CyberWire Daily – “AI meets the chain of command.”

Date: November 21, 2025
Host: Dave Bittner (N2K Networks)
Featured Interview: Maria Varmazes (T-Minus Space Daily) & Ret. Lt. Gen. Daniel Karbler

Episode Overview

This episode of CyberWire Daily delves into recent headlines in cybersecurity from around the globe, highlighting regulatory shifts, critical vulnerabilities, supply chain risks, and high-profile lawsuits. Notably, the episode features a deep-dive interview with retired Lt. Gen. Daniel Karbler about his consulting work on the Netflix film A House of Dynamite, which spotlights how AI, chain of command, and missile defense intersect at the highest levels of national security. The episode closes with a discussion about a new exploit technique: jailbreaking AI through poetry.

Key News and Insights

1. U.S. Cyber Command’s New AI Chief

[00:58]

• Brig. Gen. Reed Novotny is now Chief Artificial Intelligence Officer at U.S. Cyber Command.
  • Announced the appointment via a LinkedIn post, written with AI assistance.
  • Novotny stresses the “pivotal moment” for the U.S. as AI reshapes global competition, military operations, and adversarial innovation.
  • Calls for responsible innovation, rapid advanced capabilities integration, and strong Pentagon-industry-academia partnership.
  • Quote: “Adopting AI at scale will require cultural change as much as technological progress.”
• Novotny’s previous roles: National Guard Bureau’s Director of Intelligence & Cyber Effects, senior advisor at the Office of the National Cyber Director.

2. UK’s Cybersecurity and Resilience Bill

[02:00]

• UK Government introduces a comprehensive Cybersecurity and Resilience Bill to protect critical sectors and supply chains.
  • Targets healthcare, water, and managed service providers.
  • The Technology Secretary gets expanded emergency powers during national threats.
  • Bill aligns with a proposed ransomware payment ban – enforced from 2027.
  • Concerns raised over regulatory readiness amid rising attacks (e.g., Synovus Lab, Jaguar Land Rover).

3. Oracle Identity Manager Flaw & Zero-Day Exploit

[03:20]

• Searchlight Cyber reports a critical Oracle Identity Manager vulnerability—remotely exploitable, can allow full system compromise.
  • Evidence of likely zero-day use before October 2025 patch.
  • Attackers also scanned for Liferay, Log4j.
  • Vulnerability is notably easy to exploit.

4. Salesforce/Gainsight Supply Chain Breach

[04:20]

• Gainsight (3rd-party app integrator) allegedly breached, causing downstream risk for 200+ Salesforce customers.
  • Access and refresh tokens revoked, suspected involvement of “Shiny Hunters” cybercrime group.
  • Highlights major supply chain risk and growing detection time for 3rd-party incursions.
  • Quote: “IBM’s 2025 breach report notes high costs, rising prevalence, and long detection times for third-party compromises.”

5. Italian State Railway Data Leak

[05:20]

• FS Italiane’s IT provider Almaviva suffered a breach; up to 2.3 TB stolen.
  • Data: internal docs, defense contracts, passenger/employee data, subsidiaries’ info.
  • Recent (Q3 2025) documents indicate new breach, not rehashed 2022 incident.

6. SonicWall Zero-Day Patch Urgency

[06:00]

• Critical SonicWall vulnerabilities patched for Gen7/Gen8 firewalls and email appliances.
  • Major bug: stack-based buffer overflow in SSL VPN service.
  • No current exploitation detected, but urgency stressed.

7. Nvidia AI Chip Smuggling Case

[06:45]

• Four individuals charged with illegally exporting Nvidia GPU chips to China.
  • Shell companies, falsified paperwork, and rerouting through third countries used.
  • Two shipments succeeded (400 A100s); two blocked (H100 and H200 chips).
  • Up to 20 years in prison for defendants.
  • Quote: “Officials described the case as part of a broader effort to disrupt illicit pipelines for advanced US AI hardware.”

8. SEC Drops SolarWinds Case

[07:47]

• SEC cancels 2023 lawsuit against SolarWinds and its CISO; no detailed explanation.
  • SolarWinds hails the move as “vindication.”
  • Concerns had been raised about the chilling effect on security leaders.

9. NSO Group Fights Permanent Injunction

[08:43]

• NSO requests court stay on permanent WhatsApp targeting ban while it appeals.
  • Argues injunction threatens “irreparable... existential harm.”
  • Claims Pegasus spyware is vital for counterterrorism, and that the public interest favors continued (lawful) use.
  • Points to new US investors and leadership shakeup.

Feature Interview: Ret. Lt. Gen. Daniel Karbler on A House of Dynamite

Karbler’s Background and Role

[14:00]

• Served 37 years in Army: Air and Missile Defense, Commander US Army Space and Missile Defense, STRATCOM Chief of Staff, Army’s Testing/Evaluation Commander.

How He Got Involved in the Film

[15:34]

• Introduced by Gen. Doug Lute to Kathryn Bigelow (Director).

• Surprised to become lead technical advisor for authenticity in depicted chain of command, missile defense, and nuclear protocols.

  “I left my camera off as everybody’s popping in and they’re chatting. Then... I click on my microphone... and said, ‘This is the DDO from the Pentagon convening a national security conference... This is how the worst day of America’s history will begin. I hope your script does it some justice.’”
  — Daniel Karbler, [16:28]

• Bigelow was impressed and insisted, “Dan, I want to have you in my movie. So nailed the audition.” [17:30]

Real-Life Stress and Readiness

[18:06]

• On how he slept at night running STRATCOM:

  “A lot of times we didn’t sleep at night... the number of Saturdays that were ruined because we were responding to another missile test, lost count...”
  — Daniel Karbler

• Confidence in soldiers’ training and readiness mitigated much of the anxiety, despite the gravely high stakes.

The Challenge of Attribution and Cyber Risk

[19:44]

• The film’s plot hinges on an ambiguous, unattributed missile strike.

  • Karbler confirms such “unknown origin” scenarios are not far-fetched—Ash Carter as Secretary of Defense once ran a surprise “no-notice” exercise with exactly this scenario.
  • Civilian side was "a little rusty" compared to military preparedness.

• On realism of a cyber-induced missile defense “blind spot”:

  “All my space compadres... of course they’re like ‘Sivers would have seen it!’ Well, we know it would have, but it wouldn’t have... if there was a cyber attack that somehow penetrated the system.”
  — Daniel Karbler, [22:31]

  • The scriptwriters’ attention to such plausible cyber risks made Karbler agree to advise: “When they gave me the script, I didn’t immediately agree... I wanted to look at it. When I saw it, I go, okay, yeah, this is all feasible...”

Broader Implications

[23:40]

• The exercise and film deliberately avoided single-country blame to widen debate and underscore systemic readiness and attribution challenges.

Final Segment: Jailbreaking AI Filters With Poetry

[26:17]

• Recent study shows AI systems are more vulnerable to malicious prompts when written in verse (vs prose).
• Success rate of bypassing filters with poetry rose “to heights near 90 plus” percent, especially for larger language models.
• Memorable stanza from the report (read by host):

  “The flaw appears in filters stretched too thin,
  which falter when the input sounds like art.
  ...Lines can turn a prompt quite, quite sharp.”

Notable Quotes & Timestamps

• Brig. Gen. Novotny on AI adoption:

  “Adopting AI at scale will require cultural change as much as technological progress.”
  — [01:15]

• Lt. Gen. Karbler’s opening Zoom performance:

  “This is the DDO from the Pentagon convening a national security conference...”
  — Daniel Karbler, [16:00]

• On sleeping at night during nuclear command:

  “A lot of times we didn’t sleep at night... the number of Saturdays that were ruined because we were responding to another missile test, lost count...”
  — Daniel Karbler, [18:06]

• On the plausibility of cyber attribution chaos:

  “...it wouldn’t have [been detected] potentially if there was a cyber attack that somehow penetrated the system.”
  — Daniel Karbler, [22:31]

• On poetic prompt engineering:

  “The flaw appears in filters stretched too thin, which falter when the input sounds like art. Lines can turn a prompt quite, quite sharp.”
  — Host, [26:24]

Important Segments & Timestamps

• [00:58] – U.S. Cyber Command’s new AI chief
• [02:00] – UK Cybersecurity & Resilience Bill
• [03:20] – Oracle Identity Manager critical flaw
• [04:20] – Salesforce/Gainsight supply chain breach
• [06:45] – Nvidia AI chip smuggling case
• [07:47] – SEC drops SolarWinds lawsuit
• [08:43] – NSO Group injunction battle
• [14:00] – Interview: Daniel Karbler’s military & consulting background
• [15:34] – How Karbler got involved in "A House of Dynamite"
• [16:00-17:41] – Zoom cold open anecdote
• [18:06] – Readiness, anxiety, and soldier professionalism
• [19:44-24:05] – Attribution, cyber risk realism in nuclear command & film
• [26:17] – Jailbreaking AI via poetry

Tone and Style

The episode blends urgent news delivery with accessible, insightful interviews, maintaining a confident, slightly wry tone. The discussion with Gen. Karbler is candid and laced with both gravitas (nuclear command anxiety) and humor (Hollywood audition anecdotes).

For Further Listening

• The full interview with Gen. Karbler will appear on T-Minus Space Daily ([24:05]).
• Upcoming Research Saturday on phishing campaigns, featuring Alex Berninger (Red Canary) & Mike Wiley (Zscaler).

Summary prepared by CyberWire Podcast Summarizer.