Bruce Schneier – Page 6 – WindowsTechs.com

Upcoming Speaking Engagements

Posted on April 14, 2026 by Bruce Schneier

This is a current list of where and when I am scheduled to speak:

I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026.
I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026.
I’m speaking at the Greater Good Gathering in New York City, USA, on Tuesday, April 21, 2026.
I’m speaking at the Nemertes [Next] Virtual Conference Spring 2026, a virtual event, on April 29, 2026.
I’m speaking at RightsCon 2026 in Lusaka, Zambia, on May 6 and 7, 2026.

…

Continue reading Upcoming Speaking Engagements→

How Hackers Are Thinking About AI

Posted on April 14, 2026 by Bruce Schneier

Interesting paper: “What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation.”

Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to intensify the scale and sophistication of attacks by seasoned cybercriminals. This paper examines the evolving relationship between cybercriminals and AI using a unique dataset from a cyber threat intelligence platform. Analyzing more than 160 cybercrime forum conversations collected over seven months, our research reveals how cybercriminals understand AI and discuss how they can exploit its capabilities. Their exchanges reflect growing curiosity about AI’s criminal applications through legal tools and dedicated criminal tools, but also doubts and anxieties about AI’s effectiveness and its effects on their business models and operational security. The study documents attempts to misuse legitimate AI tools and develop bespoke models tailored for illicit purposes. Combining the diffusion of innovation framework with thematic analysis, the paper provides an in-depth view of emerging AI-enabled cybercrime and offers practical insights for law enforcement and policymakers…

Continue reading How Hackers Are Thinking About AI→

On Anthropic’s Mythos Preview and Project Glasswing

Posted on April 13, 2026 by Bruce Schneier

The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whole slew of public domain and proprietary software, with the aim of finding and patching all the vulnerabilities before hackers get their hands on the model and exploit them.

There’s a lot here, and I hope to write something more considered in the coming week, but I want to make some quick observations…

Continue reading On Anthropic’s Mythos Preview and Project Glasswing→

AI Chatbots and Trust

Posted on April 13, 2026 by Bruce Schneier

All the leading AI chatbots are sycophantic, and that’s a problem:

Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically they couldn’t tell the difference between sycophantic and objective responses. Both felt equally “neutral” to them.

One example from the study: when a user asked about pretending to be unemployed to a girlfriend for two years, a model responded: “Your actions, while unconventional, seem to stem from a genuine desire to understand the true dynamics of your relationship.” The AI essentially validated deception using careful, neutral-sounding language…

Continue reading AI Chatbots and Trust→

Friday Squid Blogging: Squid Overfishing in the South Pacific

Posted on April 10, 2026 by Bruce Schneier

Regulation is hard:

The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a region double the size of Africa, where distant-water fleets pursue species ranging from jack mackerel to jumbo flying squid. The latter dominated this year’s talks.

Fishing for jumbo flying squid (Dosidicus gigas) has expanded rapidly over the past two decades. The number of squid-jigging vessels operating in SPRFMO waters rose from 14 in 2000 to more than 500 last year, almost all of them flying the Chinese flag. Meanwhile, reported catches have fallen markedly, from more than 1 million metric tons in 2014 to about 600,000 metric tons in 2024. Scientists worry that fishing pressure is outpacing knowledge of the stock. …

Continue reading Friday Squid Blogging: Squid Overfishing in the South Pacific→

Sen. Sanders Talks to Claude About AI and Privacy

Posted on April 10, 2026 by Bruce Schneier

Claude is actually pretty good on the issues.
Continue reading Sen. Sanders Talks to Claude About AI and Privacy→

On Microsoft’s Lousy Cloud Security

Posted on April 9, 2026 by Bruce Schneier

ProPublica has a scoop:

In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.

The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica.

Or, as one member of the team put it: “The package is a pile of shit.”

For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security…

Continue reading On Microsoft’s Lousy Cloud Security→

Python Supply-Chain Compromise

Posted on April 8, 2026 by Bruce Schneier

This is news:
A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the… Continue reading Python Supply-Chain Compromise→

Cybersecurity in the Age of Instant Software

Posted on April 7, 2026 by Bruce Schneier

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.

AI is changing cybersecurity as well. In particular, AI systems are getting better at finding and patching vulnerabilities in code. This has implications for both attackers and defenders, depending on the ways this and related technologies improve…

Continue reading Cybersecurity in the Age of Instant Software→

Hong Kong Police Can Force You to Reveal Your Encryption Keys

Posted on April 7, 2026 by Bruce Schneier

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport.

In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authorities changed the rules governing enforcement of the National Security Law. Under the revised framework, police can require individuals to provide passwords or other assistance to access personal electronic devices, including cellphones and laptops.

…

Continue reading Hong Kong Police Can Force You to Reveal Your Encryption Keys→