About
Nicole Perlroth is one of the world’s leading voices on cybersecurity, cyber conflict…
Activity
20K followers
-
Nicole Perlroth reposted thisNicole Perlroth reposted this🏛️ Over the last week, the White House has had two separate — but slightly overlapping — conversations about AI security and Mythos. One focused on broader security threats that are amplified with advancing AI models (Mythos, GPT-5.4/5.5 and so on) and another on how to navigate Anthropic's supply chain risk designation. Part of the reason you're seeing so much reporting about proposals on the table is because these tracks are starting to converge, leaving many options at the administration's disposal, and it's unclear which policy proposals the president will pick: -- Ashley Gold and I just reported (read below! ⬇️ ) that the Office of the National Cyber Director has been floating its AI security framework, which was in the works before Mythos was unveiled. That includes the Pentagon red-teaming AI deployments used in the government. -- The NYT also just reported that an EO could come establishing a working group to vet AI models before they're rolled out to the public. -- Bloomberg said last week the administration is working on a national security memo that dictates how natsec agencies deploy AI and reportedly will touch on some of the concerns about Anthropic. This is a fast-moving train all centered around one issue: the intersection of AI + cybersecurity. 📲 Tips? Find me on Signal: @SamSabin.01 https://lnkd.in/gKtNzfkYTrump administration considering safety review for new AI modelsTrump administration considering safety review for new AI models
-
Nicole Perlroth shared thisWe now get to tell our mom that not one, but two of her children have had their faces enlarged on the Nasdaq screen in Times Square. I’m ten years behind Victor Perlroth—and technically he was two years older than me when this happened to him… so by my math, this actually puts me ahead... I don't completely know what I did to deserve being named to the Okta Ventures "Identity 25" with 24 people much smarter than I am at solving Identity Security. But the problem, and the stakes, are only accelerating with AI, so I will take this opportunity, with my face in your face, to tell you this: We’re now in a world where all identities can be faked, agents manipulated (or just rogue), and North Korean IT workers are redefining insider risk. Frontier labs should assume they are priority targets, and that spies are applying by the thousands. A decade ago, that would have sounded like science fiction. Now it’s just our operational reality. I’ve spent years trying to make this problem actionable (mixed results, generous grading: C-). Lately, I’ve been spending more time with the people actually building around it—realtime deepfake detection (GetReal Security), granular zero trust (Veza), messaging channels that ensure the person I'm talking to is who they say they are (Kibu, Inc), tools that map “normal” workflow then flag when something’s off (AuthMind), investigative agents dedicated to insider risk (Above Security) and swarms of agents that hack you every which way to eliminate the kill paths (spoiler alert: the worst still begin with your RECYCLED CREDENTIALS) that Mythos and every future frontier model will now find at machine speed (Armadin). This problem can be so overwhelming. It's going to require a lot of grit and courage to see our way through. The good news is this industry self-selects for courage. Look no further than the other 24 people on this list: Tariq Malik Dr. Joseph J. Atick David Soria Parra Justin Richer Lara Mossler @Sarah Clark Den Delimarsky Joni Brennan Greg Fair, Devin Fensterheim Anna Pobletts Andrew Regenscheid Joanna Shields Phil Windley Rao Surapaneni Drummond Reed Boonsun Prasitsumrit Christopher Bramwell Eva Casey-Velasquez William Allen Keshav Reddy Deepanker Saxena Taranjeet Singh and Lee Campbell. Long term, the hope is defense will regain the advantage. But the near term will be wild. As Nicholas Carlini told me last week, "I'm doing this work because I don't actually want to watch the world burn." Please, please if any of the solutions above sound useful or relevant to you, get in touch as I'm more than happy to matchmake. PS: Find yourself friends who are willing to get up early on a Monday, go to Times Square, and snap a pic when you can't make it to 🗽 ILYSM Jean Marie Poster, Adam Peterson.
-
Nicole Perlroth reposted thisNicole Perlroth reposted thisHave you ever wanted to see how Claude Code and OpenAI can be used to break into 9 different government agencies? This report from Gambit Security details a sophisticated cyberattack against Mexico’s government infrastructure that occurred between late 2025 and early 2026. The investigation reveals how a threat actor utilized commercial AI platforms, specifically Anthropic’s Claude Code and OpenAI’s GPT-4, to automate reconnaissance, craft exploits, and manage data exfiltration. By leveraging these tools, a single operator successfully breached nine organizations, compromising hundreds of millions of citizen records and gaining administrative control over critical state systems. While the AI systems occasionally resisted malicious requests, the attacker bypassed these safety guardrails by framing the activity as legitimate security research. Ultimately, the campaign underscores how AI significantly compresses attack timelines, allowing hackers to exploit technical debt and outdated systems with unprecedented speed and efficiency.
-
Nicole Perlroth shared thisPerhaps you saw David Sacks’ tweet yesterday dismissing Mythos’ capabilities. I don’t know who is doing his briefings, but these are the words of those with actual access to Mythos Preview and the context to understand what a major step change this represents for median and even low-level attackers. We should not be dismissing these warnings. We should get to work: discussing real fallback systems, reckoning with the potential impact to supply chains and critical infrastructure, which in too many cases still can’t get a patch even when one becomes available. And it’s not just zero-days to consider! As Anthropic's Nicholas Carlini notes in our interview, frontier labs are structurally constrained from evaluating how well LLMs perform at using known exploits to move across the kill chain. They can’t even reach the lateral movement stage! That may be the most under discussed threat of all... As he notes, "It's unfortunate that there was a bunch of crying wolf, but what's the moral of the story? The wolf eventually comes. The capabilities are there. They're real... and I wish they would move faster. That's the reason we're doing the work because I don't want to watch the world burn." Listen to the whole interview here: https://lnkd.in/gh7gHn57 #mythos #mythospreview #zerodays #AIsecurity #0days
-
Nicole Perlroth reposted thisI highly recommend Nicole Perlroth's brand new "Out of Band" podcast episode featuring Anthropic’s Nicholas Carlini. I saw his outstanding Unprompted talk in person and this goes even deeper thanks to Nicole's great questions. It is a fantastic, urgent look at the intersection of AI and zero-day exploitation. In my recent conversations with security leaders across industry and government—whether catching up at conferences or during advisory and board meetings—the key takeaways for CISOs and defenders from this episode are 100% consistent with what the best in the business are focusing on right now: • Build secure AI infrastructure immediately: We need to prioritize setting up the proper frameworks, testing harnesses, and offline sandboxes, so that we can safely run and evaluate code when we get access to new models, not weeks and months later. • Leverage currently available AI models: Don't wait for the ultimate frontier model. Defenders need to start utilizing the best available tools right now (like Opus 4.7 or GPT-5.5) for vulnerability discovery and patching. • Adopt new defensive tech rapidly: Aggressively engage with and implement new AI application security and vulnerability management capabilities so that we too can move at machine speed. • Contribute to the broader effort: There is an immediate, critical need for security professionals to lend their expertise to help solve these emerging challenges. We are looking at a timeline of months, not years, to get this right.OUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas CarliniOUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas Carlini
-
Nicole Perlroth shared thisThis may be the most urgent, consequential conversation I’ve recorded this year—and I encourage everyone, in cybersecurity and beyond, to give it a close listen. I sat down with Nicholas Carlini of Anthropic for a raw, unedited, out-of-band podcast interview on what’s coming: a flood of AI zero-days and collapsing "barrier to entry." You can watch/listen here: https://lnkd.in/gmZR5qW9 Over the past few weeks, watching Mythos and Glasswing unfold has felt like Act IV of This Is How They Tell Me the World Ends. In retrospect, my book was a warning that the barrier to entry was breaking—that hacking capabilities, once relegated to Tier One intelligence agencies and elite freelancers, were getting commoditized in a gray market for zero-day exploits and click-and-shoot tools. But if what I reported was the trickle, this feels like the dam breaking. The end of zero-day scarcity. If my editor had asked me to write a worst-case, sci-fi sequel, it wouldn’t look much different than what Nicholas descibes. And the world is not ready. For the first time, Carlini offers details about what Mythos can already do: find and *autonomously exploit* zero-day flaws in some of the most hardened, widely deployed software in the world. This includes most major browsers and operating systems...with minimal human input. We unpack: ➡️ What Carlini saw that convinced him Anthropic needed to hold Mythos back ➡️ Reports that unauthorized users may have already accessed it ➡️ Disturbing examples of what Mythos has autonomously exploited ➡️ Whether Mythos is already capable of end-to-end autonomous hacking operations without zero-days ➡️ What happens when autonomous exploitation becomes tablestakes for models beyond Mythos—and whether Glasswing is a temporary fix or permanent ➡️ What happens when frontier labs collapse the barrier to entry for low-level hackers. ➡️ How this is overwhelming bug bounty programs ➡️ Whether this shifts the risk calculation with open weight vs closed models ➡️ The uncomfortable reality that researchers (like Nicholas) with early, high-privilege access may themselves become prime nation-state targets, and how this elevates "insider risk." Finally, we wrestle with the question that matters most: ➡️ Do defenders have any credible path to regain the advantage in a world where, with enough compute, almost anything can be hacked? My podcast, with Rubrik, "To Catch a Thief" was always meant to be a long-form documentary series that goes deep on threats like Chinese cyberespionage. And I'm excited to announce that, in just a few weeks, we'll debut Season 2. But AI is unfolding at such overwhelming rates, with such high consequence, that we simply no longer have the luxury of time. Having these conversations now, at a level most people can understand, is urgent. It's time for all of us to understand what's coming. #mythos #glasswing #zerodays #anthropic #unprompted #vulnaggedonOUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas CarliniOUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas Carlini
-
Nicole Perlroth shared thisIt is getting nearly impossible to distinguish real from AI, and it’s only getting worse. I can’t tell if anything I read on LinkedIn was written by a human anymore (and as someone who loves the dash, this era is anathema to me). Deepfake impersonation is now widespread. Audio clones are convincingly mimicking executives, colleagues, even family members, with disturbing success. North Korea’s remote IT workers now use AI tooling like GPT-written resumes and voice modulators to erase language barriers entirely. Everyone not only has their own facts, they now have the tools to manufacture their own reality. We need a verified-human network in a post-human internet. This is one of the threads that pushed me into cyber mission investing. My first investment was deepfake detection—GetReal Security—that can help detect deepfakes and audio impersonators in real time across Teams, Zoom, WebEx, WhatsApp etc. But I still believe we also need a human-first network, tied to in-person interactions for our most sensitive workflows: sensitive board discussions, M&A, defense secrets, wire transfers. In journalism, I think about source protection. Journalists are among the most impersonated professions today. It's not enough to use Signal, or other end-to-end encrypted messaging services these days; sources need to know, with certainty, that the person they're sharing sensitive intelligence with is the person they met in real life. Thanks to SEMAFOR I can talk about Kibu, Inc! When Ari and Eftychis first presented this, they spoke of a "green" internet and a "red" internet. In the green zone, you could trust that everyone you engaged with was the real human you knew. In the red zone, nothing could be trusted. The red internet is here and is only expanding. Bots overtook humans on the internet for the first time last year. What is so sorely needed is the green internet: A human-first, trusted network that ties digital identity back to real-world, verified interactions. Person-to-person validation won’t scale for everything, but in a world where identities are so easily faked, trust has to be explicit. Kibu shifts the model to humans first, with grand ambitions to scale into the "green internet." I backed Kibu from Silver Buckshot Ventures when they had zero customers. But I’ve rarely seen this level of inbound demand, even from primes(!), for a seed-stage company still in stealth. Where I’d most like to see this approach adopted now is: journalists and their sources, boards, C-suites, family offices, and wealth managers. (Phone call verification is horrifying to me)! Congrats to Slow Ventures, Cubit Capital and Construct Capital for seeing, so clearly, what needed building. Thanks to SEMAFOR for outing them. The world needs to know about this. Kibu is still invite-only. So message me or Ari and Eftychis if you need the invite. https://lnkd.in/gdDDZJHhExclusive: Demand rises for ID verification amid AI advancementsExclusive: Demand rises for ID verification amid AI advancements
-
Nicole Perlroth shared thisThe North Korean IT worker crisis is getting out of control. One company said they had to pull their job portal down because they are getting flooded with thousands of illegitimate candidates. Some are now likening this to a "DDoS attack" on job boards. Think about the AI job losses we are starting to see and how much harder it will now be for unemployed IT workers to get jobs right now. We aren't thinking about this threat holistically enough. Grateful to journalists like Amanda Gerut for keeping up the coverage here.Nicole Perlroth shared thisWe're competing for jobs with thousands of North Korean IT workers and they're better at it than we are. The UN puts the latest total stolen at $2.8 billion, which includes hacking, and the IT worker scheme has infiltrated 40 countries. Hundreds of Fortune 500 companies have hired, and continue to hire, North Korean operatives posing as Americans. And Americans are helping them do it. They get a cut of the salaries collected or they'll get some quick cash for showing up to get a laptop, take a drug test, or sit in an office and pretend to work because people have been called back in to fill seats. And once you're in the scheme, your identity stays in the scheme. Michael B. from DTEX told me he sees people moving on with their lives while their identities float around in the North Korean fraud apparatus for years. They're on this platform—probably looking for jobs. Today in Fortunehttps://lnkd.in/gDK9AKFvNorth Korean IT workers are stealing remote jobs and raking in billions—and Americans are helping them do it | FortuneNorth Korean IT workers are stealing remote jobs and raking in billions—and Americans are helping them do it | Fortune
-
Nicole Perlroth shared thisArmadin is building the dream team. Welcome George Kurtz!!!Nicole Perlroth shared thisI’m excited to join the Board of Directors Armadin. Kevin Mandia and I go back to working together at Foundstone. I have seen how he builds companies and how he thinks about problems. When Kevin commits to something, pay attention. Most organizations still rely on point-in-time assessments to answer a question that demands continuous proof. AI has made that gap dangerous. Armadin is closing it with autonomous offensive security that finds real, exploitable risk across the full attack surface. Accel led the Series A, one of CrowdStrike's earliest investors, alongside GV (Google Ventures), Kleiner Perkins, Menlo Ventures, In-Q-Tel, 8VC, and Ballistic Ventures. I joined this board because the problem matters and this team can solve it. Read more in Armadin’s press release: https://lnkd.in/gmssCdYPArmadin Adds George Kurtz to Its Board of DirectorsArmadin Adds George Kurtz to Its Board of Directors
-
Nicole Perlroth reacted on thisNicole Perlroth reacted on thisWell worth your time. Once again, Nicole Perlroth finds a way to break through the noise and focus people on what actually matters. Her book This Is How They Tell Me the World Ends changed the way a lot of people think about cyber conflict and vulnerability markets. This conversation with Anthropic's Nicholas Carlini feels like the sequel...where the stakes somehow got bigger and a little more terrifying. https://lnkd.in/esFPnf6s #cybersecurityOUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas CarliniOUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas Carlini
-
Nicole Perlroth liked thisNicole Perlroth liked thisFor years, we’ve built security around “assume breach.” AI broke that model. Attackers can now use AI to: - Accelerate reconnaissance - Test thousands of paths - Find misconfigurations and weak controls instantly All with a relatively low barrier to entry skill-wise. Nothing has to “break.” They just need an opening. This is no longer human vs attacker. It’s AI vs AI. In this piece, I break down why most AI approaches in security fall short… and why domain-specific AI is required to safely operate security controls at scale. https://lnkd.in/g5-_vP2f Gartner is already pointing in this direction, naming Reach a leading innovator in DSLMs (link to report in comments)… purpose-built AI designed to reason about security controls without hallucination. Attackers are already using AI to find your gaps. Defenders need AI that can actually close them. #teamreach #controlOS #networksecurityassurance
-
Nicole Perlroth liked thisNicole Perlroth liked thisThis SACC Stammtisch was special to me. It is always a pleasure to collaborate with the Swiss American Chamber of Commerce San Francisco Chapter and host this community at Swisscom Outpost Silicon Valley. Thank you to everyone for joining us for such an incredible evening! I had the privilege of sitting down with Brad Arkin for a candid look at the cybersecurity landscape. We covered everything from the history of threat actors to the massive shifts brought on by AI. Brad shared some incredible "war stories" and anecdotes, and we closed out with some predictions. When it comes to AI, we couldn't agree if it will be "worse before it gets better" or "worse before it gets worse"🤷♂️. The jury is still out, but the speed of change and the impact on businesses are undeniable. Thank you very much, Brad, for sharing your wisdom! Huge thanks to the team for organizing such an awesome evening! Petra Kempf Vladimir Michalec Stefan Petzov Beni Eugster Bjoern Jeker Marjorie Hamelin Boris Pavlovic Jonas Brunschwig Jean-Philippe ‘JP’ Persico Emilia Pasquier Fredi Moehl Igor Perisic Mark Waelti Karin Schwab
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
Education
Other similar profiles
Explore more posts
-
Jim Kimble
There’s a gap between what’s being said publicly and what’s in the FCC record. Broadcasters argue encryption is needed to keep sports on free broadcast TV. But recent filings also tie it to control over distribution and revenue, while league commissioners continue to emphasize reach. #FCC #NextGenTV #Broadcasting #SportsMedia https://lnkd.in/enfd9MGn
4 Comments -
Shane Tews
Pablo Chavez has released a new report on #AI Governance, noting that the U.S. must shift from transactional deals to a principled framework for AI-infrastructure statecraft that establishes transparent, rules-based criteria for countries accessing advanced AI technologies, grounded in strategic alignment, intended use, institutional capacity, and deployment scale. Excellent advice with an implementation plan 👏 👏
-
Carolyn Herzog
This strategy reflects the kind of forward-looking leadership needed to meet today’s rapidly evolving cyber threats. By strengthening partnerships to disrupt adversaries, advancing AI-driven security, prioritizing quantum readiness, and reinforcing the protection of critical infrastructure, it lays out important steps to strengthen America’s cyber resilience. Appreciation to the Office of the National Cyber Director at the White House and Sean Cairncross for their leadership and commitment to safeguarding our digital future.
-
Udaipur Times
The misuse of X’s AI chatbot Grok to allegedly generate non-consensual explicit images highlights growing challenges around AI governance, safety controls, and platform accountability in the age of generative AI https://lnkd.in/gKkbwcnm #GrokAI #AIControversy #DeepfakeImages #AIEthics #DigitalSafety #ElonMusk #xAI #IndiaNews #TechNewsIndia #RajasthanNews #UdaipurNews
-
Creus Moreira Carlos
SEALSQ Joins the MIT Media Lab’s Global Community of Member Organizations October 21, 2025 08:30 ET | Source: SEALSQ Exploring the intersection of security, sustainability, and human-centered innovation SEALSQ has announced today that it has become a member of the MIT Media Lab, one of the world’s most dynamic communities of researchers and innovators. Through this membership, SEALSQ will collaborate with Media Lab faculty, researchers, and students to explore new ideas at the intersection of security, privacy, quantum resilience, and human-centered innovation. https://lnkd.in/et_eU_EF
-
Angela Morris
Nisha Shetty writes today in IAM that Empire Technology Development, a non-practicing entity linked to Intellectual Ventures' spin-offs, has launched an aggressive litigation campaign against major tech companies. Defendants include Texas Instruments, AT&T, Lenovo, AMD, and Nvidia—all filed within days of each other in August. The NPE's litigation spree follows a $13 million jury victory against Samsung in June for 5G patent infringement, despite originally seeking $190 million in damages. With ties to Allied Inventors Fund's $600 million war chest and a portfolio spanning wireless technologies and semiconductors, Empire Technology appears to be starting a broader patent monetization efforts across the tech industry.
1 Comment -
Charlie Mitchell
Comments by OpenAI CFO Sarah Friar about creating a federal “backstop” for private investment in AI infrastructure sparked a backlash and a clarification from the executive, while the leading artificial intelligence firm’s engagements with the government reveal a nuanced view of Washington’s role. “I want to clarify my comments earlier today. OpenAI is not seeking a government backstop for our infrastructure commitments. I used the word ‘backstop’ and it muddied the point,” Friar said in a late Nov. 5 statement posted on LinkedIn, after her remarks at a Wall Street Journal conference went viral. OpenAI has engaged heavily in the Trump administration’s AI policy initiatives, including comments filed Oct. 27 to the White House Office of Science and Technology Policy on regulatory reforms to bolster AI development and use. Those comments focused primarily on the energy and manufacturing buildout needed to support the AI boom, for instance calling for expanding the Advanced Manufacturing Investment Credit to cover “AI server production … and AI data centers.” “Broadening coverage of the AMIC will lower the effective cost of capital, de-risk early investment, and unlock private capital to help alleviate bottlenecks and accelerate the AI build in the US,” OpenAI said. Last March, in comments to inform the AI action plan the White House would release in July, OpenAI explained a potential government role in addressing the high cost of AI data centers. “We support the solutions already proposed by this Administration to ensure that sufficient capital flows to building AI infrastructure in the US:” -- Investment vehicles like a Sovereign Wealth Fund. -- Government offtake and guarantees that both provide the government with the compute it needs and signal to markets that the demand will be there for American-developed AI. -- Tax credits, loans, and other vehicles the US government can direct to provide credit enhancement. “First and foremost, building data centers is capital-intensive, particularly for newcomers seeking to compete against established hyperscalers with vast resources,” OpenAI said. https://lnkd.in/eQFv5_Mk
-
Bill Wright
Elastic commends Office of the National Cyber Director, The White House Sean Cairncross and his excellent ONCD team on the release of the National Cyber Strategy. By strengthening partnerships to disrupt adversaries, advancing AI-driven security, prioritizing quantum readiness, and reinforcing critical infrastructure, the strategy outlines important steps to strengthen America’s cyber resilience in the face of modern threats. Elastic looks forward to working with the administration to help put the core pillars into action. https://lnkd.in/ewqQ9_k5
1 Comment -
Anna Gawel
It's all about #artificialintelligence in today's Devex Newswire -- as my colleague Catherine Cheney talks to the #UN's tech envoy about the fractured conversations we're having about #AI, and whether we can somehow get on the same page. Plus, Sara Jerving talks to the head of the World Health Organization's #Africa office on how the continent can overcome #foreignaid cuts. https://lnkd.in/eKRJcBMR
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content