Matthew Rosenquist

@[email protected]
74 Followers
39 Following
358 Posts
CISO, Cybersecurity Strategist, and active industry advisor to businesses, academia, and governments around the globe. I was formerly the Cybersecurity Strategist for Intel Corp. and benefit from 30+ years of experience in ops, threat assessment, crisis, policy, planning, and strategy. I do cybersecurity predictions every year, evangelize best-practices, and am on multiple technical and academic advisory boards. I have a passion for cybersecurity and collaborate closely with the top minds in the cybersecurity industry to tackle some of the most troublesome challenges.
LinkedInhttps://www.linkedin.com/in/matthewrosenquist/
Cybersecurity Insights PodcastCybersecurity Insights https://www.youtube.com/c/CybersecurityInsights
Matthew Rosenquist10h ago

For those of you who have been questioning the power and impact of Mythos, claiming the initial restricted use (Project Glasswing) was just a marketing ploy, I urge you to reconsider and listen to cybersecurity experts.

The Mythos Effect is real. It is a signal of change across the industry, forced by the order-of-magnitude performance in finding and exploiting vulnerabilities by a new generation of AI models (soon from several vendors).

Anthropic is acting ethically, but unfortunately, such performance gains cannot be contained for long. Every major AI vendor is pursuing towards this level of competency, which impacts security capabilities to respond and close weaknesses before they are exploited.

Matthew RosenquistJun 2

According to the DBIR 2026 report 31% of breaches exploited technical vulnerabilities. I expect this number to continuing rising as the next generation of AI models, like Anthropic's Mythos, become available to hackers. Technical exploitation simply becomes easier for a much larger community of adversaries.

Now, let's round out that picture by understanding that 62% of breaches included some element of human risk, because people are still in the loop and have access to important systems and data. We cannot forget that cybersecurity foundations go beyond just technology, as it also involves people and the processes which connect the two.

I created several video shorts, discussing interesting aspects of this year's DBIR, which can be found here: https://www.youtube.com/@CybersecurityInsights/shorts

Matthew RosenquistJun 1

Anthropic publishes a security framework for autonomous AI agents but fails to deliver a realistic plan.

Their paper is a good start but it is not realistic as a practical framework for comprehensive AI #cybersecurity

Read the 12 Unaddressed Failures:
https://open.substack.com/pub/matthewrosenquist/p/anthropic-ai-security-framework-is

Matthew RosenquistMay 29

https://open.substack.com/pub/matthewrosenquist/p/ransomware-trends-2026

The latest ransomware trends highlight good news, but more risk.

The Verizon DBIR 2026 report shows 69% of organizations refusing to pay extortionists, which is up from last year!

This is great news as the more victims deny attackers their goals, it creates a long-term deterrence effect. However, in the short term, it will drive criminals to be more extreme in their actions to compel victims to pay.

We must stay strong! To do that, we must be prepared when ransomware strikes, so we can recover without providing material support to our enemies.

Verizon DBIR report link: https://www.verizon.com/business/resources/reports/dbir/
I created several video shorts, discussing interesting aspects of this year's DBIR, which can be found here: https://www.youtube.com/@CybersecurityInsights/shorts

Ransomware Trends 2026

Latest ransomware trends highlight good news, but more risk

Cybersecurity Insights
Matthew RosenquistMay 20

Oh, so you thought Mythos and other AI models would only find vulnerabilities in software? Well, finding weaknesses in firmware and hardware is traditionally much more difficult, requiring specialized skills and in some cases very expensive tools. But AI is very proficient at specific types of hacks like memory corruption. Such architectures are embedded in CPUs, GPUs, and other processors as well as system memory.

This week, vulnerability researchers used Mythos to identify and exploit a kernel memory vulnerability in the Apple M5 computer chip that powers MacBooks and iPads. That is the core brain of the system.

The strategic takeaway is that new AI models like Anthropic’s Mythos will greatly expand the capabilities of responsible and malicious vulnerability researchers to find weaknesses in technology throughout the stack. Data, applications, interfaces, operating systems, virtualization environments, network transports, firmware, and hardware systems are all on the menu when it comes to the next generation of vulnerability detection and exploit creation.

Full Article: https://open.substack.com/pub/matthewrosenquist/p/cybersecurity-must-prepare-for-ai

Matthew RosenquistMay 13

I am looking forward to a spirited discussion with my amazing colleague Cassie Crossley on the rapidly shifting threat landscape. We need to discuss how Anthropic’s Mythos is a signal for major disruption in the vulnerability management, security operations, and incident response domains.

CISOs, CIOs, CEOs, and Boards must understand the relevance and business value repercussions.

Thursday May 14th 9am Pacific
https://hmgstrategy.biz/May14SpecialReport

Come join this executive level discussion hosted by HMGStrategy!

Matthew RosenquistMay 11

Apple and Intel formally reconcile to once again produce chips. As 2027 nears and the likelihood of a Chinese invasion of Taiwan rising, the risks to serious global chip disruption is something that cannot be ignored. Apple is smart to diversify their supply chain partners and Intel is in a prime position to continue to manufacture and ship products, even if the South Pacific or China Sea is in chaos.

https://open.substack.com/pub/matthewrosenquist/p/apple-pivots-to-intel-for-a-secure

#cybersecurity #supplychain #china #taiwan

Matthew RosenquistApr 23

The security company Fingerprint discovered how on Firefox browsers, websites could track users even if they used private browsing tabs or the anonymity focused TOR browser. Mozilla closed the vulnerability in Firefox 150, that was released on April 21st 2026.

This vulnerability is another example how a subtle lack of entropy in the software industry can undermine privacy and security.

My full blog: https://open.substack.com/pub/matthewrosenquist/p/privacy-vulnerability-in-firefox

I expect more such issues to be discovered across browsers as the next generation of AI models are released, like Anthropic's Claude Mythos.

#cybersecurity #firefox #TOR #privacy

Matthew RosenquistApr 2

The Artemis II mission, bringing humans back to the Moon, had a successful launch today! The #cybersecurity industry can learn many strategic risk management lessons from today’s Artemis II achievement.

Full Article: https://open.substack.com/pub/matthewrosenquist/p/cybersecurity-can-learn-from-the

Matthew RosenquistMar 27

The RSAC conference has once again descended upon San Francisco and delivered an event that brings together the largest collection of industry leaders, technologies, and cybersecurity community events!

Over the course of several days, attendees accessed exceptional keynotes, thought-leading expert sessions, and an unmatched technology expo. During the evenings, there were countless private events, get-togethers, and parties to entertain.

Full Details: https://open.substack.com/pub/matthewrosenquist/p/rsac-focuses-cybersecurity-insights