CyberWire Daily - A wake-up call on frontier AI.
Episode Date: April 29, 2026OpenAI and Anthropic brief Congress on cyber-capable AI. The GAO flags improper DOGE access to Treasury payment systems. Greece moves to end online anonymity. CISA orders agencies to patch an exploite...d Windows zero-day. Researchers uncover ransomware that destroys data instead of encrypting it. State CISOs report falling confidence. Neurodivergent cyber pros cite inclusion gaps. Police arrest a 19-year-old alleged Scattered Spider member. Our guest is Chris Boehm, Zero Networks’ Field Chief Technology Officer, on minimizing your blast radius. AI lowers the bar and lengthens the line in the courtroom. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Chris Boehm, Zero Networks’ Field Chief Technology Officer, discussing "One Compromised System and BOOM, Meet Your Blast Radius." Selected Reading OpenAI, Anthropic brief House Homeland Security on AI cyber threats (Axios) Scoop: White House workshops plan to bring back Anthropic (Axios) GAO report on DOGE payments access ‘just the tip of the iceberg’ (Federal News Network) Greece to ban anonymity on social media (Euractiv) CISA orders feds to patch Windows flaw exploited as zero-day (Bleeping Computer) Broken VECT 2.0 ransomware acts as a data wiper for large files (Bleeping Computer) State CISOs Report Lower Confidence Across the Public Sector Cyber Ecosystem, 2026 NASCIO-Deloitte Survey Finds (NASCIO) Neurodivergence in the Cybersecurity Workforce (ISC2) Teen charged in Chicago was part of international ‘Scattered Spider’ hacker group, feds say (Chicago Tribune) People Using AI to Represent Themselves in Court Are Clogging the System (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Today's sponsor, Rapid 7, has an irresistible invitation for you SISOs and security practitioners out there.
A free two-day virtual summit, the subject, preemptive security.
Join the Global Cybersecurity Summit on May 12th and 13th from wherever you like.
A-list speakers will show you how organizations are disrupting attacks before they can blow towards.
your day. You'll see how
exposure management, MDR,
and AI together let you
make the decisive move.
Registration is open at
rapid 7.brighttalk.com.
Open AI and anthropic
brief Congress on cyber-capable
AI. The GAO flags
improper Doge access to treasury
payment systems. Greece moves
to end online anonymity.
SISA orders agencies to patch
an exploited Windows Zero Day.
Researchers uncover ransomware that destroys data instead of encrypting it.
State Sissos report falling confidence, neurodivergent cyber pros cite inclusion gaps,
police arrest a 19-year-old alleged scattered spider member.
Our guest is Chris Bame, Zero Network's field chief technology officer,
on minimizing your blast radius.
And AI lowers the bar and lengthens the line in the courtroom.
It's Wednesday, April 29, 26.
I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining us here today. It's great as always to have you with us.
OpenAI and Anthropic delivered classified briefings to House Homeland Security Committee staff
on cyber-capable frontier AI models and risks to critical infrastructure sectors.
According to Axios, the company's outlined security implications of new systems,
including Anthropics' unreleased Mythos preview model and OpenAI's tiered rollout of GPT5.4 cyber.
Officials also discussed China's alleged industrial-scale efforts to copy U.S. models and risks from jailbroken systems that bypass safeguards.
Lawmakers describe demonstrations of misuse scenarios as alarming.
Early congressional exposure to offensive cyber capabilities in AI models,
signals growing urgency around regulation, infrastructure protection, and government access to
defensive AI tools as adversary competition intensifies.
Meanwhile, the White House is considering executive action that could ease tensions with
Anthropic and expand government access to its cyber-capable mythos model.
Officials are consulting industry on guidance that could soften restrictions tied to a Pentagon
supply chain risk designation.
Agencies, including the NSA, are already using mythos as legal disputes continue over
anthropic limits on military applications.
Resolving the dispute could shape federal access to advanced defensive AI tools as agencies
weigh operational needs against restrictions on surveillance and autonomous weapons use.
A government accountability office report finds Treasury grant a government-auntability office report finds Treasury
granted a Doge employee improper access to sensitive federal payment systems, including data tied
to tax refunds and benefits. According to Federal News Network and GAO, the staffer could view,
copy, and print Bureau of Fiscal Service payment data in early 2025 and was briefly able to modify
or delete records before access was revoked. GAO also found the employee shared an unencrypted
file containing U.S. aid payment details without approval. Treasury's monitoring tools failed to stop
the transmission and required security procedures were not followed. The findings highlight gaps
in safeguards protecting large federal payment data sets and suggest broader oversight risks
as Doge seeks access across agencies, with watchdog's warning current reporting may represent
and only preliminary findings.
Greece is advancing a proposal to require identity verification for social media users,
aiming to reduce anonymous harassment, misinformation, and coordinated online abuse.
Digital governance minister Dimitri Papastergio told,
You're active, the plan is under review within the prime minister's office ahead of the
27 national elections.
Officials say anonymity enables threats.
hate speech and fake accounts promoting political figures.
The proposal would not eliminate pseudonyms,
but would require platforms to confirm each account corresponds to a real person.
Implementation details remain unclear.
Mandatory identity verification could reshape platform accountability requirements
and online speech enforcement,
while raising technical and legal questions about privacy,
platform compliance, and potential EU-level coordination.
Sessa has ordered federal agencies to patch a Windows vulnerability
after evidence of active exploitation in zero-day attacks.
According to Akamai, the flaw stems from an incomplete fix to a prior remote code execution issue
and enables credential theft through auto-parsed shortcut or LNK files.
Sisa added the bug to its known exploited vulnerabilities,
and set a May 12th remediation deadline.
Researchers warn the Vect 2.0 ransomware contains a flaw that permanently destroys large files
instead of encrypting them for recovery after payment.
According to Checkpoint, the malware mishandles encrypted nonces, unique values used during encryption,
by overriding them during chunk processing.
Only the final portion of affected files remains recoverable.
while earlier sections cannot be decrypted even by attackers.
The issue affects Windows, Linux, and ESXI variants.
Vect operators also promoted partnerships targeting victims of recent supply chain compromises
linked to Team PCP activity.
Organizations hit by Vect 2.0 may face irreversible data loss
rather than recoverable ransomware encryption, increasing operational risk, and reducing the
value of ransom negotiations.
A new survey from the National Association of Chief Information Officers and Deloitte finds
state chief information security officers report sharply lower confidence in protecting
public sector systems from cyber threats.
According to the 26thennial study, only 26% of state CISOs said they're highly confident
in safeguarding information assets, down from 48% in 2022.
Confidence in local governments and public universities dropped further, while 94% of CSOs now help shape generative AI security policies and 16% report budget cuts.
Nearly half identified cybersecurity effectiveness metrics as their top initiative.
Shared infrastructure across state and local agencies increases cascade risk from a single compromise,
while AI-enabled attack techniques are raising pressure for coordinated whole-of-state defenses.
An ISC-2 Workforce Study finds neurodivergent cybersecurity professionals
remain engaged in the field but report lower workplace support and higher fatigue than their peers.
According to the ISC-2 Cybersecurity Workforce Study of more than 16,000 respondents,
12% identified as neurodivergent, 67% reported job satisfaction slightly below non-neurodivergent peers,
and only 64% said they feel valued at work.
Respondents were less likely to hold management roles,
and more likely to report exhaustion from keeping pace with evolving threats and technologies.
Inclusion gaps and workload pressures may affect retention across an already constrained cyberwork
force, while flexible work arrangements, recognition, and clearer career pathways appear linked
to stronger engagement and long-term participation in the profession.
Authorities have arrested a 19-year-old dual U.S. and Estonian National accused of participating
in scattered spider intrusions targeting major corporations for ransom.
According to court records obtained by the Chicago Tribune, Peter Stokes, known as a
online as Bucay was detained in Finland while attempting to board a flight to Japan.
Prosecutors allege he helped infiltrate corporate networks through help desk social engineering
and credential resets, including a 2025 breach of a luxury retailer where attackers claimed to steal
100 gigabytes of data and demanded $8 million. Officials say he participated in multiple attacks
dating back to age 16.
The case underscores the continued operational impact of loosely organized, youth-driven intrusion groups, targeting enterprise authentication workflows.
Coming up after the break, my conversation with Chris Beam, Zero Network's field chief technology officer, we're discussing minimizing your blast radius.
And AI lowers the bar and lengthens the line in the courtroom. Stay with us.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave.
And with Threat Locker, DAC, defense against configurations, you get real assurance that your environment is free of misconfigurations
and clear visibility into whether you meet compliance standards.
threat locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CSO's real visibility, real control, and real peace of mind.
Threat Locker makes zero-trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2S3.
UK today.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application
security incident last year, and 92% of responders reported threat levels have increased in
the past two years.
Guard Square delivers the highest level of security for your mobile apps without compromising
performance, time to market, or...
user experience. Discover how Guard Square provides industry-leading security for your Android and iOS
apps at www.gardsquare.com. Chris Beam is Zero Network's field chief technology officer. I recently
caught up with him to learn how to minimize your blast radius. Because cyber criminals adjusting
to how they're working on gain foothold and then blasting out, it's being done slightly differently.
This is not new.
Like they've done living off the land.
That's why the terminology is there.
The fear is full control.
And then how long they're there?
I can talk with multiple different industries
and each one has its own fear.
One is the business resilience
is making sure we're still running.
The other one is I have very sense of information.
I don't want that to be shared out.
So there's different levels of scarcity,
but it's all the same challenge.
How do we prevent attackers from Muirra?
And that's really the fear.
And how that's being elevated is there's multiple new technologies out there for hackers to leverage, including the AI, to move a lot faster.
And even I think it was a crowd strike.
It was a couple weeks ago.
They said the average attack speed is under a minute now.
Like, it's insane.
It's insane how fast things are moving after they get in the environment.
Yeah.
I know you've pointed out that some of these third actors are blending their activities, making them look more like,
legit behavior. Can you dig into that for us a little bit? What's going on there?
Yeah, the main shift there is a lot of people have the fear of zero-day vulnerabilities
or someone downloading the military's payload and then gaining access. The real thing is
that's happening that we're seeing is people are gaining access through your legitimate users.
And this is, this is, you can think, I can think of a few public-sized news articles that have
happened on big companies recently. It's not because they went in and they just hack,
hacked through a backdoor, they actually gain access to using your credentials and then gaining
access to your environment. And most people aren't prepared for that. Because what happens if I
used Dave, your user account, and you have access to everything in your environment, you're an
administrator, then all of a sudden I have access to everything as a hacker. And that's where the
fear happens. And that's where the problem is really occurring right now. Because the tools out
there are pretty good to prevent. But what happens if it's not a prevention and it's legitimate?
That's the real challenge.
So what are your recommendations then for folks to deal with this?
The way it's being focused in the market today is leveraging the zero trust mindset.
You know, least privilege access, reevaluating,
making sure you're hitting the proper roadmap of understanding do you belong here
and are you say you are who you say you are.
As someone that's looking into this market and they're not on that journey just yet,
consider yourself in the position like I just mentioned.
Code someone who had access to your system administrative account.
How far could they go and what did they do?
And how do you prevent that from happening?
The conversations I hear typically shifted.
Oh, I have bubbles and I have security measures in place.
Again, they're acting as if they are you.
So the security measure is just in place to get you to the machine itself
or is it across your whole area environment?
And usually it's preventing and isolating that machine access initially,
you know, going through your identity credentials,
gaining access appropriately,
and then you're like, okay, you're good to go,
you can do what you need to do.
We don't all hurt business.
But that's where attackers are taking advantage with that today.
How do you go about balancing the need to protect the organization
against the desire to not slow down your users?
I think there is a fine balance there.
The challenge you run into is how do you make it frictionless
while providing the most enforcement, just like you mentioned?
And our approach at Zero Networks is,
we took it as a, let's harden in on those administrative actions,
things that actually make a difference,
but your normal standard users won't even notice what we're doing in the back end.
So it feels frictional as a business.
The challenge it starts getting into is what about service accounts and overprovenous accounts?
There's AI accounts.
There's other things that are happening that you're like,
well, now we need to harden to learn that.
And that's the approach we're taking on.
How can we identify a service account?
Harden it to what it needs to do based on learning and don't hurt business.
So we have to take a second day approach.
Let's just say we know what that account's doing.
We have an idea.
We lock it down.
Then we learn naturally right afterwards, hey, you've made a change, your developer,
or whoever, now they're trying to access this.
And we try to make that as fluid as possible to make the business move as fast as possible
while staying secure.
So there is a fine balance, and that's why it's so hard in the space.
Microsegmentation is not any technology.
It's been around for 20 years, or, well, I think 20 years this year, actually.
So the fact that you're able to fully automate all the hard work of knowing what's going on in your environment,
that's why we had to learn and provide an automated tool versus something that's,
hey, here's a tool that you can do micro segmentation.
And that's how it's been in this industry for the past 20 years.
You mentioned a user being overprivileged.
And I hear about that pretty often where, you know, it seems like people just through the natural course of business,
They build up privileges along the way, but those never get revoked.
How do you make that automatic?
And again, not get in the way of them accessing the things they need to access.
Yeah.
I don't know of any industry that doesn't have a little bit of overprivilege
unless they have a very sickler of an identity security routine.
What I mean by that is you're right.
It's very common.
That's why certain tools like identity security posture management has been spinning up.
If you're familiar with that tool line,
they're encouraging, hey, this is bad behavior.
You should go toward this.
It's kind of like the cloud posture management security solutions as well.
This machine is too open to the web, so on and so forth.
So the approach is now we can educate our users.
Well, it doesn't matter because we might need this account the way it is.
And the other problem is not everyone even knows what they need.
When I was working at one of my former companies,
if you look at my tenure, I worked at Microsoft.
It was not uncommon for a developer.
per se, I just need full God mode.
And you're challenge them back.
And you're like, wait, wait, wait, why do you need you get access to everything in this tenant?
Well, it's easier.
That's the answer.
They had their own deadlines.
They have their own commitment.
So you had these power horses that, you know, make pretty good money that's work on new technology.
And they're like, it doesn't matter.
I just need to get this running and working.
And I don't want to figure out all the controls in place.
So they take it as a business operation and speed versus, hey, this is what you really need.
This is the limit of access.
I think that's why it's such a problem.
It's not going very, very easily because by default, we almost encourage you to just have admin God mode versus you only need this.
Unless your business practice is that mindset.
So how has AI affected the types of things that you all do?
It's been drastic.
So AI hasn't influenced our product.
We actually have taken more of a hands-off AI approach.
We want to know real facts.
If we started doing AI and our business, then we would have the fear of taking down businesses.
So instead, we've done, we know what's happened, we know what's communicating, and we can provide hardening through your environment.
That's the approach we have done at zero networks.
AI is more of a guiding tool like searching logs.
That's the approach we've taken here.
Now, how we see AI being used by our customers, that's a different conversation.
For example, they don't know fully what's happening in their environment.
know what service accounts and privileged accounts are communicating with AI if it's an internal
LLN, for example. Or the other approach is I don't know what is using AI and they want to have
AI hardening. For another instance, I'm not hidden on anybody, but let's just say Spotify's right
in your machine. If you're familiar with Spotify, since that's a pretty public and common use
application, it uses Gemini in a back end. Well, maybe I don't want to have any Gemini access
into my assets. There's other tools that are leveraging AI.
And that's another concern.
Like, I don't even know what is being spread around.
I'm just improving the tool because I want a business to keep running.
So there's a different level approach that we're seeing AI used by customers,
and we can see the insights to this communication based on our tool for hardening purposes.
Where do you suppose we're headed here?
As you look toward the future, what sorts of things do you imagine will have in place?
To be clear, like on AI, on zero networks itself, zero trust.
I'd say more on zero networks and zero trust, yeah.
Right now, it's been mostly around the fact that as a company, I have had this pain,
and I'm solving this pain by going in this direction.
That is how it's mostly been in the industry when it comes to why I might look at micro-segmentation and then isolation.
Now, what's interesting is multiple regulations are now, just now, starting to enforce audit visibility and control,
proving who you are, who you say you are, in regulations.
I mean, HIPAA has a new one coming out right now.
They want more audit visibility control.
It's in the pending phase.
We have new AI regulations come now.
They want to know accountability of what's actions and how it's being managed.
We have more enforcements that are pushing toward a zero trust mindset versus it's a goal and a mission.
Like, hey, I'm as a CISO, what to push my company into a zero trust.
So I think as a future, not just for zero networks, but as an industry, we're almost enforcing and pushing people.
If you want to be PCI compliance with this in the new modern age, then you need to have more levels of enforcement, validation and control.
And it's not just the regulators that are pushing this.
It's actually even cyber insurance and other parts of the business because they're seeing too much risk here.
So they want to limit that risk.
So I would say that's probably where things are going to be shifting the next few years.
AI is a big part of it as well.
And I suppose, I mean, is it fair to say that part of the journey that people take with folks like you who are in that business is to be not just doing your checkbox regulatory compliance, but really seeing it all the way through to its full potential?
Yeah, yeah, specifically with us. I would agree that's very true.
There's always a checkbox companies that they're moving too fast or they can't keep up with the momentum of the market.
I get that.
But when I'm working with customers, it's a board level one-year initiative.
Like, we can hit fully segmentation within the year.
And that's huge.
Like, I can prove it.
I have full control and visibility.
And I'm talking fortune, let's just say, 2,000 companies.
Like these are big companies that are hitting these one-year goal lines.
That's something that most companies could have ever dreamed of in the past.
They would have had a multi-year journey.
They would have said, hey, we're working toward this.
We're pushing through this dream of having least privilege access and control within our environment
while we're moving into cloud and we're learning and leveraging LLN's our environment.
So it's just a very different approach and that's where we're getting a lot of success, I should say, within the market.
It's because we can deliver it in a very short period of time while actually delivering fully what we're saying we're trying to do.
That's Chris Beam, Zero Network's Field Chief Technology Officer.
And now a word from our sponsor, the Center for Cyber Health and Hazard Strategies, also known as CHS.
Looking for a graduate degree that will give you an edge on your professional career?
Earn a Master of Science in Law at University of Maryland Carey School of Law.
This part-time two-year online graduate degree program is designed for experienced professionals to understand laws and policies that impact your industry.
Learn from CHS faculty who are experts in their field.
No GRE required.
Learn how you can master the law without a JD at law.
u-maryland.edu.
It's never too early to plan your summer story in Europe with WestJet,
from rolling countryside to cobblestone streets.
Begin your next chapter.
Book your seat at westjet.com or call your travel agent.
WestJet, where your story takes off.
And finally, Abraham Lincoln is often credited with the observation that he who represents himself in court has a fool for a client.
In 2026, he might have added, and possibly a chatbot for co-counsel.
A new study finds self-represented federal court filings have risen sharply since generative AI tools made it easier to draft complaints, motions, and other legal paperwork, shifting by,
both who shows up in court and how much work they bring with them.
According to researchers Anand Shah and Joshua Levy,
pro se filings held steady at about 11% of civil cases until 2022,
then climb to 16.8% by 2025.
The study reviewed 4.5 million cases
and found these filings now include 158% more motions and docket activity.
Researchers say plaintiffs not defendants,
are driving the increase, suggesting AI is helping people initiate complaints rather than respond to them.
Lower barriers to filing may expand access to justice, but also risk slowing already strained courts
as judges process more AI-assisted paperwork, some of it enthusiastic, some of it templated,
and all of it still requiring human review.
And that's the Cyberwire. For links to all of today,
stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes
or send an email to Cyberwire at n2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music
and sound design by Elliot Helksman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ivan.
Peter Kilpe is our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.