Tech Risk Reading Picks

1. AI takes on Kryptos: For 35 years, amateur and professional cryptographers have tried to crack the last unsolved panel (K4) of Kryptos, a sculpture at CIA headquarters, but AI is now generating false solutions, frustrating its creator, Jim Sanborn. While the CIA and NSA deciphered three panels in the 1990s, K4 remains elusive, fueling an obsessive community. Recently, AI chatbots have convinced users they’ve "solved" it instantly, leading to an influx of misguided, overconfident emails to Sanborn, who sees this as a shallow shortcut that undermines the puzzle's intellectual rigor. Despite dropping occasional hints, Sanborn refuses to reveal the final answer in his lifetime, preserving Kryptos as a lasting mystery. [more]

2. Profound privacy issue of Agentic AI: Signal President Meredith Whittaker, speaking at SXSW, warned that agentic AI poses significant privacy and security risks by requiring deep access to users' personal data and systems. She likened this AI-driven automation to "putting your brain in a jar," where AI agents handle tasks like booking events and messaging friends but demand extensive permissions across devices, including browser access, credit card details, and messaging apps. Whittaker highlighted that such AI models would likely operate via cloud servers, increasing vulnerability to data breaches. She cautioned that integrating AI agents into apps like Signal could compromise message privacy and criticized the AI industry's reliance on mass data collection, arguing that this trend threatens user security under the guise of convenience. [more]

3. Taking AI risks seriously: Anthropic CEO Dario Amodei warns that while AI offers immense benefits, its risks—ranging from national security threats to misuse by bad actors—are equally significant. Speaking on Hard Fork, he expressed concern that people are not taking AI risks seriously enough but expects awareness to rise within the next two years, potentially as a shock. He highlighted AI’s potential to enable high-level misuse, particularly in fields like virology and military technology, raising concerns about AI-powered autocracy and global security threats. While advocating for safeguards and regulation, Amodei believes it is possible to mitigate AI risks without stifling its benefits, though achieving this balance requires nuance and careful planning. [more]

4. AI Threat Landscape Report: HiddenLayer's AI Threat Landscape Report highlights the growing security challenges organizations face as AI adoption accelerates, with 89% of IT leaders citing AI models as critical to success while security teams struggle to keep pace. The report reveals a sharp rise in AI breaches, with 74% of organizations experiencing one in 2024, up from 67% the previous year, yet 45% chose not to disclose incidents due to reputational concerns. Despite AI’s increasing material impact, only 32% of companies have deployed technology solutions to mitigate threats, and 76% continue to debate internal ownership of AI security. Emerging risks include the rise of "shadow AI," with 72% of IT leaders viewing unauthorized AI use as a major concern, and the evolving threat landscape driven by adversarial AI, phishing via agentic AI, and deepfake misinformation. Encouragingly, 96% of organizations are increasing AI security budgets in 2025 to address these challenges. HiddenLayer's CEO, Chris "Tito" Sestito, emphasizes that securing AI is not just about protection but also a strategic enabler for innovation, as companies that invest in security can accelerate adoption, build trust, and gain a competitive edge. [more][more-hiddenlayer_AI_threat_report]

Web3 Cryptospace Spotlight

1. Scam disguised application: OKX and SlowMist reported that multiple users experienced unauthorized access to their wallet assets, linked to mnemonic phrase and private key leaks. Investigations revealed that a scam application called BOM deceived users into granting permissions, allowing malicious actors to extract and exploit their private keys. The OKX Web3 Security team analyzed BOM's APK files and found that it secretly accessed media files to steal sensitive data. In response, security recommendations were issued, advising users to download apps only from trusted sources, avoid storing mnemonic phrases digitally, and use professional on-chain tracking tools for enhanced security. [more]

2. Telegram account takeover: SlowMist noted that scammers are using fake "Safeguard" schemes to steal Telegram accounts by tricking users into entering their login codes through deceptive verification messages. Once they gain access, they search for private keys in bots and may impersonate victims to scam their contacts. Variations of this scam include fake security alerts and account risk warnings. [more]

3. Initial Bybit hack laundering completed: North Korean hackers, linked to the Lazarus Group, have completed the initial laundering phase of over $1 billion stolen from Bybit, moving the stolen Ethereum to new addresses before further laundering. Utilizing decentralized finance (DeFi) tools and underground financial networks, particularly in China, they have accelerated the process, overwhelming investigators with rapid transactions. The FBI has urged the crypto community to help contain the stolen funds, with Bybit launching a bounty program to recover assets. Despite obstacles, including a brief halt due to transaction volume limits, laundering has resumed, with 77% of the funds still traceable. This marks the largest crypto hack to date, highlighting North Korea’s ongoing large-scale cyber theft operations. [more]

4. Safe investigation on Bybit hack: Safe’s preliminary report on the Bybit hack attributed the breach to a compromised macOS developer laptop infected via a contaminated Docker project, likely through social engineering. Attackers, linked to UNC4899 and DPRK-affiliated TraderTraitor, exploited active AWS tokens to bypass MFA and modify Bybit’s Safe multi-signature wallet interface, redirecting $1.5 billion in Ethereum. They used ExpressVPN for anonymity and leveraged AWS session hijacking for unauthorized access. Safe has since reinforced security by restructuring infrastructure, limiting privileged access, enforcing strict peer reviews, and enhancing monitoring systems while confirming its smart contracts were unaffected. [more][more-Safe_investigation]

5. Reflection on Bybit hack: The recent $1.5 billion Bybit Exchange hack on February 21, 2025, underscores the growing cybersecurity threats in the crypto industry, with attacks becoming more frequent and sophisticated. In 2024 alone, North Korea-linked hackers stole $1.34 billion across 47 incidents, more than doubling the previous year’s total. The Bybit attack, which exploited social engineering tactics rather than traditional code vulnerabilities, reflects a shift in hacking strategies towards targeting human elements. While DeFi platforms were historically the primary targets, recent trends indicate an increased focus on centralized exchanges, with private key compromises accounting for 43.8% of stolen crypto in 2024. Strengthening security measures, enhancing private key protection, and prioritizing user education on phishing and social engineering tactics are essential in mitigating risks. [more]