A slightly delayed episode of the weakly link. This time, we have a bit of a special outlook on the future in security to do with Quantum and AI. There were a couple of links that really caught my eye and could make a compelling case for usage of the phrase “everchanging landscape…” - stop it Gerald - this is not AI generated! Let’s start with the big announcement: Anthropic announced how their latest Mythos model was so good at vulnerability research that they decided to keep it from the unwashed masses and just give access to select organisations and call it Project Glasswing.

This week we have a look at the current chaos. Be it political or technical, we’re going through some radical changes. And I can’t help but think, if this is what progress looks like, oh crap. Supply Chain Chaos We start by having a look at an article by Ian about the Mad Emperor. No prizes for guess who is meant there. From the outside in, it really looks like there’s no plan or no idea about the kind of problems the attack on Iran is causing.

This week it gets all too depressing. We start by the fact that AI didn’t in fact change everything but just made it more important to do the right thing. How politicians may not have the right kind of understanding to make decisions that actually make sense. How one (orange) politician doesn’t understand how the world actually works and how we can all laugh and point at McKinsey for when they predicted how essential it was to go all in on the metaverse.

This week we’re looking at zero days, zero reason for wearing Meta Glasses, zero reason to like AI slop. Let’s dive in. Look What You Made Us Patch The Google Threat Intelligence Zero-Day review came out at the beginning of March and I thought it was interesting for a good few reasons: The number of zero days actively exploited looks to be fairly steady over the last few years Security and Networking technologies are about half of the enterprise-related targets.

This week we’re looking at how some of the traditional thinking on security (detect it, patch it, monitor it) is no longer quite cutting it. It is interesting how cyber threats have very much moved on from malware. In my opinion, the latest CrowdStrike threat report can be used to argue that security is not something that can be fixed by buying a shiny security tool. It’s not a technology problem, it’s a social (engineering) problem…

This weak we’re looking at supply chains. We look at how AI is both a blessing and a curse for open source, how there’s a new sandworm attacking the npm ecosystem, how de-Americanisation of cloud is not easy and we also learn about an exciting new Agile certification. Sarcasm may be involved. Semantic Ablation But let’s start with something that puts a name to that feeling you get when you read an AI-generated wall of text and at the end of it, you feel like there has been relatively little meaning in what you’ve just read.