In the latest episode of Safe Mode, we talk to Peter Anaman, principalinvestigator in Microsoft’s Digital Crimes Unit. Peter takes us on a deep dive on how the Digital Crimes Unit (DCU) has morphed since its inception in 2008. We'll explore how investigative approaches have evolved over the years and discuss how cybercriminals are adapting in respo…

In this episode, Greg Otto chats with David Brumley, an offensive cybersecurity professor at Carnegie Mellon and CEO of Mayhem Security, as he is collaborating with the FAA and airplane manufacturers to tackle critical software security challenges in the aerospace industry. David delves into the most pressing cybersecurity threats facing aircraft t…

In the latest episode of Safe Mode, Greg Otto talked with Casey Bleeker, CEO of the generative AI security firm SurePath AI, about the future of AI regulation in the U.S. and how it might unfold compared to other countries in 2025. They explore whether AI oversight will differ from state to state, mirroring the current landscape of data privacy law…

In case you didn't have the chance to attend CyberTalks, we have the keynote address from the event: National Cyber Director Harry Coker highlighted the White House's focus on strategy and policy to address internet routing vulnerabilities, particularly with the Border Gateway Protocol (BGP). Coker emphasized the importance of Resource Public Key I…

In this episode, we delve into the escalating cyber threat posed by China with guest Sean McNee, Head of Threat Research at DomainTools. Sean shares insights on how China is closely observing the ongoing cyberwar between Russia and Ukraine to strategize its potential moves concerning Taiwan. In our reporter chat, Greg Otto talks with Derek B. Johns…

This episode of Safe Mode explores the critical issue of software supply chain security with Saša Zdjelar, ReversingLabs' chief trust officer. Discover why the hidden components of commercial off-the-shelf software pose significant risks to enterprises and how current security practices fall short. We'll discuss the explosive growth in breaches due…

How can small nonprofits and civic organizations defend themselves against some of the most insidious malware on the planet? By reaching out to Elijah Baucom. The director of Citizen Clinic at UC Berkeley, Baucom runs a public-interest cybersecurity program that trains students to support organizations in defending against cyber threats. A digital …

Since 2022, Mandiant has tracked North Korean IT workers who, posing as non-North Koreans, secure employment in various industries to fund DPRK's weapons programs, often engaging in cyber intrusions with the help of foreign facilitators. In this episode, CyberScoop Editor-in-Chief Greg Otto talks with Mandiant’s Michael Barnhart on what is going on…

CyberScoop Editor-in-Chief Greg Otto was out at Mandiant's mWISE conference last week, and talked with Trellix’s head of threat intelligence, John Fokker, about a host of different subjects. In the first portion of the interview, Greg and John discuss how the Ransomware-as-a-Service landscape has changed in the past year, and how threat actors have…

AI is transforming how companies secure their IT infrastructure, especially in industries like airlines, health care, retail, and telecommunications, which rely on applications and APIs for seamless digital experiences. However, there's a risk of companies improperly deploying AI tools or using insecure vendors, potentially leading to widespread da…

Secure-by-design transforms secure code from an afterthought to an inherent feature, weaving a resilient shield directly into the fabric of every application and device from the ground up. But while everyone’s mind gravitates toward the ocean of software we all use, how does secure-by-design translate to the Internet of Things? In this episode, Cyb…

If you want to understand cybersecurity policy, it’s not enough to focus on Washington D.C. — you have to also grok the American tech industry. Few people have bridged that divide more effectively than Ted Schlein, the legendary venture capitalist who is currently at Ballistic Ventures. On this episode of Safe Mode, he sits down with host Elias Gro…

With Election Day rapidly approaching in the United States, the Trump campaign claims that the first major hack-and-leak operation has arrived. After a handful of U.S. media outlets received leaked material on vice presidential candidate JD Vance, the Trump campaign said it had been the victim of an Iranian hacking operation. On this episode of Saf…

An epidemic of ransomware, cyberattacks on gas pipelines, Chinese infiltration of American critical infrastructure — these are just some of the cybersecurity issues the Biden administration has tackled during the president’s first term in office. With President Joe Biden’s time in office winding down, it’s worth taking stock: Has his administration…

AI governance regimes the world over have seized on compute thresholds as a mechanism for implementing various controls on artificial intelligence systems. The basic idea is that if an AI model relies on a sufficiently large amount of computing power, then various controls kick in. As AI models get larger, the thinking goes, they also get riskier, …

Around the world policymakers seem to be grappling with the same question: How best to govern artificial intelligence? The Center for Security and Emerging Technology, a Washington-based think tank, has emerged as a key and influential player in that conversation. And on this episode of Safe Mode, its executive director, Dewey Murdick, sits down wi…

We are living through an epidemic of ransomware. Last year alone, the amount paid to ransomware operators exceeded $1 billion, and the entities getting hit and seeing their operations disrupted by ransomware included hospitals, schools and libraries. Ransomware is both a public-health and national-security crisis, yet efforts to address the problem…

When studying cyberoperations, it’s easy to become enamored with state-backed hackers. Russian and Chinese operations have done much to shape our understanding of how power is exercised online, but it’s not clear that the intense attention dedicated to such operations is well-placed. Amid the current epidemic of ransomware, criminal hacking groups …

The proliferation of artificial intelligence is exposing teens to a new online threat: AI-generated sexual imagery. Heather Barnhart is a fellow at the SANS Institute and a digital forensic expert, and on this episode of Safe Mode she sits down with host Elias Groll to discuss how teenagers and their families can protect themselves against the scou…

Following Russia’s full-scale invasion of Ukraine, the Ukrainian power grid has come under sustained attack by Russian forces, and keeping it up and running has been a significant challenge. One of the major issues Ukrainian energy officials have had to confront is the way in which Russian electronic warfare systems have disrupted GPS, which is a k…

To address AI risks, policymakers and technologists around the world have embraced the concept of AI red-teaming — the adversarial testing of AI models. But AI red-teaming is such a new concept that few people know how to conduct such tests. The discipline of AI red-teaming very much remains under development, but as AI systems are rolled out far a…

Joe Sullivan on his legal battle with the feds; the latest on Russian influence operations by Safe Mode PodcastAf Safe Mode Podcast

In recent weeks, a series of troubling operations targeting open source software libraries have been uncovered in which bad actors — likely tied to nation states — have attempted to use social engineering to be designated as maintainers of security critical libraries. Operations such as these have the potential to insert backdoors in widely used so…

In recent years, the persona known as LockbitSupp has emerged as a notorious figure in the cybercrime underground. The primary administrator of the LockBit ransomware, LockbitSupp has become fantastically wealthy operating the world’s most prolific ransomware. Last week, the FBI and a coalition of international law enforcement agencies unmasked Loc…

When Russia invaded Ukraine in February of 2022, it was immediately apparent that the conflict would in part be waged in cyberspace. As Russian tanks rolled into Ukraine, Russian forces also launched a cyberattack against satellite modems that impacted the Ukrainian military’s ability to communicate. Since then, Russian cyberattacks have been a reg…

At last August’s DEF CON computer security conference, more than 2,000 people tried their hands at breaking some of the world’s most advanced AI models. That event was the largest-ever public red-teaming event of large language models, and since then policymakers are continuing to look to red-teaming as a key tool in responsibly deploying AI system…

Amid the endless hype about AI — how it will either revolutionize the world or end it as we know it — Sayash Kapoor is a rare voice of reason. A PhD candidate at Princeton University and a researcher at the Center for Information Technology and Policy, he is also the author of the newsletter AI Snake Oil, an essential resource to understand AI, its…

In order to deliver major improvement in the security of the digital systems we all rely on, the Biden administration has embarked on a major initiative known as secure by design. That initiative aims to build more secure hardware and software by prioritizing security in the design process and asks developers to rethink how they approach building p…

Journalist Byron Tau sits down with host Elias Groll to discuss his eye-opening book about commercially available data. CyberScoop reporter Derek B. Johnson joins the show to discuss recent indictments and sanctions targeting Chinese hackers accused of surveilling politicians and dissidents.Af Safe Mode Podcast

When ChatGPT debuted in the fall of 2022, it set the internet ablaze and opened many people’s eyes to the capabilities of a new generation of machine learning technology. It also caught the attention of some of the world’s most sophisticated hackers. For the companies developing leading edge AI models, preventing hackers from misusing them now repr…

Kiersten Todt has worked on just about every hot-button cybersecurity issue you can imagine. Currently the CEO of Liberty Group Ventures, her most recent role in government was as the chief of staff at the Cybersecurity and Infrastructure Security Agency. As a Senate staffer, she drafted key parts of the legislation that created the Department of H…

Every day, AI models are being deployed in new places, and that is creating demand for a new industry: companies that secure AI systems. Whether it’s preventing models from being used to write malicious code or creating spearphishing emails or keeping safe the data that companies are using to train AI systems, large language models raise a host of …

In recent months, U.S. security officials have issued a series of dire warnings about the hacking threat to American critical infrastructure. According to a chorus of intelligence officials, Chinese hacking groups have infiltrated U.S. critical infrastructure entities like ports and power grids, prepositioning themselves in the event of a conflict.…

When Hamas fighters crossed into Israel on Oct. 7, killing some 1,200 Israelis and kidnapping hundreds more, it marked a new era of the conflict between Israel and an array of militant groups. Most of that conflict has played out in the form of brutal, bloody fighting, but it has also taken place online in the form of cyber operations. Adam Meyers,…

Whether you call it hacking or legitimate security research, getting computers to do things that they shouldn’t is an activity that exists in a legal gray area. Sometimes, hackers acting in good faith will find themselves on the other end of a cease-and-desist letter, a lawsuit, or even a prosecution. A new initiative called the Security Research L…

Everyone seems to agree that AI is going to revolutionize warfare, but exactly how is very much up for debate. Jack Shanahan has worked at the center of the U.S. military’s attempt to integrate AI into how wars are fought. In 2020, he retired as a Lieutenant General from the U.S. Air Force after a 36-year career. He was the inaugural director of th…

Founded in 1995, Craigslist helped shape the modern web as we know it today, reshaping online economies and how people bought and sold goods. Today, its founder Craig Newmark is perhaps better known for his philanthropy than the classifieds site he founded. Newmark’s philanthropy spans issues of cybersecurity, technology and journalism, and he join…

In the year 2024, elections will take place around the world affecting some 4 billion people — an election year unlike any other. Besides the United States, voters will go to the polls in the European Union, the United Kingdom, India, Mexico and Indonesia, just to name a few. The next time we’ll see this many elections in one year will be in 2048. …

The upcoming year will feature an unprecedented number of democratic elections. In addition to the United States’s pivotal federal elections, countries that collectively make up more than half of the world’s populations will head to the polls. These elections are taking place against the backdrop of pervasive security vulnerabilities and come on th…

In our first episode of the year, we begin by looking back at 2023. The NSA’s Rob Joyce and Morgan Adamski sit down with host Elias Groll to examine the major cybersecurity trends of the year, the evolution of Russian hacking operations, how China is targeting U.S. critical infrastructure and how AI is changing the cybersecurity business. FedScoop …

In our final episode of the year, host Elias Groll sits down with reporters from CyberScoop, FedScoop and Defense Scoop to discuss the biggest stories of the year. Christian Vasquez and AJ Vicens join the show to talk through the biggest breaches of the year and how the cybersecurity landscape changed in 2023. Madison Alder and Rebecca Heilweil com…

It was WikiLeaks that pioneered the publishing and hosting of sensitive information, and while Julian Assange’s whistleblowing project has withered away, groups like Distributed Denial of Secrets are carrying on the work of trying to make public interest material more widely available — and to do so more responsibly. Emma Best is the founder of DDO…

To be a person in the world today is to have your data collected. Whether it’s your internet browsing history, your location history as you walk around with your phone in your pocket, or the purchases you make online, there’s few human activities today that aren’t in one way or another tracked. So what happens with all that data once it’s collected…

A growing industry exists today that provides governments with highly advanced tools to surveil their opponents. While this industry has become personified by Israel’s NSO Group, it in fact goes far beyond this one firm. The commercial spyware industry is growing rapidly, posing major human rights concerns and exposing dissidents, journalists and m…

Just as behavioral psychology revolutionized economics by integrating human behavior into the study of financial decisions — creating the field of behavioral economics — the study of cyberpsychology tries to put the human being at the center of conversations about cybersecurity. Dr. Mary Aiken is one of its foremost practitioners and also happens t…

Russia’s cyberattacks against Ukraine’s electrical grid occupy a canonical place in the history of cyber warfare. By turning out the lights in Ukraine in 2016 and 2017, Russia demonstrated the reach of digital weapons. Now researchers have revealed that Moscow’s hackers struck the Ukrainian grid in 2022. CyberScoop reporters AJ Vicens and Christian…

President Joe Biden’s sprawling executive order on artificial intelligence has finally arrived. The sprawling document contains a long list of new requirements. Leading AI companies have to report training runs and the results of red team tests. A slew of agencies are tasked with developing new standards and rules to address AI risks. And a long li…

Over the past 15 years, Twitter — now X — has become pivotal to how we understand crises. From the Arab Spring to Russia’s invasion of Ukraine and, now, the conflict between Israel and Hamas, X is the first platform to which many people turn to understand and report on rapidly unfolding events.Elon Musk’s acquisition of the platform has fundamental…

Distributed denial of service attacks are one of the great nuisances of online life today, but they can also have more serious impact on the internet, disrupting access to crucial services and information at critical moments. FBI Special Agent Elliott Peterson is one of the bureau’s most seasoned investigators of the networks responsible for launch…

Cybersecurity firms have pioneered the use of artificial intelligence in their products, but the latest generation of AI technology offers hope that a greater share of the work to secure computer systems could be automated. A new competition at the Defense Advanced Projects Research Agency aims to jump start efforts to build open source AI tools to…