Skip to content
← home

tag

#security

98 posts

The technical heart: vulnerability research, disclosure, threat analysis, the craft of finding and fixing

Security

Offense Scales with Compute. Defense Scales with Committees.

Why AI is widening the attacker-defender gap faster than anything we've built to close it — and what that actually means for the next decade of security.…

08 Apr 2026 · 11 min read
Security

Bug Bounties in the Age of AI

As AI accelerates the offense-defense asymmetry, bug bounties and vulnerability disclosure remain essential. Casey Ellis on the future of bug bounties, the evolving threat landscape, and how disclose.io and the SRLDF protect the researchers keeping us safe.…

27 Mar 2026 · 4 min read
Security

The FCC Just Banned Every Foreign-Made Router

The FCC added every foreign-made consumer router to the Covered List — a March 2026 supply-chain action that goes far beyond previous adversary-nation bans.…

24 Mar 2026 · 3 min read
Security

Vulnerability economics

The four-line economic frame for every vulnerability: cost to introduce, cost to discover, cost to fix, and the value of exploitation — and why the math matters.…

22 Mar 2026 · 1 min read
Security

For the Love of the Game: DistrictCon's Year 1 Junkyard

Notes from judging DistrictCon's Junkyard Year 1 — a Pwn2Own-style exploit contest targeting end-of-life devices. Disco balls, DNA sequencers, gym treadmills, and self-propagating game worms. Includes exploit chain diagrams for all eleven talks.…

07 Feb 2026 · 9 min read
Security

What the Netflix ‘Zero Day’ series got right about incident response

That said, the widespread nature of the effects shown in the six-part series are definitely plausible. Industrial control systems and the infrastructure that supports them are riddled with zero-day vulnerabilities, alongside the more common "known, yet unpatched" n-day vulnerabilities.…

18 May 2025 · 4 min read
Security

Bug Bounties, The Wanted Poster For Ethical Hackers — Future Secured Episode 35

Crowdsourced security empowers ethical hackers to protect digital assets, reshaping cybersecurity. Casey Ellis encourages entrepreneurs to lead with resilience, delegate wisely, prioritize health, and embrace innovation amid chaos for lasting impact and scalable success.…

05 May 2025 · 4 min read
Security

The Original Bug Bounty: Alfred Hobbs and the Great Lock Controversy of 1851

Alfred Hobbs: The OG bug bounty hunter who cracked England’s ‘unpick-able’ locks. His breaker mindset exposed flaws, sparked innovation, and proved no system is perfect.…

07 Mar 2025 · 5 min read
Security

NEBULA:FOG:PRIME – AI x Security Panel Discussion

It was an privilege to participate on this panel at the NEBULA:FOG:PRIME AI x Security Hackathon event on the 25th of January.…

13 Feb 2025 · 1 min read
Security

A few security predictions for 2025

Security predictions for 2025: peacetime vs wartime cyber, hardware and IOT back in focus, AI as tool, target, and threat — and the slop firehose's arrival.…

17 Dec 2024 · 2 min read
Security

Some thoughts about Typhoons

What's the deal with Volt Typhoon, Salt Typhoon, and Flax Typhoon - and what do we need to do?…

12 Dec 2024 · 3 min read
Security

You're Soaking In It: Systemic Cyber Struggles

Chris Hughes, Wendy Nather, and Casey Ellis on systemic cyber struggles, the cybersecurity poverty line, and what regulation can actually shift the needle on.…

14 Nov 2024 · 1 min read