Details of Alan Turing’s Voice Encryption System

A recent auction revealed a cache of papers detailing Alan Turing's "Delilah" project, a portable voice encryption system developed during World War II. These papers, handwritten by Turing and annotated by his colleague Donald Bayley, shed light on his work in cryptographic history.

South Korea making its own security-centric AI model

South Korea is developing its own security-focused artificial intelligence model, adapting a local large language model project for security and sovereignty. The initiative aims to create an AI that can compete with advanced models like Mythos.

Protecting Privacy in an AI Era

Daniel Solove argues that individual control over personal data is insufficient for regulating privacy in the AI era. He proposes holding companies accountable through measures like data minimization, fiduciary duties, and liability for harmful technological design and algorithms.

CISA urges software vendors to formalize vulnerability disclosure programs

CISA, alongside international cybersecurity agencies, has released guidance urging software vendors and online service providers to establish formal Coordinated Vulnerability Disclosure (CVD) programs. These programs aim to improve vulnerability management and product security by structuring how organizations receive, assess, and respond to reports from security researchers.

Guten Tag, Bonjour, Hola to Our European Cyber Defenders!

Dark Reading has launched a new 'DR Global' section to provide region-specific cybersecurity intelligence outside of North America. This expansion aims to offer tailored insights for European cyber defenders, acknowledging the diverse threat landscape and unique challenges faced globally.

White House launches AI-driven vulnerability clearinghouse to speed cyber remediation

The White House has launched the Gold Eagle initiative, an AI-driven vulnerability clearinghouse designed to accelerate the identification, prioritization, and remediation of software vulnerabilities for government agencies and critical infrastructure operators. This program aims to coordinate vulnerability reporting and remediation efforts across federal agencies, open-source communities, and the private sector, leveraging advanced AI capabilities.

Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers

CISA, NSA, and international partners have released guidance on establishing Coordinated Vulnerability Disclosure (CVD) programs. The guidance offers best practices for software manufacturers and online service providers to work with security researchers, including clear policies for reporting, triaging, and remediating vulnerabilities. It also suggests using third-party intermediaries to support these programs.

7 skills and traits of elite security engineers

The article outlines seven key skills and traits that define elite security engineers, emphasizing the growing importance of AI in both defense and attack landscapes. It highlights the need for engineers to understand and leverage AI-powered tools for predictive threat detection, as well as to comprehend the emerging threats posed by AI.

European Court: Apple Can Not Shirk Off its Interoperability Requirements

The General Court of the European Union has ruled against Apple, upholding its obligations under the Digital Markets Act (DMA) regarding interoperability. This decision ensures greater choice for developers and users in Europe by allowing applications from outside Apple's ecosystem and potentially facilitating research into Apple's operating systems.

Manage Vendor Risk in a Few Practical Steps

Managing vendor risk is a complex but achievable task with disciplined governance. Key steps include defining risk tolerance, ensuring visibility into exposure, and maintaining board oversight. Implementing precise governance is crucial for effective third-party risk management.

Upcoming Speaking Engagements

Bruce Schneier has announced a list of his upcoming speaking engagements at various cybersecurity and privacy-focused events. These include the Policy-Relevant Privacy Research Workshop, Boston Leadership Exchange, Cognitive Security Conference, and DEF CON 34. The events are scheduled for July and August 2026 in different locations.

You Don't Have to Run an Exploit to Know If You're Vulnerable

This article discusses the challenge of validating vulnerabilities without running live exploits, which is often impossible due to the lack of public exploits or the critical nature of affected systems. It introduces the concept of TTP chaining, a method to assess exploitability by validating the underlying attack techniques an exploit relies on, thus allowing for security posture validation without direct exploitation.

EPIC, CFA, Fairplay Submit Recommendations Ahead of Potential Rulemaking for Colorado Automated Decision-Making and Chatbot Laws

Digital rights organizations EPIC, the Consumer Federation of America, and Fairplay have submitted recommendations to the Colorado Department of Law. These recommendations are in response to the state's request for stakeholder input on upcoming rulemaking for new laws concerning chatbot safety and the use of automated decision-making technology (ADMT) in consequential decisions.

Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots

This article discusses the integration of AI agents, specifically mentioning Claude, into Security Operations Centers (SOCs) to aid in investigations. It highlights the value seen in specific use cases but also raises questions about broader architectural design and the potential for combining autonomous AI with human analyst copilots.