Olivia
Online
Jeremy McHugh, DSc.
@jer_mchugh
Co-founder & CEO @preambleAI. Securing increasingly capable AI. Owner @omniainnov. US Air Force Veteran. DSc AI security. @penn_state alum & hockey.
Pittsburgh, PA
Joined December 2022
525 Following
351 Followers
703 Posts
Pinned Tweet
https://t.co/g2Ik6yChOX
I’ve been following the recent CYBERCOM 2.0 hearings and the renewed proposals for a dedicated U.S. Cyber Force. The more I look at it, the more the logic makes sense.
Today, each service recruits, trains, manages, and retains cyber talent differently, while CYBERCOM is expected to employ that force at joint speed across every modern conflict. That creates fragmentation in readiness, career paths, incentives, tooling, and specialization.
From my time in the Air Force, I saw how different IT and cyber responsibilities could be across branches and career fields. Some roles were broad by necessity. Others were highly specialized and tied to a specific mission, platform, or operational environment. That domain-specific expertise still matters. Cyber for an aircraft, a ship, a satellite, or a tactical unit is not interchangeable.
But cyber is also becoming inseparable from AI, autonomy, drones, robotics, space systems, electronic warfare, and software supply chains. A Cyber Force should not own all of those domains, but it should be built with the technical depth and flexibility to support them as they converge.
That is where I see the strongest case for a dedicated Cyber Force: not as a catch-all for federal cybersecurity, but as one accountable home for military cyber force generation.
CISA should remain civilian-led. NSA should retain SIGINT and intelligence access. DISA should continue providing enterprise IT and communications infrastructure. The services should still own cyber tied to their platforms and missions. And CYBERCOM should still employ cyber forces operationally.
In the best model, Cyber Force builds the force. CYBERCOM employs it. The services keep domain expertise. NSA, CISA, and DISA keep their distinct missions.
That seems like the right debate to have. The question is whether our current structure is still the best way to generate and sustain the people and capabilities we need.
Task & Purpose breaks down important questions from the U.S. Commission on Cyber Force Generation’s Report, such as differences from Space Force structure, implementation and cost, and why the force would be officer-only.
https://t.co/43eG0TBbTJ
Now is the best time to be in cybersecurity. There are plenty of challenges and opportunities everywhere.
Microsoft introduces Microsoft Scout, also known as Autopilot.
Scout is always on and has file system and application access "based on your corporate policy".
Best news for Threat Actors in a long time
https://t.co/M3pyfcbTBm
.@satyanadella just put the whole "water" debate to rest.
Datacenters run on a closed loop cooling system, the water usage of a datacenter for an entire year is roughly equivalent to a usage of 1 restaurant!
Who to follow
Preamble
@PreambleAI
AI security and red teaming solutions for generative AI systems. The team that discovered Prompt Injections in GPT-3 Davinci on May 3, 2022.
ris🐇
@j4eminris
tiap tahun ketemu jaemin
Shlomi Hod
@hodthoughts
Responsible AI. Previously, @BUCompSci @opendp_org @Columbia @Twitter
he/they
@Jason There are already a lot of data centers in progress and planned to be built in PA. The abundance of natural gas is a big forcing function. The estimates I hear will be equivalent to northern Virginia numbers.
A native desktop app for these agents makes them so much smoother and easier to manage. This might just take the top spot on my harness leaderboard for powerful security capabilities you can enable without wrestling with a bunch of SDKs or building everything from scratch. Even though Hermes still requires some initial setup, the desktop experience removes a ton of friction compared to rolling your own agentic solutions or hackerbots. That said, I don’t see the Kanban board in the desktop app yet which would be a nice addition.
I’m really looking forward to a dedicated mobile app for managing agents that goes beyond simple chat interfaces like Telegram.
The next evolution of Hermes Agent is here!
Introducing Hermes Desktop: everything you love about Hermes, now native on your machine.
First demoed in Jensen's GTC keynote, it's now in public preview.
Full EO: https://t.co/ndB0owIF6o
The new AI Executive Order is another signal that AI security is moving from a niche concern to national cybersecurity infrastructure.
What stands out:
• Federal agencies are being directed to prioritize AI-enabled cyber defense across national security, military, and civilian government systems
• CISA is being asked to expand access to AI-enabled cybersecurity tools for federal, state, local, and critical infrastructure operators
• A new AI cybersecurity clearinghouse will coordinate vulnerability scanning, validation, remediation, and patch distribution with industry
• Frontier AI models may be assessed through classified cyber capability benchmarking before broader trusted-partner access
• AI agents are explicitly recognized as a cyber risk when used to unlawfully access systems or data
The important shift is that AI is being treated more like a core cybersecurity concern. Access, benchmarks, vulnerabilities, trusted release paths, and agent misuse are all now part of the security conversation.
Exciting news for Astrobotic and Pittsburgh.
They've been at this since 2007, when lunar delivery was a moonshot in the truest sense. Nearly two decades of lunar logistics, payload delivery, and space market experience now moving into a stronger platform at a time when the Moon is becoming a strategic priority again. A strong signal for Pittsburgh, Keystone Space Collaborative, and the future of the regional space economy.
Congrats to the whole team and everyone involved.
Breaking: Voyager to acquire @Astrobotic, combining lunar landers, surface power, habitats and cislunar operations into one integrated lunar platform. Griffin Mission One, targeting the lunar South Pole NET November 2026, will be Voyager’s first mission to the Moon.
Learn more: https://t.co/DlHHlwxd3t
$VOYG #MissionReady #AcceleratingtheAdvantage #Artemis
That's roughly $40k per critical, so that would make this more expensive than most bug bounty programs pay for this severity finding and out of range for SMBs to spend on tokens.
Palo Alto Networks says Mythos found 24+ critical bugs, burning $1M+ of tokens, subsidized by Anthropic; some companies say they plan to boost Mythos spending
🦞 connect your agent: https://t.co/UeQk92BdyA
source: https://t.co/S4FwGlUlTL
Japan is the same. They won't accept tips even if you insist, and they’ll literally chase you down to return your money. Every place I went provided exceptional service and took real pride in their work. There are definitely a lot of customs there the US would be better off adopting.
Original paper: https://t.co/dDHTe71y2p
AudioHijack is a reminder that prompt injection is not just a text problem.
It hides instructions inside audio that sounds normal to humans but can steer an audio-capable model. Think invisible Unicode prompt injection, but through waveform perturbations instead of hidden text.
This is the kind of multimodal risk we called out in our Prompt Injection 2.0 paper. Now that models can listen, see, browse, and act, every input becomes a possible instruction channel.
The paper reports 79-96% success across 13 audio-language models and attacks against Microsoft Azure and Mistral AI voice agents. It does not show this working against OpenAI or Anthropic systems.
The key lesson is prompting is not a defense. Warnings reduced success by ~7%. Self-reflection detected ~28%.
As with any data that can be processed by AI, audio should be treated as untrusted input. Separate content from commands, restrict tools, require confirmation for sensitive actions, sandbox execution, and log agent behavior.
SANS mapped AI cybersecurity roles available now, evolving, and emerging. Here's the full breakdown by tier:
HIRING NOW (100+ active listings today)
- AI/ML Security Engineer - $152K–$210K (~2,400 listings)
- AI Red Team Specialist - $130K–$220K (~700 listings)
AI Governance, Risk & Compliance Lead - $160K–$240K (4,400+ listings)
- AI Threat Intelligence Analyst - $110K–$165K (~2,700 listings)
BUILDING (current roles are evolving into this)
- AI SOC Orchestrator - $95K–$145K (~1,378 listings)
- AI Incident Response Orchestrator - $120K–$180K (~5,287 listings)
- AI Security Specialist - $130K–$185K (~7,600 listings)
- AI Supply Chain Security Engineer - $130K–$185K (~2,760 listings)
HORIZON (start building skills now, hiring accelerates 2027–2028)
- AI Identity Deepfake Defense Specialist , $130K–$175K (~104 listings, growing fast)
- Post-Quantum Cryptography Migration Specialist, $175K–$260K+ (~236 listings, doubled YoY)
Sidenote, LinkedIn should be doing more to show people were the job demand is growing and where skills are aligned.
https://t.co/xhderrdMu5
Perplexity has come a long way from web search. It’s interesting to see companies expand into different product categories.
Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux.
It checks developer machines for risky packages, extensions, and AI tool configs.
Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges.
https://t.co/FOaWnF1yQy
@CrossCheckDev definitely and extra work can drive up your token costs
Agentic AI harnesses have become force multipliers for security work. The right harness can dramatically improve speed and effectiveness across CTFs, bug bounties, security competitions, code review, and vulnerability research.
This is my current subjective ranking based on hands-on use, not a universal benchmark.
@davisbrownr @alxndrdavies For sure, when I participate in different AI red team engagements, I start with the simplest attack, and if it works, I reuse it across different models. From the public samples of real attacks I've seen disclosed, they are still simple.
The anxiety around AI and work is not just an SF problem.
Listening to the reactions around recent college commencements, this is clearly hitting people everywhere. New grads are worried about finding that first real job after taking on more student debt. Middle managers are watching companies flatten org charts. And almost everyone keeps hearing about AI-driven job loss, while very few people are talking about what comes next.
I graduated into uncertainty too. In 2013, during government shutdowns and a weak job market, I joined the Air Force. That decision gave me responsibility early, paid for multiple degrees, helped me earn a long list of certs, and gave me experience I would not have received that quickly in most private-sector roles.
If I were graduating today, I would seriously consider the Space Force.
Military service is not the right answer for everyone, but the broader lesson is that young people need real pathways into responsibility, training, and meaningful work. Not just advice to “learn AI” or “start a company.”
For companies laying people off in the post-AI era, severance should increasingly include serious retraining support. Not generic career coaching, but funded pathways into jobs that are needed.
There is also a major opportunity for organizations that can connect new grads, displaced workers, and middle managers with local problems worth solving.
AI may change the labor market, but communities still need builders, operators, security, educators, technicians, healthcare workers, logistics leaders, public-sector talent, and entrepreneurs.
The missing layer is someone helping people find those paths and recognize the opportunities.
The vibes in SF feel pretty frenetic right now. The divide in outcomes is the worst I've ever seen.
Over the last 5yrs, a group of ~10k people - employees at Anthropic, OpenAI, xAI, Nvidia, Meta TBD, founders - have hit retirement wealth of well above $20M (back of the envelope AI estimation).
Everyone outside that group feels like they can work their well-paying (but <$500k) job for their whole life and never get there.
Worse yet, layoffs are in full swing. Many software engineers feel like their life's skill is no longer useful. The day to day role of most jobs has changed overnight with AI.
As a result,
1. The corporate ladder looks like the wrong building to climb.
Everyone's trying to align with a new set of career "paths": should I be a founder? Is it too late to join Anthropic / OpenAI? should I get into AI? what company stock will 10x next? People are demanding higher salaries and switching jobs more and more.
2. There’s a deep malaise about work (and its future).
Why even work at all for “peanuts”? Will my job even exist in a few years? Many feel helpless. You hear the “permanent underclass” conversation a lot, esp from young people. It's hard to focus on doing good work when you think "man, if I joined Anthropic 2yrs ago, I could retire"
3. The mid to late middle managers feel paralyzed.
Many have families and don't feel like they have the energy or network to just "start a company". They don't particularly have any AI skills. They see the writing on the wall: middle management is being hollowed out in many companies.
4. The rich aren’t particularly happy either.
No one is shedding tears for them (and rightfully so). But those who have "made it" experience a profound lack of purpose too. Some have gone from <$150k to >$50M in a few years with no ramp. It flips your life plans upside down. For some, comparison is the thief of joy. For some, they escape to NYC to "live life". For others still, they start companies "just cuz", often to win status points. They never imagined that by age 30, they'd be set. I once asked a post-economic founder friend why they didn't just sell the co and they said "and do what? right now, everyone wants to talk to me. if i sell, I will only have money."
I understand that many reading this scoff at the champagne problems of the valley. Society is warped in this tech bubble. What is often well-off anywhere else in the world is bang average here.
Unlike many other places, tenure, intelligence and hard work can be loosely correlated with outcomes in the Bay. Living through a societally transformative gold rush in that environment can be paralyzing. "Am I in the right place? Should I move? Is there time still left? Am I gonna make it?" It psychologically torments many who have moved here in search of "success".
Ironically, a frequent side effect of this torment is to spin up the very products making everyone rich in hopes that you too can vibecode your path to economic enlightenment.
I hope @GoogleDeepMind introduces a program similar to OpenAI and Anthropic's Trusted Access for Cyber (TAC) capabilities. Right now, Gemini 3.5 Flash rejects all of my security related requests, making it tough to use for cybersecurity work.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers