Cybersecurity Headlines

The Department of Know: France gets ready for quantum, JadePuffer ransomware, UK's Cyber Shield

40 min
Jul 10, 20268 days ago
Listen to Episode
Summary

This episode covers critical cybersecurity developments including France's quantum-resistant encryption mandate, the first documented AI-powered ransomware operation (JadePuffer), and emerging threats from AI coding agents triggering EDR systems. The hosts discuss the gap between security hype and fundamental defensive practices, emphasizing that patch management and basic hygiene remain more effective than emerging technologies.

Insights
  • Autonomous ransomware changes the attack timeline from days to minutes, but the kill chain remains identical to 2018-2020 playbooks—fundamentals like patching still matter most
  • France's mandatory quantum-safe encryption requirement by 2027 demonstrates that procurement leverage is the only proven mechanism to drive cryptographic migration at scale
  • AI agents are becoming insider threats because EDR systems were built to profile human behavior; agents operating at machine speed completely collapse the signal-to-noise ratio
  • Vendors' claims about AI capabilities are repeatedly disproven by independent validation; the AI space lacks the integrity controls and independent research present in cryptography
  • The UK's voluntary Cyber Pledge approach contrasts sharply with France's mandatory model, suggesting regulatory mandates outperform voluntary commitments for security adoption
Trends
Autonomous AI agents are commoditizing ransomware labor, shifting targets from enterprises to SMBs previously hidden by cost-benefit analysisPost-quantum cryptography migration is moving from academic discussion to government enforcement with hard deadlines (France 2027, Google 2029)Prompt injection attacks are functionally equivalent to SQL injection but lack equivalent defenses like parameterized queriesHarvest-now-decrypt-later attacks create urgency for immediate cryptographic agility; adversaries are actively recording encrypted traffic todayEDR and security tooling require architectural redesign to handle agent-based threats operating at machine speed with legitimate system accessRegulatory mandates (France ANSSI) are proving more effective than industry pledges or voluntary frameworks for driving security adoptionAI coding agents (Cursor, GitHub Copilot, Claude) are creating new attack surface through prompt injection and credential exfiltrationOpen-source and local AI models are gaining credibility as alternatives to frontier models with opaque monitoring and data collection practicesSupply chain attacks are evolving to exploit AI development frameworks (Langflow vulnerability in JadePuffer case)Dormant account reactivation is emerging as a stealthier initial access vector than newly created accounts
Companies
Anthropic
Claude code found to send user data to remote servers; claims anti-abuse measure, raising transparency concerns about...
Sophos
Security firm reporting that AI coding agents trigger EDR alerts through attacker-like behaviors like credential acce...
Cursor
AI coding agent triggering endpoint security rules; mentioned as example of agent-based tools creating EDR signal-to-...
OpenAI
Codex mentioned as AI coding agent triggering EDR alerts; part of broader discussion on agent-based security risks
GitHub
Platform vulnerable to GitLost attack allowing unauthorized data exfiltration from private repos via prompt injection...
Datadog
Security Labs reporting attackers using dormant GitHub accounts for automated scraping and corporate environment mapping
Langflow
AI development framework exploited in JadePuffer ransomware attack; unpatched vulnerability provided initial access v...
Sysdig
Security researchers who documented JadePuffer, first known ransomware operation conducted entirely by LLM agent
Shandong University
Researchers demonstrated TrojPix air-gap defeat using pixel manipulation to leak data via video cables at 8.1 Mbps
France ANSSI
Cybersecurity agency mandating quantum-resistant encryption for product certification by 2027, forcing government and...
UK NCSC
Announced CyberShield national defense capability using red/blue AI agents; also launched voluntary Cyber Pledge with...
Google
Announced post-quantum cryptography deployment by 2029; selective implementation across services raises transparency ...
Signal
Early adopter of post-quantum algorithms in messaging app; example of private sector moving faster than government
Apple
Early adopter of post-quantum cryptography in messaging; demonstrates private sector leadership in quantum-safe migra...
Ramp
Fast-moving company using Vanta for GRC and AI risk management; mentioned as Vanta customer
Harvey
AI-powered legal tech company using Vanta for security and compliance; mentioned as Vanta customer
People
Davy Ottenheimer
Guest discussing quantum cryptography, AI agent risks, and fundamental security practices; advocates for post-quantum...
Chris Ray
Guest analyzing EDR signal-to-noise collapse from AI agents, ransomware economics, and GitHub account hygiene recomme...
Rich Drafalino
Host of Department of Know segment; moderates discussion on quantum, ransomware, and UK cyber policy
David Spark
Cybersecurity Headlines and CISO Series leadership; closes episode with security advice
Sami Souci
Announced France's quantum-resistant encryption certification mandate starting 2027, establishing hard deadline for m...
Quotes
"Coding agents are the new insider threat. EDR was built to profile humans, not something that types 10,000 words a minute."
Chris Ray
"The harvest now is the part that's dangerous. Because if people have a break in three years, they've definitely been harvesting for the last three years before they have the break."
Davy Ottenheimer
"France shows us how it should be done. They mandated the right thing and they're moving forward. The British are just totally out to lunch at this point."
Davy Ottenheimer
"Autonomous ransomware doesn't change the playbook. It changes the clock. You just have minutes instead of days at this point."
Chris Ray
"You got to look at the harvest now, decrypt later, and you got to look at the agility of crypto. You have to start moving towards the post-quantum because that is a real risk with real consequences."
Davy Ottenheimer
Full Transcript
This is Rich Drafalino with the Department of Know. We have two fantastic guests on the show today. We're going to start out with Davy Ottenheimer, the principal over at Flying Penguin. I got to ask, what's been your priority this past week? Well, it's been AI, AI, AI, even though I'd rather be working on quantum. So every time I try to go talk to people about preparedness so we can talk about real risks, I end up going back to talking about mythos is a myth and the bubble is coming. maybe what you need to do is a program like a anthropic skill that just pivots all ai conversations into quantum and then two birds one stone i don't know i don't know maybe you know i'm trying to help you out dobby i'm trying to help you out well the bottom line is that there's a real risk of actual compromise and then there's a discussion around how much you should pay people for tokens and to me they're two can't be connected all right next up here we got chris Ray FieldCT over at Giga Home. Chris, got to ask, what has been your priority this past week? Chasing down all my wild ideas and vibing them out, seeing what happens. You know, like we were talking about the Twitter bot that's making self-deprecating humor and jokes about other people and quietly exiting the room. The best kind of humor. It's the best use of time, yeah. And the best use of bots. All right. We've got a busy show. We're going to get into it right now. Let's run that opening and then we'll get into the news. From the CISO series, it's Department of Know. Yes, indeed. Welcome to the Department of Know, your virtual Friday strategy meeting. A huge thanks to our sponsor, Vansa, for today for helping make the show possible. Remember, you can get involved in our YouTube chat live. We broadcast every Friday at 4 p.m. Eastern. So please make sure you're joining us, just like I saw CCL in our chat, wishing us all happy Friday already in there. Glad to have some of the regulars in there as well, or shoot us an email, feedback at CISOseries.com. It's on the screen right now. That means you should read it, I guess, at your leisure. Before we jump into the news, just a quick disclaimer here that the opinions expressed on the show are in fact those of our guests, not necessarily those of their employer. We've got about 30 minutes, so let's jump right into it in our no or no segment. First up here, coding agents trigger endpoint security rules. Cloud Code, Cursor, and OpenAI Codex are starting to trigger the same endpoint security alerts that defenders use to catch real attackers. That's at least according to the security firm Sophos. They're saying that the agents aren't malicious, at least from what they're seeing in all cases. In all cases, I saw the eyebrows. I saw the eyebrows already. But they're performing attacker-like actions more often, like accessing browser credentials, downloading files with built-in system tools, and creating startup scripts. In related news, China's National Vulnerability Database said it found security issues in several versions of Anthropic's clawed code, basically saying it could send back sensitive user information to remote servers. Anthropic is saying this is an anti-abuse measure meant to prevent unauthorized sale, not a secret backdoor. But Davi, I'm curious from your perspective, do you want to know more about what these agents are doing to trigger these EDR systems? Or is this what you've come to expect from these types of agents here? I've come to expect, I should say both, I've come to expect that they're going to do the wrong thing and that I also should be monitoring what they're doing. I think the crazy part of this is the tone of the conversation that's being had. I mean, they both agree that it's doing the wrong thing and Anthropics is doing the wrong thing is good for our purposes of preventing you from getting access to the tool for, you know, the telemetry around the location and saying that China is the location that's not supposed to have it is all everyone agreeing for opposite reasons. It's They're ridiculous. Anthropic shouldn't be monitoring you without letting you know they're monitoring you. And egress monitoring on the end node and catching them at it and them admitting it to me is tragedy. The longer we end up with these tools, the deeper they try to get embedded, the less we can trust them because they prove themselves untrustworthy. The local models, the transparency of open source has been repeatedly proving itself better than frontier service. And I am glad we've, I mean, just I'd say the past like two months, I've seen so much of that conversation, at least shifting into looking at that as a possibility across a wide variety of use cases. I'm looking at more individually. Obviously, organizations have much different needs for that. But Chris, I'm curious from your perspective, was this something you wanted to double click on, learn a little bit more about? Or was it no thanks for you? Yeah, this is a no more. Definitely no more. So, you know, coding agents are the new insider threat. I don't know if everyone's agreeing on that, but that's my stance. EDR was built to profile humans, not something that types 10,000 words a minute. You know, we know behavioral detection is baseline driven and agents are completely wrecking that baseline. So EDR learned to flag credential access and living off the land, you know, using certutil, downloading through PowerShell and Bash. Because humans doing that at 2 a.m. is anomalous and likely abusive. Agents do it constantly and legitimately. The signal-to-noise ratio has just collapsed. That's no good. And your organization spent the last six months telling you you should be having your agents do that as much as possible, too, right? Right. Now we're dealing with the alert fatigue if the EDR is not handling it well. Now, there are obvious fixes, right? Allow this to the agents. But this recreates the exact blind spot that attackers want you to have, right? If your SOC tune is out the cloud code or the cursor behavior, a prompt injection agent becomes a pre-trusted attack tool. Yeah. I mean, that is that, yeah, that becomes such, I mean, already a big target and all of a sudden becomes, Oh, it's just the open door behind the gate. Right. So yeah. Wow. In my head, I'm thinking like the solution here is obvious, but no one's going to use it. You should sandbox everything. If it can't touch it, it's not going to do anything malicious. You're not going to have to disambiguate whether it should have done that. it's sandbox, but no one's going to run that in a sandbox. Hey, I will say the open source sandboxes are arriving. I've written one myself. And I think the answer is you get a harness. The agents run in a harness. The same way you would run a virtual machine on top of a hypervisor, you're going to run agents on top of the harness. And that harness becomes your trusted gateway where the vendors can't do what they want because you've got them into a place that you can control them. You've harnessed the horse and they can give you whatever horse they want, but you own the harness. All right, make sure you share that with me. I want to see this thing. We'll put it in the show notes. Davi, share it with us. We'll put it in the show notes. Let everybody see it. All right, we got to move on to our next story here. Bad ePoll flaw allows root access on Linux and Android, which I'd like to point out is also Linux. This flaw named Bad ePoll lets local attackers with no special privileges gain full root access on affected systems. The flaw was missed by AI, but found by a human security researcher. The flaw affects the Linux kernel's ePoll system, a core feature used to officially manage multiple network connections and file events. Because this is a fundamental part of the Linux kernel, there is no practical workaround other than patching vulnerable systems, which is probably a pretty good workaround. Security updates are already available and users are urged to install them as soon as possible. Hey, let's raise a glass here. Humans, we can still find things. Chris, do you want to know more about a flaw in a major Linux kernel subsystem or is this a patch it move on situation for you? This is both. So I want to know more, you know, privilege escalation bugs are the most boring vulnerabilities that we have. But they're also the ones that decide whether the phishing email becomes a resume generating event. So no more briefly, but then patch and move on. Davi, what about for you? I saw you were amused there. Well, I resonate with that. I mean, patch and forget. And we've 10 years ago, we've got to the point where we patch and move on. But now it's interesting because, as you say, a human found it and not mythos. So the good news is that, you know, one of the most looked at fuzzed subsystems, one of the most scrutinized code bases in existence, you know, had a human look at it and find something. And that's good because humans still find stuff. But the bad news is these claims made by AI are just continuously disproven. And they're not delivering the things that they told us would be delivered on a silver platter on our front door on July 6th. So I think it's a patch and move on, but it's also to recognize the fact that we've repeatedly proven the way things work hasn't changed dramatically. Yeah, I think that kind of grounding context, always useful in our age of breathless hype. Always a good thing to keep in mind here. Next up here, GitHub, the ultimate attack surface here. Researchers at Noma Security released a proof of concept for a flaw called GitLost that could allow an unauthenticated attacker to create a GitHub issue in a public repository and then pull data from an organization's private repositories. When an agent workflow with read access triggers on issue assignments, an attacker could embed hidden plain text English commands to exfiltrate private data, which the agent can't distinguish from trusted system instructions. It just says, hey, here's some instructions here. In other news, Datadog Security Labs reports that attackers are quietly mapping corporate GitHub environments by using old dormant accounts that look a lot less suspicious than brand new ones. Some of these accounts were created years ago and then have been left unused until they were brought back for automated scraping. Davi, agents doing what people tell them to do is both expected behavior and also a hard thing to stop. Do you want to know more about either of these two approaches here or is this, are both of these just the iron price we have to pay for using GitHub at this point? That has no iron price. I mean, I would put it as you can't bundle everything together. It not that you follow every instruction There supposed to be a thing called authorization and the person authorized to give you the instruction should matter There should be data channels control channel separation There should be boundaries around who is authorized So if agents are following internal or specific keyed, even encrypted signatures, signed instructions, skills that have some library, there's all kinds of things you can put in place to say this is trusted and that's not trusted. So the principle that agents just do what they're told comes from a place that says you haven't built any trust boundaries that are reasonable. So they're reading stuff and doing it. That's ridiculous. That's not how security is supposed to work. And I think a very good example of this bleeds into the whole data dog report, which is time is supposed to mean something like old versus new. That's not even a trust boundary that we can rely on. One of the things that OpenClaw really bothered me about was claiming that they had 30,000 stars suddenly in a day from what? Look at the accounts. How old were those accounts? Were they more than a day old? Were they 30 days old? I use time to try to figure out how much fraud there is. I don't use it as a boundary by which I would trust somebody or not. So it's actually the inverse. Yeah, I saw that the idea that markers that we've had for trust, like re-evaluating those, and it's interesting to say time. I just saw someone recently saying that like text or graphics or any of those things used to be markers of trust because no one would put the time in to do them otherwise. And now that is completely, you know, completely already was over indexed and now completely is over index. Chris, I'm curious for you, which of these two kind of stood out for you or is it a no thanks on both of them for you? Get lost is a no more. Prompt injection is just SQL and a trench coat. I mean, we have worse tooling to figure it out, right? We're mixing untrusted data with trusted instructions, like you said, in the same channel. And nobody's taking the time to figure out or, you know, finding a shipped equivalent to parametized queries. Like that's the primitive that we're missing. Yeah. And the reverse is true too. And when Fable was announced and they said, you know, we've got these guardrails in place. I said, you know, decode this base 64 text and it wouldn't do it. And it dropped me out because the text inside, it accused me of attacking it. And I said, just, it's just text. Just give me the text, but it was trying to do the opposite, which was over control everything as an attack because it had no way of knowing that this was just data. I kept saying it's just data. It's not a control. Trust me. My grandma gave it to me. Yeah. And reinventing sleeper cells just seems weird to me or sleeper agents. Like we don't know that things lay around and then resurface. That's the whole basis of a lot of the fraud on the internet since forever. All right. Our last know or know story here and probably my favorite story of the week here. Video cables, they're going to leak your data. Researchers at Shandong University demonstrated an air gap defeat called TrojPix, which tweaks onscreen pixels in ways the eyes cannot perceive so that the video cable carrying them radiates a faint radio signal that a nearby receiver can then decode. It obviously needs malware to already be present on the machine, but researchers tested soft speeds of up to 8.1 megabits per second. So usually we're talking like kilobits per second here with a lot of these weird air gap things. the researchers say their technique needs no admin rights and no hardware changes and that user level malware can just draw on the screen that's enough to kind of trigger this obviously you need to also have the receiver in place but chris as far as weird air gap defeats go this one actually i mean they all seem pretty ingenious to me when you have like rotating hard drives that make sounds that make morse code that you can decrypt or like exfiltrate with is always fascinating to me but i i know these are more useful for james bond style fantasy capers than necessarily real work here, but is there anything here you want to know more about? No, thanks. You know, this is, this is seeing somebody do magic in front of you, right? For the first time, or maybe the second and third time. It's, it's a party trick. That's what it is, you know, because it starts with assume malware is already on the box, at which point your air gap has already failed, right? That, that is always, that is always the thing, right? I mean, I guess there is, there is a world in which, you know, you have a something weird supply chain. I can get something on. This one was interesting to me because it didn't actually require the machine to be completely owned, but you still need to get something on the machine. So you're 100% right here. Davi, don't amazing Randy this for me. Is this magic? Have we seen? Is there a guy behind a curtain? Is the all-powerful Oz have no clothes, et cetera, metaphors that I'm mangling? What are your thoughts on this? Well, two parts of me react to this. One, I like to be in the historian frame of mind. And I think saying that a cable as an antenna is like, what do you think antennas are? Like, of course it's an antenna. Like you took a piece of metal and you made an antenna out of it. Like, what are you trying to, I don't understand. That's what they are. But the other part of me is like, okay, I think hidden to this, and this reminds me of an Israeli presentation years ago about printers. And they could like read the flashes from miles away of the scanner, the multi. I believe Ben Gurion University. Yeah, yeah. So the hidden point here is that the intelligence agencies have, to your point actually earlier, you're already failed at the air gap because it's easy to get in. What's actually being expressed here is that it's very, very hard to get out without getting caught. Getting in is so easy. Everyone gets in with no problem. I can say from personal experience, it is trivial to break in. But breaking out for some reason has always been much, much more difficult. So every time I see a story like this that says we have a way to break out at eight megabits per second, I go, I might actually be able to use that. because I have a hard time getting out without getting caught. And I think that's the underlying piece here is that they could save spy lives if they have a better way of X-Fill. Thank you for redeeming slightly this story for me. I know they're trivial. I will never stop presenting these on the show, folks. So please, if you have a favorite one, feedback at CISOseries.com. I want to know your favorite weird air gap defeat. Please let me know. I love these and I will never stop loving them. All right, before we move on to our next, some of our deeper dive discussions have to spend a few moments now. And thank our sponsor for today, and that is Vanta. Your team just added its 67th AI tool, and unfortunately, also your 67th security blind spot. The good news, the Vanta agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over 16,000 fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI and staying ahead of AI risk. Get started at vanta.com slash headlines. All right, let's dive into it here. Davi, we're going to the quantum realm here. France to stop certifying products without quantum, they're saying safe encryption here. The country's cybersecurity agency, ANSSI, has announced that it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems, or at least older approaches here. Sami Souci, the ANSSI's chief of staff, and I apologize to the French language, stated that at a recent quantum conference that the agency would halt certifications from 2027 and that businesses should be buying only QuantumSafe's product by 2030. That should be, not must be. ANSSI approval is required for encryption use in the French government agencies and critical infrastructure, so this does carry some significant weight to it here. Dabi, we've been following the quantum hardening efforts for a few years now. NISC, quantum resistant protocols that are algorithms that they put out. The slow rollout we've seen to things like secure messaging apps have kind of been the first adopters of those that I saw. I'm curious, what does it say when France is ready to pull the trigger on this across their government and infrastructure networks? Well, congratulations to France. I think they're doing the right thing and they're doing it very effectively because they know that procurement is a very powerful lever and they're doing it in a way that establishes the EU can control their own destiny. Unlike a lot of the discussion around cloud and sovereignty and data migration stuff, This is a clear case of where a country can decide we're going to do the right thing. We're going to make people safe. The harvest now decrypt later is real. And we got to move on this. This is not exotic. This is like we knew MD5 was broken. We knew SHA-1 was broken. We knew TLS was broken. We got to move and have agility. And France is saying the time is now. The U.S. used to be a leader in this space, but that's obviously off the table. So we're seeing the European Union do more and better and faster. And France is showing us how it's done. They're doing the right thing and they're doing it. And the 2027, I think is, I've said for a few years now is probably the reasonable target for a lot of this movement. 2029 feels a bit late to me, but we couldn't say that because we didn't have the proof. And of course, there's a lot of academic science going on about when the breaks will occur. But the harvest now is the part, like right now, the harvest now is the part that's dangerous. Because if people have a break in three years, they've definitely been harvesting for the last three years before they have the break. Yeah, this is, I don't know when it happened, but we have firmly moved to the when, not if portion when it comes to quantum here. And this, to your point, like helping solve that procurement problem, France can take their lumps and kind of do the, you know, do the hard work to get this. And even if on their end, building out workflows. I'm curious, Chris, from your perspective here, like what kind of signal should this be sending both to other countries and to organizations that France has put in 2027 on the calendar here? Yeah. So France has taken the harvest now decrypt later from the conference slide into a procurement deadline. And we know deadlines are the only things that have ever moved cryptography. You mentioned MD5, Chowon, TLS. Those deprecations dragged on for, what, 10 years until browsers and PCI set a hard date. Certification leverage is how you move a market So that the signal right there Davi you already mentioned this right The exposure window is open and has been open State secrets health data infrastructure designs They have secrecy lifetimes of decades. If an adversary is recording that traffic today, waiting for quantum computer before migrating, you know, by definition, that's too long. We're going to see Y2K times 100. you know the the panic and and fear uh the an what is it s ssi slaughtering anssi yes their pricing in the recording not the computer yeah and i just want to say this wasn't like consensus this wasn't like a framework this wasn't like a pledge this was like they said we're slamming the door and we're going to move on this executive decision made and that positions france as clear leadership decision in a clear technology space that has a clear line. And that's what we needed. Just like, as you say, PCI DSS, we had the two year slip on deprecation of TLS 1.0. And that was terrible that the banks could push back and there was a lot of negotiation and it came late because the people at risk, that's what it's all about, are unprotected. And so the harvesting now is going into places like health data, diplomatic cables, state records, all the stuff that you want to be protecting, you need to start like yesterday. 2025 is really when this should have started. 2027 is two years late. So I think France is doing the right thing by showing people how it's done. And I will say, I do this for a living. So I'm tracking all of Europe and the progression. And I've seen a giant leap from 20% on the service server side, people getting on board. And I'm tracking 80 some protocols, but on the web, one protocol, SMTP mails, another protocol, I've seen 20 to 30% jump, 10% jump in people who have turned on post-quantum algorithms. Yeah. David, your point about this being, you know, not a, not a study, not a, like I, when I first saw this headline, I was like, okay, well, this is going to be the most hang ringing statement of a statement of intent to form a focus group, to look at, like, I'm so used to those announcements from everybody. And I was like, oh no, this is like a, like, it's like a thing. Like that's, that's going to be presumably enforced. Obviously things can change, but yeah. Yeah, that's very meaningful from what I'm saying. And CCL in our chat here was saying here, didn't Google announce something like this back a few months? I mean, again, we're seeing private industry quite a bit. Again, I've been kind of surprised by how vocal some of these. Obviously, the first two, I think, of our Apple and Signal were very forward saying they were doing this with all of their messaging apps. I knew Google, I don't know the exact timeline for what they're doing with it. Yeah, but there's three things here. One, again, I can go deep, but just go to pqprobe.com if you want to know more. But I can tell you, for example, that people say they turn it on, but they only turn it on in one place and it's not very transparent. So they turn it on in their website and they don't turn it on on mail. So Google will say that they turned it on, but then you go look at all the Gmail and you don't see it. And you say, where is it on if it's supposed to be on? Show me the proof. I should be able to test it and see it out front. And then second, when they say they turn it on, you don't know to what degree and there's not like studied science yet. So I've tried to demystify a lot of that, just like with the other migrations. Like it should be very clear to people that if you put on, you know, a certain level of strength, it's sufficient. It's there's multiple levels, multiple ways that you can turn it on. And it has to be something that's agreed to. So there needs to be, I mean, to boil that down. So first is, are they turning it on in all the places that matter internally, especially not just on the outside? And then are they turning it on in a way that is consistent with guidelines? Second. And the third is a lot of people are pointing at each other and saying, well, who's doing it first and when should I go? And Google's doing it by 2029. And that's, for me, it's a lot of nonsense. We know the dates. We know the risks. Stop looking at each other and saying, can we be in a herd that's late? Start being one of the people that's turning on the protections for the sake of the people who would be harmed if their data was lost. All right, next up here, Jade Puffer ransomware used AI agent to automate an entire attack. Researchers at Sysdig have identified what they believe to be the first documented case of ransomware operation conducted entirely by an LLM agent. The ransomware named Jade Puffer, quality ransomware name folks, used an agent for reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and data encryption. It also adapted to failures during the intrusion in real time, retrying failed steps within refined parameters in about 30 seconds or so. So Jade Puffer gained initial access to the target by exploiting a vulnerability in Langflow, which we have talked about on the show previously. So this may not be the first absolute case. It seems to be the first one that we know about. I think it's interesting. Five years ago, this idea to me would have seemed like science fiction a year ago, an inevitability. I guess we're here now. Chris, from your perspective, are you assuming this is going to be a de facto way to run a ransomware operation next year? And I guess, how do we get ready for that? Yes. To answer the first part of that, yes, this is going to become the de facto standard. Autonomous ransomware doesn't change the playbook. It changes the clock. So every control, or let's say most of the controls you have still work. You just have minutes instead of days at this point. If you look at it, the kill chain is identical to what we saw in the 2018, 2019, 2020 era of ransomware. Initial access via something that's unpatched, you know, credential theft. lateral movement, persistence, and then encryption. The victim here didn't lose the AI. It's a patch management issue. The fundamentals still matter. What I find most interesting about this, because I went to business school and so I can't turn off the business side of my brain, the economics support this. They say, yes, next year, this is the de facto model because ransomware as a service has already commoditized skill. You know, the autonomous part of this, that's commoditizing the labor, which means the side channel effect of this is the soft middle, the SME, the SMB, those who could previously hide behind not being worth the time are now dead center in the sites. Yeah, I was thinking about the economics of this too. I was kind of thinking about it almost on the other side. I'll get into that in a second here, but Davi, where's your mind at when we're looking at Jade Puffer and agentic ransomware operations here? Well, it's not just that a patch was missing generally. It was the Lang Flow was unpatched, if I remember correctly. And so it was actually the framework for building AI that was unpatched. So it was like by trying to work with AI, you introduced a big problem because now AI is attacking the system that was supposed to be building AI. So it's negligence within the AI industry itself that is being popped by the AI industry. And so that to me says like, we haven't moved at all in our, in our world. We're still doing the same thing. In other words, we should do the same basic hygiene and egress monitoring and, you know, agents, I guess another way of putting this is the, a lot of the hype about how the mythology around how machines will do things that have never been done before, conveniently overlook the fact that the agents are trying to do what's been done before. That's what they do is they learn from what's been done before. So what they're doing is running playbooks and humans are really good at, you look at any sports competition, you look at FIFA, you look at Super Bowl, you look at, you know what humans are good is trying to defeat playbooks. So I think that a better storytelling here is one, we don't really know that this was autonomous to begin with. Let's just assume it was, but there hasn't been a lot of proof of that, but let's just say it was autonomous as an attack. It's running a playbook and you can basically change the assumptions and the playbook will fail. And one of the things you can do is actually be patched. Actually, one of the playbooks that you're supposed to be running that no one runs is to actually do all the stuff you're supposed to do. So if you take your vitamins and eat your vegetables, boom, you're not going to be unhealthy. Whoa. I think you're right up here with CCL in our chat here. Proactive defense and preventative controls, only way that I can think of. I think that goes along with the take your medicine. I just remember the economic I was thinking of is ransomware has a major customer service component to it. And I do wonder if it's entirely agent driven, does that make that better or worse? And what does that impact the ability to get paid was the first thing I thought of. Because in the story, they said, you know, the bot claimed or in the LLM documentation, which it spewed out a ton of documentation, said it used AES-256, it used 128 or something like that. So I'm wondering one, if it messes up the ability to decrypt the data, does that impact anything? If you're gonna have the negotiation handled over an LLM, if it's possibly better because it can do more natural language stuff, I'm not sure. That to me is the weird economics of that. I know that's probably not as big of a consideration as, oh, now all of a sudden every SME and SMB is open to be targeted, but that was kind of where my mind went to that in a weird way. I don't, you know, AI customer service. I'm picking up what you're laying down. Yeah, it's a minor point, but that's where my mind is at. All right, let's finish up the show here with our last discussion here about the UK's Cyber Pledge and Cyber Shield here. So first up, part of the UK's big cyber reset here, they had announced this big Cyber Pledge. They were trying to get as many companies on the Financial Times Stock Exchange 350 onto it. This pledge would call companies to commit to making cybersecurity a board-level responsibility. register for the NCSE's free early warning service and require a cyber essential certification in their supply chain. So some basic controls this would all be voluntary and their companies are acting like it because only it seems like 15 firms on that 350 actually signed up to be part of the launch of the pledge That is 4%. I did the math, folks. But in other UK cybersecurity news, the NCSE laid out plans for a national scale sovereign defense capability they're calling Cyber Shield. I don't know if anything related to Europe I would call Shield. Otherwise, Max Schrems will just show up and start suing you, but that's a separate issue. This model would pair red and blue AI agents across critical infrastructure and government IT systems to both proactively probe for weaknesses and defend them in real time. To show you where this is at in terms of feasibility, the NCSC said the government can't deliver this capability on its own and will need to be done in association or partnership with leading frontier AI capabilities, cyber defense organizations, and academia, which tells me there's a lot of work to do. After rolling this capability out to government networks, the NCSC said it plans to transition it to commercially scalable solutions. Davi, this CyberShield here, I don't know, it gave me like Star Wars project in the 80s vibes here. It sounds great, but how are you going to do it? I guess, how are we reading that the UK Cyber Reset is going, given Cyber Pledge not getting a ton of support from the big companies here? CyberShield seems very amorphous. How are you reading this stuff? You mean it didn't give you Palantir in Iran 2026 vibes? You know, potato patata. So I think, you know, yeah, you bomb them to smithereens and nothing happens. I think the show itself so far, let me put it like this. France shows us how it should be done. Okay. And GitLost shows us how it shouldn't be done. And this is both not France and not GitLost. How would we propose autonomous agents with privileged access into critical infrastructure when you have GitLoss showing that agents are going to follow whatever instructions come in, control or data can't tell the difference. And you've just wired in a horrible vulnerability into your critical infrastructure. And on top of that, you've made things voluntary. I think the British are just totally out to lunch at this point. Like they don't get it. The Brexit maybe had some sort of effect on their brains, but they're falling behind in every possible way that I can see in the economy, in technology, in basic logic and reason. And so this to me says, look at what France is doing. Look at how they mandated the right thing and they're moving forward. And then look at how get lost popped agents and think about you didn't say anything or do anything to prevent that. So maybe you're on the wrong side in both. This does remind me of like, you know, and now to be fair, UK experienced some horrible retail manufacturing cyber attacks over the past year, right? Had major, like had significant impacts on their GDP. Like, so like, I could understand why the need for a reset here, but this seems to me like the, uh, like the reaction to the telcos to salt typhoon would be like, what if we had less oversight? Like was, is like to make, to, to lean into a voluntary scheme here. That to me doesn't make a lot of sense here. Chris does, are you reading this any different than Davi is at this point? I think I am, but not contrarian. Um, I'm hung up on this thought that I have, which is, um, you know, it was spurred on by your Star Wars comment. So your Star Wars comparison, it cuts both ways. SDI never worked out as advertised. But what it did do is it forced adversary spending and drove decades of R&D. So I'm thinking even if CyberShield under delivers on this national shield promise, institutionalizing the partnerships, the communication channels between government, frontier AI labs, CNI operators, that may be the deliverable here that actually matters. that's i i hadn't thought about it that way but yeah like even if reaching for this we won't get for it like playing that groundwork is valuable in and of itself right like shoot for the moon if you come up short you're still among the stars you know that whole thing no it was land the man on the moon so that you can bomb russia with nukes that was the i believe i'm thinking more like we got velcro davi but sure i mean you know he's no building the icb CBMs, the intercontinental ballistic missiles was sort of the framework under which we were trying to get people to go to the moon. Because if you can hit the moon, you have the accuracy to actually bomb the place you're supposed to. Because if you've, now we've revealed by looking at the historical research that Khrushchev is one of his primary complaints was that when he fired the missiles, they'd be somehow 3000 kilometers off range. They would accidentally hit Alaska when they were trying to hit something in the gulag. So that's, you know, they needed accuracy and how are you going to get people to focus on accuracy, put a man on the moon. So that was the kind of the hidden history. But I think, I still think maybe I was too harsh on the UK, but I just feel like they're missing the whole point here. And we know this from the history of how things have been built, to your point about Star Wars and military history. Silicon Valley, for example, was built up around World War II to make the bombers more effective. You know, there was a radar, basically, that they were doing research to make the bombers survive, more survivable when they bombed hospitals and civilians in Germany. And so that's Dresden being one of the perfect examples of that where some 30,000 people died, not a huge amount, but still it was successful in the fact that they had more survivability in the B-17s. And so if you want to do that again, then you basically have to fund it, but own it. You can't basically fund it and give it away. I think that's where people get confused. Like the success in Silicon Valley wasn't that they gave away the technology and people made their fortunes. It was that the technology was owned by the government, but it was designed and built by people who were in the technology. sector. And I see in the Cyber Shield the opposite, that they're like, we'll give you the money and then you actually get all the benefits and then we'll buy it back from you. And that's not going to work out at all. Yeah, that to me seems that, and again, going back to the cyber pledge as well, those are laudable things. I wish more, like a voluntary scheme, those all seem like very reasonable precautions here, but I wish we could get to a place where, I don't know, like companies would seem the self-interest in doing that as opposed to Nat. Turns out, no. Real quick, Chris has some issues with his camera, but he is still here. He is still with us. Don't worry, Chris, the voice of cybersecurity coming to us right here. We're going to close out the show here real quick. Davi, you already kind of started aligning some of the pieces here of our rundown here. But if you had one piece of advice to kind of give our audience as we're heading out here, what would it be kind of just based on the conversation we've been having today? It's focused on the fundamentals. I hate to say it because it's trite, but you got to look at the harvest now, decrypt later, and you got to look at the agility of crypto. You have to start moving towards the post-quantum because that is a real risk with real consequences for people that really matters. And I think the AI stuff is interesting and it's worth discussing. And I'd certainly get paid a lot of money to talk about it, but it is not, it is not the existential crisis that the vendors want you to believe. And I perhaps most important of all, we need better integrity controls to prevent integrity breaches. And that means we need to have independent validation of things vendors say we have independent validation in some of the crypto space because of the science behind it, whether that's the thing, are we going to be at risk or not? There's all kinds of independent research going on. But the AI space seems to have almost no independence. You have hundreds of people signing up to agree to a marketing brochure, because they're all going to get paid a lot, but no true independence in assessing whether or not this is something you should be focused on. So get integrity breach in your head, get your post quantum migration, go and look at France and focus on the fundamentals, eat your vegetables. and your baguettes, just to be nice to France as well. Chris, what... Lots of butter. Yeah. Oh, please. I mean, how else are you supposed to enjoy bread? Chris, what piece of advice would you leave our audience with other than bread and butter as a classic combo? All right. If I can't use bread and butter, I'm going to leave with the one thing that I'm going to go do, which is go check your GitHub org for accounts that haven't logged in since 2023. if an account hasn't logged in this year it doesn't need access it needs deleting oh I like this just a very like hey you get into a better state tomorrow I like this I like where our minds at this is absolutely lovely here alright that just about does it for this episode of the Department of Note thank you so much to Davi Ottenheimer and Chris Ray for being here some of my favorite guests to have on the show this is absolutely phenomenal please check out we'll have links to their websites to their LinkedIn and all of their good stuff Davi send me that link for the for the sandbox stuff I would love to share that as well and have that in our show notes so look for that at CISOseries.com and also a huge thank you to Vanta for being a sponsor today and helping make the show possible remember you can send us feedback anytime feedback at CISOseries.com and join us again next Friday at 4 p.m. Eastern for another edition of the Department of No. Thank you so much for joining us for your Friday stand up here. Have a great week. Stay secure out there. And for myself, for the big boss man, David Spark, for Davi, for Chris, and the entire CISO Series team, here's wishing you and yours to have a super sparkly day. Cybersecurity headlines are available every weekday. Head to CISOseries.com for the full stories behind the headlines. you