New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub

@briankrebs I shouldn't be laughing.

Workspace is misspelled.

Important tokens, as opposed to the unimportant ones.

Meanwhile, over on X...

I think we have to start looking at dual-class stock structures at a technology vendor as a form of third-party risk.

If a firm's leadership is, in a practical sense, never accountable to stock holders, customers, employees, or their own Board, how are they accountable to their own decision making?

How does that affect their willingness to take potentially irresponsible risks?

@Javvad Nature versus nurture, for AI...huh.

RE: https://sigmoid.social/@cigitalgem/116563567804418693

Gary is right...

I recently joined my colleague @s_crawford on the latest episode of Eric Hanselman's Next In Tech podcast to discuss the security implications of Anthropic’s Mythos announcement: https://www.youtube.com/watch?v=fl2r3cUVlDs

A lot of the public conversation around AI and cybersecurity quickly drifts into nonsensical 'AI ends security' territory, and unfortunately that obscures a more nuanced reality around the role of current and future frontier AI models in finding vulnerabilities and the practical implications for enterprise security folks around remediation.

The models are clearly improving at vulnerability discovery, exploit development, and attack chaining, and that matters. But the larger issue is what this does to remediation timelines, operational scale, and software supply chain risk. We also discuss:

• Why benchmark demos and real-world operational capability are not the same thing.

• How faster patching creates new incentives for attackers to target update and package ecosystems.

• Why generic security advice increasingly feels disconnected from the actual problem space.

• Where AI-driven detection, response, and deception technologies may realistically evolve from here.

A great discussion as always, especially around separating legitimate technical progress from theatrical AI hype.