Summary7 min read

CyberWire Daily: "The Internet Joins the War"

Date: March 5, 2026
Host: Dave Bittner, N2K Networks
Featured Interview: Daniel Barbou, Director of EMEA Security at Adobe

Episode Overview

This episode delivers a high-tempo snapshot of major cybersecurity events and trends as global tensions spill into cyberspace. From surging hacktivist campaigns in the Middle East to critical infrastructure threats and the evolving intersection of artificial intelligence and security culture, listeners hear timely news and in-depth insight. The featured interview spotlights Daniel Barbou of Adobe, who shares a human-centered, collaborative vision for building trustworthy AI in enterprise settings.

Key Discussion Points & Insights

1. Geopolitics & Cyber Conflict: Middle East Hacktivism Surge

[03:00-06:30]

Following the U.S.-Israeli military operations against Iran (Feb 28), hacktivist activity surged region-wide.
Radware Report:
- Within 9 hours of kinetic strikes, multiple hacktivist groups launched retaliatory DDoS attacks on government/critical infrastructure.
- Stats: 107 attacks by 9 groups in 8 countries between Feb 28–Mar 2.
- Kimas+ and Dinet accounted for ~70% of attacks.
- Targets: Primarily government (53%), followed by financial and telecom sectors.
- Most-impacted nations: Kuwait, Israel, and Jordan (>75% of activity).
- Russia-aligned group Noname 05716 joined on March 2, indicating possible escalation.
Industry Perspective:
- Palo Alto Networks Unit 42 is tracking 60+ active hacktivist and Iran-linked threat actors.
- “The surge highlights how geopolitical crises increasingly trigger rapid, coordinated hacktivist campaigns aimed at disrupting national infrastructure and amplifying political messaging in the digital domain.” (Host; ~06:00)

2. Anthropic’s Claude & AI Defense Tech Fallout

[06:40-09:40]

In reaction to the U.S. blacklisting Anthropic’s Claude AI model, defense tech firms (including major contractors like Lockheed Martin) are phasing it out of critical systems.
The controversy stems from:
- Anthropic’s refusal to guarantee its AI wouldn’t be used for fully autonomous weapons or mass surveillance.
- Industry concern over a looming formal ban, leading federal agencies to preemptively remove the technology.
Political dimension:
- Senator Ron Wyden objects to Defense Department pressure; warns about "potential mass surveillance of Americans."
- “Vast amounts of personal data...can be purchased from largely unregulated data brokers and analyzed using AI.” (Sen. Wyden paraphrased; ~08:30)
- Wyden seeks legislation limiting government access to such data.
Analyst warning: The shift could disrupt DOD/IC operations reliant on Anthropic, which had deep integration.

3. Major Law Enforcement Action: Leakbase Takedown

[09:45-11:00]

International police, coordinated by the FBI, dismantled Leakbase—a major forum for trafficking stolen data and exploits.
Operation Leak:
- 100+ law enforcement actions, 13 arrests, 32 searches, 33 suspect interviews.
- Leakbase domains and full database seized; forum had 142k+ members.
Threat context:
- Leakbase dealt in U.S. network and critical infrastructure access.
- Seized data will be mined to identify further victims and criminals.

4. Zero-Day & High-Impact Vulnerabilities

[11:00-12:20]

Cisco SD-WAN Flaws:
- Two recently-patched vulnerabilities are under active exploitation.
- Attackers can escalate privileges or overwrite files; another zero-day enables admin access via authentication bypass.
- Possible links to threat actor UAT8616.
Google Chrome Emergency Patch:
- Rollout addresses 10 new CVEs (3 critical, 7 high).
- Exploited flaws: integer overflows, object lifecycle issues.
- Google withholds details until users update; urges urgent patching.

5. Privacy & Platform Security: Age Verification and TikTok DMs

[12:21-14:30]

Age Verification Critique:
- Techdirt highlights risks of mandatory age checks: centralized troves of biometric data are exposure-prone.
- The issue resurfaced after Persona, Discord’s proposed vendor, was found exposing thousands of sensitive files.
- Discord abandons Persona; experts warn the model threatens privacy and rarely effectively keeps out minors.
TikTok and End-to-End Encryption:
- The company refuses to offer end-to-end encryption in DMs, citing safety and easier abuse detection.
- Child safety groups support the move, but privacy advocates say it’s out-of-step with industry norms and endangers user privacy.

Feature Interview: Fostering a Human-Centered AI Security Culture (Daniel Barbou, Adobe)

[14:32-28:05]

Building AI for Security: People-First, Trust-Driven Approach

Role & Philosophy:
- “My role focuses on securing Adobe’s products and platforms...with a strong emphasis on AI—both improving security and securing AI itself.” (Daniel Barbou, 14:32)
- “Security doesn’t scale through technology alone; it scales through people.” (Barbou, 14:52)
Initial Reaction to AI in Security Workflows:
- “It was definitely a mix of both [excitement and skepticism]...great tools only matter if we invest just as deeply in our people. That was one of the cornerstones.” (Barbou, 15:20-15:58)

Shifting Culture and Rethinking Trust

Misconceptions & Challenges:
- “One of the biggest misconceptions...is to look at AI as a shortcut when...it’s more of a force multiplier.” (Barbou, 16:09)
- AI draws value only when built on clear ownership, high-quality data, and sound threat models.
- “Trust in AI naturally takes care of itself. That’s a misconception. In reality, teams need education and transparency to use it well.” (Barbou, 17:26-18:30)
Examples of AI Surfacing Challenges:
- If input data is poor, AI amplifies bad results; trust issues arise if users don’t understand or over-rely on AI.
- “When people do not understand its limits, they rely on it too heavily and stop asking questions.” (Barbou, 18:30)

The Security AI Guild: A Cross-Team Community

Purpose & Principles:
- Built as an alternative to rigid programs—principles over frameworks.
- Three Core Principles:
  1. Outcomes Come First – Tied to real-world problems.
  2. Ownership – Clear accountability to production/handoff.
  3. Learning is Shared – Failures and successes are visible.
- “It’s not a think tank. It is not a recurring meeting. It’s basically an execution engine...focused on real outcomes.” (Barbou, 19:34-21:30)

Designing Trustworthy AI: Social, Not Just Technical

“At the end of the day, from a cultural perspective, we need to cut across traditional boundaries...no single team has all the context...the guild creates shared space to experiment responsibly.” (Barbou, 22:17-23:30)
AI aids vulnerability discovery, triage, and detection, but humans retain accountability: “AI accelerates insight, but trust comes from the culture—built on shared responsibility, transparency, and humans staying accountable for the outcomes.” (Barbou, 24:20)

Advice for Building AI Security Cultures

“Start with people, not platforms...the first 60 to 90 days should focus on shared learning, clear principles and safe spaces for experimentation—not mandates or hype.” (Barbou, 24:58-25:37)
Partnerships across industry, community, and academia are essential, since everyone is still “struggling or experimenting” in this domain.

Building Trustworthy, Powerful AI

“You can’t bolt trust on after deployment. It has to be part of how teams learn, collaborate, and make decisions.” (Barbou, 26:45)
Key ingredients: Shared responsibility, transparency, explainability, enablement (not just enforcement), human interlock (“AI is assistive, not autonomous. Humans stay accountable.”) (Barbou, 26:45-28:06)

Other Noteworthy Tech & Research News

Wi-Fi Heartbeat Detection: PulseFi Prototype

[29:00]

UC Santa Cruz unveils "PulseFi," using Wi-Fi signals plus machine learning to detect heart rate with near-clinical accuracy.
Effective even when users are several meters away, sitting/standing/walking.
Relies on cheap hardware; could enable new passive health monitoring in homes.
"In other words, your Wi-Fi may soon know your pulse—whether you asked it to or not." (Host, 29:45)

Notable Quotes & Timestamps

"Security doesn’t scale through technology alone, it scales through people."
– Daniel Barbou, [14:52]
"Trust in AI naturally takes care of itself. That’s a misconception. In reality, teams need education and transparency to use it well."
– Daniel Barbou, [18:30]
"It’s not a think tank—it’s not a recurring meeting. It’s basically an execution engine, focused on real outcomes."
– Daniel Barbou, [21:20]
"You can’t bolt trust on after deployment. It has to be part of how teams learn, collaborate, and make decisions."
– Daniel Barbou, [26:45]
"AI is assistive, not autonomous. Humans do stay accountable."
– Daniel Barbou, [28:05]

Summary Table of Important Segments

| Segment | Timestamp | |-----------------------------------------------|------------| | Middle East Hacktivist Surge | 03:00–06:30| | Anthropic/Claude Fallout | 06:40–09:40| | Leakbase Forum Takedown | 09:45–11:00| | Cisco/Google Security Flaws | 11:00–12:20| | Age Verification Debate/TikTok DMs | 12:21–14:30| | Feature: Human-centered AI at Adobe (Barbou) |14:32–28:06 | | PulseFi Heart Rate via Wi-Fi | ~29:00 |

Tone & Language

Authoritative, clear, and pragmatic—balancing deep technical understanding with organizational and human factors.
Daniel Barbou brings an empathetic, candid, and practical viewpoint on security culture change.
Host keeps the pace energetic and focused on actionable insights.

This episode is essential listening for anyone tracking modern cyber threats and the evolving role of AI in enterprise security cultures—particularly for security professionals, technology leaders, and those managing organizational change in a high-risk, fast-moving landscape.

Loading summary

Transcript17 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K. These days, attackers rarely start with a bang. They start quietly. A leaked credential, a stolen session cookie, a lookalike domain that shouldn't exist. That's where Nord Stellar comes in. Nord Stellar is a threat exposure management platform that helps organizations see what attackers already know about them. Turns into an incident. It brings together data breach monitoring, dark web monitoring, attack surface management and cyber squatting detection in a single platform. That means visibility into leaked credentials and malware logs, insight into brand impersonation attempts, and a clear picture of exposed Internet facing assets and shadow it for CISOs. It's a way to reduce response costs, prioritize real risk and communicate clearly with the board. For security teams, it's real time alerts, contextual intelligence and faster investigations without the noise. Most companies only react after the damage is done. Don't wait until your data is already for sale. Protect your business today with Nord Stellar. Learn more@nordstellar.com CyberWire Daily don't forget to mention CyberWire 10 for an exclusive offer. Activist Activity Surges in the Middle East Defense tech firms distance themselves from Claude International law enforcement takes down the leak based Cybercrime forum. A pair of Cisco SD Wan vulnerabilities are under active exploitation. Google releases an urgent Chrome security update Age verification is put under the microscope. TikTok is leaving end to end encryption out of your DMs. Our guest is Daniel Barbou, Director of EMEA Security from Adobe, discussing fostering a human centered, enablement driven and collaborative approach to AI and clever code catches cardiac clues. Foreign March 5, 2026 I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. All this week we are coming to you from Zero Trust World in Orlando, Florida where we are joining security leaders and practitioners from across the industry. Our coverage here is made possible by our sponsors at ThreatLocker who brought the community together to talk all things Zero Trust, resilience and the future of cybersecurity. Our thanks to ThreatLocker for helping make it all possible. Following the launch of the U S Israeli military campaign against Iran on February 28, a parallel surge of hacktivist activity quickly emerged across the Middle East. According to a report from Radware, within nine hours of the first kinetic strikes under Operation Epic Fury, multiple hacktivist groups began launching retaliatory DDoS attacks targeting government and critical infrastructure across the region. Between February 28 and March 2, nine hacktivist groups claimed 107 attacks against 81 organizations in eight Middle east countries. The activity was heavily concentrated among a few actors. Two groups, Kimas plus and Dinet, accounted for nearly 70% of all attack claims. Government institutions were the primary targets, representing about 53% of attacks, followed by financial and telecommunications sectors. Geographically, Kuwait, Israel and Jordan absorbed more than three quarters of the activity. On March 2, the Russia aligned group Noname O5 716 joined the campaign, signaling a potential expansion of the conflict's cyber dimension. Overall, the surge highlights how geopolitical crises increasingly trigger rapid, coordinated hacktivist campaigns aimed at disrupting national infrastructure and amplifying political messaging in the digital domain. Palo Alto Network's Unit 42 is tracking more than 60 active hacktivist groups and Iran linked threat actors. But what does that actually mean for defenders? In a special edition of the Threat Vector, podcast, host David Moulton sits down with Unit 42 threat intelligence leaders Justin Moore and Andy Piazza to unpack their latest Iran threat brief. They break down what these groups are doing, how much of the activity is real versus noise and and what organizations should realistically prepare for. We'll be dropping that episode in your Cyberwire podcast feed. It's worth your time. Following the Trump administration's move to blacklist Anthropic and label its technology a supply chain risk, defense technology firms are rapidly distancing themselves from the company's AI model, Claude. Several startups working with the US Department of Defense have already begun replacing Claude with alternative models, often out of caution that a formal ban could soon take effect. Major contractors such as Lockheed Martin are also expected to remove Anthropic technology from their supply chains. The dispute stems from Anthropic's refusal to provide assurances that its AI would be used for fully autonomous weapons or mass domestic surveillance. While Anthropic argues the defense secretary may lack legal authority to impose such restrictions, multiple federal agencies have already begun phasing out the technology. Analysts warn the shift could cause short term disruptions, as Anthropic had been deeply integrated into sensitive defense and intelligence environments. Senator Ron Wyden criticized the Defense Department's dispute with Anthropic, warning that the fight raises serious concerns about potential mass surveillance of Americans, Wyden said vast amounts of personal data, including location, browsing, history and other sensitive information, can be purchased from largely unregulated data brokers and analyzed using AI. Wyden plans to push legislation aimed at limiting government access to commercially purchased personal data. The FBI and international law enforcement agencies have dismantled Leakbase, a major cybercrime forum used to buy and sell stolen credentials, personal data and software exploits. The coordinated effort, called Operation Leak, targeted the platform's infrastructure and users across more than a dozen countries. Authorities conducted about 100 law enforcement actions against 45 targets, resulting in 13 arrests, 32 searches and interviews with 33 suspects. Investigators also seized Leakbase's domains and captured the forum's full database. Operating since 2021, Leakbase had more than 142,000 members and sold access to compromised data, often obtained through attacks on vulnerable Web applications. Officials say the marketplace posed a growing threat because it facilitated access to US Networks and potential critical infrastructure. Investigators are now analyzing the sea's data to identify victims and additional criminal actors. Cisco has warned customers that two recently patched Catalyst SD WAN vulnerabilities are being actively exploited. The flaws allow authenticated attackers to gain elevated privileges or overwrite files on vulnerable systems. Cisco disclosed patches for five vulnerabilities in February and updated its advisory on March 5 after detecting exploitation. The activity follows reports of another exploited Zero day, which can bypass authentication and grant admin access. Security agencies say that flaw has been chained with an older vulnerability to escalate privileges and maintain persistence, possibly linked to threat actor UAT8616. Google has released an urgent Chrome security update addressing 10 vulnerabilities and including three critical and seven high severity flaws that could allow attackers to execute arbitrary code or compromise systems. The Update, rolled out March 3, fixes issues such as integer overflows in the Angle and Skia graphics engines and an object lifecycle flaw in PowerVR. Google is limiting technical details until most users update to reduce exploitation risk. Users and organizations are urged to update immediately. An article from techdirt argues that mandatory online age verification systems create large, centralized databases of sensitive biometric data that are highly vulnerable to breaches. The concern resurfaced after Researchers discovered over 2,400 publicly accessible files tied to Persona, a company Discord planned to use for age verification. The exposed code suggested the system performs extensive identity checks, analyzing facial images, government IDs, device fingerprints and other personal data, potentially storing it for years. Discord has since said it will not proceed with Persona. Critics say the incident reflects a broader pattern. Governments mandate age verification companies adopt third party identity vendors, and those systems later suffer security or privacy issues. Because these platforms collect immutable data like faces and ID numbers, breaches can cause permanent harm. Researchers and privacy advocates warn that such systems both threaten user privacy and often fail to effectively prevent underage access online. TikTok says it will not adopt end to end encryption for direct messages, arguing the technology could make users less safe. While most major platforms use end to end encryption to ensure only message senders and recipients can read conversations, TikTok says the feature would prevent safety teams and law enforcement from investigating harmful activity when necessary. The company says its messages are still protected with standard encryption and can only be accessed by authorized staff in limited circumstances, such as responding to reports or legal requests. Supporters of the decision, including child safety organizations, say avoiding end to end encryption could help detect abuse and illegal content, particularly given TikTok's large youth audience. However, privacy experts note the move places TikTok out of step with industry norms and may raise additional concerns about user privacy and data protection. Coming up after the break, my conversation with Daniel Barbou, Director of EMEA Security at Adobe. We're discussing fostering a human centered, enablement driven and collaborative approach to AI and clever codes. Catch cardiac clues. Stay with us. Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppl.com that'S-O-P p e l.com. No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SOC 2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started at vanta.com/cyber. Daniel Barbou is Director of EMEA Security at Adobe and in today's sponsored Industry Voices segment we discuss fostering a human centered, enablement driven and collaborative approach to AI.
[14:32]
B
My role focuses on securing Adobe's products and platforms and we do that with a strong emphasis on AI. By that we mean both how we use AI to improve security and how we secure AI itself. Talking about My background, generally speaking, my career has been shaped by working across industry, community and academia. And that has actually influenced how I think about AI today. One of the biggest lessons for me was security doesn't scale through technology alone, it scales through people. And that's why I was pretty excited to join our conversation.
[15:07]
A
Well, when AI first started showing up in your security workflows at Adobe, what did that moment feel like inside the organization? Was there excitement? Was there some skepticism, or a mix of both?
[15:21]
B
Definitely a mix of both. At the same time, nothing we build happens, especially around AI, happens in isolation. At the end of the day, regardless if we are a skeptic or not, once we build it, it's a result of trust, it's a result of curiosity and of course, collaboration between the skeptics and the less skeptics. And at the end of the day, it's a matter of a shared belief that great tools only matter if we invest just in as deeply in our people. So I think that was one of the cornerstones here. That's how I look at it.
[15:59]
A
Tell us about an early conversation or a turning point that made you realize that AI was going to require a cultural shift, not just a technical one.
[16:09]
B
If I think about some of the misconceptions around AI, one of the biggest ones I see is we tend to look at AI as a shortcut when at the end of the day it's more of a force multiplier. So it does deliver great value when it builds on strong fundamentals. And I feel that going back to one of those first conversations, that strong fundamentals piece was what mattered a lot. So when we have clear ownership, high quality data, well defined threat motors and so on, AI tends to help us surface those insights faster and strengthen the security outcomes. But in many cases, while it brings clarity to the area that are already hard to see, it also surfaces some of the pain points even greater. I feel that's a very interesting way in how AI helps us both in surfacing and speeding up stuff, while also surfacing more. Some of the challenges that there are there.
[17:21]
A
When you say surfacing some of the challenges, are there any examples that come to mind?
[17:26]
B
If the data that we put in there is not healthy, if the number of, for example, the number of alerts we have is not relevant, I think that AI creates that elevates that to an even worse level. Think about the trust in AI. Another misconception there is that AI naturally takes care of itself, and trust in AI actually naturally takes care of itself. While in reality, I feel that teams need education and transparency to use AI when we do not understand how it works. Speaking of those skeptics, in the beginning they avoid it or work around it, which reduces visibility. So that creates a problem of the input data that we have too. So when they do not understand its limits, they rely on it too heavily and stop asking questions. So this is an interesting mix and I would actually like to say it again because that's how important I feel it is. So trust in AI naturally takes care of itself. That's a misconception. In reality, teams need education and transparency to use it well, to use AI well. So when people do not understand how AI works, they avoid it or work around it, which reduces our visibility as a security team. But when they do not understand its limits too, they rely on it too heavily and stop asking questions. So for me, that's a very interesting intersection that we have in the use of and adoption of AI.
[19:26]
A
Now, you built a team internally, you call it the Security AI Guild. Where did that idea come from?
[19:35]
B
So from the Security AI Guild came from the idea that we need to support our folks, but we didn't want to focus on a very formalized program or we wanted it to be more of a natural adoption. So what we actually did, instead of coming with a very stiff framework, for a lack of a better word, we decided to come up with a set of principles. So as long as people adhere to those principles, we definitely consider them part of the AI guild. So the whole idea behind it is just to keep things effective so we get to understand the positive impact that AI has in security and beyond. Very, very fast. And we only have three of them. Three principles. First, outcomes come first. By that we mean every effort is tied to a real security problem. We want to have impact and we want to have it fast, and we wanted to have it on the problems that we care about. Second, ownership. It's clear in every product and in every initiative or project that we deliver as part of the Security AI Guild, there is always a path to production or handoff. And then third, learning is shared. Both successes and failures are visible to everyone. That enabled us to develop the Security AI Guild as not just another meeting. The way to look at it is the Security AI Guild is a cross team community at Adobe that brings together security engineers, AI engineers as well as product teams to work on real security problems. That's the key point there. The real security problems using AI. It's not a think tank, is not just a recurring meeting. So it's not a think tank. It is not a recurring meeting. It's basically an execution engine, as mentioned, focus on real outcomes.
[22:01]
A
I know you've mentioned that it's really been important to build a culture within Adobe. You've said that trustworthy AI is designed socially, not just technically. What does that mean in practice inside such a large enterprise?
[22:18]
B
At the end of the day, from a cultural perspective, we need to cut across traditional boundaries and we need to think about AI as a force to do just that. Cut across traditional boundaries. Not a single team, no single team has all the context. Especially from a security perspective, we need to understand risk, which the security team does. Data scientists understand the models, product teams understand the users, and so on and so forth. So coming back to the guild, it actually creates that shared space where those perspectives meet and have the ability to experiment responsibly. And that's also a key word, the responsibility piece of it. Some of the examples. Coming back to the examples, let's look at how we use AI in security. We use AI to scale the vulnerability, discovery and triage. So we do use it to help our security engineers focus on what actually matters. Cutting through noise, surfacing real risk area, and then keeping humans firmly in the decision room. And that's something that we particularly care about. And then from a detection and response perspective, AI helps us connect the dots faster. People do stay accountable for understanding, validating and acting on what the system surfaces. And then how do we secure AI itself? That's a very interesting and challenging aspect at the same time, very, very rewarding. So from threat modeling to guardrails to human in the loop design, some of our most important security work today is security AI itself. So how do we build those guardrails, how do we develop those threat models and who wanting the loop design? So AI earns trust, not just assumptions. I shared three examples. I feel that across all three examples, the pattern is the same. AI accelerates insight, but trust comes from the culture, which is basically built on shared responsibility, transparency, and then humans staying accountable for the outcomes.
[24:46]
A
What would be your advice to other companies who want to start building this kind of AI security culture? Do you have any words of wisdom based on the experience that you've shared at Adobe?
[24:59]
B
I don't have words of wisdom. What I do have is what worked for us and what we learned. I feel that the biggest lesson is to start with people, not platforms. So for organizations starting out, I would say that the first 90, 60, 90 days should focus on shared learning, clear principles similar to the ones I shared earlier, or develop their own principles. And a safe space to experiment. I would stay away from like mandates or hype. So let me, let me rephrase that. For organizations starting out the first 60 to 90 days should focus on shared learning, clear principles and safe spaces for experimentation. And yes, not mandates or hype. That's how I look at it. And no one should do this alone. I would highly rely on partnerships across industry, community, academia. These are essentials because we are at the beginning of this and we are all struggling or experimenting. And this is probably even more important for us. It is probably even more important for us to stay close to the industry, community and academia. Yeah, that's how I feel about it.
[26:35]
A
When you look ahead, what gives you confidence that organizations can build these AI systems that are both powerful and trustworthy?
[26:45]
B
AI forces us to rethink how trust is built. You can't boil trust on after deployment. It has to be part of how teams learn, collaborate and make decisions. So going back to the cultural ingredients, I would say that we need to focus on shared responsibility. So AI decisions shouldn't sit on one team or one role. Security, product, data science, everyone shares the responsibility and then transparency and explainability. I feel that people trust systems they can reason about, not just systems that perform well. Enablement over enforcement. It's something that I really care about. So we invest heavily in upskilling so teams feel confident using AI responsibly and not being afraid of it. One thing I learned and actually captured in our security AI enablement work is that training alone is not enough. Teams need that shared language and hands on experience as well as clarity. And then another critical cultural ingredient for me is that human interlock by design, AI is assistive, not autonomous. Humans do stay accountable.
[28:07]
A
That's Daniel Barbou, Director of EMEA Security at Adobe. When it comes to mobile application security, Goodenough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security, and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E-R.com cyberwire. And finally, for decades, if you wanted to track your heart rate, you needed a smartwatch, a medical device, or at least something strapped to your body. Now, researchers at the University of California, Santa Cruz, suggest your WI fi router might quietly do the job. Instead, their prototype System, charmingly named PulseFi, uses ordinary Wi fi signals and a machine learning model to detect the tiny disturbances caused by a beating heart. In tests with 118 participants, the system measured heart rate with near clinical accuracy in as little as five seconds, even if people were sitting, standing, walking, or lounging several meters away. The setup relies on inexpensive hardware, meaning the technology could eventually be deployed cheaply in homes. In other words, your WI fi may soon know your pulse, whether you asked it to or not. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwarner@n2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning, and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco. Most security Conferences Talk about Zero Trust Zero Trust World puts you inside. This is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live hacking labs where you'll attack real environments, see how modern threats actually work and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies and technical deep dives focused on real world implementation. Whether your Blue Team, Red team or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now at ztw.com and take your zero trust strategy from Theory to execution.