Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and use in lethal autonomous weapons.

They also discuss the return of Volt Typhoon, the Chinese hacker group prepositioning in critical infrastructure for sabotage in the event of a conflict over Taiwan. The group is still around, even though the US government declared victory against it last July.

This episode is also available on Youtube.

Russia launches a criminal probe into Telegram’s founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker.

• Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ‘professional’ Five Eyes cyber espionage agencies like NSA will use AI. These agencies place a premium on stealth and won’t yolo AI.

This episode is available on Youtube.

• How AI-powered espionage will favour China
• Google's AI threat tracker, February 2026

An AI-driven hacking campaign breached 600 Fortinet devices, Ivanti was hacked via its own product, Wikipedia bans Archive-dot-Today for DDoS attacks, and Chinese hackers breached Italy’s police force.

• Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices

They discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket’s answer to the smouldering trashfire: Socket Firewall.

RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections.

• Risky Bulletin: RPKI infrastructure sits on shaky ground

Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don’t have the political will to strike back, having a magic cyber weapon doesn’t really make a difference.

They also talk about ‘distillation attacks’. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead.

This episode is also available on Youtube.

A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers’ devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day.

• Risky Bulletin: Supply chain attack plants backdoor on Android tablets