John Childs

Are companies overreacting about AI risk? In many cases, the real issue is lack of visibility. Organizations often believe they understand how AI tools are being used internally - until they actually look. And what they discover is that AI usage is often far more widespread than expected. 👀 FortressAI helps organizations gain the visibility and control needed to manage AI safely. Learn more: www.getfortress.ai #AISecurity #CyberSecurity #AIAdoption #DataProtection #FortressAI

Where does control actually begin in a modern security stack? Most enterprise security architectures still follow a familiar sequence: activity is observed → telemetry is generated → signals are correlated → behavior is classified → an incident is declared → response begins This model is well understood. It is also increasingly downstream by design. By the time most security systems engage, the organization is already operating in interpretation mode—reconstructing context, validating signals, and coordinating response. Which raises a question I keep coming back to: Have we structurally accepted that security begins only after activity becomes observable? Cyber Crucible intervenes earlier in that chain. Instead of acting after telemetry is generated and classified, it operates at the point where activity is still being resolved in real time—before it becomes observable security data. Architecturally, this corresponds to a kernel-adjacent enforcement layer, but the operational relevance is more important than the terminology: -it prevents escalation before telemetry generation. That shifts the center of gravity away from detection and response, and toward a more uncomfortable question: -where does control actually begin in modern enterprise architecture? Because if most SOC and SIEM pipelines are optimized for what happens after classification, then the real constraint may no longer be detection capability—it may be the assumption that visibility is the first point of control. And I’m not sure that assumption holds anymore in modern environments. Curious how other security leaders are thinking about this: Where does control actually begin in your architecture—pre-telemetry, or post-telemetry? #CyberCrucible #ZeroTrust #EnterpriseSecurity #SOC #CyberDefense

Ransomware has rapidly shifted from a rising concern to a critical issue at the executive level. So, how has it become one of the most significant cyber threats organisations face today? Join CyberWin UK on April 29th at 2pm BST for an engaging session featuring Forbes Technology Council member name1 and ransomware and cybersecurity expert name2. In this session, we’ll cover: • The evolution of ransomware into a major global threat • The real extent of its impact across different sectors • Practical recommendations for improving awareness training • Expert insights to help organisations build stronger cyber resilience If you want to deepen your understanding and improve your defences against modern ransomware threats, this is a session you won’t want to miss. Reserve your free spot below: https://lnkd.in/eCzd7HRi

💸 Uber has already burned through its entire 2026 AI budget just four months into the year, and Claude Code is the reason. Uber CTO Praveen Neppalli Naga confirmed the overrun, saying the company is "back to the drawing board" because the budget it expected to need has already been blown. The surge came from rapid adoption of Claude Code across engineering. Uber rolled out access to around 5,000 engineers in December 2025. By February, usage had nearly doubled. By March, 84% of developers were classified as agentic coding users. Today, about 70% of committed code comes from AI, and roughly 11% of live backend updates are written by AI agents. The cost problem comes from how Claude Code is priced. Instead of a flat per-seat rate, it runs on token consumption, which scales quickly when engineers run parallel agents and full-codebase refactors. Even with a $3.4 billion R&D budget, Uber underestimated how fast adoption would move. Companies are no longer deciding whether to use AI coding tools. They are discovering that once engineers start using them seriously, old software budgets no longer hold. What are your thoughts on this? 🤔💬 Want to keep up with AI? 🤖 Follow Evolving AI to stay ahead of your competition (trusted by +4 million followers online) ✉️ Join 100,000+ newsletter readers and stay updated on the latest AI insights: https://lnkd.in/em9B--mb

The University of Florida is recognized again on the Forbes “New Ivies” list of public institutions — highlighting UF’s leadership in preparing students for an AI-driven workforce. ➡️ brnw.ch/NewIvy26

Traditional data breaches required hackers to manually search through stolen files. AI changes that. AI tools can instantly analyze thousands of documents, identify sensitive information, and summarize insights within seconds. That means the risk isn’t just data leaving your systems - it’s how quickly it can be understood and exploited once it does. ⚠️ Organizations need new ways to control how AI accesses company data. Learn more about protecting your organization’s AI usage: www.getfortress.ai #AISecurity #CyberRisk #DataProtection #AIThreats #FortressAI

Let's chew the fat for a minute, and talk about too much of a good thing. Speaking of chewing the fat, bacon fat makes for some great maple syrup glazes. The numbers are all over the place, with respect to: 1. How many employees admit they use AI in the workplace, and 2. How much of proprietary data they push up to AI. The numbers are bad if you are concerned about unmanaged data leaks by strange applications. Strange watery tarts throwing swords at people, letting people wield supreme executive power? Also bad. Possibly 95% of the files uploaded to AI contain proprietary data. Around half of the employees admit they use unauthorized AI tools. So, figure around 75%. Much like getting a company to admit to ransomware for statistics gathering (especially with The Fuzz calls), getting employees to answer truthfully for something they know they probably shouldn't admit to is a bit of a challenge. AI has some pretty cool uses. I love using it to take a 3000 word essay, and make executive summaries. I'm too suspicious to do the opposite; I'll have to find a college student to ask concerning effectiveness. Cyber Crucible, Inc. ran into a bit of an issue with alerting on violations of AI acceptable use. An alert or two from Sue in Accounting was the expected output. Not 1,000 alerts for an AI tool determined to upload and analyze all the data. So we had to do some quick refinement on alerts. That can be too much of a good thing. Well, depending on who is doing it, and what data. In this case, not a good thing. Improper AI tool usage blocked by the kernel, but far too many alerts. Somehow, cybersecurity vendors have trained us all that an endless stream of false positives are needed to demonstrate value. My theory is they all miss the days of pagers going off night and day. One alert of data access being blocked by an AI tool being used by a user or service account is enough. I was a huge pager fan before I could afford a cell phone. Until I got one for work. Now if you'll excuse me, I need to find more syrup for my poutine, and settle in for a long night of Knight Rider reruns. This (and other posts) live on in on my substack: https://lnkd.in/gP-5wMPw

The network perimeter stopped being the main attack surface years ago. Today, identity is the new perimeter - powered by tokens, keys, and credentials that grant access to critical systems. When those identity assets are stolen, attackers don’t break in. They log in. 🎥 Watch Dennis Underwood explain why identity protection is now the front line of cybersecurity. #CyberSecurity #IdentitySecurity #ZeroTrust #ThreatPrevention #InfoSec

Unfortunately, Cyber Crucible, Inc. was impacted by this recent Microsoft event, and are waiting our turn to have this matter corrected. Like every news event, there are things that are accurate and things that could use some better communication. Microsoft did inform the hardware developer community that re-validation was coming. The notification was in a quite obscure blog, and the popup was only if you were logging in to submit drivers frequently. There are some understandably hurt feelings because many companies don't update their driver files frequently. Cyber Crucible did the re-validations in multiple times, as requested, since that October 2025 blog post. We can echo the frustration by the software vendors online now saying, "...but we did the things Microsoft asked, each time, promptly". Maybe the database wasn't being updated (see #1 below) Do you know what this really feels like, with no proof? 1. Someone ran a bad database update on the Microsoft approved Independent Software Vendor database, disabling a myriad of legitimate, active Independent Software Vendor accounts. Or the database was not being updated with the validations that were being done. Or deleted, who knows. Let's skip the old drivers for a second. 2. No IT or developer wants to volunteer the "oops". People have lost money. 3. The human-centric support channels had been moved to chatbots. (OK, this is true. The CoPilot support bot is worse than some 1990's Yahoo IM chatbots, and it didn't have access to the "right" support channel anyway.) 4. The hardware developer community is a bit of a sleepy part of our IT infrastructure dominated by very specific skills and needs. They are now completely overwhelmed with LOTS of people yelling about their supply chain now being interdicted. (made smaller by recent efforts for "AI" to replace bespoke development talent.) Or some other black swan event that someone like Mr. Krebs will research and report about in a few months. There are some related things we have seen in the past couple months that are not in the news. So if you happen to have a friend at Microsoft that can push us through the sea of vendors, we'd appreciate it. Also, to the folks that have helped us quietly get through this thus far, you all rock, I owe bottles of whiskey, and I hope to repay every favor before 2026 is up. There is a bigger argument about support mechanisms and business process optimization for dark corners of the technology world that the rest of us all rely on. Waiting for some EDR-flavor-of-the-week marketing saying, "19 out of 20 surveyed hackers agree security tools shouldn't use kernel drivers" in 3, 2, 1... https://lnkd.in/g49RamdP