CyberWire Daily – April 10, 2026

Episode Title: The AI Arms Race Hits Finance

Host: Dave Bittner (N2K Networks)
Special Guest: Henry Comfort, Co-founder and CEO, Jordi AI

Episode Overview

This episode delves into the mounting concerns around artificial intelligence in the financial sector, highlighting regulators' worries, potential cyber risks, and the need for robust oversight as AI's sophistication grows. Key stories include the US government's response to advanced AI in finance, a massive alleged data breach in China, developments in quantum cryptography, targeted cyber threats, and an exclusive interview with innovation award winner Henry Comfort.

Key Discussion Points & Insights

AI and Finance: Emerging Risks and Regulation

[02:40–08:00]

Regulatory Concerns: U.S. Treasury Secretary Scott Besant and Federal Reserve Chair Jay Powell called top Wall Street CEOs together to discuss the risks posed by advanced AI models like Anthropic’s “Claude Mythos Preview.”
- “Policymakers worry that increasingly capable AI could enable more sophisticated cyberattacks.” (B, 03:10)
- JPMorgan Chase CEO Jamie Dimon cautioned that AI may introduce new cybersecurity vulnerabilities.
- Former Microsoft exec Craig Mundy raised alarms on AI potentially democratizing advanced hacking capabilities.
Dual-Use Dilemma: AI tools can both defend and endanger critical financial infrastructure, prompting government focus on the double-edged sword nature of emerging tech.
Ongoing Legal Battles:
- Federal appeals court allows Pentagon to maintain restrictions on Anthropic’s models in defense systems amid national security concerns—even as courts weigh the policy's legality.

Alleged 10-Petabyte Data Breach in China

[08:01–10:00]

Incident Details: A hacker dubbed “Flaming China” claims to have stolen over 10 petabytes of data from China's National Supercomputing Center.
- Data allegedly includes missile schematics, state secrets, and research tied to top institutions.
- Attackers reportedly gained entry via a compromised VPN, extracting data quietly over months.
- Experts warn this could benefit foreign intelligence and underscores persistent infrastructure weaknesses.

Quantum Computing Threat Timelines & Crypto Concerns

[10:01–11:30]

Quantum Leap: New research from Caltech, Oratomic, and UC suggests quantum computers powerful enough to break current cryptography may arrive much sooner, requiring only around 10,000 qubits (previous estimates ran much higher).
- Accelerates pressure on organizations like Google, which is already fast-tracking quantum-resistant encryption.
- Divergent opinions: some experts warn of "harvest now, decrypt later" risks, while others think major quantum threats are decades away.

Apple Intelligence Prompt Injection Vulnerability

[11:31–12:31]

Demo at RSAC: Researchers at the RSAC Research Lab showed a prompt injection attack successfully manipulating Apple’s on-device LLM.
- Attack combined neural exec adversarial inputs and Unicode right-to-left override techniques.
- 76% success rate before being patched in iOS/macOS 26.4.
- Up to 1 million users potentially affected before mitigation; users urged to update devices.

Payroll Pirates Target Canadians

[12:31–13:30]

Storm 2755 Attacks: Threat actor leveraged adversary-in-the-middle phishing mimicking Microsoft 365 to hijack payroll accounts.
- Stole authentication tokens and session cookies, bypassing MFA.
- Manipulated HR systems, hid relevant emails, and directly altered payroll details.
- FBI reports business email compromise (BEC) losses topped $3 billion last year.
- Microsoft urges use of robust MFA, session controls, and removing malicious inbox rules.

Google’s End-to-End Encryption Expansion

[13:31–14:00]

Full E2EE now available in Gmail mobile apps for enterprise users.
Feature relies on client-side encryption for regulatory compliance, ensuring organizations retain control of encryption keys.

Chrome Critical Patches

[14:00–14:30]

Chrome version 147 released with 60 vulnerability fixes, including critical WebML flaws enabling sandbox escape and remote code execution.
Google notes no active exploits yet detected.

Pennsylvania State Police Deepfake Scandal

[14:30–14:44]

State police corporal Stephen Kamnik pled guilty to creating over 3,000 AI-generated deepfake pornographic images using governmental databases.
Some images involved judges and minors; case highlights dangers stemming from wide AI tool accessibility.

Interview Highlight: Henry Comfort, CEO of Jordi AI

[14:44–18:09]

Winning at RSAC Innovation Sandbox

Henry Comfort:
- “It feels amazing. ... To now be here winning it is an incredibly proud moment ... already built a product that's helping companies understand their agentic operations and manage the risk.” (C, 14:44)
- Reflects on Jordi AI’s growth from idea to award-winning startup, emphasizing the team's dedication.

The Company Name & Mission

On "Jordi" Lamp Inspiration:
- “We drew a parallel ... the first industrial revolution ... There were invisible risks ... we developed mining lamps to manage that risk. ... We do the same for the agentic era.” (C, 15:32)
- The team sees their solution as a “lamp” for the AI age, helping companies see and manage invisible operational dangers.

What Does Jordi AI Do?

“We help you understand your agentic footprint ... how they're configured, their posture and their runtime observability ... Then we help you manage the risk and understand it. ... Finally we help you remediate it ... using context engineering to steer agents.” (C, 16:27)

On Entering Innovation Sandbox

“We see Sandbox as an amazing catalyst ... spotlights the most innovative solutions, the most game-changing future companies. ... It’s the Oscars for cybersecurity.” (C, 17:17)

What’s Next?

Jordi AI will keep expanding and focusing on helping clients unlock AI-driven innovation while managing new risks.
- “Continue helping more customers ... understand their agentic operations and ... unlock innovation.” (C, 17:54)

FCC Cracks Down on Robocalls

[19:35–20:55]

Proposed stricter “know your customer” rules for telecom providers.
Providers must collect more info on high-volume callers, justify mass calling, and retain records for four years.
Aims to make illegal robocalls riskier and easier to trace.
- “Originating carriers would need to collect more identifying details, verify them more carefully, and face penalties calculated per illegal call rather than per violation.” (B, 19:45)

Notable Quotes & Memorable Moments

On AI’s Dual Nature in Finance:
- “The meeting reflects growing government attention to AI’s dual use nature, as officials weigh both its defensive benefits and its potential to amplify cyber risk across critical financial infrastructure.” (B, 03:50)
On Agentic Risk:
- “Right now a lot of security teams are struggling to get their heads around agentic risk.” (C, 16:49)
On Innovation Culture:
- “It’s the Oscars for cybersecurity and we treat it like that.” (C, 17:19)
On Robocall Accountability:
- “Providers might even be required to keep identity records for four years after customers depart, presumably just in case the calls keep coming anyway.” (B, 20:05)

Timestamps for Important Segments

[02:40] – AI arms race and financial regulation
[08:01] – China’s National Supercomputing Center alleged breach
[10:01] – Advances and concerns in quantum computing
[11:31] – Apple LLM prompt injection vulnerability
[12:31] – Storm 2755 attacks Canadian payroll systems
[13:31] – Gmail expands E2EE; Chrome patches
[14:30] – Deepfake scandal involving state police
[14:44] – Interview: Henry Comfort on Jordi AI
[19:35] – FCC’s enhanced rules against robocalls

Summary

This episode underscores the rapidly evolving cybersecurity landscape amid an AI boom, raising urgent questions about risk, regulation, and resilience for critical infrastructure. The exclusive with Jordi AI’s Henry Comfort highlights efforts to equip organizations with tools to manage the dawn of the “agentic era.” Parallel topics range from existential quantum threats to criminal deepfakes and fortifying communications security, painting a picture of both hope and high stakes for the digital future.

CyberWire Daily – April 10, 2026

Episode Title: The AI Arms Race Hits Finance

Host: Dave Bittner (N2K Networks)
Special Guest: Henry Comfort, Co-founder and CEO, Jordi AI

Episode Overview

Key Discussion Points & Insights

AI and Finance: Emerging Risks and Regulation

[02:40–08:00]

Regulatory Concerns: U.S. Treasury Secretary Scott Besant and Federal Reserve Chair Jay Powell called top Wall Street CEOs together to discuss the risks posed by advanced AI models like Anthropic’s “Claude Mythos Preview.”
- “Policymakers worry that increasingly capable AI could enable more sophisticated cyberattacks.” (B, 03:10)
- JPMorgan Chase CEO Jamie Dimon cautioned that AI may introduce new cybersecurity vulnerabilities.
- Former Microsoft exec Craig Mundy raised alarms on AI potentially democratizing advanced hacking capabilities.
Dual-Use Dilemma: AI tools can both defend and endanger critical financial infrastructure, prompting government focus on the double-edged sword nature of emerging tech.
Ongoing Legal Battles:
- Federal appeals court allows Pentagon to maintain restrictions on Anthropic’s models in defense systems amid national security concerns—even as courts weigh the policy's legality.

Alleged 10-Petabyte Data Breach in China

[08:01–10:00]

Incident Details: A hacker dubbed “Flaming China” claims to have stolen over 10 petabytes of data from China's National Supercomputing Center.
- Data allegedly includes missile schematics, state secrets, and research tied to top institutions.
- Attackers reportedly gained entry via a compromised VPN, extracting data quietly over months.
- Experts warn this could benefit foreign intelligence and underscores persistent infrastructure weaknesses.

Quantum Computing Threat Timelines & Crypto Concerns

[10:01–11:30]

Quantum Leap: New research from Caltech, Oratomic, and UC suggests quantum computers powerful enough to break current cryptography may arrive much sooner, requiring only around 10,000 qubits (previous estimates ran much higher).
- Accelerates pressure on organizations like Google, which is already fast-tracking quantum-resistant encryption.
- Divergent opinions: some experts warn of "harvest now, decrypt later" risks, while others think major quantum threats are decades away.

Apple Intelligence Prompt Injection Vulnerability

[11:31–12:31]

Demo at RSAC: Researchers at the RSAC Research Lab showed a prompt injection attack successfully manipulating Apple’s on-device LLM.
- Attack combined neural exec adversarial inputs and Unicode right-to-left override techniques.
- 76% success rate before being patched in iOS/macOS 26.4.
- Up to 1 million users potentially affected before mitigation; users urged to update devices.

Payroll Pirates Target Canadians

[12:31–13:30]

Storm 2755 Attacks: Threat actor leveraged adversary-in-the-middle phishing mimicking Microsoft 365 to hijack payroll accounts.
- Stole authentication tokens and session cookies, bypassing MFA.
- Manipulated HR systems, hid relevant emails, and directly altered payroll details.
- FBI reports business email compromise (BEC) losses topped $3 billion last year.
- Microsoft urges use of robust MFA, session controls, and removing malicious inbox rules.

Google’s End-to-End Encryption Expansion

[13:31–14:00]

Full E2EE now available in Gmail mobile apps for enterprise users.
Feature relies on client-side encryption for regulatory compliance, ensuring organizations retain control of encryption keys.

Chrome Critical Patches

[14:00–14:30]

Chrome version 147 released with 60 vulnerability fixes, including critical WebML flaws enabling sandbox escape and remote code execution.
Google notes no active exploits yet detected.

Pennsylvania State Police Deepfake Scandal

[14:30–14:44]

State police corporal Stephen Kamnik pled guilty to creating over 3,000 AI-generated deepfake pornographic images using governmental databases.
Some images involved judges and minors; case highlights dangers stemming from wide AI tool accessibility.

Interview Highlight: Henry Comfort, CEO of Jordi AI

[14:44–18:09]

Winning at RSAC Innovation Sandbox

Henry Comfort:
- “It feels amazing. ... To now be here winning it is an incredibly proud moment ... already built a product that's helping companies understand their agentic operations and manage the risk.” (C, 14:44)
- Reflects on Jordi AI’s growth from idea to award-winning startup, emphasizing the team's dedication.

The Company Name & Mission

On "Jordi" Lamp Inspiration:
- “We drew a parallel ... the first industrial revolution ... There were invisible risks ... we developed mining lamps to manage that risk. ... We do the same for the agentic era.” (C, 15:32)
- The team sees their solution as a “lamp” for the AI age, helping companies see and manage invisible operational dangers.

What Does Jordi AI Do?

“We help you understand your agentic footprint ... how they're configured, their posture and their runtime observability ... Then we help you manage the risk and understand it. ... Finally we help you remediate it ... using context engineering to steer agents.” (C, 16:27)

On Entering Innovation Sandbox

“We see Sandbox as an amazing catalyst ... spotlights the most innovative solutions, the most game-changing future companies. ... It’s the Oscars for cybersecurity.” (C, 17:17)

What’s Next?

Jordi AI will keep expanding and focusing on helping clients unlock AI-driven innovation while managing new risks.
- “Continue helping more customers ... understand their agentic operations and ... unlock innovation.” (C, 17:54)

FCC Cracks Down on Robocalls

[19:35–20:55]

Proposed stricter “know your customer” rules for telecom providers.
Providers must collect more info on high-volume callers, justify mass calling, and retain records for four years.
Aims to make illegal robocalls riskier and easier to trace.
- “Originating carriers would need to collect more identifying details, verify them more carefully, and face penalties calculated per illegal call rather than per violation.” (B, 19:45)

Notable Quotes & Memorable Moments

On AI’s Dual Nature in Finance:
- “The meeting reflects growing government attention to AI’s dual use nature, as officials weigh both its defensive benefits and its potential to amplify cyber risk across critical financial infrastructure.” (B, 03:50)
On Agentic Risk:
- “Right now a lot of security teams are struggling to get their heads around agentic risk.” (C, 16:49)
On Innovation Culture:
- “It’s the Oscars for cybersecurity and we treat it like that.” (C, 17:19)
On Robocall Accountability:
- “Providers might even be required to keep identity records for four years after customers depart, presumably just in case the calls keep coming anyway.” (B, 20:05)

Timestamps for Important Segments

[02:40] – AI arms race and financial regulation
[08:01] – China’s National Supercomputing Center alleged breach
[10:01] – Advances and concerns in quantum computing
[11:31] – Apple LLM prompt injection vulnerability
[12:31] – Storm 2755 attacks Canadian payroll systems
[13:31] – Gmail expands E2EE; Chrome patches
[14:30] – Deepfake scandal involving state police
[14:44] – Interview: Henry Comfort on Jordi AI
[19:35] – FCC’s enhanced rules against robocalls

The AI arms race hits finance.

Summary

CyberWire Daily – April 10, 2026

Episode Title: The AI Arms Race Hits Finance

Episode Overview

Key Discussion Points & Insights

AI and Finance: Emerging Risks and Regulation

Alleged 10-Petabyte Data Breach in China

Quantum Computing Threat Timelines & Crypto Concerns

Apple Intelligence Prompt Injection Vulnerability

Payroll Pirates Target Canadians

Google’s End-to-End Encryption Expansion

Chrome Critical Patches

Pennsylvania State Police Deepfake Scandal

Interview Highlight: Henry Comfort, CEO of Jordi AI

Winning at RSAC Innovation Sandbox

The Company Name & Mission

What Does Jordi AI Do?

On Entering Innovation Sandbox

What’s Next?

FCC Cracks Down on Robocalls

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Summary

Summary

CyberWire Daily – April 10, 2026

Episode Title: The AI Arms Race Hits Finance

Episode Overview

Key Discussion Points & Insights

AI and Finance: Emerging Risks and Regulation

Alleged 10-Petabyte Data Breach in China

Quantum Computing Threat Timelines & Crypto Concerns

Apple Intelligence Prompt Injection Vulnerability

Payroll Pirates Target Canadians

Google’s End-to-End Encryption Expansion

Chrome Critical Patches

Pennsylvania State Police Deepfake Scandal

Interview Highlight: Henry Comfort, CEO of Jordi AI

Winning at RSAC Innovation Sandbox

The Company Name & Mission

What Does Jordi AI Do?

On Entering Innovation Sandbox

What’s Next?

FCC Cracks Down on Robocalls

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Summary