(4 DAYS BEFORE SUBMISSIONS CLOSE) I get this question a lot about the Find Evil! hackathon: What does “find evil” actually mean? In this case, the name comes from a real command. I built an autonomous incident response agent I built on the SIFT Workstation. Then I typed “find evil” as a prompt into Claude Code. And it did (watch the demo). I was blown away to watch the autonomous agent run a complete C drive forensic analysis, across 200 tools via MCP. The agent identified threat actor and context, the attack chain, malware deployment method, persistence mechanisms, code injection analysis, network connections, command-and-control (C2) infrastructure, a complete malicious process tree, and a chronological activity timeline. Two days after I shared initial findings, Anthropic released their report on how threat actors were deploying Claude Code with operational tools and letting it go do evil. (Same thing I was doing.) Find Evil! is the first hackathon dedicated to building autonomous AI agents for incident response. 4,178 defenders are working on final Find Evil! hackathon submits. (This number makes me very happy to see so many diving in. And wishing that the thousands more in our community were experimenting with us.) Your job: teach an AI agent to think like a senior analyst, how to sequence its approach, recognize when something doesn’t add up, and self-correct when it gets it wrong. There are FOUR DAYS left to build with us! (Very few of us are actual AI experts. The rest of us including me are learning.) Register: findevil.devpost.com Apply to judge: We need DFIR, AI, cybersecurity, and open-source reviewers who can separate useful autonomous response tools from polished demos. Apply: findjudges-9kvkxt6m.manus.sp… I am SO EXCITED to see what comes out of this hackathon and goes back to the community. Sponsored by @SANSInstitute

When Mythos was released, the entire community was asking the same question: what do we actually DO about this? /@gadievron, @rmogull and I worked on a paper, The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program, with coauthors Jen Easterly, Bruce Schneier, Chris Inglis, @RGB_Lights, @argvee, Joshua Saxe, @sounilyu, John Stewart, @k8em0, Dave Lewis, Maxim Kovalsky and 250 CISOs. Read it, share it: labs.cloudsecurityalliance.o… If you're a CISO or senior security leader, we're getting the community together this week (8 June in NY, 9 June in DC) to talk about the impacts are and how we change our playbooks now. Links here: labs.cloudsecurityalliance.o… And if your defenders have never used Claude Code, never automated a workflow with natural language, never seen how fast a capable attacker can enumerate a surface, they are cognitively behind. You cannot defend against a capability you have never touched. Every analyst, red teamer, and IR person needs personal reps with these tools. Yes, this is a hurricane warning. We have a buffer and some time to prepare. Workforce readiness is how you put boards on windows. Tools are meaningless without the people who know how to use them. Thanks to @politico @magmill95 and Dana Nickel for including me in this writeup: politico.com/news/2026/06/07… @SANSInstitute @cloudsa {un]prompted @OWASPGenAISec

They asked me to help #FindEvil. I said yes. 😈 Honored to be an official judge for the @SANSInstitute SIFT Find Evil! AI Hackathon. Shoutout to @robtlee for putting this together. 3,700 registered. Deadline June 15. No experience needed. Join 👉 findevil.devpost.com/ #CyberSecurity #AI #Hackathon

Ten things you need to know about the judges of the Find Evil! Hackathon: 1. They put cybercriminals in prison, testifying in military, federal, and state courtrooms. 2. Built some of the first government cyber-forensics labs. 3. Investigate computer intrusions, fraud, counterintelligence, narcotics, and homicide. 4. Stood up entire countries' national cyber-defense teams from scratch. 5. Hunt nation-state attackers inside Fortune 500 networks. 6. Wrote the books and shaped the standards the AI security field now follows, from OWASP to NIST. 7. Shipped the AI honeypots, cyber ranges, and autonomous agents deployed by defenders. 8. Wrote the rulebooks the AI industry follows today. 9. Engineer the identity and safety systems behind OpenAI, Google, Meta, and Palo Alto. 10. Carry more than five hundred years combined, with day jobs today at OpenAI, Google Mandiant, Palo Alto Unit 42, Adobe, and Stanford. _____ FINAL CALL for Judges and Builders in the Find Evil! hackathon for autonomous Al incident response, sponsored by SANS Institute. Judges: Find Evil! needs DFIR, AI, cybersecurity, and open-source reviewers who can separate useful autonomous response tools from polished demos. Apply here: findjudges-9kvkxt6m.manus.sp… (orientation call Friday, June 12!) Builders! Enter and compete for $22,000 in prizes. Join here: findevil.devpost.com Submissions due 15 June 11:45 PM ET. Please share with your community!!

In 1996, I was part of a small team that stood up the Air Force's first information warfare unit. There was no name for the work, no career path, no doctrine. We were writing it down as we went. Thirty years later, I was proud to be included in the CSIS Commission on U.S. Cyber Force Generation and contribute perspectives from my military background, experience as a Title 10/50 operator, and work educating the military's workforce. The commission spent the last ten months on a bigger version of the question I was living at the start of my career: if the country built a dedicated military service for cyber, how would you staff it, train it, and keep good people in it? Whatever the country decides to do, the questions in this report are worth sitting with and help inform the status quo. @SANSInstitute @CSIS Report: csis.org/analysis/csis-commi…

Have you tried Knostic yet? Another day, another coding agent supply chain attack. GitHub's breach with a VS Code extension unleashed the flood.

The executive order signed Tuesday asks AI developers to give the federal government up to 30 days with a frontier model before anyone else gets it. The draft floated 90. Security people wanted as much warning as they could get. The labs wanted less. At 30 days, nobody got what they asked for, which is usually how you know a compromise is real. (Both sides are now sufficiently disappointed. On schedule.) 30 days isn't a fix, though. It's a hurricane warning. You board the windows, you move the boat, and the storm still makes landfall. The buffer buys preparation, not prevention, and it only counts if you do something with it. The part nobody's arguing about: access to these capabilities is not equal, and it won't be. JPMorgan and Amazon will be fine. The order names rural hospitals, community banks, and local utilities as a concern, then leaves them a discretionary "where appropriate" while early access goes to trusted partners selected with the government. The hospital in Springfield sits at the back of that line. And closing your source code doesn't save you. Source code analysis is where Mythos is focused right now, which is why open source gets scanned first, but it does black box exploitation just as well. Nation-state teams have broken Microsoft, Apple, and Google for years without ever seeing their source. The vulnerabilities get found either way. (Adversaries don't wait for their tier assignment.) Under all of it is the oldest question in cyber defense: what is the government actually responsible for? The critical infrastructure everyone is worried about sits in private hands. The military can't defend a bank's network. The FBI takes the report after the breach. CISA runs real threat intelligence and coordination, but it doesn't have the authority to operate inside a private company and defend it. When Volt Typhoon and Salt Typhoon hit American infrastructure, they hit private companies, because that's where the front line is. (I came up through the military side. That gap still bothers me.) The order doesn't solve any of this. It documents the threat and starts the argument, and the risk now is that people read "signed" as "handled." The work is what the community builds during the buffer, which is why @gadievron, @rmogull, and I, with @cloudsa, @SANSInstitute, and [un]prompted, are running closed-door CISO sessions in DC (luma.com/jzr25473), New York (luma.com/kn2djk5v), and San Francisco. The people in the fight, writing the playbook before the vendors write it for us. If you're a senior security leader, you should apply to attend. Read the Mythos-ready security program paper: labs.cloudsecurityalliance.o… CISOs: do you actually know where your organization sits in that access structure? If not, that's worth finding out this week.

Anthropic and roughly 50 partners used Claude Mythos Preview to find more than 10,000 high or critical severity vulnerabilities in the first month of Project Glasswing. Most partners found hundreds of high or critical issues in their own code. (One month. Let that sit for a second.) Of those 10,000-plus, 97 have been patched upstream as of May 22. That number is not a measure of how hard anyone tried. It is a measure of where the work now jams. The Glasswing update says it plainly: software security used to be limited by how fast you could find vulnerabilities, and now it is limited by how fast you can verify, disclose, and patch them. High and critical bugs are taking about two weeks each to patch. Several maintainers have already asked Anthropic to slow its disclosure rate, because they cannot keep up. Discovery is no longer the bottleneck. The humans in the pipeline are. The patch playbook itself, coordinated disclosure on a 90-day clock, monthly patch cycles, the quarterly review, was built for a world where finding a flaw was slow. That world is gone. The playbook is not strained. It is finished, and most of us have not said that out loud yet. (I would love to be wrong on this. Correct me, and tell me what planet still runs on a 90-day clock.) Rebuilding it is not a tooling purchase. It is a skills problem, and a specific one. Working at this volume means triaging AI-generated findings ten deep, judging which severity ratings hold up, and deciding what gets fixed in what order when the queue is a thousand items long. That is human judgment under machine-scale load, and almost nobody has trained for it, because the tools that create the problem are months old. You cannot hire your way out of this, because the talent pool does not exist yet. All of us are figuring it out at the same time. So the people who can help you most are already on your team. They are the ones who know your business, who have worked real incidents, who understand what a finding actually means in your environment. What they are missing is reps on AI tools under realistic pressure. The @SANSInstitute Find Evil! hackathon is one place to get those reps fast. Practitioners build autonomous incident response agents, run them against real case data, and watch where the AI is sharp and where it falls apart. That last part is the point. The skill that transfers is not the agent, it is the calibrated judgment of when to trust the machine and when to override it, and that is exactly the muscle the patch pipeline now needs. Find Evil! runs through June 15, with $22,000 in prizes, at findevil.devpost.com. If you manage defenders, here is the Monday version. Pick two people who know your environment cold. Give them protected time this month to put AI tools against your own findings backlog and report back on where the tools broke. That is the rewrite starting, in miniature, on your team. The Glasswing numbers should change what you do this week, not how well you sleep.

It’s 1 pm ET / 10 am PT, Fri. 22 May 2026, and there's no LIVE show. Replay #CXOTalk ep. 910 w guests: @RobTLee, #CAIO, @SANSInstitute Co-host David Bray, PhD., @StimsonCenter talking about the #AI attack lifecycle in an age of intelligent threats. cxotalk.com/episode/the-ai-a… #DFIR #AIsecurity #CSO #CSIO #CIO

Builders and skeptics wanted to judge the FIND EVIL! Hackathon. DFIR, Al, cybersecurity, and open-source reviewers who can separate useful autonomous response tools from polished demos. Favor - this has a goal of a far-reaching community impact - could you please SHARE this in your personal feeds? Apply here: findjudges-9kvkxt6m.manus.sp… Takes two minutes. More than 3,500 entrants. Building autonomous Al agents on the SANS SIFT Workstation (200 incident response tools on a single platform, 18 years of community development, 60K annual downloads). If you have expertise in these areas, I want to hear from you: Digital Forensics & Incident Response (DFIR) Al/ML engineering Agentic frameworks (Claude Code, LangGraph, AutoGen, CrewAl) Cybersecurity (offensive/defensive) Open-source development This is not a hackathon where you vote for your favorite demo. Judges review runnable open-source submissions, check required materials, and score evidence-backed autonomous incident response work. Winning entries released back to the community. Submissions close June 15. Judging runs June 19 through July 3. Decide who earned the $22,000 in prizes.

One in ten of you reading this have kids whose data is in the dump supposedly burned when Instructure paid the ShinyHunters ransom to avoid the liability of millions of minors' data hitting the field. 275 million records across 8,800 institutions in 50 countries, from kindergarten to Ivy League. Hard to trust that the data is destroyed when the hackers broke in a second time to post a ransom note across every school's Canvas login during the negotiation. First time that families saw a ransomware threat. I have twin teenagers. This just got personal. Criminals known for sophisticated social engineering are now capable of stitching the most credible spear-phishing ever assembled (student names and emails, schools and teachers, real message threads) onto WormGPT-class phishing at 93% success and SIM farms running thousands of numbers. You don't need to be a nation-state to run a convincing impersonation of a teacher, or to create illicit content and threaten to post to their social media accounts. You need a target list and a couple of hours. (And if it doesn't keep you up at night yet, ShinyHunters was responsible for the ADT breach and the AT&T breach, among many more in recent years.) What I would do now: 1. Freeze each kid's credit at all three bureaus. Block the long-tail identity attack that hits when the kid turns 18 and first applies for credit. Few parents have done this for their kids. 2. Set up a new email account for your kid's social media. Don't use that email address anywhere else.  3. Move 2FA off SMS and onto an authenticator app. If they didn't get contact numbers in this breach, ShinyHunters already had phone numbers from the AT&T breach. A SIM swap takes one social-engineered call. Google Authenticator and other apps are tied to the device, not the number.  4. Pick a family safe word. Make it weird, memorable, specific. Drill them often. Voice and video can be faked now, cheaply and fast. The word can't be faked unless the attacker is also at our dinner table. We told them AI was cheating at school. They are about to learn what it means to have AI used against them. We owe them a different conversation now.

“We have startups today that are 4 people large that are reaching $10 million valuation,” says @robtlee, Chief AI Officer and Chief of Research at the @SANSInstitute, in a recent fireside chat with XBOW CEO @oegerikus. “If you’re able to do business that way, why can’t you similarly create an attack team?” Watch more of their conversation: bit.ly/422eZPo

Nearly 3,000 people are spending two months teaching AI agents to FIND EVIL in real DFIR data. Now we need judges willing to tell them how they actually did. Apply at sansurl.com/find-evil-judge Both kinds welcome: the true believers who think AI-augmented incident response is going to rewrite how we do DFIR, and the skeptics who have been waiting two years for someone to show them something that doesn't hallucinate its way to a conclusion. (Either way, you're going to see things in these submissions you didn't expect. I'll leave it at that.) The judging rubric was built for serious evaluation. Six equally weighted criteria: 1. Autonomous execution quality 2. IR accuracy 3. Analysis depth 4. Constraint implementation 5. Audit trail quality 6. Usability Every finding has to trace back to a specific tool execution. Hallucinations caught and flagged count. Confident-sounding wrong answers do not get partial credit. (This is not a hackathon where you vote for your favorite demo. Real forensic data. Real agent execution logs. Real consequences for the community toolset that winning code goes back into.) Submissions close June 15. Judging runs June 19 through July 3. $22,000 in prizes. Come see what the community built. Apply at sansurl.com/find-evil-judge Judges will have their pictures on the findevil website. We are looking for judges with real DFIR and AI experience. Skeptics. Proponents. Everyone. (Front-row seat to watch autonomous AI agents work through real incident response cases. Whether that excites you or makes you deeply curious about where it breaks, you belong in this room.)

Data poisoning = someone did it to you. Data pollution = you did it to yourself.  You can't poison what isn't clean to begin with. Is a fired employee still listed as active, informing an automated decision? Conflating poisoning and pollution is how orgs end up building defenses against adversaries when their actual threat is their own data mess. The approval process and AI-assisted cleanup aren't governance theater. They're how we get to a state where poisoning is even a relevant threat model. We have to earn the right to worry about poisoning by solving hygiene first. This is important enough to need a leader. Security has the most to lose if it doesn't get one. We aren't going to do this cleanup manually. (We weren't going to do it before AI either, which is why we're all here.) I've released a LinkedIn Learning course talking about a model for how business units can work with security to get AI tool approvals for the cleanup in front of you. Parts 1-4 are live now: (free, ungated) gettoolapproved.ai Thanks to Cynthia Brumfield @CSOonline for including my and @chrishvm's POV. Important topic (and killer title): Poisoned truth: The quiet security threat inside enterprise AI: csoonline.com/article/416617… @SANSInstitute

“I spend all day, every day, looking at folks who misuse our models and our products. I want to walk through all of you what I've been seeing on the ground and how this has changed in the past year.” - Jacob Klein, @AnthropicAI's head of threat intel at the @SANSInstitute AI Summit. And then came the heartburn line: “Almost everything I’m walking through can be used by a defender as well.” He’s right. Defenders can point AI at endpoints at scale, code at scale, vulnerabilities, and SOC signals. Every serious defender already knows the list. The hard part is the operating reality: usable data, investigations that don’t depend on manual glue work, remediation that moves fast enough, and AI you can actually trust. What makes this a tougher sell is the reliability of the tools in our hands right now and our own skill gaps. And consider: we still get to watch some of this play out in the open. That window closes as attackers move to their own private tooling and infrastructure. The only way we get ready is by starting now: working on our own skill gaps, building muscle with the tools we have, stress-testing them in real environments, forcing the workflow changes that make AI for defense operational. Work on this directly with us: Find Evil! is live. Protocol SIFT is what happens when you wire an AI agent into a forensic workstation full of trusted tools and tell it to behave. It's an early capability with real outputs, failure mode. Join our community effort to make it something defenders can deploy. 42 days to enter. An incredible 2,500 builders and teams are in as of today. $22K in cash prizes. Sponsored by SANS Institute. findevil.devpost.com (You'll have to hear Jacob's full talk and the fireside chat with Bruce Schneier and Anne Neuberger: Are tech companies the new SOC? Check it out on the SANS Institute YouTube page.) Curious what you think. (And if you've entered in the hackathon?) #AIsecurity #cybersecurity #vulnops