Safe Mode Podcast — Mobilizing Main Street: Inside the Cyber Civic Engagement Program

Date: October 30, 2025
Host: Greg Otto (A), Editor in Chief at CyberScoop
Guests: Derek Johnson (B), CyberScoop writer; Betsy Cooper (C), Founding Director of the Aspen Policy Academy

Episode Overview

This episode focuses on the intersection of grassroots civic engagement and cybersecurity, highlighting the Aspen Institute’s new Cyber Civic Engagement program led by Betsy Cooper. The first half examines risks presented by new AI-powered browsers, while the main interview explores how regular citizens can advocate for cybersecurity changes in their communities—bridging the gap between technical issues and local policy. The show aims to empower listeners with practical strategies to elevate cyber awareness and action at the municipal level.

Key Discussion Points & Segments

1. AI Browser Vulnerabilities and Security Research (00:28 – 08:48)

• OpenAI’s AI Agent Powered Browser

  • Recent launch of an AI-driven web browser by OpenAI sparked immediate interest from security researchers.
  • Example: Splix, an AI security company, uncovered that the browser's “user agent header” exposes it as an AI crawler, allowing websites to serve different content to bots and humans.
  • Risks: Malicious actors could feed LLMs (Large Language Models) manipulated information—potential for disinformation, fraud, or influencing automated decisions.
  • Example Scenario:
    • Researchers created fake resumes for job candidates, and the AI agent could be tricked into rating a poorly qualified candidate highest using different data delivered only to crawlers. (03:13)
    • “She kind of sailed through the screening process.” – Derek Johnson (03:33)

• Old Problem, New Context

  • Google and Chromium have previously addressed this for SEO/gaming purposes, but AI browsers lack similar guardrails.
  • OpenAI’s current terms of service do not appear to disallow or mitigate this, raising concerns from researchers. (04:44)

• Layer X Research

  • Discovered authenticated ChatGPT sessions can be hijacked with hidden, persistent instructions to the LLM.
  • “There was also a tremendous amount of permissions that ATLAS has to have to every aspect of your system... it’s a tremendous risk if there’s not a baseline protection put in.” – Derek Johnson (06:15)

• Threat Landscape Observations

  • The bar for exploiting these AI agents is low—no hacking required, just creative prompting and understanding of LLM retrieval processes.
  • “You don’t even have to hack anybody… It’s just the website understanding how LLMs retrieve things… and then exploiting that.” – Derek Johnson (07:27)
  • “It’s the Wild West out there.” – Derek Johnson (08:18)

2. Cyber Civic Engagement: Empowering Communities to Champion Local Cybersecurity (08:49 – 29:12)

Interview: Betsy Cooper, Aspen Policy Academy

• Program Introduction and Structure (10:03 – 11:49)

  • The Cyber Civic Engagement program aims to empower ordinary people—victims and non-experts alike—to advocate for stronger local cybersecurity measures.
  • Focus on practical tips for engaging government, from storytelling to making policy recommendations.
  • “So cyber civic engagement is all about getting ordinary people in their communities to advocate for stronger cybersecurity change… teaching you how to go out and do that.” – Betsy Cooper (10:26)

• Bridging Technical Concepts and Policy Action (11:49 – 14:33)

  • Policymakers respond better to real-life stories than technical jargon.
  • Goal is not to upskill government but to amplify citizens’ demands for cybersecurity improvements.
  • “Policymakers are more likely to respond to stories than they are to the technical knowledge… If people don’t speak up about that, then governments aren’t going to put this on their priority list.” – Betsy Cooper (13:07)

• Educational Delivery and Scaling (14:53 – 16:26)

  • Starts with monthly, public webinars (nearly 20,000 reached initially).
  • Phased approach: Begin broad, channel into partnerships (seniors, veterans groups), then to one-on-one coaching and “train the trainer” workshops to encourage widespread adoption.

• Policy Coaching Model and Previous Successes (16:26 – 17:40)

  • Coaching includes pinpointing problems, defining solutions, and preparing for specific advocacy actions.
  • Past work has helped change scam reporting mechanisms for older adults and improved government bug bounty programs.

• Tips for Effective Local Advocacy (17:53 – 21:12)

  • First step: Overcome acceptance—recognize cybercrime isn’t inevitable, and speaking up matters.
  • Be direct: State your goal immediately (“Please install multifactor authentication…”), then explain why.
  • Make it personal: Share your story to illustrate impact.
  • Always offer clear recommendations, not just complaints.
  • “People get three minutes and usually spend two and a half… setting up the problem… What if you began with… ‘Please install multifactor authentication’…” – Betsy Cooper (17:53)

• Role of the Take 9 Campaign (21:12 – 23:36)

  • “Take 9” is a partner initiative urging people to pause for nine seconds before acting online.
  • Offers basic cyber hygiene tips (strong passwords, avoiding public Wi-Fi, etc.) and helps funnel new participants to Aspen’s program.
  • Leverages national campaigns (billboards, subway ads) to broaden outreach.

• Balancing Technical Detail and Accessibility (23:36 – 25:52)

  • The sweet spot is “Cybersecurity 101”—simple, practical changes anyone can advocate for (better passwords, better post-incident support) with optional deeper dives for the technically advanced.

• Adapting to New Threats and Technologies (25:52 – 28:41)

  • Continued evolution: Phishing will get more sophisticated through AI (personalized, typo-free scam emails).
  • Educational materials and tips will adapt; emphasis on critical thinking as the technical “tells” disappear.
  • “We’re going to change our tips to accommodate… as the way phishing scams look change.” – Betsy Cooper (28:20)
  • “If AI leads the Internet to entirely break down because nobody can know whether anything is real… we're not going to be able to… conduct business…” – Betsy Cooper (28:31)

• How to Get Involved (28:41 – 29:12)

  • Main hub: aspenpolicyacademy.org
  • Regular webinars for all skill levels, plus resources on advocacy, op-eds, and public comments.

Notable Quotes & Memorable Moments

• “You don’t have to be perfect… just by attending one of our webinars or reaching out… you're already making a difference.” – Betsy Cooper (17:53)
• “It’s the Wild West out there. There's no process in place to, to handle that.” – Derek Johnson (08:18)
• “If people don’t speak up about that, governments aren’t going to put this on their priority list.” – Betsy Cooper (13:12)
• “You’re probably not going to stand up and tell your city council you care about cybersecurity unless it matters to you in some meaningful way. So tell the story…” – Betsy Cooper (19:25)
• “We’re going to change our tips to accommodate those [AI scams] as the way phishing scams look change.” – Betsy Cooper (28:20)

Timestamps for Important Segments

• 00:28 — Introduction to guest lineup and AI browser segment
• 01:35 — Derek Johnson reports on AI browser vulnerabilities
• 03:13 — Real-world example: AI manipulation in job screenings
• 06:15 — Risks of excessive system permissions and LLM memory manipulation
• 08:49 — Betsy Cooper interview introduction
• 10:26 — Cooper explains Cyber Civic Engagement program structure
• 14:53 — Outreach strategy and scaling the program
• 17:53 — Effective tips for local cyber advocacy
• 21:30 — The Take 9 campaign’s role in awareness and engagement
• 23:36 — Discussion on “technological sweet spot” for public involvement
• 25:52 — Evolving approach to new tech threats like AI-driven phishing
• 28:41 — How listeners can join or learn more

Summary

This episode offers a comprehensive look at both cutting-edge technical risks (with practical examples from active security research) and innovative, accessible ways local communities can promote cybersecurity. The Aspen Institute’s new program provides a blueprint for transitioning cyber threats from niche tech talk to vital civic dialogue—arming regular people with the tools, narratives, and strategies to drive policy change and protect their communities in an ever-evolving threat landscape.

For more info or to participate in the Cyber Civic Engagement program, visit aspenpolicyacademy.org.