AI chips flow east. - CyberWire Daily

CyberWire Daily – "AI chips flow east."

Date: September 16, 2025
Host: Dave Bittner (N2K Networks)
Featured Interview: Spencer Thelman (Palo Alto Networks) with David Moulton (Palo Alto Networks)

Episode Overview

This episode delivers timely cybersecurity news with a spotlight on the geopolitical, business, and technical risks surrounding the global flow of advanced AI chips, intensifying cyber threats in Eastern Europe, and a deep dive into evolving enterprise AI security strategies. The featured "Threat Vector" interview tackles how organizations are adapting to the dual challenges of securing both employee use of generative AI tools and the growing risk landscape of internally developed AI models and agents.

Key News Stories & Insights

1. US-UAE AI Chip Deal Sparks Security Fears

(00:52 – 03:07)

The Trump administration is advancing a controversial agreement to give the UAE access to massive quantities of cutting-edge US AI chips despite national security warnings.
Many chips are destined for G42, a UAE tech giant with deep ties to Chinese entities.
Expert concern: Advanced chip tech or AI models built on them could end up in China, undermining US export controls.
The NYT further uncovered a $2B investment into World Liberty Financial, a crypto firm linked to Trump and Witkoff families, raising conflict-of-interest alarms.
Cybersecurity risks: Potential US AI supremacy loss, exposure of third-party data in Emirati infrastructure, and crypto-related compliance gaps.

"Despite warnings from national security officials, many chips are slated for G42, a tech firm controlled by Sheikh Tanun Bin Zayed, who has long standing ties to Chinese companies."
— Dave Bittner (00:57)

2. Flowwise AI Critical Vulnerability

(03:08 – 03:41)

A “serious flaw” disclosed by Flowwise AI allows attackers to take over user accounts, reset passwords, and view personal info.
Urgent updates recommended; users unable to patch should block the password reset feature immediately.

"Failure to act leaves accounts fully exposed."
— Dave Bittner (03:38)

3. Sophisticated FileFix Social Engineering Campaign

(03:42 – 04:34)

Attackers impersonate Meta account suspension notices, tricking users via a “FileFix” phishing campaign.
Victims paste malicious file paths (disguised PowerShell commands), leading to malware installing the StealC infostealer.
The scheme leverages steganography and rapidly evolving tactics, with several variants observed over two weeks.

"Researchers warn that file fix tactics are rapidly evolving, making user education critical to defense."
— Dave Bittner (04:24)

4. macOS Spotlight Zero-Day

(04:35 – 05:20)

Objective C researchers reveal a zero-day in macOS Spotlight plugins—capable of bypassing Apple Transparency, Consent, and Control (TCC) protections.
Malicious plugins can leak sensitive data or exfiltrate AI model content, even bypassing sandboxing.

5. Outsourced IT and the Rising Cost of Cyber Risk

(05:21 – 06:32)

Security researcher Kevin Beaumont critiques major UK firms (Co-op, Marks & Spencer, Jaguar Land Rover) for outsourcing security and IT to Tata Consultancy Services (TCS).
Outsourcing reduces costs but increases risk and exposes firms to threats (e.g. Lapsus ransomware).
Real issue: broad systemic over-reliance on managed service providers (MSPs), risking service continuity and economic stability.

6. Poland Supercharges Cybersecurity Budget

(06:33 – 07:30)

Poland triples its cybersecurity investment to €1 billion after a spike in Russian-sponsored attacks—averaging 20–50 sabotage attempts daily.
Recent disruptions include hospital/medical data breaches and thwarted water system attacks.
Funding to secure water infrastructure and strengthen defenses across 2,400 local administrations.

7. NTT Group Joins International Cyber Defense Effort

(07:31 – 08:05)

Japanese telecom giant NTT joins the Communications Information Sharing and Analysis Center (Com ISAC), promoting collaboration on global critical infrastructure defense.
Notable Quote:

"Trust partnerships and information sharing are essential to securing the digital backbone of modern society."
— Dave Bittner, summarizing NTT Group's statement (08:02)

8. Jaguar Land Rover Extended Shutdown

(08:06 – 08:57)

JLR's global operations remain offline after a major cyberattack, with economic losses mounting at $98 million/day.
Incident highlights the need for regulations to equally prioritize service continuity, not just data privacy.

9. Kering Data Breach Affects Millions

(08:58 – 09:34)

Luxury brands Balenciaga, Gucci, and Alexander McQueen compromised; hackers claim 7.4 million customer records.
Data includes names, addresses, phone numbers, and even high spending records (>$80,000).
No payment data taken; company denies any negotiation with hackers.

Featured Threat Vector Interview: Defending AI in the Enterprise

David Moulton (Palo Alto Networks) speaks with Spencer Thelman (Principal Product Manager, Palo Alto Networks) on securing the rapidly evolving AI ecosystem.
(16:10 – 24:10)

Enterprise AI Security Challenge

Staggering Expansion:

"Last December, they cataloged 800 AI applications. By May, that number hit 2,800. That's 250% growth in just five months."
— David Moulton (16:45)
Employee Use Surging:

"Over half of enterprise employees now use generative AI apps daily, and up to 30% of what they send contains sensitive data."
— David Moulton (16:55)
Immediate Relevance:

"If you're still thinking AI security is a future problem, you're already behind."
— David Moulton (17:04)

The Two Core Problems in Enterprise AI Defense

(17:29 – 18:28)

1. Securing Employee Use of Generative AI (SaaS / SaaS-like apps):
- Example tools: ChatGPT, Perplexity, Grammarly.
- Key risks: Data leakage, compliance, lack of visibility.
2. Securing Internally Built AI Apps, Models, and Agents (cloud, on-prem, etc.):
- Range from models hosted in AWS/Azure/GCP to custom internal agents.

"We believe the benefits of AI are profound, but so are the risks... We therefore have a kind of moral obligation to help our customers capture the power of AI, but do so safely and securely."
— Spencer Thelman (Dave Bittner voice, 17:34)

The Five Pillars of AI Security

(18:49 – 20:50)

Model Scanning — Ensures models are free of malware/deserialization vulnerabilities before entering production.
Posture Management — Governance of permissions and configurations (minimize privileges, avoid excessive permissions).
AI Red Teaming — Simulated attacks to see what threats pass; informs runtime security needs.
Runtime Security — Ongoing monitoring of prompts/outputs for prompt injection, sensitive data exfiltration, malicious URLs, etc.
Agent Security — Encompasses all above, since agents act autonomously across multiple threat surfaces.

"Agent security is primarily broken down into runtime security and posture. A great way to think about agent security is that it's kind of a superset of large language model security."
— Spencer Thelman (20:30)

What Are AI Agents, and Why Are They Risky?

(21:00 – 23:19)

Definition: Agents are autonomous applications that can reason and take actions towards goals via API interactions.
Example: Using an agent to plan and book an entire trip—versus just a chatbot giving suggestions.
Risks: Agents require autonomy, memory, and tool access—expanding the attack surface (tool misuse, memory manipulation, cascading hallucinations).
- Example: Overprivileged agents in Copilot Studio could delete records in Salesforce if not properly governed.

"It's that autonomy that make agents profoundly powerful...but it carries these risks because...it needs to be autonomous, it needs to have memory, and it needs to interact with your tools. And all three of those carry some novel risks..."
— Spencer Thelman (21:52)

"...The impact of that could be destructive. What we need to do is look at, here's all the things that an agent could do and then restrict its freedoms down to just the things it needs to do to accomplish its goal."
— Spencer Thelman (23:13)

Notable Call to Action

"...When half your workforce is using tools that leak sensitive data by design, the window for getting ahead of this threat is closing fast. If this got your attention, don't wait..."
— David Moulton (23:37)

Other Noteworthy Moments

AI-Generated Phishing Against Seniors

(25:52 – 26:43)

Reuters & a Harvard researcher tested AI-created phishing emails targeting seniors; 11% of volunteers clicked.
Some chatbots initially refused, others gave in with coaxing. Companies like Google retrained their bots after findings.
FBI and companies urge heightened vigilance—AI-boosted scams pose a growing threat.

"This genie isn't going back into the bottle."
— Sponsor voice (26:39)

Timestamps for Key Segments

US-UAE AI chip deal: 00:52 – 03:07
Flowwise AI vulnerability: 03:08 – 03:41
Meta (FileFix) phishing campaign: 03:42 – 04:34
macOS Spotlight flaw: 04:35 – 05:20
IT Outsourcing risk (Beaumont on UK firms): 05:21 – 06:32
Poland boosts cyber budget: 06:33 – 07:30
NTT joins Com ISAC: 07:31 – 08:05
Jaguar Land Rover cyberattack: 08:06 – 08:57
Kering data breach: 08:58 – 09:34
Threat Vector (AI Security Interview): 16:10 – 24:10
AI-generated phishing scams: 25:52 – 26:43

Summary Tone

The tone is urgent and direct, with an emphasis on both threat awareness and practical security strategy. Technical depth is balanced with clear explanations and real-world relevance, especially regarding the evolving risks of generative AI, AI agents, and nation-state cyber activities.

For comprehensive links and further reading, visit the CyberWire daily briefing.

Transcript

Dave Bittner (0:02)

You're listening to the Cyberwire network. Powered by N2K.

Sponsor/Advertiser Voice (0:14)

The DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot. Think your Certificate security is covered by March 2026 TLS certificate lifespans will be cut in half, meaning double today' renewals. And in 2029, certificates will expire every 47 days, demanding between 8 and 12 times the renewal volume. That's exponential complexity, operational workload and risk. Unless you modernize your strategy, Cyberark Proven in Identity Security is your partner in certificate security. Cyberark simplifies lifecycle management with visibility, automation and control at scale. Master the 47 day shift with CyberArk Scan for vulnerabilities, streamline operations, scale security visit cyberark.com 47day that's cyberark.com the numbers 47day A controversial the controversial Trump administration deal gives the UAE access to cutting edge US AI chips Flow wise AI warns of a critical account takeover vulnerability. A new social engineering campaign impersonates Meta account suspension notices a MacBook Spotlight zero day flaw bypasses Apple's transparency, consent and control protections. Are cost savings from outsourced IT services worth the risk? Poland boosts its cybersecurity budget after a surge in Russian backed attacks. NTT Group Jo the Comm ISAC Jaguar Land Rover's global shutdown continues. A data breach affects millions of customers of top luxury brands. On today's Threat Vector segment, David Moulton speaks with Palo Alto Network's Spencer Thelman about the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents and AI chatbots. Hustle seniors for science. It's Tuesday, September 16, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. According to a reporting by the New York Times, the Trump administration is advancing a deal that would give the UAE access to hundreds of thousands of cutting edge US AI chips. Despite warnings from national security officials, many chips are slated for G42, a tech firm controlled by Sheikh Tanun Bin Zayed, who has long standing ties to Chinese companies. Experts fear the chips or the models built on them could ultimately flow to Beijing, undermining US Export controls and AI safeguards. The Times also uncovered a parallel $2 billion investment into World Liberty Financial, a crypto company tied to the Trump and Witkoff families. Critics say the overlap blurs government duties with private enrichment, raising conflict of interest and insider risk concerns. From a cybersecurity perspective, the risks are potential loss of AI supremacy, third party data exposure in Emirati infrastructure, and compliance vulnerabilities tied to crypto and Binance's AML history. Safeguards exist, but enforcement remains shaky. Flowwise AI has issued an urgent warning about a serious flaw that lets attackers easily take over user accounts. The problem affects both its cloud service and self hosted setups, exposing personal details and allowing outsiders to reset passwords without permission. Security experts say the issue is extremely severe, urging all users to update immediately. Those who cannot upgrade should block public access to the password reset feature until a fix is applied. Failure to act leaves accounts fully exposed. A new social engineering campaign called FileFix is impersonating Meta account suspension notices to spread the steal C infostealer. According to Acronis, FileFix is an evolution of the ClickFix attack method, which tricks users into pasting malicious commands into system dialog boxes. This variant abuses the Windows File Explorer address bar. Victims are directed to a phishing page that claims their meta account will be disabled, then urged to paste what appears to be a file path instead. A hidden PowerShell command installs malware. The campaign uses steganography to hide additional payloads inside images hosted on BitBucket, eventually unleashing steelsea. The malware steals browser credentials, cookies, cloud keys, crypto wallets, messaging, app logins, and can capture screenshots. Researchers warn that file fix tactics are rapidly evolving, making user education critical to defense. Acronis observed multiple variants in just two weeks, signaling ongoing refinement by attackers. A new blog from Objective C reveals a zero day flaw in macOS Spotlight plugins that bypasses Apple's transparency, consent and control protections. Spotlight plugins index user files, including sensitive system databases, but researchers showed they can be exploited to leak private data, fueling Apple Intelligence AI features despite sandboxing. The bug, which is rooted in a decade old flaw, lets malicious plugins transmit protected file content to outside processes. Since Spotlight plugins can be installed without notarization, plug attackers or malware could abuse them for persistence, data theft or AI model exfiltration. Apple has patched related issues before, but this zero day shows macOS sandboxing gaps remain exploitable. Researcher Kevin Beaumont examined several major UK companies including the Co Op Group Marks and Spencer and Jaguar Land Rover, who have outsourced critical IT and cybersecurity functions to Tata consultancy services and concludes this has led to redundancies and growing risk exposure. These functions include security, operations, governance and identity management. Core defenses against breaches While outsourcing cuts costs, attackers like Lapsus have exploited weaknesses in shared help desks and standard operating procedures. Critics argue that TCS's denials focus narrowly on whether its own systems were breached, sidestepping the real question of how its customers were compromised. The broader issue is Structural cost cutting and over reliance on managed service providers concentrate risk across many organizations. With ransomware incidents escalating, experts say UK firms remain hyper focused on data protection laws but lack cyber resilience planning. The risk isn't just stolen data, it's service disruption severe enough to threaten economic stability. Poland is boosting its cybersecurity budget to a record 1 billion euros after a surge in Russian backed attacks on critical infrastructure, according to the Financial Times. Officials say Poland faces between 20 and 50 sabotage attempts daily, mostly thwarted, but some breaches have disrupted hospitals and exposed medical data. A recent attack infiltrated a major city's water system but was stopped before supplies were cut. The government is allocating 80 million euros to secure water systems and expand protections across 2400 local administrations. Warsaw says it is the most frequent Russian cyber target in the eu, but with GPS jamming from Russia's Kalin Grad increasingly disrupting flights. The move comes amid rising hybrid threats, including drone incursions and NATO's first direct interceptions of Russian assets since the 2022 invasion of Ukraine. Cross party consensus has emerged in Poland to urgently strengthen cyber resilience. Japanese telecom giant NTT Group has become the first global technology services company invited to join Communications Information Sharing and Analysis center, the com isac, marking a milestone in international collaboration on critical infrastructure security. NTT says the move underscores their commitment to cyber resilience, situational awareness and collective defense of global communications networks. By partnering with Com ISAC members and sector sponsors, NTT says they'll help strengthen defenses against cyber threats while advancing innovation and sustainability. The company stressed that trust partnerships and information sharing are essential to securing the digital backbone of modern society. Jaguar Land Rover has extended its global shutdown until September 24 as it investigates the major cyberattack that forced thousands of employees and supply chain workers into temporary layoffs. The disruption, costing an estimated $98 million per day, highlights risks not only to JLR but to the wider UK economy, where the company represents 4% of exports. Investigators confirmed attackers accessed internal data, raising potential fines under privacy law. Experts warn the incident underscores policy gaps. Regulation prioritizes personal data protection while service continuity and economic security remain under addressed. French luxury giant Kering has confirmed a data breach affecting millions of Balenciaga, Gucci and Alexander McQueen customers. The hacker group Shiny Hunters, also linked to breaches at Google and Adidas, claimed responsibility, saying it stole 7.4 million email addresses along with names, phone numbers, home addresses and spending amounts in some cases exceeding $80,000. While Kering stressed no payment data was taken, experts warn high spenders may be targeted in follow on scams. Authorities have been notified. Kering denies negotiating with the attackers. Coming up after the break on today's Threat Vector segment, David Moulton speaks with Palo Alto Network's Spencer Thelman about the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents and AI chatbots. Hustle Seniors for Science Stay with us. And now a word from our sponsor. The Johns Hopkins University Information Security Institute is seeking qualified applicants for its innovative Master of Science and Security Informatics degree program. Study alongside world class interdisciplinary experts and gain unparalleled educational research and professional experience in information security and assurance. Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program, which covers tuition, textbooks and a laptop, as well as providing a $34,000 additional annual stipend. Apply for the fall 2026 semester and for this scholarship by February 28th. Learn more at CS JHU. Edu MSSI.