@kevtownsend profile picture
Kevin Townsend @kevtownsend

Freelance author and journalist. Senior Contributor @SecurityWeek. LinkedIn: linkedin.com/in/kevtownsend

Joined December 2009
  • Tweets 3,404
  • Following 3,228
  • Followers 3,978
99 Photos and videos
Kevin Townsend retweeted
JC Gaillard
@Corix_JC
Jun 11
Will #AI Kill the Bug Bounty Industry? ift.tt/2UNFm0I @SecurityWeek @KevTownsend #tech #security #infosec #cybersecurity #CISO #CIO #CTO #databreaches #cyberthreats #cyberattacks #bugbounty #vulnerabilitymanagement #threatintelligence
4
5
66
Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. More here... securityweek.com/critical-vu… @SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI.

securityweek.com
1
2
1,674
Kevin Townsend retweeted
JC Gaillard
@Corix_JC
Mar 20
Shadow #AI Risk >> How #SaaS Apps Are Quietly Enabling Massive Breaches buff.ly/iGHS4qm @SecurityWeek @KevTownsend #genAI #AgenticAI #business #leadership #management #governance #CIO #CTO #CDO #CEO #CISO #digital #innovation #disruption #digitaltransformation #shadowIT #shadowAI #tech #data #datasecurity #cloudsecurity #cybersecurity #AIrisks
1
6
10
261
Total Compromise of iOS & Android Devices New ZeroDayRat toolkit delivers spyware comparable to nation state tools. Capabilities include a live keylogger, location & realtime tracking with embedded map, messages, bank & crypto theft & more. @SecurityWeek securityweek.com/new-zeroday…

New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices

Available via Telegram, researchers warn ZeroDayRAT is a ‘complete mobile compromise toolkit’ comparable to kits normally requiring nation-state resources to develop.

securityweek.com
1
3
6
2,050
RATs in the Machine Study of Transparent Tribe’s (APT36) ongoing and recent campaigns delivering GETA, ARES and DESK RATs highlights the rise of economic nation state attacks, and the use of persistence and stealth in these attacks. @SecurityWeek securityweek.com/rats-in-the…

RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India

Transparent Tribe (APT36) is targeting Indian defense and government sectors with GETA, ARES, and Desk RATs in a new wave of economic cyber espionage.

securityweek.com
90
What makes a #hacker tick -- what's the DNA? What motivates him or her to hack? Is this motivation born or bred? What drives the direction of hacking? A conversation with Kunal Agarwal (@kunalagarwal) provides some of the answers. @SecurityWeek securityweek.com/hacker-conv…

Hacker Conversations: Kunal Agarwal and the DNA of a Hacker

For Agarwal, being a hacker is not what you do, but who you are; that is, someone who always questions the status quo and questions how it could be different.

securityweek.com
1
3
1,475
Vibe coding knows all the words and hums all the tunes but never quite sings the song… @SecurityWeek securityweek.com/vibe-coding…

Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment

As AI coding tools flood enterprises with functional but flawed software, researchers urge embedding security checks directly into the AI workflow.

securityweek.com
2
1,727
The Cybersecurity Information Sharing Act (CISA) expires today. Can it, will it, should it be renewed? With thanks to Andrew Grosso and Moiz Virani for their thoughts. @SecurityWeek securityweek.com/the-cyberse…

The Cybersecurity Information Sharing Act Faces Expiration

The CISA is set to expire on September 30, 2025, raising urgent questions about risk, politics, and the future of threat intelligence.

securityweek.com
4
4
1,437
The first major listing of MCP risks from @Adversa_AI. No self-respecting agentic AI implementation should leave home without it. @SecurityWeek securityweek.com/top-25-mcp-…

Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited

A new ranking of Model Context Protocol weaknesses highlights critical risks—from prompt injection to command injection—and provides a roadmap for securing the foundations of agentic AI.

securityweek.com
3
3
1,894
JAJA! Just another jailbreak attack. But Adversa AI’s latest exploit also raises a deeper, long-standing dilemma: can full regulatory compliance coexist with robust security, or are they fundamentally at odds? @SecurityWeek securityweek.com/uaes-k2-thi…

UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features

Researchers exploited K2 Think’s built-in explainability to dismantle its safety guardrails, raising new questions about whether transparency and security in AI can truly coexist.

securityweek.com
2
4
1,920
OneFlip. It sounds straight out of James Bond: a single flip of a single bit in an AI weight could laser focus on an industrialist or political dignitary. But this is not fiction. It could happen right now. @securityweek securityweek.com/oneflip-an-…

OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail

Researchers unveil OneFlip, a Rowhammer-based attack that flips a single bit in neural network weights to stealthily backdoor AI systems without degrading performance.

securityweek.com
4
3
1,482
Managing the Trust-Risk Equation in #AI >> Predicting Hallucinations Before They Strike buff.ly/QeoAD4s #tech #data #genAI #LLM #business #cybersecurity #leadership #CISO #CIO #CTO #CEO #cyberrisk #digitaltrust @SecurityWeek @KevTownsend
4
7
153
PLoB by Splunk —:a behavioral fingerprinting framework to hunt down malicious logins immediately after access and before they can cause damage. securityweek.com/plob-a-beha…

PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins

Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion.

securityweek.com
1
76
Kevin Townsend retweeted
Extending Reach, LLC@ExtendingReach
6 Aug 2025
"We’re in this transition phase. Vibe coding still requires a lot of manual intervention to minimize the inherent problems with LLMs." How well is your biz addressing the transition? Thx @kevtownsend securityweek.com/vibe-coding… #security #developers #SMBs #startups #MSPs #programmers

Vibe Coding: When Everyone’s a Developer, Who Secures the Code?

As AI makes software development accessible to all, security teams face a new challenge: protecting applications built by non-developers at unprecedented speed and scale.

securityweek.com
1
1
115
Cost of #Data Breach in US Rises to $10.22 Million, Says Latest @IBM Report buff.ly/t0EFLgC @SecurityWeek @KevTownsend #business #leadership #management #CIO #CTO #CDO #CEO #CISO #cyberthreats #cyberattacks #databreaches #tech #infosec #security #cybersecurity
4
7
178
The UK will ban victims from paying ransomware payments. It sounds like a positive step, but is effectively little more than political flag waving: “To ban it outright is unrealistic and detrimental to the organizations they look to protect.” securityweek.com/uks-ransomw…

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?

Critics warn that a ban on ransomware payments may lead to dangerous unintended consequences, including forcing victims into secrecy or incentivizing attackers to shift tactics.

securityweek.com
1
3
3
1,322
Grok-4 Falls to a Jailbreak Two days After Its Release securityweek.com/grok-4-fall…

Grok-4 Falls to a Jailbreak Two Days After Its Release

The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak.

securityweek.com
1
1
4
359
Deform’d, unfinish’d, sent before my time into this breathing world, scarce half made up… King Richard III? No. Today’s agentic AI. securityweek.com/the-wild-wi…

The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore

As organizations rush to adopt agentic AI, security leaders must confront the growing risk of invisible threats and new attack vectors.

securityweek.com
1
65
Kevin Townsend retweeted
NeuralTrust
@NeuralTrustAI
23 Jun 2025
Thanks @kevtownsend for covering our Echo Chamber Attack research. We’re committed to making GenAI safer, appreciate you helping raise awareness. Here's our full report: bit.ly/4k9CWuN

Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails | NeuralTrust

An AI Researcher at Neural Trust has discovered a novel jailbreak technique that defeats the safety mechanisms of today’s most advanced LLMs

neuraltrust.ai
SecurityWeek
@SecurityWeek
23 Jun 2025
New AI Jailbreak Bypasses Guardrails With Ease - securityweek.com/new-echo-ch…
2
1
145
Deepfakes have crossed the Uncanny Valley. But fear not… so far, deepfake detection can defeat deepfake generation. Provided you use it. @securityweek securityweek.com/deepfakes-a…

The AI Arms Race: Deepfake Generation vs. Detection

AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.

securityweek.com
3
4
1,974
Load more