The recording of my second Binary Cartography webinar is public: Agentic Malware Analysis: From Task Automation to Deep Analysis Topics: string decryption, API hashing, unpacking & pipeline building Recording: youtu.be/azej1P17w9E Slides & samples: github.com/mrphrazer/binary-…

For most of 2025, I was skeptical that AI was already playing a major operational role in real intrusions. Most public examples seemed limited to phishing and supporting tasks. This report by my friend Eyal Eyal lines up with what I have been hearing elsewhere, too - in recent publications and in private conversations with people seeing this stuff up close. I think that phase is over. AI is moving into the operational core of attacks. With stronger models, open models, and jailbroken variants circulating, the economics have changed. Tailored tooling, exploit adaptation, and large-scale analysis get cheaper and faster. I expect AI to play a major role in future campaigns, and that means more variation, more fresh tooling, and less reliance by attackers on recycled code. All the more reason to focus on controls and detections that do not depend only on known samples. Worth reading.

Evaluating models on cybersecurity tasks is *really* hard -- probably the *hardest* part of building these tools. I want to correct a few misconceptions from this post. > The results show something close to inverse scaling: small, cheap models outperform large frontier ones Yes, because this only tested for true positives! This completely ignores the unbearably high false positive rate you get from small, open models. Small models are incredibly sloppy thinkers that are easily biased to give "desired" outcomes. You can give them almost any nontrivial code snippet and they will "find vulnerabilities". If you ran this system across the entire codebase, it would be impossible to identify the real bugs from the slop. Truly impressive models (and scaffolds) strike a balance of finding the subtle bugs without too much noise. For now, large closed-weight models with scaffolds for extensive validation dominate.

I’ve been grinding hard on AI for the better part of the last 8 months - learning, building, adapting, and pulling late nights just like so many others right now. Cutting through the FUD and hype, there is real potential here. Industry-breaking potential. The era we’ve been waiting for - to finally supercharge and develop the tools and platforms we’ve wanted to build for years - is here, and agent assistance is accelerating everything. With coding agents, I’ve built solid tools and had research breakthroughs that would have taken weeks or months before. These should feel like real wins worth celebrating. But honestly? I don’t feel victorious. In many ways, it just feels necessary to keep pace. As Dave said: adapt or be left behind - and for good reason. I’m not ready to be left behind. But damn, I’m tired. I’m tired of constantly reinventing myself. Tired of constantly re-tooling. Tired of the endless cycle of keeping up, the late nights, and the personal sacrifices that come with it. I’ve even lost the desire to share knowledge and research with the community the way I used to. From the conversations I’ve had, I’m far from alone - many others in this space feel the same but don’t necessarily vocalize it outside of smaller circles. Is it because I see AI purely as a threat? Not really. The offensive side of our industry has been heading this way for a while, and I’ve been moving with it. The truth is, the excitement Dave describes is real - but for me right now, it’s mixed with exhaustion. I’m grateful for the breakthroughs, yet I catch myself wondering how long I can sustain this level of constant reinvention without something giving. The early-2000s energy is back, sure… but so is the burnout that often came with it. Being a bit older now, with young kids at home, the pace hits differently. I don’t have the same endless energy I once did, and the late nights and constant context-switching carry a heavier weight. Finding balance is tough, but it feels more important than ever. Hopefully we can all figure out how to ride this wave more sustainably - without burning out in the process.

LiteLLM hack summary: What is it, why it's smart to target it, and how it happened (so far)

The real reason AI is failing inside companies? Let’s say it. A company decides to go all-in on AI. The CEO announces the vision. The CTO aligns. The CIO gets the budget. Then the real transformation begins. Chief AI Officer. AI Center of Excellence. AI Ethics. AI Governance. AI Steering Committee. AI Committee for the AI Committee. Soon, you have 12 people managing AI. And one person using it. The intern. The only one actually shipping anything. Everyone else is busy… aligning on the prompt. AI doesn’t fail because of the technology. It fails because we turned it into a meeting. So here’s a thought: Are you building with AI… or scheduling it? #ArtificialIntelligence #AITransformation #Leadership #FutureOfWork #Innovation

Our latest GTIG AI Threat Tracker report reveals how adversaries are integrating AI into operations. We detail state-sponsored LLM phishing, AI-enabled malware like HONESTCUE, and rising model extraction attacks. Read the report: bit.ly/4adaUNk

Popular Text Editor Notepad was compromised by a nation state attacker presumably from June through December 2, 2025. The state actor used the access to reroute software update traffic to attacker controlled servers making this a supply chain attack. notepad-plus-plus.org/news/h…

Knowing how and when to apply different approaches to leadership is critical. A common mistake I’ve both seen and made is looking for consensus when there should have been policy

If you’re cringing at your old work, it means you’re getting better

Axios had a great pitch for journalism in the age of Al which applies to Threat intel Al is gonna dominate making sense of a feed of intelligence But it won't have unique visibility Tl in the age of Al is gonna be all about the visibility and context you can push to a model

Think about this using LLM summaries too…

Using CTFs to benchmark LLM bug finding is pretty awesome

We’re seeing a clear trend: attackers are bypassing the endpoint entirely. Not just avoiding traditional EDR-monitored systems by pivoting to embedded and edge devices, but now also operating purely in the cloud. No shell, no malware, no persistence on the endpoint. Just an OAuth token and full access to whatever’s in the victim’s Microsoft 365, Google Workspace, or AWS console. It’s a complete inversion of how things used to be. The endpoint, once the weakest link, is now usually the most monitored, most policy-enforced part of the infrastructure. You’ve got EDRs, SIEM integration, automation, threat hunting - the full stack. But attackers don’t need to touch it anymore. Instead, they go after the new soft spots: - Cloud platforms, where logging is limited, expensive, or off by default - Network devices and appliances, which are practically blind spots - obscure OSes, no EDRs, hard to monitor, hard to forensicate. - Embedded systems and IoT junk that no one really knows how to secure, but that sit in critical network paths. Cloud especially is a mess: - Logging tiers cost extra and the good stuff is behind paywalls. - Detection content is lacking, both from vendors and the community. - You don’t get memory dumps or full control like you do on endpoints. - You’re at the mercy of the provider when it comes to visibility and response. And that’s the shift: attackers aren’t hacking computers anymore. They’re hacking trust relationships, identities, and APIs. The whole idea of detection and response needs to evolve with that. Otherwise, we’re securing the hell out of endpoints while attackers happily fish through mailboxes and cloud shares from halfway across the planet.

This is a great summary. We (and by we I mean mostly @willoram) have been using variants of this diagram to describe the inversion of attack paths to identity-based intrusions - a major trend in our incident response cases over the past year.

Parts of it may well be deemed "outdated". But the reason college curriculum is structured as it is instead of being a grand industry tour on the Hot Topic Of The Day is that by teaching fundamentals, you teach students *how* to think, learn, and work. AI just bypasses that.

Now, you can ask: "what if my tasks at work are simple enough to where GPT does solve it all, easily? Can't I just use it for that?" Congratulations. You may have discovered the path to being unemployed. If the AI does everything you can do, *why would they keep you around*?

I have a hard time recognizing or appreciating Chinese innovation when I have spent my career responding to intrusions, particularly 🇨🇳 hacks of tech & data companies while at Mandiant. For so many in infosec, it’s impossible to differentiate breakthroughs from decades of cheating & theft. Here are some memorable quotes from my time at Mandiant (2014-2020): 🗣️ "We probably have somewhere in the order of 2,000 active investigations that are just related to the Chinese government's effort to steal information." - Christopher Wray, FBI Director, at the U.S.-China Economic and Security Review Commission, 2020 🗣️ "The Chinese government is known for using their military's cyber capabilities to hack into private U.S. tech firms. They steal I.P. and then transfer the technology to state-run companies for profit off of its development." - Rep. Matt Gaetz, at a hearing on Chinese IP theft, 2017 🗣️ "The greatest transfer of wealth in history is from the U.S. to China through cyber theft, and it's happening every single day." - Mike Rogers, NSA Director, 2015 🗣️ "There are only two types of companies in the United States: those who have been hacked by the Chinese, and those who don't know they've been hacked by the Chinese." - Robert Mueller, FBI Director, 2014

#100DaysofYARA 2025 edition begins tomorrow! Any #CTI or #detectionengineering folks looking for a self-paced challenge to start the year with a laid back & fun community? Look no further! The challenge is simple - write a YARA rule every day for 100 days