tag
#security
The technical heart: vulnerability research, disclosure, threat analysis, the craft of finding and fixing
Offense Scales with Compute. Defense Scales with Committees.
Why AI is widening the attacker-defender gap faster than anything we've built to close it — and what that actually means for the next decade of security.…
Bug Bounties in the Age of AI
As AI accelerates the offense-defense asymmetry, bug bounties and vulnerability disclosure remain essential. Casey Ellis on the future of bug bounties, the evolving threat landscape, and how disclose.io and the SRLDF protect the researchers keeping us safe.…
The FCC Just Banned Every Foreign-Made Router
The FCC added every foreign-made consumer router to the Covered List — a March 2026 supply-chain action that goes far beyond previous adversary-nation bans.…
Vulnerability economics
The four-line economic frame for every vulnerability: cost to introduce, cost to discover, cost to fix, and the value of exploitation — and why the math matters.…
For the Love of the Game: DistrictCon's Year 1 Junkyard
Notes from judging DistrictCon's Junkyard Year 1 — a Pwn2Own-style exploit contest targeting end-of-life devices. Disco balls, DNA sequencers, gym treadmills, and self-propagating game worms. Includes exploit chain diagrams for all eleven talks.…
What the Netflix ‘Zero Day’ series got right about incident response
That said, the widespread nature of the effects shown in the six-part series are definitely plausible. Industrial control systems and the infrastructure that supports them are riddled with zero-day vulnerabilities, alongside the more common "known, yet unpatched" n-day vulnerabilities.…
Bug Bounties, The Wanted Poster For Ethical Hackers — Future Secured Episode 35
Crowdsourced security empowers ethical hackers to protect digital assets, reshaping cybersecurity. Casey Ellis encourages entrepreneurs to lead with resilience, delegate wisely, prioritize health, and embrace innovation amid chaos for lasting impact and scalable success.…
The Original Bug Bounty: Alfred Hobbs and the Great Lock Controversy of 1851
Alfred Hobbs: The OG bug bounty hunter who cracked England’s ‘unpick-able’ locks. His breaker mindset exposed flaws, sparked innovation, and proved no system is perfect.…
NEBULA:FOG:PRIME – AI x Security Panel Discussion
It was an privilege to participate on this panel at the NEBULA:FOG:PRIME AI x Security Hackathon event on the 25th of January.…
A few security predictions for 2025
Security predictions for 2025: peacetime vs wartime cyber, hardware and IOT back in focus, AI as tool, target, and threat — and the slop firehose's arrival.…
Some thoughts about Typhoons
What's the deal with Volt Typhoon, Salt Typhoon, and Flax Typhoon - and what do we need to do?…
You're Soaking In It: Systemic Cyber Struggles
Chris Hughes, Wendy Nather, and Casey Ellis on systemic cyber struggles, the cybersecurity poverty line, and what regulation can actually shift the needle on.…