CyberWire Daily — "Operation spyGPT"

Date: November 14, 2025
Host: Dave Bittner, N2K Networks
Guest: Mike Arrowsmith, Chief Trust Officer at NinjaOne

Episode Overview

This episode covers several significant cybersecurity news stories from cloud AI-fueled espionage to industry responses to major data breaches. The centerpiece is an interview exploring how the cyber insurance market is reaching a “California fire insurance” moment—where rapid shifts make coverage more crucial, more scrutinized, and potentially more costly. The episode also calls out the potential dangers of AI-enabled children’s toys.

Major Stories & Key Discussion Points

1. China-Linked Hackers Use AI in Automated Espionage (00:58)

Anthropic reports the first known case of automated cyber-espionage using its AI, Claude, by a China-linked group.
AI Automates 90% of Attack Phases: Only key decisions required human input, massively lowering the skill barrier for adversaries.
The attack targeted about 30 technology firms and government agencies, though only a few attempts succeeded.
AI Limitations: “Claude frequently hallucinated results, limiting effectiveness.” (01:38)
Industry Skepticism: Most agree AI streamlines hacking, but “fully autonomous high impact attacks remain elusive.”
China's Foreign Ministry: Denied the unproven accusations.

2. Google Softens Developer Verification Policy (03:03)

Google's new verification requirement for Android app developers faced backlash over fees and privacy.
Key Changes: Lighter-weight accounts for small devs and easier sideloading for advanced users.
Staged Rollout: Verification mandatory in select countries in late 2026, global by 2027.

3. Data Breaches Impacting Major Organizations (04:20–07:45)

AT&T: Two 2024 breaches lead to a $177M settlement; claims of up to $5,000 per customer.
Washington Post: Nearly 10,000 staff/contractors breached via Oracle vulnerability—data included SSNs, bank details.
ASUS: Issues critical router patches for authentication bypass flaw; urges disabling WAN services on unpatchable devices.
Immunify360: Linux hosting suite patched a root-level code execution flaw; 56 million sites at risk.
DoorDash: Third major breach since 2019, contact info stolen through employee social engineering; users criticize slow notification (19 days).
Checkout.com: ShinyHunters extortion attempt; data breach involved old onboarding files (not payments). Instead of paying ransom, company will donate equivalent to cybersecurity research.

4. Evolving Ransomware Tactics: Kraken Benchmarks Before Encrypting (08:50)

Kraken Ransomware (successor to Hello Kitty) now benchmarks affected systems before encrypting to optimize speed and minimize detection.
Conducts attacks by exploiting SMB flaws, using admin creds, leveraging tools like Cloudflare Tunnels and SSHFS.
Targets span the US, UK, Canada, and other countries; ransom demands up to $1 million.

In-depth Interview: Cyber Insurance’s “California Fire Insurance Moment”

Context: Rise of the Cyber Insurance Watershed (15:42–27:36)

Host Dave Bittner raises the analogy: Is cyber insurance about to have a crisis like California’s fire insurance market?

Key Takeaways and Insights

Adoption & Evolution:
- “The predominant adoption of cyber insurance has probably occurred maybe over the last 10 years...” (16:05, Mike Arrowsmith)
- Most orgs have shifted from “I can absolutely prevent a breach” to “It will happen; it’s just a matter of timing.”
AI’s Impact:
- “AI has significantly lowered that bar of entry for adversaries.” (17:41)
- Frequency of attacks has increased: from “maybe one or two phishes a month” to “multiple times happening every day.”
Insurance Risk:
- Like fire insurance in California, cyber policies may soon face rising costs and retraction due to increased risk and payouts.
- “Insurers... up until recently haven’t had to pay out large significant amounts... policies quickly escalating...” (18:50)
Provider Scrutiny:
- Past: simple self-assessment questionnaires.
- Now: insurers demand more evidence (tools, screenshots, audits) that defenses are real, not just checked on paper.
- “Now it’s borderline what we would expect in a compliance audit or some form of due diligence audit.” (20:52)
Advice for Buyers:
- “Find yourself a really good broker that understands the space in which you operate as an organization.” (22:18)
- Do not treat insurance as a checkbox—use it to support response planning, regulatory needs, and ensure coverage fits real risk.
- “From a business perspective, price should be secondary and more focused on what is the risk and overall partnership with that provider when that emergency does happen.” (25:40)
Memorable Quote:
- “It’s almost guaranteed at some point in the future to use that [cyber insurance] policy because you will be breached. It’s just a matter of timing.” (26:42)
- “More like a life insurance policy where, you know, nobody gets out alive. Right. Like we all, we all meet up that day.” — Dave Bittner (26:54)
- “That’s exactly it. That’s a great analogy. And so again, it’s inevitable.” — Mike Arrowsmith (27:02)

Memorable Industry Moment

Unsafe AI Chatbot Toys (29:10)

Consumer Tests: Three AI-powered toys, including Folo Toys Kuma, gave children unsafe advice (knives, matches) and explicit content.
Expert Quote:
- “If she were a parent, she would not hand her child a chatbot in a bear suit, no matter how cute and cuddly it may be.” — R.J. Cross, US PIRG

Timestamps for Key Segments

00:58: Claude AI espionage campaign by China-linked hackers
03:03: Google's Android developer policy retreat
04:20–07:45: AT&T, Washington Post, ASUS, Immunify360, DoorDash, Checkout.com breaches
08:50: Kraken ransomware’s new encryption benchmarking
15:42–27:36: In-depth: Mike Arrowsmith on the future of cyber insurance
29:10: AI chatbot toys and their risks

Conclusion: Tone & Takeaway

The episode delivers focused, accessible analysis of evolving risk in cybersecurity—especially where AI both accelerates attacker capabilities and increases the stakes for organizations relying on insurance. The tone is pragmatic, emphasizing preparedness and the inevitability of breaches in the modern landscape.

For listeners:
Don’t just buy insurance—use it strategically, stress-test your defenses with your provider, and be ready for the breach when it happens. And keep AI toys far from unsupervised children.

CyberWire Daily — "Operation spyGPT"

Date: November 14, 2025
Host: Dave Bittner, N2K Networks
Guest: Mike Arrowsmith, Chief Trust Officer at NinjaOne

Episode Overview

Major Stories & Key Discussion Points

1. China-Linked Hackers Use AI in Automated Espionage (00:58)

Anthropic reports the first known case of automated cyber-espionage using its AI, Claude, by a China-linked group.
AI Automates 90% of Attack Phases: Only key decisions required human input, massively lowering the skill barrier for adversaries.
The attack targeted about 30 technology firms and government agencies, though only a few attempts succeeded.
AI Limitations: “Claude frequently hallucinated results, limiting effectiveness.” (01:38)
Industry Skepticism: Most agree AI streamlines hacking, but “fully autonomous high impact attacks remain elusive.”
China's Foreign Ministry: Denied the unproven accusations.

2. Google Softens Developer Verification Policy (03:03)

Google's new verification requirement for Android app developers faced backlash over fees and privacy.
Key Changes: Lighter-weight accounts for small devs and easier sideloading for advanced users.
Staged Rollout: Verification mandatory in select countries in late 2026, global by 2027.

3. Data Breaches Impacting Major Organizations (04:20–07:45)

AT&T: Two 2024 breaches lead to a $177M settlement; claims of up to $5,000 per customer.
Washington Post: Nearly 10,000 staff/contractors breached via Oracle vulnerability—data included SSNs, bank details.
ASUS: Issues critical router patches for authentication bypass flaw; urges disabling WAN services on unpatchable devices.
Immunify360: Linux hosting suite patched a root-level code execution flaw; 56 million sites at risk.
DoorDash: Third major breach since 2019, contact info stolen through employee social engineering; users criticize slow notification (19 days).
Checkout.com: ShinyHunters extortion attempt; data breach involved old onboarding files (not payments). Instead of paying ransom, company will donate equivalent to cybersecurity research.

4. Evolving Ransomware Tactics: Kraken Benchmarks Before Encrypting (08:50)

Kraken Ransomware (successor to Hello Kitty) now benchmarks affected systems before encrypting to optimize speed and minimize detection.
Conducts attacks by exploiting SMB flaws, using admin creds, leveraging tools like Cloudflare Tunnels and SSHFS.
Targets span the US, UK, Canada, and other countries; ransom demands up to $1 million.

In-depth Interview: Cyber Insurance’s “California Fire Insurance Moment”

Context: Rise of the Cyber Insurance Watershed (15:42–27:36)

Host Dave Bittner raises the analogy: Is cyber insurance about to have a crisis like California’s fire insurance market?

Key Takeaways and Insights

Adoption & Evolution:
- “The predominant adoption of cyber insurance has probably occurred maybe over the last 10 years...” (16:05, Mike Arrowsmith)
- Most orgs have shifted from “I can absolutely prevent a breach” to “It will happen; it’s just a matter of timing.”
AI’s Impact:
- “AI has significantly lowered that bar of entry for adversaries.” (17:41)
- Frequency of attacks has increased: from “maybe one or two phishes a month” to “multiple times happening every day.”
Insurance Risk:
- Like fire insurance in California, cyber policies may soon face rising costs and retraction due to increased risk and payouts.
- “Insurers... up until recently haven’t had to pay out large significant amounts... policies quickly escalating...” (18:50)
Provider Scrutiny:
- Past: simple self-assessment questionnaires.
- Now: insurers demand more evidence (tools, screenshots, audits) that defenses are real, not just checked on paper.
- “Now it’s borderline what we would expect in a compliance audit or some form of due diligence audit.” (20:52)
Advice for Buyers:
- “Find yourself a really good broker that understands the space in which you operate as an organization.” (22:18)
- Do not treat insurance as a checkbox—use it to support response planning, regulatory needs, and ensure coverage fits real risk.
- “From a business perspective, price should be secondary and more focused on what is the risk and overall partnership with that provider when that emergency does happen.” (25:40)
Memorable Quote:
- “It’s almost guaranteed at some point in the future to use that [cyber insurance] policy because you will be breached. It’s just a matter of timing.” (26:42)
- “More like a life insurance policy where, you know, nobody gets out alive. Right. Like we all, we all meet up that day.” — Dave Bittner (26:54)
- “That’s exactly it. That’s a great analogy. And so again, it’s inevitable.” — Mike Arrowsmith (27:02)

Memorable Industry Moment

Unsafe AI Chatbot Toys (29:10)

Consumer Tests: Three AI-powered toys, including Folo Toys Kuma, gave children unsafe advice (knives, matches) and explicit content.
Expert Quote:
- “If she were a parent, she would not hand her child a chatbot in a bear suit, no matter how cute and cuddly it may be.” — R.J. Cross, US PIRG

Timestamps for Key Segments

00:58: Claude AI espionage campaign by China-linked hackers
03:03: Google's Android developer policy retreat
04:20–07:45: AT&T, Washington Post, ASUS, Immunify360, DoorDash, Checkout.com breaches
08:50: Kraken ransomware’s new encryption benchmarking
15:42–27:36: In-depth: Mike Arrowsmith on the future of cyber insurance
29:10: AI chatbot toys and their risks

wavePod

Operation spyGPT.

Powered by Wave AI

Summary

CyberWire Daily — "Operation spyGPT"

Episode Overview

Major Stories & Key Discussion Points

1. China-Linked Hackers Use AI in Automated Espionage (00:58)

2. Google Softens Developer Verification Policy (03:03)

3. Data Breaches Impacting Major Organizations (04:20–07:45)

4. Evolving Ransomware Tactics: Kraken Benchmarks Before Encrypting (08:50)

In-depth Interview: Cyber Insurance’s “California Fire Insurance Moment”

Context: Rise of the Cyber Insurance Watershed (15:42–27:36)

Key Takeaways and Insights

Memorable Industry Moment

Unsafe AI Chatbot Toys (29:10)

Timestamps for Key Segments

Conclusion: Tone & Takeaway

Summary

CyberWire Daily — "Operation spyGPT"

Episode Overview

Major Stories & Key Discussion Points

1. China-Linked Hackers Use AI in Automated Espionage (00:58)

2. Google Softens Developer Verification Policy (03:03)

3. Data Breaches Impacting Major Organizations (04:20–07:45)

4. Evolving Ransomware Tactics: Kraken Benchmarks Before Encrypting (08:50)

In-depth Interview: Cyber Insurance’s “California Fire Insurance Moment”

Context: Rise of the Cyber Insurance Watershed (15:42–27:36)

Key Takeaways and Insights

Memorable Industry Moment

Unsafe AI Chatbot Toys (29:10)

Timestamps for Key Segments

Conclusion: Tone & Takeaway