Bruce Schneier – Page 2 – WindowsTechs.com

Anthropic’s Project Glasswing Update

Posted on June 8, 2026 by Bruce Schneier

In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now common wisdom that Mythos is better at finding software vulnerabilities than other models. Which is just not true.

In any case, Anthropic has published a Project Glasswing status report. It’s finding a lot of vulnerabilities in software—yay! Some of them are even dangerous. But almost none of them has been patched. It’s …

Continue reading Anthropic’s Project Glasswing Update→

AI Worm

Posted on June 5, 2026 by Bruce Schneier

Researchers have prototyped an AI-powered internet worm.
The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into.
This is the closest to John Brunner’s original 1975 concep… Continue reading AI Worm→

AI Worm

Posted on June 5, 2026 by Bruce Schneier

Hacking Meta’s AI Chatbot

Posted on June 4, 2026 by Bruce Schneier

Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts:

A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account…

Continue reading Hacking Meta’s AI Chatbot→

AI Used to Decrypt Medieval Ciphers

Posted on June 3, 2026 by Bruce Schneier

Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
Continue reading AI Used to Decrypt Medieval Ciphers→

AI Used to Decrypt Medieval Ciphers

Posted on June 3, 2026 by Bruce Schneier

Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
Continue reading AI Used to Decrypt Medieval Ciphers→

The Intersection of Encryption and AI

Posted on June 2, 2026 by Bruce Schneier

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section.

Renowned technologist and author Bruce Schneier contributed a column on June 20, 2010, warning about cryptography’s inability to secure modern networks, a point he says he has been trying to argue since 2000.

“For a while now, I’ve pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on…

Continue reading The Intersection of Encryption and AI→

Microsoft Threatening Security Researcher

Posted on June 2, 2026 by Bruce Schneier

An anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the… Continue reading Microsoft Threatening Security Researcher→

Vulnerability Disclosure in the Age of AI

Posted on June 1, 2026 by Bruce Schneier

New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway.

Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This development exposes decades of accumulated technical debt created by a software industry that prioritized rapid deployment over secure-by-design engineering practices. Drawing on the evolution of software assurance, vulnerability disclosure frameworks, and U.S. cyber policy, this perspective argues that the current moment represents a strategic inflection point for governments, industry, and critical infrastructure operators. The author examines the growing tension between offensive and defensive equities in cyberspace, the emergence of AI-enabled vulnerability discovery capabilities in both the U.S. and China, and the increasing risks posed by unsupported legacy systems and AI-assisted code generation practices. Responsible disclosure can no longer remain a reactive or fragmented process, but must become a coordinated national and international resilience effort involving governments, software vendors, infrastructure operators, and emergency response organizations. The article concludes with an urgent call for accelerated remediation, large-scale patch management coordination, and sustained investment in automated vulnerability repair capabilities before adversaries exploit this rapidly narrowing window of opportunity…

Continue reading Vulnerability Disclosure in the Age of AI→

Friday Squid Blogging: Another Squid

Posted on May 29, 2026 by Bruce Schneier

Someone named “Squid” seems to be a “West Country legend.”
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy.
Continue reading Friday Squid Blogging: Another Squid→