All eyes on AI. - CyberWire Daily | Wave AI Podcast Notes

Summary6 min read

CYBERWIRE DAILY — "ALL EYES ON AI"
June 23, 2026
Host: Maria Varmazas (in for Dave Bittner) | Produced by N2K Networks

Episode Overview

This episode of CyberWire Daily centers on the rapidly expanding influence of artificial intelligence (AI) in the cybersecurity landscape. The hosts discuss how AI is accelerating both attacks and defenses, with a special focus on warnings from global intelligence agencies about imminent AI-powered cyber threats. Major industry news is covered, including significant breaches and vulnerabilities, government moves on post-quantum cryptography, and the ethical implications of surveillance technology. The episode also features a deep-dive interview with Ellen Boehm, SVP of IoT Strategy and Operations at KeyFactor, about post-quantum cryptography (PQC) and organizational readiness.

Key Discussion Points and Insights

Warnings: AI as a Cyber Threat Accelerator (02:00–04:00)

The Five Eyes Intelligence Alliance (US, UK, Canada, Australia, New Zealand) issued a rare joint warning that "frontier AI" models are poised to transform the cyber threat landscape within months, not years.
These models will accelerate both cyberattacks and defenses, enabling attackers to find vulnerabilities, develop exploits, and conduct sophisticated operations "at unprecedented speed."
Organizations are urged to reinforce fundamentals—rapid patching, reduced unnecessary internet exposure, and resilience—before AI-driven attacks surge. Defenders are encouraged to adopt AI tools themselves for threat detection and incident response.

Notable Quote:

"Frontier AI models are expected to accelerate both offensive and defensive cyber capabilities ... enabling attackers to identify vulnerabilities, develop exploits and conduct sophisticated operations at unprecedented speed." (02:31)

A referenced NSA red team test claims Anthropic’s "Mythos" AI compromised most targeted classified systems "in hours rather than weeks," though skeptics note details are lacking and the results may be overstated outside of controlled settings. (03:45)

Major Industry Breaches and Vulnerabilities (04:15–09:00)

Tata Electronics (Apple/Tesla supplier) confirms a breach; alleged data includes Apple manufacturing specs, Tesla docs, employee records, emails, and operations data. Tata asserts operations were not disrupted. (04:15–05:00)
FortiBleed Campaign:
- Targeted over 430,000 Fortinet Fortigate devices since February 2026.
- attacker (likely Russia-based initial access broker) exploited credential stuffing/brute-force, used a tool ("Fortigate Sniffer") to harvest over 110 million credentials.
- Noteworthy: Distributed GPU cracking, cookie replay, and misuse of FortiOS diagnostic tools. (05:02–06:10)
Gizmodo Breach:
- Readers exposed to malware via compromised CMS; attackers used "ClickFix," a social engineering technique involving fake prompts to trick users into running malicious commands. Gizmodo quickly remediated. (06:12–06:30)
Apple Secure ROM Exploit ("USB Lighter 8"):
- Exploit chains a hardware bug and firmware vuln in iPhones (A12/A13 chipsets).
- Physical access required; doesn’t break Secure Enclave but may assist forensic vendors. (06:31–07:10)
Scattered Spider (UK Arrests):
- Two men plead guilty to attacking Transport for London; incident forced mass password resets and caused £29M in damages; disrupted refund and card application systems. (07:15–08:10)
Gravity SMTP WordPress Plugin Vulnerability:
- Tracked as CVE-2026-4020; affects ~100,000 sites, allows unauthenticated access to sensitive info (API keys, tokens).
- Millions of exploitation attempts seen—admins urged to update and review logs. (08:12–08:50)

Policy: Executive Order on Post-Quantum Cryptography (09:00)

President Trump signs an order to accelerate federal adoption of quantum-resistant cryptography; government systems to migrate by 2030–2031.
Accompanies increased investments in quantum computing and sensing. (09:00–09:20)

Deep Dive: Interview with Ellen Boehm on Post-Quantum Cryptography (11:50–21:12)

Readiness for the "Quantum Wave" (12:04–13:42)

The community is moving past "Y2K-like" fear-mongering to concrete action as Quantum Day (Q-Day) approaches (~2029–2030).
Organizations are beginning to take real steps toward readiness rather than seeing quantum computing as a distant concern.

Notable Quote:

"I'm encouraged to see that now we're taking some action on it as opposed to just continuing to talk about it as something far out in the future." – Ellen Boehm (13:30)

NIST’s Recent PQC Report (13:48–15:13)

Practical guidance: Begins with "discovery and inventory"—organizations must catalogue cryptographic assets before migration.
Many enterprises have extensive legacy cryptography; migration is a long process. Having a plan and accountable teams is essential.

Notable Quote:

"If I was to give one piece of advice..., it’s have a plan to understand what you currently have in your enterprise and then we can start to figure out how to migrate." – Ellen Boehm (14:20)

Realistic Evolution and Device Limitations (15:13–16:39)

Migration won’t be perfect; some devices may be left behind.
Remediation and updates are ongoing, not one-time events; priority should be given to mission-critical apps driving revenue.

Risk Appetite and Leadership Conversation (16:39–18:36)

Decisions about readiness require frank conversations with executive leadership and boards about risk tolerance; PQC must be balanced against other business priorities, including AI investments.
Real risks include outages, data breaches, and loss of business continuity—not merely a compliance or insurance issue.

Skepticism and Historic Perspective (18:36–20:56)

Some stakeholders dismiss the urgency (comparing to SHA-1 deprecation’s slow rollout), but Boehm argues that the scale and speed of the PQC transition, combined with increased IoT and AI-powered attacks, make it fundamentally different from previous cryptographic migrations.

Notable Quote:

"We used to have people that were attackers and now we have—what's an order of magnitude more—AI attackers. So that's also what's different. That’s also what’s happening right now." – Ellen Boehm (20:35)

AI’s rapid rise over just the past two years has “hugely changed the risk landscape,” making PQC an even more immediate necessity.

Surveillance and Privacy: Facial Recognition Ethics at MSG (22:50–25:25)

Documents from a data breach reveal Madison Square Garden tracked prominent critics of its facial recognition system with a file that included bios, social profiles, and quotes.
MSG’s technology has previously been used to refuse entry to certain people (notably lawyers for litigation adversaries).
Sparks fresh concern among privacy advocates about surveillance "mission creep."

Notable Quote:

"It is one thing for facial recognition to recognize your face, but it's another thing entirely when it appears to recognize your Twitter account, your media quotes, and apparently also your position on biometric surveillance." (24:30)

Memorable Quotes & Timestamps

"Frontier AI models are expected to accelerate both offensive and defensive cyber capabilities... at unprecedented speed." (02:31)
"I'm encouraged to see that now we're taking some action on [PQC readiness] as opposed to just continuing to talk about it as something far out in the future." – Ellen Boehm (13:30)
"Have a plan to understand what you currently have in your enterprise and then we can start to figure out how to migrate." – Ellen Boehm (14:20)
"We used to have people that were attackers and now we have—what's an order of magnitude more—AI attackers." – Ellen Boehm (20:35)
"It's another thing entirely when it appears to recognize your Twitter account, your media quotes, and apparently also your position on biometric surveillance." (24:30)

Summary Table of Key Segments

| Timestamp | Segment | Key Topics & Takeaways | |------------|------------------------------------------|-------------------------------------------------------| | 02:00–04:00| Global AI threat warning | Next-gen AI as cyberattack accelerant | | 04:15–09:00| Major breach/vuln roundup | Tata, Fortigate, Gizmodo, Apple, GravitySMTP | | 09:00 | Policy: Post-Quantum cryptography order | Federal migration, urgency, investments | | 11:50–21:12| Interview: Ellen Boehm (KeyFactor) | PQC migration, inventories, risk, AI as multiplier | | 22:50–25:25| Surveillance tech/ethics | MSG facial recognition tracking critics |

Tone & Closing

The episode blends urgent industry news with thoughtful expert commentary, delivering practical takeaways and raising timely ethical questions. It leverages direct expert insight while maintaining a clear-eyed, pragmatic tone about both emerging threats and the necessary responses.

Loading summary

Transcript21 lines

[00:02]
Maria Varmazas
You're listening to the Cyberwire Network, powered by N2K.
[00:12]
Dave Bittner
AI is making phishing attacks faster, more convincing, and harder for people to spot. And traditional security awareness and phishing training weren't designed for this level of attack. HOX Hunt helps security teams prepare employees for the attacks they face every day with personalized phishing training that adapts to each employee and reduces risky behavior over time for IT and security leaders looking to strengthen their human layer of defense without adding more manual work. Visit hoxhunt.com cyberwire to learn more. That's H O x h u n t.com cyberwire.
[01:04]
CyberWire Host
Five Eyes warns that AI could supercharge cyber attacks within months Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis Affordably Gizmodo breach exposes readers to click Fix malware campaign Boot ROM Exploit can bypass Apple's secure ROM Scattered Spider members plead guilty in the UK Attackers exploit Gravity SMTP flaw to harvest secrets from WordPress sites Executive Order accelerates federal shift to post Quantum Cryptography Dave Bittner sits down with Ellen Boehm, the senior vice president of IoT strategy and operations, at key factor to discuss NIST's progress in its PQC efforts and keeping tabs on the tab keepers. Today is Tuesday, June 3rd, 2026. Maria I'm Maria Varmazas in for Dave Buettner and this is your Cyber Wire intel briefing. And first off, we start with a correction. Yesterday's podcast incorrectly stated that ReliaQuest was a victim of the Clue supply chain attack campaign. ReliaQuest discovered the attack and reported it to Clue, but the company itself does not use Clue and was not affected. We apologize for the error. Let's dive into our intel briefing now. First up, the Five Eyes Intelligence alliance, made up of the United States, United Kingdom, Canada, Australia and New Zealand, is warning that the next generation of AI models could dramatically reshape the cyber threat landscape in a matter of months, not years. In a rare joint statement, officials said so called frontier AI models are expected to accelerate both offensive and defensive cyber capabilities, enabling attackers to identify vulnerabilities, develop exploits and conduct sophisticated operations at unprecedented speed. The alliance urged organizations to focus on cybersecurity fundamentals, including rapid patching, reducing unnecessary Internet exposure and strengthening resilience before AI driven attacks become more common. At the same time, the agencies encourage defenders to adopt AI tools of their own to improve threat detection and incident response. And in related news, a new report is fueling debate over the cybersecurity capabilities of advanced AI systems, according to remarks attributed to Senator Mark Warner. NSA officials described a Red Team exercise in which Anthropic's experimental Mythos model was able to compromise almost all targeted classified systems in hours rather than weeks. The claim has circulated widely, though outside experts caution that the statement lacks public technical details and may oversimplify what occurred in a controlled testing environment. Tata Electronics, a major supplier to Apple and Tesla, has confirmed a cybersecurity incident affecting some of its systems after threat actors claim to have stolen more than 630 gigabytes of data. Researchers who reviewed the leak say it contains over 200,000 files, including what appear to be Apple manufacturing specifications, Tesla engineering documents, employee records, emails and operational data. Tata says the breach has not disrupted business operations. While Apple is reportedly investigating, Socradar yesterday published an updated analysis of the Fortive lead campaign that's targeted more than 430,000 Fortinet Fortigate devices since February 2026. Socradar attributes the operation to a financially motivated initial access broker, or iab, or likely based in Russia. The threat actor first gains administrative access to the Fortigate firewalls via credential stuffing and brute force attacks, then deploys a tool dubbed Fortigate Sniffer, which is designed to collect clear text and hashed credentials from traffic passing through compromised devices. Socrater says that this tool abuses the Fort iOS diagnose sniffer packet command across 24 protocols, distributed GPU cracking through Hashtopolis, and Hashcat and Session cookie replay for persistent access. Socradar found that the fortibleed campaign used Fortigate Sniffer and other tools to harvest more than 110 million credentials. Visitors to the technology news site Gizmodo were briefly exposed to a ClickFix malware campaign after attackers compromised the publication's content management system. The malicious code displayed fake verification prompts that attempted to trick readers into copying and running commands on their own computers, which is a hallmark of the increasingly popular click fix social engineering technique. Gizmodo removed the malicious content after discovering the compromise. Researchers at Paradigm Shift have disclosed a new exploit affecting Apple's Secure rom, which is the foundational code of Apple's secure boot chain on iPhones, according to a new report from Security Week. The exploit, dubbed USB Lighter 8, chains a hardware bug in the USB controller and a configuration flaw in the device firmware. The exploit is effective against iPhones with a 12 and a 13 chips, including iPhone XS, XR and 11. That said, an attacker would need physical access to a device in order to run the code, and the exploit itself does not grant access to user data due to Apple's scp, or Secure Enclave processor, offering an additional layer of protection. The researchers say that the exploit does not affect SCP itself, but it opens up wider attack vectors to compromise the Secure enclave. Security Week notes that such an exploit could be useful for forensic vendors. Two British men, 20 year old Talha Jubeir from East London and 18 year old Owen Flowers from the West Midlands, pleaded guilty yesterday to their involvement in the Scattered Spider criminal gang, according to the record. The two were arrested in 2024 following a notable cyber attack against Transport For London, the UK's National Crime Agency said in a statement. The pair compromised Transport for London or TfL's network, forcing all 28,000 employees to attend a TFL office for a password reset. The organization suffered a reported 29 million pounds in loss and recovery costs. Data from TfL's Oyster Refunds system was accessed and the Incident also affected PFL's customer refund system, leaving some out of pocket for much longer than usual. It also closed down the application system for Oyster photocards for children and young people. Wordfence is warning that attackers are actively exploiting a vulnerability in The Gravity SMTP WordPress plugin, which is installed on roughly 100,000 websites. The flaw, tracked as CVE2026:4020, allows unauthenticated attackers to access detailed system reports containing server information, plus plugin inventories and potentially sensitive credentials, including API keys and authentication tokens. Researchers have observed millions of exploitation attempts in recent weeks. Site administrators are being urged to update to gravity SMTP version 2.1.5 or later, rotate any exposed credentials and review logs for signs of compromise. President Trump has signed an executive order aimed at speeding the US Government's transition to post quantum cryptography, recognizing the growing threat that future quantum computers could pose to today's encryption standards. The order moves up federal migration timelines, with key government systems expected to adopt quantum resistant cryptography by 2030 and 2031. It is part of a broader push that also includes investments in quantum computing and quantum sensing technologies. After the break, Dave Bittner welcomes Ellen Boehm, senior vice president of IoT strategy and operations at Key Factor, for a discussion on NIST's Post Quantum Cryptography efforts and keeping tabs on the tab keepers. Stay with US.
[09:37]
Dave Bittner
Foreign. When it comes to mobile application security, good enough is a risk. A recent survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for, every vendor that turns on AI features, every new integration. Each one creates another opportunity for something to go wrong. And most security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by more than 16,000 fast moving companies like Ramp, Cursor and Harvey to help ensure they're always audit ready. And now Vanta is helping companies watch for the risks that show up between audits across vendors, AI tools and their entire environment. The Vanta Agent works like a 24.7grc engineer in the background, finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber that's V-A-N T A.com cyber.
[11:50]
CyberWire Host
Recently Dave Bittner sat down with Ellen Boehm, so Senior vice president of IoT strategy and operations at KeyFactor, for a discussion on NIST's post quantum cryptography efforts and the path to quantum readiness. Here's their conversation.
[12:05]
Dave Bittner
So today we're talking about a report that NIST recently put out talking about cybersecurity and privacy and specifically some of the post quantum efforts there. Can we start off with some high level stuff in your estimation? Where do we find ourselves in this particular moment when it comes to our readiness and preparedness for this coming quantum wave?
[12:32]
Maria Varmazas
So this is quite a timely topic and I've been speaking to several of our customers about it over the past few months as we continue to get closer to the impending Q Day, which timelines have been 2029, 2030. It's really not that far away given where we are today and the work that we need to do to prepare for that event. So I'm excited to be having more of those conversations with customers because they realize that this isn't just something we're talking about anymore. We're actually taking the initial steps in terms of getting ready for it. And I think people have moved past the fear and that sort of messaging about oh, that the world will end type of thing, a little bit of the Y2K fear factor. We all know that this is going to be a real thing and so I'm encouraged to see that now we're taking some action on it as opposed to just continuing to talk about it as something far out in the future.
[13:42]
Dave Bittner
Well, this report from nist, what were some of the things in it that caught your attention?
[13:48]
Maria Varmazas
So I'm encouraged to see, you know, there's real timelines here talking about migration, there's recommendations specifically on where to start. And this is very practical in my opinion because it starts with discovery and inventory and understanding what you have within your enterprise. So if I was to give one piece of advice, and this is again supported in the document, is have a plan to be able to understand what you currently have in your enterprise and then we can start to figure out how to migrate. So I know it sounds pretty basic, but many enterprises have thousands of applications. They have multiple teams that have stood up environments over time. And there is a lot of legacy cryptographic pieces that exist within all of that to run the enterprise, to run the operations as they exist today. And so it's going to take time to discover that. So if you haven't yet, figure out a team who should be responsible for, for that activity and then at least start to come up with a plan for how we're going to prioritize the inventory piece of it as step number one.
[15:14]
Dave Bittner
What do you suppose this is going to look like for the typical organization? I mean, am I right in imagining that there are some devices that people have as part of their infrastructure that are simply going to be left behind?
[15:28]
Maria Varmazas
Yes, that's a great point. I mean, is it possible to catch everyone and be 100% perfect? I think the answer is no. Even though some of us want to be just like having perfect homes like we were talking about earlier, having everything in order, all the dishes put away, but it's not a point in time event, right? Yes, the day when the computer can break the current algorithms that we have is going to be a point in time. But our ability to be able to remediate and update and have that ability to replace our cryptography with something stronger is going to be a forever activity. So it's more of a let's start with what you have now that is the highest priority applications that is likely tied to how your business makes money and use that as a way to start to chip ice off of that block and move down that path of having everything being able to be swapped out to Stronger crypto based on the priorities of your business.
[16:40]
Dave Bittner
So for the security folks in our audience, I mean, does this come down to, in part a conversation with leadership about their appetite for risk when it comes to these things?
[16:51]
Maria Varmazas
100%. And that's a very important talk track that we're having with several of our security leaders and PKI customers. Because there's competing priorities for sure when it comes to the board, when it comes to the executive staff, the CISO looking at, okay, well, I've got AI and I have these other sort of business transformation initiatives and they all take money. And here's this event of post quantum readiness. How do I prioritize that against all these other pieces that I need to be funding and I need to be building programs around? I think it's very important to be able to quantify that business case in terms of, again, risk to outages of systems risk because perhaps something could be hacked into or because the encryption is really just broken and. Or once an actor can get inside, then data is stolen, so then there's data loss or just lack of business continuity. So I think trying to take some of those actions which when a post quantum computer can break that encryption and then think about what would happen on the negative side, that's how you start to have the conversation. And it's not just, oh, we're gonna increase our level of cyber insurance. Cause that's more of just a band aid. I think on top of it, it's how do we actually go in and secure these because we know it's the right thing to do.
[18:37]
Dave Bittner
I'm curious, in your comings and goings with the customers that you speak with and the circles that you're in, do you come across folks who are just skeptical about this whole thing, who just kind of turn their nose up and say, yeah, I don't think this is really going to be a problem.
[18:54]
Maria Varmazas
There always is. And part of it, I think is because people like to debate and have different opinions, which is great. That's what moves us forward when we're all thinking differently and not in the same way. Same way we have. If you think about encryption over time, there are still systems and cryptographic assets within enterprises today that are using SHA1. And I know we. I've heard my CTO talk about the migration of from SHA1 to stronger algorithms and that took 10 years of time. And even though that it. The world didn't stop working because we didn't move everything over. So you have those types of arguments to say, well, this is Just the next evolution of us having to migrate to a better, stronger math. There will be people that say this isn't going to be that bad. But I feel like the pace of technology and the exponential growth of what these computers will be able to do and the critical infrastructure that we have now that is becoming more and more connected, I think could make this a bigger impact than transitions that we've had in the past. The other piece that's new and this is all happening at the same time, right, is the impact of AI. And AI agents are being created, they are being taught, they are learning on their own. They're capable to take actions and make decisions. And that is a whole different set of people. And I would say, I would say people, they're things, right? But that, but we used to have people that were attackers and now we have, I don't know, like what's an order of magnitude more of AI attackers that we have? Anybody's guess. So that's also what's different. That's also what's happening right now. And two years ago that wasn't the case. Like 2023, you know, we're using AI agents the way we are using them today. Not at all.
[20:57]
Dave Bittner
It's.
[20:57]
Maria Varmazas
That has, that has hugely changed the risk landscape and why we need to think about this more seriously right now.
[21:12]
Dave Bittner
Most environments trust far more than they should, and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source and regain control over their environments. Schedule your demo@threatlocker.com N2K today.
[22:14]
Sponsor/Advertisement Voice
Foreign. This episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome, that's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration block. Or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome check responses set up, required compatibility and availability, various 18/.
[22:51]
CyberWire Host
And finally, a story that asks an uncomfortable question. If facial recognition can identify your critics, what else can it do? Well, according to documents exposed in a recent data breach, Madison Square Garden maintained a file called Facial Recognition Activists Docx that tracked several prominent critics of the venue's facial recognition program. The document reportedly included background information, social media handles, quotes from media interviews, and screenshots of posts criticizing MSG's use of the technology. Now, MSG, and that's Madison Square Garden, to be clear, has used facial recognition technology since 2018, and the system has been previously used to identify people entering the venue and deny entry entry to certain individuals, including lawyers connected to firms involved in litigation with the company. The leaked document suggests that the venue was also keeping tabs on some of the people most vocal about opposing the practice. Now, for privacy advocates, this is the kind of revelation that reinforces a long standing concern that once surveillance technology is in place, questions inevitably follow about how that information is being used and who is ends up on the list. Because it is one thing for facial recognition to recognize your face, but it's another thing entirely when it appears to recognize your Twitter account, your media quotes, and apparently also your position on biometric surveillance. And that's the Cyberwire Daily brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We are mixed by Trey Hester with original music and sound design by Elliot Teltzman. Our executive producer is Jennifer Ivan. Peter Kielpe is our publisher and I'm host Maria Varmazes in for Dave Bittner this week. Thank you for listening. We'll see you tomorrow.
[25:26]
Maria Varmazas
Sam.