A

You're listening to the CyberWire network powered by N2K. AI is changing how enterprises operate and how they stay protected. It's time to eliminate risk and protect innovation. From March 23rd through the 26th, join Trend AI for actionable AI security insights. Catch impactful sessions at RSAC, then unwind and grab a bite at their lounge in Trapa. Sueno Experience industry leading AI security in person. Engage with the experts and get your chance to win $500,000. San Francisco lets AI fearlessly. Learn more@trendmicro.com RS. Iran's cyber ops stay resilient US lawmakers press big tech on EU rules Researchers expose a fancy bear server Japan moves toward offensive cyber CISA calls for cross agency teamwork New malware targets network infrastructure AI gets fooled by font based attacks Schneider Electric warns of critical flaws Quantum cryptography earns top honors Our guest is Braden Rogers, Chief customer officer at island, discussing how to make AI browsers safe for enterprises and smart glasses on the witness stand. It's Wednesday, march 18, 2026. I'm dave buettner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. US and Israeli strikes on Iran reportedly killed two individuals tied to state backed cyber operations, but activity from affiliated hacking groups continues. Among those killed were Mohammed Mehdi Farhadi Ramin, charged by the Justice Department in 2020 for hacking U.S. aerospace and defense firms, and Syed Yaha Hosseini Panjaki and intelligence official linked by the FBI to cyber attacks and terror plots. Cybersecurity sources say Panjaki oversaw groups like handela. Despite this, HANDELA claimed a major attack on medical device company Stryker, alleging large scale data destruction. Stryker confirmed a Microsoft system compromise but said restoration is underway. Additional claims targeted Verifone, which reported no breach, while another MOIS linked group disrupted Albania's Parliament email systems. Iran's cyber operations appear resilient and decentralized. Groups continue operating despite leadership losses using tools like StarLink and possibly AI that suggest sustained cyber risk for Western organizations and allies. Even amid kinetic conflict, the House Judiciary Committee is pressing major tech firms to hand over communications with European Commission officials tied to enforcement of EU digital rules. In letters to companies including Alphabet, Meta, Microsoft, TikTok and X, chairman Jim Jordan said firms must preserve and produce records under February subpoenas, including messages set to auto delete. The request follows reports that EU officials, including Digital Services act enforcer Prabhat Agrawal, shifted to encrypted messaging apps like Signal with disappearing messages. The committee alleges potential censorship under the EU's Digital Services Act. While the commission denies the claims and says it aims to reduce user risk, the dispute highlights growing tension over platform regulation and data retention, with potential legal and compliance risks for global tech companies handling cross border communications. Researchers say an exposed server linked to Russia's Fancy Bear revealed a broad espionage campaign targeting government and military webmail across Eastern Europe and the Balkans. Building on Huntio's March 11 analysis, Control Alt intel says it found a second open directory on the same server containing command and control code payloads, telemetry logs and exfiltrated data. The researchers report more than 2,800 stolen emails, 240 credential sets, 140 forwarding rules and over 11,000 harvested contact addresses. Victims include entities in Ukraine, Romania, Bulgaria, Greece, Serbia and North Macedonia. The report also describes a previously unreported squirrel mail cross site scripting payload. According to the analysis, the same server had been tied to earlier Certua reporting and remained active for more than 500 days. The exposure shows both the reach and persistence of the operation. It also suggests that simple operational security failures can give defenders unusual insight into sophisticated state linked tradecraft. Japan will allow its Self Defense Forces to conduct offensive cyber operations beginning October 1, marking a notable shift in national security policy. Chief Cabinet Secretary Manuru Kahari said the move reflects a worsening threat environment and the growing impact of cyber attacks on daily life and the economy. A government cyber management committee will approve or reject operations if authorized. Police and the Self Defense Forces can attack and disable infrastructure used in cyber attacks with protections for citizen privacy. This expands Japan's interpretation of Self Defense into cyberspace and signals a more proactive posture against digital threats. A senior CISA official says the US Government should take a more flexible approach when leading cybersecurity efforts across critical infrastructure sectors. Speaking at an event Hosted by Auburn University's McCrary Institute, Acting CISA Director Nick Anderson said rigid adherence to sector risk management agency roles can slow effective response. Instead, agencies should defer to whichever organization has the strongest relationship with affected operators, whether that's cisa, the Department of Energy, the FBI or others. Anderson pointed to past coordination challenges, including responses tied to Guam incidents linked by Microsoft to Volt. Typhoon lawmakers have also questioned CISA's capacity following telecom focused activities attributed to another group, Salt Typhoon. Effective incident response may depend less on formal roles and more on trusted partnerships, especially as threats grow in scale and complexity. New malware samples highlight a growing trend of threat actors targeting network infrastructure to gain access and scale attacks. Researchers at Eclipsium identified two previously undocumented strains. One, a condibot variant derived from the Mirai botnet, turns compromised Linux devices into DDoS nodes. The other, Monaco brute forces secure shell credentials to deploy crypto mining malware across servers, routers and IoT devices, the report says. These tools are multi architecture and not limited to specific vendors. Supporting data from Verizon and Google indicate a sharp rise in exploitation of network devices, often with little delay between vulnerability disclosure and attack. Network infrastructure offers attackers persistent low visibility access and a foothold for broader compromise across enterprise environments. Researchers say A simple custom font technique can trick AI assistants into missing malicious instructions hidden in web pages. LayerX demonstrated a proof of concept where harmless text appears in the underlying HTML, while browser rendered content shows instructions leading to a reverse shell. The attack uses custom fonts and CSS to alter visible meaning without changing the document object model that AI tools analyze. In testing, multiple assistants failed to detect the threat and judge the page safe. The technique requires no exploits or JavaScript and relies on a gap between what AI systems parse and what users see. Attackers can exploit AI assisted workflows for social engineering, potentially leading to harmful user actions or data exposure. Schneider Electric has issued a critical advisory for a vulnerability affecting its SCADA Pack, Remote terminal units and Remote Connect software. With a CVSS score of 9.8. The flaw involves improper input validation in modbus TCP communications. The company says attackers can exploit it with crafted network packets to execute arbitrary code with system level privileges or cause denial of service and data compromise. Multiple versions and products are affected. Schneider Electric urges immediate updates and recommends network segmentation and access controls where patching is delayed. Charles Bennett and Gilles Brossard have been awarded the Turing Award for developing quantum cryptography, a breakthrough that's helped redefine how sensitive data is protected. Their work in the 1980s included the BB84 protocol, which uses photons to generate encryption keys that reveal any interception attempt. Because measuring quantum particles changes their state, eavesdropping leaves detectable traces. The researchers later expanded into quantum teleportation, demonstrating secure data transfer using entanglement. At the time, these ideas were largely theoretical. Today, they're gaining traction as companies like Google and Microsoft advance quantum computing, which experts believe could break widely used encryption methods developed in the 1970s. Experts say organizations may need to transition to quantum resistant approaches. Quantum cryptography offers a model where security is rooted in physics, not computational difficulty. The threat landscape evolves. Coming up after the break, my conversation with Braden Rogers from Island. We're discussing making AI browsers safe for enterprises. And smart glasses on the witness stand. Stay with us. No, it's not your imagination. Risk and regulation really are ramping up. And these days customers expect proof of security before they'll even do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits. With Vanta, that means less time chasing paperwork and more time focused on growth. For me, it comes down to this. Over 10,000 companies, from startups to large enterprises, trust Vanta to help prove their security. Get started@vanta.com cyber. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today, Braden Rogers is chief customer officer at island, and in today's sponsored Industry Voices segment, we discuss making AI browsers safe for enterprises.

B

As you think about the arrival of AI kind of on the mainstream scene several years ago, the natural interface our users have used for many years that they're quite familiar with, you think the most common pervasive interface the users know in an environment, it's a browser. You don't have to train your end users on how to use a browser. They know what it looks like and they see it. They know exactly what to do with it. And along comes AI. And you see just a few years ago, the core natural habitat for AI. It began in the browser interface and the result is a lot of really cool stuff that's happened in, you know, it's past almost three years now at this point, I guess Three years or so. But what's interesting is the core of that universe for the end users continued to be browser centric. So as you start thinking about the browser we've all used, you kind of go back many, many years. The world began to move to web based apps very heavily. Obviously your SaaS universe is entirely a browser based universe. And yet the browser we all used is a consumer grade piece of technology specifically built for a different purpose. And there's nothing wrong with it serving billions of users around the world very, very, very readily and healthy in healthy ways for many years. But yet the needs of the organization differ. And so as you start thinking about the requirements for an enterprise environment, you need to have some basic things, basic blocking and tackling things like data protection elements. You've got orgs that have compliance mandates they have to live up to, they've got applications and resources that are on the inside of the environment. Is you think about the evolution of the browser. You know, at island in particular, we said it would make a lot of sense. What if the browser that we use that familiar interface where we don't have to train an end user and we, we, we transform that into something that's more enterprise ready, more enterprise grade built services natively and to protect data, to keep the user safe, but to make sure users had access to the right applications and resources they need to do their job and use the browser as an actual application delivery environment. Create a purpose built browser, but at the end of the day let the users use it the way they've been using it for years, but actually convert it to the purpose that actually we're needing it for today, which is delivery of apps. And then along comes AI the conversation a minute ago and it just slipstreams perfectly into the user's workflow in the world of island in particular. But obviously you get your consumer browsers, that's a whole different ball of wax. At the end of the day. You've got these consumer browsers that have been there for years now. Users are engaging AI there and then now you get some of these AI providers go, you know what, it's a brilliant idea. Maybe we should just build our own browser for the consumers and give the users access to our AI via our browser. And so now you're seeing browsers with AI capabilities built into them. They call them the agentic browsers. I'm sure we'll talk more about that in a bit. But you know, now you get this wave of additional browsers that come to the table, but all coming from it with a very consumer centric angle and the orgs need more. They didn't abandon their requirements of data protection and all the things I mentioned before, Dave. So the evolution of the browser and the rush toward more and more browser centric stuff is being accelerated by AI. And then obviously a lot of the AI providers are delivering their own agentic browsers now as a result too.

A

Well, help me understand here. I mean, is it splitting hairs or is it a fair thing to say that there are browsers that include some enterprise functionality, some enterprise tools, but that's different from a true enterprise browser built from the ground up? Is that a fair thing to say?

B

Yeah, I definitely agree with what you said there. I think, you know, many of our existing browsers, they've wedged in the ability to create some basic enterprise settings. Let's call them what they are, they're basic settings. But the idea that we would transform the browser into something where we manage true actual policy and leverage, you know, what we call the last mile, but take advantage of the presentation layer of the engagement and take AI aside for the moment, but be able to do things like redact certain data for certain audiences of users and very basic blocking and tackling elements to let the browser actually have an understanding contextually of what it's engaging, both in terms of the identity of the user, the device, and I say both many other things as well. The application, the tenant and tenancy recognition is very important. We can talk more about that in the universe of AI as well because you know, users have their personal stuff they're using for personal chat, GPT and personal GROK and other stuff like that. And then the organizations are adopting their own enterprise versions of that. So tenancy recognition is super important at the end of the day, but at the end of the day it all goes right back to the core that a browser is at the center of that universe. And what you talked about it before, your existing browsers by and large funded and built for the consumer need with some of them having some, some capabilities of centralized control. And I'd call them a managed browser at best in that case.

A

Hmm. You know, I think it was back in December I saw a report from Gartner and one of their takeaways, they said CyberSecurity must block AI browsers for now. So they were being very hesitant about this. Is that where we stand right now?

B

Yeah, we couldn't agree more with Gartner when it comes to the consumer grade AI browsers that are in the market at the moment. Never was it more apparent, I don't know if you saw the super bowl ads where one of the specific AI providers was banging on all the other providers about being consumer centric. They were funny ads, they were hilarious and they were literally spot on. But the general focus around the universe of AI has been a very consumer centric approach because they're monetizing at the end of the day. And the ads were making fun of the fact that AI is being built for targeted advertising and monetize. There's. But if you go back to what we need to do if we want to use it in an enterprise environment, we've got to make it enterprise grade, got to make it enterprise ready. And that's where the convergence of what we see with the enterprise browser has so much power. When you take the consumer AI stuff, you could turn and make any AI environment, make it an enterprise great AI environment when you leverage it in the context of an enterprise browser.

A

Well, explain to me how that works. How do you combine those two things? The powerful functionality, the potential of AI with a browser that's pre equipped to be able to handle it and make it safe?

B

Yeah, there's a number of things. First of all, it's contextual understanding when you're talking about a user's own decision of what they engage. Just like today if you were to load up a tab in your browser and go to a destination, you're making decisions about what you engage, when the users engage something. First of all, at its core, an enterprise browser differs from a consumer browser in that it contextually actually understands the disposition of what someone's engaging. It knows that when you went to that tab and you went to personal chat gbd, it knows that that tenant that you're going to is not the corporate tenant, it's personal. So basic elements of contextual understanding of what's being engaged is a starting point. It's a very, very important starting point for basic blocking and tackling. We call it AI protection at the end of the day. That's for building very simple policies and for simple for us, but very complex for many. Most other, you know, status quo providers, but recognizing tenancy, letting users freely have access to personal stuff. This is a very historically controversial topic, but most providers in cybersecurity in particular, if you talk to them about their AI strategy, the provider strategy is a series of block pages. Let's block the user from getting to this and block them from getting to that and block and we don't believe that's a necessity at the end of the Day if I can contextually understand what the user's going to. And at the core of the mechanics of the browser, recognize that's personal versus this being corporate, and treat them with different policies. Let the user freely use personal stuff without company data spilling beyond the boundary into personal stuff. Then that takes my philosophy to a different place than we've ever taken it before, into what we call it. Say yes, you can say yes to anything, but company data just won't spill over to these personal areas. Now that's a very basic element. Then it begins to get more advanced. Dave started about thinking about, you know, well, I want, certainly I want users to be able to open a tab and go to their favorite AI thing. And if it's a corporate environment, great, we handle it one way. If it's personal, we handle it differently. But I also want mechanics introduced into the process, mechanics that allow me to bring any AI provider of choice and build it into the mechanics of the browser with simple stuff like buttons where the user can just simply launch built into the browser, you know, side panels and other panels that, that launch them right into the sanctioned environment. We want really, really easy access to the sanctioned stuff. But then taking it further and bringing in contextual understanding, contextual understanding beyond what we talked about before, but understanding the role of the user, the specifics of the workflows they engage in, learning the profile of what this user does day to day. And as we learn those things, we can then learn to make recommendations for prompts that make them more effective at their job. And all of a sudden on the screen, prompts start popping up, recommended prompts you could click on that engage the application that you're working on the left and the sanctioned AI on the right, where they're working interchangeably with each other to make the user more productive. And at the end of the day for us, there's a core philosophy. Number one is the say yes philosophy I thought about before. But also we can take any AI provider and make them enterprise ready by building their mechanics into the browser, which already has your data protection policies, your access to personal resources and access to the internal resources with private access and access to your credential management and things like that. But every time AI comes to the table, comes to the table being built into the existing policies, you already have. Not a consumer grade experience. So therefore that enterprise or that consumer AI becomes enterprise ready. And then obviously taking it a step further into the areas where people really, really are interested in going back to the heart of the Gartner conversation, which Was the agentic aspects, letting agents run amok. You know, you give an agent inside of a browser or in an AI environment, I should be clear, give it instructions and then it starts going, doing, goes and does a job. And that job could be open for interpretation by the AI, number one, depending on the instruction it's given, but also could be subject to things that it bumps into that could be interpreted as instructions. Call this prompt injection. You probably heard the term before, but this is the concerns that the Gartner paper brought up. Is the agent running amok and doing things outside the boundaries of your existing policies and existing controls, and specifically controls that understand, oh, that's an agentic workflow that's happening versus an actual end user. Be able to distinguish those two things. It's out of the reach of most of your traditional cybersecurity providers. But at the end of the day, letting agentic workflows work in the confines of a very tightly governed and sanctioned policy so that they don't run amok, they actually do the job they're intended. And then also on the back end, most importantly, measuring the benefit you're getting from it. So as our users get the ability to have automation resources, how often are they using them? What are the ones that are providing the org the most value? How much time is it saving in the process as well? All very, very important elements of an agentic browser universe that's built for the enterprise. Converse to the consumer experience that we were talking about and that Gartner cautions very heavily against.

A

I'd love to dig into this notion of managing the agentic AI. I mean, I think for me it is both. It's simultaneously exciting and terrifying, right, to be able to turn over this kind of control, this level of control to a browser or to the. To the agent itself. Because on the one hand, it's sort of the thing we've all dreamt of computers doing for us from the very beginning. But on the other hand, we. I think we can all envision it spinning out of control very quickly at computer speed. So how do you balance that? How do you not get in the way of what everybody wants to do? The promise of this, but also keeping it secure.

B

The best employees in your future will not be the ones that are absent in the organization who've all been removed by AI. Some things in orgs will be affected by AI, no doubt about it. And jobs will evolve. But your best employee in the org is going to be one that is empowered that their superpower is to how to Use AI most effectively in their job and those people will be able to run circles around someone who doesn't use AI. Honestly, it's one of my gripes about the educational system right now. It's punitive in a lot of ways for kids using AI in the environment. And you know, I got to be honest, when you're making a hire in the modern workspace, you care about somebody that knows how to use AI and maybe a little bit less about somebody who knows where the comma goes in a sentence. And I know it's probably controversial, different topic, but. But at the end of the day, that's the kind of people that the workforce will be looking to employ in the future. And my view of it is there can be the best of both worlds. The AI can be, for lack of a better phrase, a jiminy cricket sitting over the shoulder of the employee, helping guide them, helping steer them, helping them speed tasks up at the end of the day. But again, all of that should be bound. The employee today is bound by policies. You want the employee to be governed and shepherded to the right resources at the end of the day, when the employees engage you in much the same way, you want the agentic workflows to be guarded and let human intervention be able to take control anytime and when decisions have to be made prompt for human intervention, human being, you gotta look at this. Review this email before it gets sent. Review this transaction before it happens in this treasury services environment, et cetera. So an enterprise AI environment doesn't just let AI run amok. It forces guardrails around AI and lets humans intervene where they need to. Again, think about healthcare. Probably don't want AI just writing prescriptions willy nilly. Probably want AI doing the right research, recommending prescriptions, maybe doing the work to get it ready. But a human comes over the top to look at the possible prescription and goes, all right, cool, I'm in agreement with that at the end of the day. So the human eyes always come in in the process, but you just save the human from having to do all this extra manual labor in the process. And then the most important part is where their skills are very necessary. And by the way, they get better at their job because AI is also making sure the human doesn't make mistakes in the same way either. So both can work hand in hand very effectively.

A

That's Braden Rogers from Island. We'll have a link to Gartner's CyberSecurity must block AI browsers for now report that'll be in our show Notes. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. When cyber threats strike, minutes matter Booz Allen brings the same battle tested expertise trusted to protect technical security to defend today's leading global organizations. They safeguard their data, strengthen enterprise resilience and mobilize in minutes across energy, healthcare, financial services and manufacturing. Their teams don't just respond, they anticipate, outthink and stay ahead of evolving threats. This is powerful protection for commercial leaders only from Booz Allen See how your organization can prepare today@booz allen.com Commercial. And finally, in a courtroom in the uk, an insolvency case took an unexpected turn when a witness appeared to receive live coaching through smart glasses, then blame the disruption on ChatGPT. Judge Agnello KC said the witness paused repeatedly during questioning, prompting suspicion from opposing counsel and even the court interpreter who reported hearing voices. The situation became harder to ignore when a connected mobile phone began broadcasting a live voice mid hearing call logs showed repeated contacts from a mysterious named source Abracadabra, which the witness said was a taxi driver. He denied any coaching and later suggested the audio may have come from ChatGPT. The case highlights a growing challenge for courts distinguishing credible testimony from tech assisted improvisation, especially as consumer devices blur the line between memory and messaging. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes, our executive producer is Jennifer Ibin. Peter Kilpea is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2020 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.