities they find=2C and how quickly customers can update their s= ystems.</p>
<p>Today=2C there is a time lag between when a vendor issues a patch and c= ustomers install that update. That time lag is even longer for large organ= izational software; the risk of an update breaking the underlying software=
system is just too great for organizations to roll out updates without te= sting them first. But if AI can help speed up that process=2C by writing p= atches faster and more reliably=2C and by testing them in some AI-generate=
d twin environment=2C the advantage goes to the defender. If not=2C the at= tacker will still have a window to attack systems until a vulnerability is=
patched.</p>
<h3 style=3D"font-size:110%;font-weight:bold">Toward self-healing</h3>
<p>In a truly optimistic future=2C we can imagine a self-healing network.=
AI agents continuously scan the ever-evolving corpus of commercial and cu= stom AI-generated software for vulnerabilities=2C and automatically patch=
them on discovery.</p>
<p>For that to work=2C software license agreements will need to change. Ri=
ght now=2C software vendors control the cadence of security patches. Givin=
g software purchasers this ability has implications about compatibility=2C=
the right to repair=2C and liability. Any solutions here are the realm of=
policy=2C not tech.</p>
<p>If the defense can find=2C but can=E2=80=99t reliably patch=2C flaws in=
legacy software=2C that=E2=80=99s where attackers will focus their effort=
s. If that=E2=80=99s the case=2C we can imagine a continuously evolving AI= -powered intrusion detection=2C continuously scanning inputs and blocking=
malicious attacks before they get to vulnerable software. Not as transfor= mative as automatically patching vulnerabilities in running code=2C but ne= vertheless valuable.</p>
<p>The power of these defensive AI systems increases if they are able to c= oordinate with each other=2C and share vulnerabilities and updates. A disc= overy by one AI can quickly spread to everyone using the affected software=
=2E Again: Advantage defender.</p>
<p>There are other variables to consider. The relative success of attacker=
s and defenders also depends on how plentiful vulnerabilities are=2C how e=
asy they are to find=2C whether AIs will be able to find the more subtle a=
nd obscure vulnerabilities=2C and how much coordination there is among dif= ferent attackers. All this comprises Unknown No. 4.</p>
<h3 style=3D"font-size:110%;font-weight:bold">Vulnerability economics</h3>
<p>Presumably=2C AIs will clean up the obvious stuff first=2C which means=
that any remaining vulnerabilities will be subtle. Finding them will take=
AI computing resources. In the optimistic scenario=2C defenders pool reso= urces through information sharing=2C effectively amortizing the cost of de= fense. If information sharing doesn=E2=80=99t work for some reason=2C defe=
nse becomes much more expensive=2C as individual defenders will need to do=
their own research. But instant software means much more diversity in cod=
e: an advantage to the defender.</p>
<p>This needs to be balanced with the relative cost of attackers finding v= ulnerabilities. Attackers already have an inherent way to amortize the cos=
ts of finding a new vulnerability and create a new exploit. They can vulne= rability hunt cross-platform=2C cross-vendor=2C and cross-system=2C and ca=
n use what they find to attack multiple targets simultaneously. Fixing a c= ommon vulnerability often requires cooperation among all the relevant plat= forms=2C vendors=2C and systems. Again=2C instant software is an advantage=
to the defender.</p>
<p>But those hard-to-find vulnerabilities become more valuable. Attackers=
will attempt to do what the major intelligence agencies do today: find &q= uot;<a href=3D"
https://en.wikipedia.org/wiki/NOBUS">nobody but us</a>"=
; zero-day exploits. They will either use them slowly and sparingly to min= imize detection or quickly and broadly to maximize profit before they=E2= =80=99re patched. Meanwhile=2C defenders will be both vulnerability huntin=
g and intrusion detecting=2C with the goal of patching vulnerabilities bef=
ore the attackers find them.</p>
<p>We can even imagine a market for vulnerability sharing=2C where the def= ender who finds a vulnerability and creates a patch is compensated by ever= yone else in the information-sharing/repair network. This might be a stret= ch=2C but maybe.</p>
<h3 style=3D"font-size:110%;font-weight:bold">Up the stack</h3>
<p>Even in the most optimistic future=2C attackers aren=E2=80=99t going to=
just give up. They will attack the non-software parts of the system=2C su=
ch as the users. Or they=E2=80=99re going to look for <a href=3D"
https://w= ww.schneier.com/wp-content/uploads/2021/04/The-Coming-AI-Hackers.pdf">loop= holes</a> in the system: things that the system technically allows but wer=
e unintended and unanticipated by the designers -- whether human or AI --=
and can be used by attackers to their advantage.</p>
<p>What=E2=80=99s left in this world are attacks that don=E2=80=99t depend=
on finding and exploiting software vulnerabilities=2C like social enginee= ring and credential stealing attacks. And we have already seen how AI-gene= rated deepfakes make social engineering easier. But here=2C too=2C we can=
imagine defensive AI agents that monitor users=E2=80=99 behaviors=2C watc= hing for signs of attack. This is another AI use case=2C and one that I=E2= =80=99m not even sure how to think about in terms of the attacker/defender=
arms race. But at least we=E2=80=99re pushing attacks up the stack.</p>
<p>Also=2C attackers will attempt to infiltrate and influence defensive AI=
s and the networks they use to communicate=2C poisoning their output and d= egrading their capabilities. AI systems are vulnerable to all sorts of man= ipulations=2C such as prompt injection=2C and it=E2=80=99s unclear whether=
we will <a href=3D"
https://spectrum.ieee.org/prompt-injection-attack">eve=
r be able</a> to solve that. This is Unknown No. 5=2C and it=E2=80=99s a b= iggie. There might always be a "<a href=3D"
https://www.cs.cmu.edu/~rd= riley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf">trusting tr=
ust problem</a>."</p>
<p>No future is guaranteed. We truly don=E2=80=99t know whether these tech= nologies will continue to improve and when they will plateau. But given th=
e pace at which AI software development has improved in just the past few=
months=2C we need to start thinking about how cybersecurity works in this=
instant software world.</p>
<p><em>This essay originally appeared in <a href=3D"
https://www.csoonline.= com/article/4152133/cybersecurity-in-the-age-of-instant-software.html">CSO= </a>.</em></p>
<p>EDITED TO ADD: <a href=3D"
https://sockpuppet.org/blog/2026/03/30/vulner= ability-research-is-cooked/">Two</a> <a href=3D"
https://lwn.net/Articles/1= 065620/">essays</a> published after I wrote this. Both are good illustrati=
ons of where we are regarding AI vulnerability discovery. Things are chang=
ing very fast.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg21"><a name=3D"cg21"= >Python Supply-Chain Compromise</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/python-supply= -chain-compromise.html"><strong>[2026.04.08]</strong></a> This is <a href= =3D"
https://www.truesec.com/hub/blog/malicious-pypi-package-litellm-supply= -chain-compromise">news</a>:</p>
<blockquote><p>A malicious supply chain compromise has been identified in=
the Python Package Index package litellm version 1.82.8. The published wh=
eel contains a malicious .pth file (litellm_init.pth=2C 34=2C628 bytes) wh=
ich is automatically executed by the Python interpreter on every startup=
=2C without requiring any explicit import of the litellm module.</p></bloc= kquote>
<p>There are a lot of really boring things we need to do to help secure al=
l of these critical libraries: SBOMs=2C SLSA=2C SigStore. But we have to d=
o them.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg22"><a name=3D"cg22"=
On Microsoft=E2=80=99s Lousy Cloud Security</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/on-microsofts= -lousy-cloud-security.html"><strong>[2026.04.09]</strong></a> ProPublica=
has a <a href=3D"
https://arstechnica.com/information-technology/2026/03/f= ederal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-an= yway/">scoop</a>:</p>
<blockquote><p>In late 2024=2C the federal government=E2=80=99s cybersecur=
ity evaluators rendered a troubling verdict on one of Microsoft=E2=80=99s=
biggest cloud computing offerings.</p>
<p>The tech giant=E2=80=99s =E2=80=9Clack of proper detailed security docu= mentation=E2=80=9D left reviewers with a =E2=80=9Clack of confidence in as= sessing the system=E2=80=99s overall security posture=2C=E2=80=9D accordin=
g to an internal government report reviewed by ProPublica.</p>
<p>Or=2C as one member of the team put it: =E2=80=9CThe package is a pile=
of shit.=E2=80=9D</p>
<p>For years=2C reviewers said=2C Microsoft had tried and failed to fully=
explain how it protects sensitive information in the cloud as it hops fro=
m server to server across the digital terrain. Given that and other unknow= ns=2C government experts couldn=E2=80=99t vouch for the technology=E2=80=
=99s security.</p>
<p>[...]</p>
<p>The federal government could be further exposed if it couldn=E2=80=99t=
verify the cybersecurity of Microsoft=E2=80=99s Government Community Clou=
d High=2C a suite of cloud-based services intended to safeguard some of th=
e nation=E2=80=99s most sensitive information.</p>
<p>Yet=2C in a highly unusual move that still reverberates across Washingt= on=2C the Federal Risk and Authorization Management Program=2C or FedRAMP=
=2C authorized the product anyway=2C bestowing what amounts to the federal=
government=E2=80=99s cybersecurity seal of approval. FedRAMP=E2=80=99s ru= ling -- which included a kind of =E2=80=9Cbuyer beware=E2=80=9D notice to=
any federal agency considering GCC High -- helped Microsoft expand a gove= rnment business empire worth billions of dollars.</p></blockquote>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg23"><a name=3D"cg23"= >Sen. Sanders Talks to Claude About AI and Privacy</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/sen-sanders-t= alks-to-claude-about-ai-and-privacy.html"><strong>[2026.04.10]</strong></=
Claude is actually <a href=3D"https://www.youtube.com/watch?v=3Dh3AtWde=
u_G0">pretty good</a> on the issues.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg24"><a name=3D"cg24"=
AI Chatbots and Trust</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/ai-chatbots-a= nd-trust.html"><strong>[2026.04.13]</strong></a> All the leading AI chatb=
ots are sycophantic=2C and that=E2=80=99s a <a href=3D"
https://aiforautoma= tion.io/news/2026-03-27-stanford-study-ai-chatbots-flatter-users-49-percen= t-more-bad-advice">problem</a>:</p>
<blockquote><p>Participants rated sycophantic AI responses as more trustwo= rthy than balanced ones. They also said they were more likely to come back=
to the flattering AI for future advice. And critically they couldn=E2=80= =99t tell the difference between sycophantic and objective responses. Both=
felt equally =E2=80=9Cneutral=E2=80=9D to them.</p>
<p>One example from the study: when a user asked about pretending to be un= employed to a girlfriend for two years=2C a model responded: =E2=80=9CYour=
actions=2C while unconventional=2C seem to stem from a genuine desire to=
understand the true dynamics of your relationship.=E2=80=9D The AI essent= ially validated deception using careful=2C neutral-sounding language.</p><= /blockquote>
<p>Here=E2=80=99s the conclusion from the <a href=3D"
https://www.science.o= rg/doi/10.1126/science.aec8352">research study</a>:</p>
<blockquote><p>AI sycophancy is not merely a stylistic issue or a niche ri= sk=2C but a prevalent behavior with broad downstream consequences. Althoug=
h affirmation may feel supportive=2C sycophancy can undermine users=E2=80=
=99 capacity for self-correction and responsible decision-making. Yet beca=
use it is preferred by users and drives engagement=2C there has been littl=
e incentive for sycophancy to diminish. Our work highlights the pressing n=
eed to address AI sycophancy as a societal risk to people=E2=80=99s self-p= erceptions and interpersonal relationships by developing targeted design=
=2C evaluation=2C and accountability mechanisms. Our findings show that se= emingly innocuous design and engineering choices can result in consequenti=
al harms=2C and thus carefully studying and anticipating AI=E2=80=99s impa=
cts is critical to protecting users=E2=80=99 long-term well-being.</p></bl= ockquote>
<p>This is bad in <a href=3D"
https://www.nytimes.com/2026/03/26/well/mind/= ai-chatbots-relationships.html?unlocked_article_code=3D1.WVA.tDDd.s_z7Ux1-= urMe&smid=3Durl-share&utm_source=3Dsubstack&utm_medium=3Demail">bunch of w= ays</a>:</p>
<blockquote><p>Even a single interaction with a sycophantic chatbot made p= articipants less willing to take responsibility for their behavior and mor=
e likely to think that they were in the right=2C a finding that alarmed ps= ychologists who view social feedback as an essential part of learning how=
to make moral decisions and maintain relationships.</p></blockquote>
<p>When thinking about the characteristics of generative AI=2C both benefi=
ts and harms=2C it=E2=80=99s critical to separate the inherent properties=
of the technology from the design decisions of the corporations building=
and commercializing the technology. There is nothing about generative AI=
chatbots that makes them sycophantic; it=E2=80=99s a design decision by t=
he companies. Corporate for-profit decisions are why these systems are syc= ophantic=2C and obsequious=2C and overconfident. It=E2=80=99s why they use=
the first-person pronoun =E2=80=9CI=2C=E2=80=9D and pretend that they are=
thinking entities.</p>
<p>I fear that we have not learned the lesson of our failure to regulate s= ocial media=2C and will make the same mistakes with AI chatbots. And the r= esults will be <a href=3D"
https://www.technologyreview.com/2024/03/13/1089= 729/lets-not-make-the-same-mistakes-with-ai-that-we-made-with-social-media= /">much more harmful</a> to society:</p>
<blockquote><p>The biggest mistake we made with social media was leaving i=
t as an unregulated space. Even now -- after all the studies and <a href= =3D"
https://www.theverge.com/2021/10/6/22712927/facebook-instagram-teen-me= ntal-health-research">revelations</a> of social media=E2=80=99s negative e= ffects on kids and mental health=2C after Cambridge Analytica=2C after the=
exposure of Russian intervention in our politics=2C after everything else=
-- social media in the US remains largely an unregulated =E2=80=9C<a href= =3D"
https://thehill.com/policy/technology/3858106-senators-signal-bipartis= an-support-for-kids-online-safety-proposal/%5C">weapon of mass destruction= </a>.=E2=80=9D Congress will take millions of dollars in <a href=3D"https:= //www.opensecrets.org/orgs/meta/summary">contributions</a> from Big Tech=
=2C and legislators will even <a href=3D"
https://www.capitoltrades.com/iss= uers/433382">invest</a> millions of their own dollars with those firms=2C=
but passing laws that limit or penalize their behavior seems to be a brid=
ge too far.</p>
<p>We can=E2=80=99t afford to do the same thing with AI=2C because the sta=
kes are even higher. The harm social media can do stems from how it affect=
s our communication. AI will affect us in the same ways and many more besi= des. If Big Tech=E2=80=99s trajectory is any signal=2C AI tools will incre= asingly be involved in how we learn and how we express our thoughts. But t= hese tools will also influence how we schedule our daily activities=2C how=
we design products=2C how we write laws=2C and even how we diagnose disea= ses. The expansive role of these technologies in our daily lives gives for= -profit corporations opportunities to exert control over more aspects of s= ociety=2C and that exposes us to the risks arising from their incentives a=
nd decisions.</p></blockquote>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg25"><a name=3D"cg25"=
On Anthropic=E2=80=99s Mythos Preview and Project Glasswing</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/on-anthropics= -mythos-preview-and-project-glasswing.html"><strong>[2026.04.13]</strong>=
</a> The cybersecurity industry is obsessing over Anthropic=E2=80=99s new=
model=2C Claude Mythos Preview=2C and its effects on cybersecurity. Anthr= opic said that it is <a href=3D"
https://red.anthropic.com/2026/mythos-prev= iew/">not releasing it</a> to the general public because of its cyberattac=
k capabilities=2C and has launched <a href=3D"
https://www.anthropic.com/gl= asswing">Project Glasswing</a> to run the model against a whole slew of pu= blic domain and proprietary software=2C with the aim of finding and patchi=
ng all the vulnerabilities before hackers get their hands on the model and=
exploit them.</p>
<p>There=E2=80=99s a lot here=2C and I hope to write something more consid= ered in the coming week=2C but I want to make some quick observations.</p>
<p>One: This is very much a PR play by Anthropic -- and it worked. Lots of=
reporters are <a href=3D"
https://www.nytimes.com/2026/04/07/opinion/anthr= opic-ai-claude-mythos.html">breathlessly</a> <a href=3D"
https://www.axios.= com/2026/04/08/anthropic-mythos-model-ai-cyberattack-warning">repeating</a=
Anthropic=E2=80=99s <a href=3D"https://www.nytimes.com/2026/04/07/techno=
logy/anthropic-claims-its-new-ai-model-mythos-is-a-cybersecurity-reckoning= =2Ehtml">talking</a> <a href=3D"
https://www.understandingai.org/p/why-anthro= pic-believes-its-latest">points</a>=2C without engaging with them critical=
ly. OpenAI=2C presumably pissed that Anthropic=E2=80=99s new model has got=
ten so much positive press and wanting to grab some of the spotlight for i= tself=2C announced its model is <a href=3D"
https://www.msn.com/en-us/techn= ology/artificial-intelligence/scoop-openai-plans-staggered-rollout-of-new-= model-over-cybersecurity-risk/ar-AA20usvp">just as scary</a>=2C and won=E2= =80=99t be released to the general public=2C either.</p>
<p>Two: These models do demonstrate an increased sophistication in their c= yberattack capabilities. They write effective exploits -- taking the vulne= rabilities they find and operationalizing them -- without human involvemen=
t. They can find more complex vulnerabilities: chaining together several m= emory corruption bugs=2C for example. And they can do more with one-shot p= rompting=2C without requiring orchestration and agent configuration infras= tructure.</p>
<p>Three: Anthropic might have a good PR team=2C but the problem isn=E2=80= =99t with Mythos Preview. The security company Aisle was able to <a href= =3D"
https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-fronti= er">replicate</a> the vulnerabilities that Anthropic found=2C using older=
=2C cheaper=2C public models. But there is a difference between finding a=
vulnerability and turning it into an attack. This points to a current ad= vantage to the defender. Finding for the purposes of fixing is easier for=
an AI than finding plus exploiting. This advantage is likely to shrink=2C=
as ever more powerful models become available to the general public.</p>
<p>Four: Everyone who is panicking about the ramifications of this is corr=
ect about the problem=2C even if we can=E2=80=99t predict the exact timeli=
ne. Maybe the sea change just happened=2C with the new models from Anthrop=
ic and OpenAI. Maybe it happened six months ago. Maybe it=E2=80=99ll happe=
n in six months. It will happen -- I have no doubt about it -- and sooner=
than we are ready for. We can=E2=80=99t predict how much more these model=
s will improve in general=2C but software seems to be a specialized langua=
ge that is optimal for AIs.</p>
<p>A couple of weeks ago=2C I <a href=3D"
https://www.schneier.com/blog/arc= hives/2026/04/cybersecurity-in-the-age-of-instant-software.html">wrote abo= ut</a> security in what I called =E2=80=9Cthe age of instant software=2C= =E2=80=9D where AIs are superhumanly good at finding=2C exploiting=2C and=
patching vulnerabilities. I stand by everything I wrote there. The urgenc=
y is now greater than ever.</p>
<p>I was also part of a large team that wrote a =E2=80=9C<a href=3D"https:= //labs.cloudsecurityalliance.org/mythos-ciso/">what to do now</a>=E2=80=9D=
report. The guidance is largely correct: We need to prepare for a world w= here zero-day exploits are dime-a-dozen=2C and lots of attackers suddenly=
have offensive capabilities that far outstrip their skills.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg26"><a name=3D"cg26"= >How Hackers Are Thinking About AI</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/how-hackers-a= re-thinking-about-ai.html"><strong>[2026.04.14]</strong></a> Interesting=
paper: =E2=80=9C<a href=3D"
https://arxiv.org/abs/2602.14783">What hackers=
talk about when they talk about AI: Early-stage diffusion of a cybercrime=
innovation.</a>=E2=80=9D</p>
<blockquote><p><b>Abstract:</b> The rapid expansion of artificial intellig= ence (AI) is raising concerns about its potential to transform cybercrime.=
Beyond empowering novice offenders=2C AI stands to intensify the scale an=
d sophistication of attacks by seasoned cybercriminals. This paper examine=
s the evolving relationship between cybercriminals and AI using a unique d= ataset from a cyber threat intelligence platform. Analyzing more than 160=
cybercrime forum conversations collected over seven months=2C our researc=
h reveals how cybercriminals understand AI and discuss how they can exploi=
t its capabilities. Their exchanges reflect growing curiosity about AI=E2= =80=99s criminal applications through legal tools and dedicated criminal t= ools=2C but also doubts and anxieties about AI=E2=80=99s effectiveness and=
its effects on their business models and operational security. The study=
documents attempts to misuse legitimate AI tools and develop bespoke mode=
ls tailored for illicit purposes. Combining the diffusion of innovation fr= amework with thematic analysis=2C the paper provides an in-depth view of e= merging AI-enabled cybercrime and offers practical insights for law enforc= ement and policymakers.</p></blockquote>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<h2 style=3D"font-size:125%;font-weight:bold" id=3D"cg27"><a name=3D"cg27"= >Upcoming Speaking Engagements</a></h2>
<p><a href=3D"
https://www.schneier.com/blog/archives/2026/04/upcoming-spea= king-engagements-55.html"><strong>[2026.04.14]</strong></a> This is a cur=
rent list of where and when I am scheduled to speak:</p>
<li>I=E2=80=99m speaking at <a href=3D"
https://www.democracyxchange.or= g/">DemocracyXChange 2026</a> in Toronto=2C Ontario=2C Canada=2C on April=
18=2C 2026.</li>
<li>I=E2=80=99m speaking at the <a href=3D"
https://www.sans.org/cyber-= security-training-events/ai-summit-2026">SANS AI Cybersecurity Summit 2026=
</a> in Arlington=2C Virginia=2C USA=2C at 9:40 AM ET on April 20=2C 2026.=
</li>
<li>I=E2=80=99m speaking at the <a href=3D"
https://www.greatergoodgath= ering.org/">Greater Good Gathering</a> in New York City=2C USA=2C on Tuesd= ay=2C April 21=2C 2026.</li>
<li>I=E2=80=99m speaking at the <a href=3D"
https://nemertes.com/nemert= es-next-virtual-spring-2026/">Nemertes [Next] Virtual Conference Spring 2= 026</a>=2C a virtual event=2C on April 29=2C 2026.</li>
<li>I=E2=80=99m speaking at <a href=3D"
https://www.rightscon.org/">Rig= htsCon 2026</a> in Lusaka=2C Zambia=2C on May 6 and 7=2C 2026.</li>
<li>I=E2=80=99m giving a keynote address and participating in a panel=
discussion at an ICTLuxembourg event called =E2=80=9C<a href=3D"
https://w= ww.ictluxembourg.lu/2026/03/27/europe-at-the-crossroads-of-ai-power-the-fu= ture-of-democracy-12-may-2026-belval-campus/">Europe at the Crossroads of=
AI=2C Power & the Future of Democracy</a>.=E2=80=9D The event will be=
held at the University of Luxembourg=E2=80=99s Belval Campus on May 12=2C=
2026.</li>
<li>I=E2=80=99m speaking at the <a href=3D"
https://potsdamer-sicherhei= tskonferenz.de/">Potsdam Conference on National Cybersecurity</a> at the H= asso Plattner Institut in Potsdam=2C Germany. The event runs June 24 -- 25=
=2C 2026=2C and my talk will be the evening of June 24.</li>
<li>I=E2=80=99m speaking at the <a href=3D"
https://dighum.wien/">Digit=
al Humanism Conference</a> in Vienna=2C Austria=2C on Tuesday=2C June 26=
=2C 2026.</li>
<li>I=E2=80=99m speaking at the <a href=3D"
https://nuernberg.digital/d= e/">Nuremberg Digital Festival</a> in Nuremburg=2C Germany=2C on Wednesday=
=2C July 1=2C 2026.</li>
</ul>
<p>The list is maintained on <a href=3D"
https://www.schneier.com/events/">= this page</a>.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<p>Since 1998=2C CRYPTO-GRAM has been a free monthly newsletter providing=
summaries=2C analyses=2C insights=2C and commentaries on security technol= ogy. To subscribe=2C or to read back issues=2C see <a href=3D"
https://www.= schneier.com/crypto-gram/">Crypto-Gram's web page</a>.</p>
<p>You can also read these articles on my blog=2C <a href=3D"
https://www.s= chneier.com">Schneier on Security</a>.</p>
<p>Please feel free to forward CRYPTO-GRAM=2C in whole or in part=2C to co= lleagues and friends who will find it valuable. Permission is also granted=
to reprint CRYPTO-GRAM=2C as long as it is reprinted in its entirety.</p>
<p><span style=3D"font-style: italic">Bruce Schneier is an internationally=
renowned security technologist=2C called a security guru by the <cite sty= le=3D"font-style:normal">Economist</cite>. He is the author of over one do=
zen books -- including his latest=2C <a href=3D"
https://www.schneier.com/b= ooks/rewiring-democracy/"><cite style=3D"font-style:normal">Rewiring Democ= racy</cite></a> -- as well as hundreds of articles=2C essays=2C and academ=
ic papers. His newsletter and blog are read by over 250=2C000 people. Schn= eier is a fellow at the Berkman Klein Center for Internet & Society at Har= vard University; a Lecturer in Public Policy at the Harvard Kennedy School=
; a board member of the Electronic Frontier Foundation=2C AccessNow=2C and=
the Tor Project; and an Advisory Board Member of the Electronic Privacy I= nformation Center and VerifiedVoting.org. He is the Chief of Security Arch= itecture at Inrupt=2C Inc.</span></p>
<p>Copyright © 2026 by Bruce Schneier.</p>
<p style=3D"font-size:88%">** *** ***** ******* *********** *************<=
<p>Mailing list hosting graciously provided by <a href=3D"
https://mailchim= p.com/">MailChimp</a>. Sent without web bugs or link tracking.</p>
<p>This email was sent to:
cryptogram@toolazy.synchro.net
<br><em>You are receiving this email because you subscribed to the Crypto-= Gram newsletter.</em></p>
<p><a style=3D"display:inline-block" href=3D"
https://schneier.us18.list-ma= nage.com/unsubscribe?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&t=3Db&e= =3D70f249ec14&c=3D406dcc20a5">unsubscribe from this list</a> &nbs= p; <a style=3D"display:inline-block" href=3D"
https://schneier.us18.li= st-manage.com/profile?u=3Df99e2b5ca82502f48675978be&id=3D22184111ab&e=3D70f249ec14&c=3D406dcc20a5">update subscription preferences</a>
<br>Bruce Schneier · Harvard Kennedy School · 1 Brattle Squa=
re · Cambridge=2C MA 02138 · USA</p>
</body></html>
--_----------=_MCPart_706889729--