Olivia
Online
Fred Heiding
@fredheiding
Researching AI and computer security | Harvard Belfer Center
Cambridge, MA, USA
Joined May 2020
1K Following
725 Followers
128 Posts
Pinned Tweet
The Good, the Bad, and the Ugly of AI Security: https://t.co/MIzVNMcCpy
If you’re in Vegas for the hacker week, stop by our talk on the Good, the Bad and the Ugly of AI security, with @ncdinglis
#BHUSA Briefings "The Good, the Bad, and the Ugly of AI Security" will highlight recent case studies, including Project Glasswing and China's illicit use of U.S. AI models to hack American infrastructure. Learn more and register today 🔗 https://t.co/Wh7PlaGFvN
This Executive Order is an important step in strengthening America’s leadership in AI.
We look forward to collaborating with the White House to support its implementation.
https://t.co/ZwDimPrp3t
Who to follow
VK Agentis
@khoo_q
ɢᴏᴅ ɪs ᴛʜᴇ ɢʀᴇᴀᴛᴇsᴛ ᴏғ ᴀʟʟ
Robert Morcos
@RobertMorcos
"Dad" and "Founder" are the titles I'm most proud of. Living the American dream in Miami. I write about socs, small business, and the global tech supply chain.
Kaze Starlight
@KazeStarlight
🐴 Player horrível de IDV e Hollow Knight, curto MLP, compartilho artes e falo bobeiras 🐴 (fanboy da Starlight Glimmer)
The current era of international relations is a transition period where the United States, China, and emerging powers are testing new configurations of global power. Now more than ever, cyberattacks and information warfare are being used to shape those power constellations.
Over the past century, technology has made countries more interdependent. James Lewis argues that this will continue, despite isolationism. Time will tell. Here’s a great writeup: https://t.co/KuI30WZhJA
AI won't cure cancer or solve cybersecurity. Scaling models alone won't change that, nor will trillion-dollar investments in compute. We need to address societal problems, fragmented data, and misaligned incentives first.
Right now, the AI race promises everything under the sun, but primarily accelerates risks and centralizes power among a handful of companies.
We need much better accountability and risk quantification before and after model deployment, as well as democratic oversight and incentives realigned toward public benefit.
More on this here, by @HumaneTech_: https://t.co/JquuU7AO7t
Your bank balance lives in a database. Your medical records sit on a server. Your car is an operating system on wheels.
Modern life depends on digital security. So what happens when an AI model holds a skeleton key to our digital world? Anthropic's new model, Mythos, found thousands of previously unknown zero-day vulnerabilities in the software that runs the world in just hours —including flaws in every major operating system and web browser, some of which had survived decades of human review.
On this week's episode of Your Undivided Attention, Tristan sits down with cybersecurity experts @josephinecwolff and @fredheiding to talk through what Mythos actually means — for governments, for companies, and for all of us who rely on digital security to go about our lives.
Watch - https://t.co/kEj6GIPmZc
Listen - https://t.co/W1o08ogTkR
Why is Canvas still "in maintenance mode"? The only logical conclusion is ShinyHunters did SOMETHING to prevent Canvas from working as intended....
I can assert with a high degree of confidence ShinyHunters did not exfiltrate highly sensitive information.
Based on information I've received the primary information stolen from the schools is student names and email addresses. Furthermore, this has been confirmed by various media outlets.
This in of itself isn't bad.
The primary issue with this however is that it would expose children in K-12 online (first and last name). Adults having their full legal name and email address online is something you could (probably) find on LinkedIn or a university directory. Adults will be ignored if data is leaked. K-12 will be a nightmare. Hence, educational institutions must put together a strategy to handle a K-12 potential data leak.
Presumably parents will be outraged and this will inevitably result in a lawsuit against the schools or Canvas.
The much larger issue however is the catastrophic damage ShinyHunters has done to Canvas both operational and reputational.
Exfiltrating data from a compromised host is as simple as initializing a file transfer. The question then: why is Canvas still "in maintenance mode"? The only logical conclusion is ShinyHunters did SOMETHING to prevent Canvas from working as intended.
This places Canvas is a terrible, terrible, terrible position. Their service has resulted in minors having their names (potentially) leaked and educational institutions can't use the platform they pay for. Furthermore, this makes major educational institutions look like a bunch of morons.
Students are paying top dollar for an education and suddenly ... poof ... a good chunk of their work or study material has vaporized because it was stored in a 3rd party platform outside the control of the educational institution.
Basically, the data breach itself isn't bad except the K-12 part. The operational impact is devastating and the fallout will be a nightmare. Canvas employees are probably scrambling, their cybersecurity team is probably having panic attacks, and executive leadership is probably drunk right now screaming at the wall.
So it begins... The AI-hacking era
NEW: Harvard students lost access to Canvas this afternoon after the cybercriminal group ShinyHunters listed Harvard among thousands of schools allegedly affected by a breach of Canvas’ parent company.
@SebastianC4784 and Summer E. Rose report.
https://t.co/docLoMwoi4
"AI infrastructure is being built faster than it can be protected...Nearly 90 percent of corporate assets in advanced economies are intangibles, such as software, patents, and data. The spoils of modern conquest are therefore largely digital."
This is especially useful to prevent fraud. My earlier work with @Reuters on AI-enabled fraud found that scammers often use anonymous chatGPT instances to defraud US victims, ID verification greatly thwarts these risks (https://t.co/JU0g4O1ffY)
Anthropic’s new ID verification of certain Claude use cases is interesting. I’ve long said we need better New Your Customer across AI companies and think this is a step in the right direction.
Keen to see if other AI companies will follow and whether the policymakers will incentivize KYC among AI companies, I think they should.
That's a wrap on #TechNatSec2026! A massive thank you to all the speakers, the participants in our Innovation Showcase pitch competition and Call for Papers, and the leaders and builders in national security who attended. See you all in 2027! #ActaNonVerba
On Anthropic's Mythos Preview and Project Glasswing https://t.co/uMCdVyWn6e
Here's the impact of @AnthropicAI's Glasswing release on major cybersecurity stocks (Figure 1). Figure 2 shows the same stock prices for the past 12 months.
Tune in to our panel on Agentic AI and Cybersecurity today at 12.20pm ET, with @BKCHarvard
https://t.co/5O93vOlU41
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers