Last week,Anthropic showed how an AI-driven cyber campaign by Chinese operatives relied on the work of humans and a deal in which Ping acquired Keyless seeks to overcome the particular challenges of protecting the identities of frontline workers using biometrics. And could military vets fill the cybersecurity skills gap? They have the chops.
Humans Still Led the Way in China-based Attacks Using Anthropic’s Claude GenAI
The threat is real from the growing use of AI to drive cyberattacks, but skilled humans are still a vital part of even “most autonomous” attacks. Take, for instance, a recent campaign where a hacking group sponsored by China used Anthropic’s Claude generative AI solution to worm their way into 30-plus organizations. Anthropic says the group got around Claude’s security by breaking up work into discrete tasks so the software couldn’t recognize its true malevolent mission. And it also fooled the LLM into believing that what it was detecting was a typical security audit. The automation part of the equation is also real but it’s built on a foundation created by humans—a frontend framework designed to support Claude and automate scripting, the provisioning of related servers, and backend development to make sure the correct steps are followed and other tasks.
Google Turns to Courts, Congress to Fight Smishing Campaign
Patches and technology solution are not the only elements that Google is tapping to combat a giant smishing campaign that uses the Lighthouse Phishing-as-a-Service (PhaaS) to lure targets by claiming they have unclaimed packages at the U.S. Postal Service or that they owe E-ZPass tolls. The company filed a suit to dismantle Lighthouse, which it said yielded almost immediate results, and threw its weight behind three bills that are intended to safeguarding U.S. citizens from scams. In one bill, states would use federal grants to probe scams targeting retirees; the second would find solutions to block robocalls that originate offshore. The third bill is over-arching, developing a national strategy to handle scams.
Broadcom’s VMware Overhaul: A Strategic Shift with Long-Term Implications for IT Leaders
In a major transition in how VMware Cloud Foundation (VCF) is licensed, Broadcom has transitioned the platform to a subscription-only, bring-your-own-license (BYOL) model. VMware licenses will no longer be available through cloud providers. Organizations will instead secure VCF subscriptions directly from Broadcom and apply them across on-premises or cloud-based infrastructure. The move from perpetual licenses to recurring subscriptions shifts infrastructure from a capital expense to an operating model. This change increases predictability but introduces higher baseline costs, especially for environments sized below the new core-based minimums. Licensing now comes bundled in full suites, often beyond what many teams actively use.
Ping-Keyless deal highlights authentication gaps for frontline workers
In a play to protect frontline worker’s identities, Ping’s acquisition of Keyless will add biometric authentication to protect their privacy. According to Beekeeper, frontline workers working outside of the office make up 80 percent or so of the global workforce. But the lion’s share of identity protection is often aimed at white collar workers. Because they often are prohibited—for safety reasons—from using their personal cell phones, MFA is not an option to authenticate IDs. And they often don’t have access to a dedicated computer, rather sharing devices with other workers to authenticate identification, hampering identity management. The Ping-Keyless deal seeks to close the ID protection gap for these workers using solutions like facial biometrics, so “with a single glance at the camera” workers can authenticate without needed a dedicated device or entering a password.
To Fill the Cybersecurity Skills Gap Organizations Are Turning to Military Vet
Military vets represent an important sector of the workforce that could bridge the cybersecurity skills gap. They are typically trained to make quick decisions in crisis situations using incomplete information. Vets know how to take ownership of a mission and follow through, according to a series of interviews with security executives. Those abilities perhaps are more as critical as the technical skills that they can be taught. In cybersecurity careers, vets can help strengthen defense across the industry and the country.
.