The DFS industry letters seem like an overreaction to the possible or purported results of releasing Mythos...

https://www.dfs.ny.gov/industry-guidance/industry-letters/20260521-heightened-cybersecurity-risks-assoc-with-frontier-ai-models

https://www.dfs.ny.gov/industry-guidance/industry-letters/20260521-guidance-on-measures-reg-entities-should-consider-in-a-hcte

I'm at the point where when you add '-native' to a word, I don't really want to sit and listen to anything else you have to say. The digital-native crap was unrepentant bullshit, cloud-native kind of meant something as an interstitial way to build something during a transitory state, and now we're repeating this, being so lazy as to not even try new vocabulary.

This entire article is literally glorifying writing prompts and knowing how to upload a file. Worse, they're implying knowing how to do this 'natively' provides an advantage of some sort (I guess everyone else is an AI-immigrant). Btw, all this stuff came out a few years ago, so these college students aren't actually 'native' in the sense of 'growing up with the technology'. It wasn't around to facilitate cheating on papers when they were in high school.

College students are smart enough to know that isn't much of a skill. The real 'skill', if you can even call it that, is evaluating AI outputs and iterating, which requires operational context, something entry level people are now expected to have with no experience. It stretches incredulity. The real, real skill is being an AI integrator, plugging LLM capabilities into existing software flows. That requires a lot more than playing around with prompts.

https://www.wsj.com/tech/ai/ai-natives-graduates-job-cuts-6bab8ac9

The word 'pioneer' gets thrown around too loosely in the cybersecurity space.

Having just lost a real one, reflecting on some of the goobers we repeatedly let have an outsized voice in this industry.

Even the music industry eventually relegates some folks to the nostalgia tour.

And now his watch has ended, and we shall never see his like again.

https://www.nytimes.com/2026/05/17/technology/peter-g-neumann-dead.html

https://www.nytimes.com/2012/10/30/science/rethinking-the-computer-at-80.html

https://www.nytimes.com/2012/10/30/science/peter-g-neumann-and-the-hacking-culture-of-the-50s.html

https://www.nytimes.com/1988/04/18/us/breach-reported-in-us-computers.html

I think we have to start looking at dual-class stock structures at a technology vendor as a form of third-party risk.

If a firm's leadership is, in a practical sense, never accountable to stock holders, customers, employees, or their own Board, how are they accountable to their own decision making?

How does that affect their willingness to take potentially irresponsible risks?

RE: https://sigmoid.social/@cigitalgem/116563567804418693

Gary is right...

I recently joined my colleague @s_crawford on the latest episode of Eric Hanselman's Next In Tech podcast to discuss the security implications of Anthropic’s Mythos announcement: https://www.youtube.com/watch?v=fl2r3cUVlDs

A lot of the public conversation around AI and cybersecurity quickly drifts into nonsensical 'AI ends security' territory, and unfortunately that obscures a more nuanced reality around the role of current and future frontier AI models in finding vulnerabilities and the practical implications for enterprise security folks around remediation.

The models are clearly improving at vulnerability discovery, exploit development, and attack chaining, and that matters. But the larger issue is what this does to remediation timelines, operational scale, and software supply chain risk. We also discuss:

• Why benchmark demos and real-world operational capability are not the same thing.

• How faster patching creates new incentives for attackers to target update and package ecosystems.

• Why generic security advice increasingly feels disconnected from the actual problem space.

• Where AI-driven detection, response, and deception technologies may realistically evolve from here.

A great discussion as always, especially around separating legitimate technical progress from theatrical AI hype.