Olivia
Online
John Hultquist
@JohnHultquist
Chief Analyst, Google Threat Intelligence Group. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
Joined May 2011
1.2K Following
30K Followers
23.1K Posts
Pinned Tweet
What an amazing day. Thank you everyone who made #CYBERWARCON happen. I can’t express how great it was to see you after such a rough couple of years. We made it!
It’s happening! #SLEUTHCON
“I don't think there’s prize for second place in the AI race, nor is there one in the quantum race… American leadership in this space is truly critical.”
@googlecloud’s Sandra Joyce tells @RepVinceFong that adversaries are already embedding themselves in our critical infrastructure, preparing for potential future conflict. American leadership in AI is essential in order to keep pace with these threats.
How well do the security community's techniques hold up against AI-enabled cyberattacks?
We examined 832 malicious accounts and mapped their activity onto a longstanding database of tactics and techniques used by threat actors.
Here's what we learned:https://t.co/fgOqJRh2rx
Who to follow
Steve YARA Synapse Miller
@stvemillertime
AI threat intelligence @google
writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Andrew Thompson
@ImposeCost
Posts are attributable to me—not my employer. Former @USMC. Former @Mandiant. Current @Google.
Silas Cutler (p1nk)
@silascutler
You may know me from your logs
Principal Security Researcher @Censysio
#Threats / #CTI / #Malware / #Hacking
Sam Altman, Dario Amodei, Demis Hassabis and many others have signed a letter urging Congress to increase security on orders of synthetic nucleic acids - and the equipment needed to make them - as models continue to become increasingly bio-capable.
It’s time for defense to stop navel gazing about whether someone else knows about a vuln, whether it’s being exploited and even whether it’s reachable. You have no way of knowing. What you do know, is that tools like this exist. Your threat model has changed. Fix your SDLC (LLM backed code reviews) and clean up your tech debt (patch + deploy). It’s the only way to win.
【AIセキュリティ・脆弱性研究】月300ドルとAIエージェントで「自動N-day製造ライン」が完成、1人の研究者が実証した現実
「Claude Mythos Previewのような能力は、特別な機関だけの話ではない」——セキュリティ研究者Tyler Holmwoodが構築したパッチ差分解析パイプラインは、この命題を費用明細付きで証明した。毎月第2火曜日のMicrosoft Patch Tuesdayを自動処理し、AIエージェントがN-dayエクスプロイトのPoC(概念実証コード)を自律生成するこのシステム「PatchWatch + Pocsmith」の総コストは、APIトークン代約300ドルとTeamサブスクリプションのみだ。
システムの核心は2段構成だ。PatchWatchはMSRC APIからCVEリストを取得し、GhidriffでWindowsバイナリのパッチ前後の差分を解析して「どの関数に脆弱性が存在するか」をLLM用レポートに変換する。そのレポートを受け取ったPocsmithは、Claude Agent SDKで動作するエージェントがHyper-V仮想マシン上でカーネルデバッガを操作しながら仮説検証サイクルを回し、実際に動作するエクスプロイトを生成する。2026年4月のCVE(Microsoft Management ConsoleにおけるMOTWバイパスによる権限昇格)では「完全なコード実行」レベルのPoC生成に成功した。
Holmwoodが強調するのは「モデルではなくシステムがモートになる」という点だ。単一のフロンティアモデルの性能よりも、ツール・環境・自動化ループの組み合わせが実用性を左右する。PatchTuesdayからエクスプロイト生成までの時間軸が1人の研究者に手が届く水準にある今、防御側に残された現実的な回答はパッチ速度の最大化と攻撃到達面の最小化の徹底にある。
https://t.co/aSvQ6RK23i
The current AI threat problem is mostly attacks using AI rather than on AI because the systems aren’t ubiquitous yet and adversaries are busy incorporating AI into their existing business models. Mostly we’ve been learning from stunt hacking by researchers. But that will change.
New: Hackers have been stealing high-profile Instagram accounts by simply asking Meta's AI support chatbot to change the email associated with the account they want to steal.
Shockingly easy, terrible flaw associated with offloading support to AI:
https://t.co/PvRm8u0MV7
This is really good, @AnthropicAI posted a document on how to apply the principles behind Zero Trust to AI Agents:
https://t.co/bli719l9M4
This is when you promise violence if the software isn’t delivered on time.
this morning i wrote about what i've taken away from my conversations with cybersecurity researchers about cybersecurity and advanced AI.
- the models are good at cybersec and they're going to keep getting better. but early signs don't seem to suggest that there are infinite bugs to find. that seems good!
- zero days are sexy, but they're still not the biggest risk for most firms. the recent wave of boring supply chain attacks has illustrated that quite nicely.
- bug bounty programs are struggling under the weight of Slop Disclosure. the post-AI world is going to need to look quite different for security researchers.
read the full piece here: https://t.co/C3C2kmm7mm
and follow the actual security researchers who came on @MTSlive: @moyix, @ZackKorman and @mattjay
Espionage Campaign Targeted Stock Exchange Executive for Five Months: The attackers took multiple steps to try and conceal their activity. Read more: https://t.co/sp9VjHjwX0
I'm sure roles like this at G, MS, etc. can be exceedly interesting.
No doubt there are tons of clever things you can do to make adversaries lives more painful when you can combine insights from infrastructure use, end customer/user intrusion attempt info, and other sources.
🤓 On Friday I will have the honor to present the keynote at @SLEUTHCON! Come say hi if you are around!
Growth should never come at the expense of communities. That's why we're formalizing five water stewardship commitments for our data center operations.
Get all the details in today’s blog. ⬇️ https://t.co/yYp4zADUwg
Are you sick of waiting for the next attack? Tired of standing by while adversaries take the initiative? Become a GTIG Disruption Engineer and help us change the way we do defense. https://t.co/N6z7dwNA48
Gemma4 31B was the strongest open source model running on consumer hardware (e.g. RTX 4090) in my security event triage benchmark
Google has now released Gemma4 12B, which should run reasonably well even on an RTX 4070 and 5070
https://t.co/GYfXT5uqE5
Celebrating the milestone of a massive 150+ million downloads of Gemma 4 with the release of the new Gemma 4 12B model! It's incredibly powerful for such a small model and it’s tiny enough to run locally on a laptop with just 16GB VRAM. Apache 2.0 license - happy building!
AI/LLMs are being operationalised in Russian cyber operations. Their use appears mundane. The notable point is not sophistication, but how routine AI assistance lets a low-to-moderate capability actor sustain broader and faster operations. https://t.co/7mmvqQSh6j
"Exhaust, Don’t Deter: Ukraine’s Lessons for Allied Strategy Against Russia in Cyberspace".
We recommend reading the article by Oleksandr Potii, Chairman of the SSSCIP, published in The Cyber Defense Review.
https://t.co/x0vkn4wkWs
"Craigslist Founder Teams Up With a Muppet to Persuade People to Stop Clicking on Scams"
https://t.co/oQATYBHhoX
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers