Risky Bulletin: LLMs Can Deanonymize Internet Users Based on Their Comments

Date: March 2, 2026
Host: Risky Business Media, read by Claire Aird
Prepared by: Catalin Kim Panu

Episode Overview

This episode of Risky Bulletin delivers a rapid-fire summary of recent and significant cybersecurity incidents around the world. The main highlight is groundbreaking research showing that large language models (LLMs) can deanonymize internet users by analyzing their comments with near-perfect precision. Additional updates span major data breaches, governmental changes, threats to cryptographic systems, and evolving policy stances on AI and national security.

Key Discussion Points & Insights

1. LLMs and Deanonymization of Internet Users

New Research: Academics have demonstrated that LLMs can deanonymize users based on their online comments.
- Impact: Achieved 99% precision in linking Hacker News accounts to LinkedIn profiles.
- Breadth: The technique also works even when users operate under multiple pseudonyms across different platforms.
Quote:
- "Academics have developed large language models that can de anonymize users based on their comments. Tests achieved 99% precision when linking Hacker News accounts to LinkedIn profiles." — Claire Aird [00:10]

2. Leadership Shakeups & Policy Moves in US Cyber Agencies

CISA Leadership Change:
- Nick Anderson named acting CISA Director, replacing Madhu Ghotamukkala after criticism from Congress.
- CISA recently criticized for "reducing staff numbers and weakening CISA's ability to defend federal agencies."
NSA & Cyber Command Leadership Blocked:
- Senator Ron Wyden pledges to block Lt. Gen. Joshua Rudd's appointment due to a lack of relevant cyber background.
- Both agencies have been leaderless for 10 months since President Trump fired Gen. Timothy Hawke.
Quote:
- "Senator Ron Wyden has pledged to block the appointment of Lt. Gen. Joshua Rudd as the next lead of US Cyber Command and the National Security Agency. Wyden said Rudd lacks background in cyber operations and signals intelligence." — Claire Aird [00:38]

3. Major Government and Organizational Breaches

US DHS Contract Leak:
- Hackers leaked details about contracts with ICE.
- Data was hacked from the Office of Industry Partnership by the group "Department of Peace." [01:13]
French Ministry of Health Breach:
- Hackers accessed 15M citizens' data, including patient records and personal details.
- Breach confirmed a year after its occurrence. [01:30]
Dutch Government Attacks:
- Multiple Dutch agencies compromised via a recent Avanti EPMM zero-day.
- Breach included Dutch Justice Department and Data Protection Authority; remained undetected for five months.

4. Global Hacktivism and Cryptocurrency Thefts

Iranian Prayer App Compromised:
- Hackers exploited the Bod Subah calendar app to encourage resistance against the regime and plead with the military to "lay down their arms."
- Occurred following a US-Israeli attack, leading to an internet shutdown in Iran. [02:03]
South Korean Crypto Wallet Leak:
- $4.8M in crypto stolen after tax authority leaks wallet recovery phrase in online photos.
- Part of a tax crime investigation into over 100 individuals.
- "The South Korean Tax authority posted photos of the wallet online with the recovery phrase in full view." [02:25]

5. Business Impact: Large-Scale Data Breaches

Coupang (South Korea):
- Operating income dropped 97%—from $312M to $8M—after a breach.
- Reported a net loss versus sizeable prior profit. [02:38]

6. AI Ethics and Tech Company Stances

OpenAI Sides with Rival Anthropic on Pentagon Dispute:
- Both companies refuse to allow AI tools for mass surveillance or lethal autonomy.
- Over 700 employees from both firms signed a supporting letter.
- "OpenAI has sided with its rival Anthropic in the company's dispute with the Pentagon. CEO Sam Altman said OpenAI has the same red lines as Anthropic..." [02:53]
Apple iOS Devices Approved for NATO Use:
- iPhones and iPads pass German audit to handle classified NATO data.
- First consumer-grade devices approved without extra software/configuration. [03:16]

7. Underground Markets, Scams, and Darknet Crime

.com Community Crackdown:
- 30+ detained, 179 identified in multinational law enforcement operations.
- Community linked to harassment, extortion, and cybercrime.
Milton Group Call Center Scam:
- Operator Mikhail Binyashvili sentenced to 7.5 years; scammed millions from victims and sold scamming software. [03:44]

8. Botnets, Malicious Automation, and Exposed Secrets

Kim Wolf DDoS Botnet Admin Identified:
- Brian Krebs names 23-year-old Jacob Butler as admin; Butler claims the persona was retired in 2021.
Bot Scraping GitHub Tokens:
- Automated bots exploited misconfigured CI/CD pipelines, compromising at least four major projects, including Microsoft's. [04:24]

9. New Waves in Digital Certificate Security & Quantum Resistance

IETF’s Quantum Certificate Initiative:
- New working group partnered with Google to create "Merkle Tree Certificates," updating X509 with integrated public logging.
- Reflects increasing urgency for quantum-resistant infrastructure. [05:02]
Android 17 Security Update:
- Certificate transparency will be enforced by default for all apps. [05:22]

10. Ongoing Cyber Threats and Social Media Developments

Google Removes Fraudulent Android Apps:
- 115 apps booted due to hidden browser ad fraud; hundreds of AI-generated webpages used for click fraud. [04:52]
API Key Exposure:
- Nearly 3,000 Google API keys found exposed, now also authorizing access to Gemini AI.
TikTok Returns to Albania:
- Ban expired after a year, originally imposed over severe cyberbullying consequences.
- TikTok claims to have enhanced security and anti-bullying measures. [05:34]
Meta’s Teen Safety Enhancement:
- Instagram now notifies parent accounts when teens search for self-harm terms, with planned expansion to Meta’s AI assistants.

Notable Quotes & Memorable Moments

LLM Deanonymization:
"Academics have developed large language models that can de anonymize users based on their comments. Tests achieved 99% precision when linking Hacker News accounts to LinkedIn profiles." — Claire Aird [00:10]
Leadership Concerns:
"Senator Ron Wyden has pledged to block the appointment of Lt. Gen. Joshua Rudd as the next lead...Wyden said Rudd lacks background in cyber operations and signals intelligence." — Claire Aird [00:38]
Cryptocurrency Mishap:
"The South Korean Tax authority posted photos of the wallet online with the recovery phrase in full view." — Claire Aird [02:25]
AI Ethics Stand-Off:
"OpenAI has sided with its rival Anthropic in the company's dispute with the Pentagon. CEO Sam Altman said OpenAI has the same red lines as Anthropic..." — Claire Aird [02:53]

Timeline of Important Segments

| Timestamp | Topic | |:---:|---| | 00:10 | LLMs deanonymize users via online comments | | 00:38 | CISA/NSA leadership shakeup and Congressional tensions | | 01:13 | US DHS ICE contract data breach | | 01:30 | 15M French Ministry of Health records stolen | | 02:03 | Iranian prayer app hack and government internet shutdown | | 02:25 | South Korean crypto wallet compromised via recovery phrase leak | | 02:38 | Major financial losses at Coupang post-breach | | 02:53 | OpenAI & Anthropic AI ethics, Pentagon dispute | | 03:16 | Apple iOS approved for classified NATO communications | | 03:44 | International crackdown on ".com" doxing/harassment community | | 04:24 | GitHub token scraping and supply chain attacks | | 04:52 | Removal of 115 ad fraud Android apps; Google API key exposures | | 05:02 | IETF quantum-ready certificate push with Google | | 05:22 | Android 17 to require certificate transparency | | 05:34 | TikTok returns to Albania; Meta boosts teen safety |

Tone and Character

The episode delivers concise, fact-packed updates with a neutral, professional, and slightly urgent news tone. It balances the technical depth needed for cybersecurity professionals with plain explanations for broader accessibility. The rapid pace and focus ensure key events are covered without embellishment or editorializing, matching the Risky Bulletin's style.

Summary

This Risky Bulletin episode highlights how the lines between anonymity and identity on the internet are rapidly blurring, thanks to advances in AI and large language models. The news cycle paints a turbulent global cybersecurity landscape, with government data breaches, organizational turmoil, evolving ethical battles over AI, quantum-readiness in digital infrastructure, and new social media safety protocols. The episode is an essential catch-up for anyone interested in cybersecurity trends, major incidents, and the pressing issues shaping digital privacy and policy in 2026.

Risky Bulletin: LLMs Can Deanonymize Internet Users Based on Their Comments

Date: March 2, 2026
Host: Risky Business Media, read by Claire Aird
Prepared by: Catalin Kim Panu

Episode Overview

Key Discussion Points & Insights

1. LLMs and Deanonymization of Internet Users

New Research: Academics have demonstrated that LLMs can deanonymize users based on their online comments.
- Impact: Achieved 99% precision in linking Hacker News accounts to LinkedIn profiles.
- Breadth: The technique also works even when users operate under multiple pseudonyms across different platforms.
Quote:
- "Academics have developed large language models that can de anonymize users based on their comments. Tests achieved 99% precision when linking Hacker News accounts to LinkedIn profiles." — Claire Aird [00:10]

2. Leadership Shakeups & Policy Moves in US Cyber Agencies

CISA Leadership Change:
- Nick Anderson named acting CISA Director, replacing Madhu Ghotamukkala after criticism from Congress.
- CISA recently criticized for "reducing staff numbers and weakening CISA's ability to defend federal agencies."
NSA & Cyber Command Leadership Blocked:
- Senator Ron Wyden pledges to block Lt. Gen. Joshua Rudd's appointment due to a lack of relevant cyber background.
- Both agencies have been leaderless for 10 months since President Trump fired Gen. Timothy Hawke.
Quote:
- "Senator Ron Wyden has pledged to block the appointment of Lt. Gen. Joshua Rudd as the next lead of US Cyber Command and the National Security Agency. Wyden said Rudd lacks background in cyber operations and signals intelligence." — Claire Aird [00:38]

3. Major Government and Organizational Breaches

US DHS Contract Leak:
- Hackers leaked details about contracts with ICE.
- Data was hacked from the Office of Industry Partnership by the group "Department of Peace." [01:13]
French Ministry of Health Breach:
- Hackers accessed 15M citizens' data, including patient records and personal details.
- Breach confirmed a year after its occurrence. [01:30]
Dutch Government Attacks:
- Multiple Dutch agencies compromised via a recent Avanti EPMM zero-day.
- Breach included Dutch Justice Department and Data Protection Authority; remained undetected for five months.

4. Global Hacktivism and Cryptocurrency Thefts

Iranian Prayer App Compromised:
- Hackers exploited the Bod Subah calendar app to encourage resistance against the regime and plead with the military to "lay down their arms."
- Occurred following a US-Israeli attack, leading to an internet shutdown in Iran. [02:03]
South Korean Crypto Wallet Leak:
- $4.8M in crypto stolen after tax authority leaks wallet recovery phrase in online photos.
- Part of a tax crime investigation into over 100 individuals.
- "The South Korean Tax authority posted photos of the wallet online with the recovery phrase in full view." [02:25]

5. Business Impact: Large-Scale Data Breaches

Coupang (South Korea):
- Operating income dropped 97%—from $312M to $8M—after a breach.
- Reported a net loss versus sizeable prior profit. [02:38]

6. AI Ethics and Tech Company Stances

OpenAI Sides with Rival Anthropic on Pentagon Dispute:
- Both companies refuse to allow AI tools for mass surveillance or lethal autonomy.
- Over 700 employees from both firms signed a supporting letter.
- "OpenAI has sided with its rival Anthropic in the company's dispute with the Pentagon. CEO Sam Altman said OpenAI has the same red lines as Anthropic..." [02:53]
Apple iOS Devices Approved for NATO Use:
- iPhones and iPads pass German audit to handle classified NATO data.
- First consumer-grade devices approved without extra software/configuration. [03:16]

7. Underground Markets, Scams, and Darknet Crime

.com Community Crackdown:
- 30+ detained, 179 identified in multinational law enforcement operations.
- Community linked to harassment, extortion, and cybercrime.
Milton Group Call Center Scam:
- Operator Mikhail Binyashvili sentenced to 7.5 years; scammed millions from victims and sold scamming software. [03:44]

8. Botnets, Malicious Automation, and Exposed Secrets

Kim Wolf DDoS Botnet Admin Identified:
- Brian Krebs names 23-year-old Jacob Butler as admin; Butler claims the persona was retired in 2021.
Bot Scraping GitHub Tokens:
- Automated bots exploited misconfigured CI/CD pipelines, compromising at least four major projects, including Microsoft's. [04:24]

9. New Waves in Digital Certificate Security & Quantum Resistance

IETF’s Quantum Certificate Initiative:
- New working group partnered with Google to create "Merkle Tree Certificates," updating X509 with integrated public logging.
- Reflects increasing urgency for quantum-resistant infrastructure. [05:02]
Android 17 Security Update:
- Certificate transparency will be enforced by default for all apps. [05:22]

10. Ongoing Cyber Threats and Social Media Developments

Google Removes Fraudulent Android Apps:
- 115 apps booted due to hidden browser ad fraud; hundreds of AI-generated webpages used for click fraud. [04:52]
API Key Exposure:
- Nearly 3,000 Google API keys found exposed, now also authorizing access to Gemini AI.
TikTok Returns to Albania:
- Ban expired after a year, originally imposed over severe cyberbullying consequences.
- TikTok claims to have enhanced security and anti-bullying measures. [05:34]
Meta’s Teen Safety Enhancement:
- Instagram now notifies parent accounts when teens search for self-harm terms, with planned expansion to Meta’s AI assistants.

Notable Quotes & Memorable Moments

LLM Deanonymization:
"Academics have developed large language models that can de anonymize users based on their comments. Tests achieved 99% precision when linking Hacker News accounts to LinkedIn profiles." — Claire Aird [00:10]
Leadership Concerns:
"Senator Ron Wyden has pledged to block the appointment of Lt. Gen. Joshua Rudd as the next lead...Wyden said Rudd lacks background in cyber operations and signals intelligence." — Claire Aird [00:38]
Cryptocurrency Mishap:
"The South Korean Tax authority posted photos of the wallet online with the recovery phrase in full view." — Claire Aird [02:25]
AI Ethics Stand-Off:
"OpenAI has sided with its rival Anthropic in the company's dispute with the Pentagon. CEO Sam Altman said OpenAI has the same red lines as Anthropic..." — Claire Aird [02:53]

wavePod

Risky Bulletin: LLMs can deanonymize internet users based on their comments

Powered by Wave AI

Summary

Risky Bulletin: LLMs Can Deanonymize Internet Users Based on Their Comments

Episode Overview

Key Discussion Points & Insights

1. LLMs and Deanonymization of Internet Users

2. Leadership Shakeups & Policy Moves in US Cyber Agencies

3. Major Government and Organizational Breaches

4. Global Hacktivism and Cryptocurrency Thefts

5. Business Impact: Large-Scale Data Breaches

6. AI Ethics and Tech Company Stances

7. Underground Markets, Scams, and Darknet Crime

8. Botnets, Malicious Automation, and Exposed Secrets

9. New Waves in Digital Certificate Security & Quantum Resistance

10. Ongoing Cyber Threats and Social Media Developments

Notable Quotes & Memorable Moments

Timeline of Important Segments

Tone and Character

Summary

Summary

Risky Bulletin: LLMs Can Deanonymize Internet Users Based on Their Comments

Episode Overview

Key Discussion Points & Insights

1. LLMs and Deanonymization of Internet Users

2. Leadership Shakeups & Policy Moves in US Cyber Agencies

3. Major Government and Organizational Breaches

4. Global Hacktivism and Cryptocurrency Thefts

5. Business Impact: Large-Scale Data Breaches

6. AI Ethics and Tech Company Stances

7. Underground Markets, Scams, and Darknet Crime

8. Botnets, Malicious Automation, and Exposed Secrets

9. New Waves in Digital Certificate Security & Quantum Resistance

10. Ongoing Cyber Threats and Social Media Developments

Notable Quotes & Memorable Moments

Timeline of Important Segments

Tone and Character

Summary