Heather Adkins
@argv.bsky.social
VP Security at Google. Co-Chair Cybersafety Review Board, Co-Author Building Secure and Reliable Systems. r00t. Medieval historian.
Shared some thoughts on Big Sleep, Code Mender and ffmpeg. X-posting to X because I’m not good at social media. 😎 x.com/argvee/statu...
Heather Adkins - Ꜻ - Spes consilium non est on X: "We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the" / X
We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the
x.com
November 5, 2025 at 10:16 PM
Shared some thoughts on Big Sleep, Code Mender and ffmpeg. X-posting to X because I’m not good at social media. 😎 x.com/argvee/statu...
Stop what you’re doing and read this… don’t get surprised by what’s coming. It’s time to rethink everything you’re doing on cyber defense. H/T to Gadi and Bruce for partnering on this opinion piece. www.csoonline.com/article/4069...
October 8, 2025 at 6:40 PM
Stop what you’re doing and read this… don’t get surprised by what’s coming. It’s time to rethink everything you’re doing on cyber defense. H/T to Gadi and Bruce for partnering on this opinion piece. www.csoonline.com/article/4069...
Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini — goo.gle/bigsleep
Google Issue Tracker
goo.gle
August 4, 2025 at 3:24 PM
Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini — goo.gle/bigsleep
Today @Google Project Zero announced a new trial policy: Reporting Transparency. We’ll now share when we report a security vuln to a vendor within 1 week including products + deadlines. Goal: shrink the patch gap + drive faster, safer updates for users: googleprojectzero.blogspot.com/2025/07/repo...
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals we...
googleprojectzero.blogspot.com
July 30, 2025 at 2:10 AM
Today @Google Project Zero announced a new trial policy: Reporting Transparency. We’ll now share when we report a security vuln to a vendor within 1 week including products + deadlines. Goal: shrink the patch gap + drive faster, safer updates for users: googleprojectzero.blogspot.com/2025/07/repo...
Good article out from @danielmiessler.bsky.social on using AI properly. danielmiessler.com/blog/how-to-...
Why Prompt Engineering and Context Engineering Both Miss the Point
The debate between prompt and context engineering misses what really matters: clear thinking and vision
danielmiessler.com
July 2, 2025 at 9:19 AM
Good article out from @danielmiessler.bsky.social on using AI properly. danielmiessler.com/blog/how-to-...
Some excellent work by @craiggidney.bsky.social that reduces the number of qubits (in a quantum computer) required to break RSA by 20-fold. If you don’t have a migration plan to safe algorithms, now is the time to start one!
I'm often asked if I'll redo the 2019 quantum factoring estimate. Denser storage by yokes, smaller magic factories by cultivation, slimmer approx arithmetic by Chevignard et al… surely the cost is lower now?
Yes, it's lower now.
security.googleblog.com/2025/05/trac...
arxiv.org/abs/2505.15917
Yes, it's lower now.
security.googleblog.com/2025/05/trac...
arxiv.org/abs/2505.15917
May 23, 2025 at 4:23 PM
Some excellent work by @craiggidney.bsky.social that reduces the number of qubits (in a quantum computer) required to break RSA by 20-fold. If you don’t have a migration plan to safe algorithms, now is the time to start one!
Good news: egg production is up! www.ams.usda.gov/mnreports/am...
www.ams.usda.gov
April 9, 2025 at 2:20 AM
Good news: egg production is up! www.ams.usda.gov/mnreports/am...
We will have memory safety… it will take many steps forward, over the long haul. Here’s an update from Chrome on replacing FreeType with a Rust based alternative. developer.chrome.com/blog/memory-...
Memory safety for web fonts | Blog | Chrome for Developers
Learn how and why the Chrome team has replaced FreeType with Skrifa.
developer.chrome.com
March 20, 2025 at 4:06 AM
We will have memory safety… it will take many steps forward, over the long haul. Here’s an update from Chrome on replacing FreeType with a Rust based alternative. developer.chrome.com/blog/memory-...
While listening to @patrick.risky.biz and @metlstorm.risky.biz on this week’s risky biz podcast I dreamt up a nice retirement project: “Case Studies for Security Engineering”. Highly curated technical descriptions of incidents written in such a way that solutioneers can understand attacks. 1/2
March 7, 2025 at 9:53 PM
While listening to @patrick.risky.biz and @metlstorm.risky.biz on this week’s risky biz podcast I dreamt up a nice retirement project: “Case Studies for Security Engineering”. Highly curated technical descriptions of incidents written in such a way that solutioneers can understand attacks. 1/2
Ever wake up in the morning and think to yourself: wish I could do an official review of that incident. 👀
#SaltTyphoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a #threat intelligence report. via @mattkapko.com cyberscoop.com/cisco-talos-...
Salt Typhoon gained initial access to telecoms through Cisco devices
The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos.
cyberscoop.com
February 23, 2025 at 12:51 AM
Ever wake up in the morning and think to yourself: wish I could do an official review of that incident. 👀
Exceptionally good analysis of the current geopolitical discussion re: Ukraine and Russia negotiations. x.com/nicholadrumm...
x.com
x.com
February 22, 2025 at 9:42 PM
Exceptionally good analysis of the current geopolitical discussion re: Ukraine and Russia negotiations. x.com/nicholadrumm...
It's #WorldPasswordDay!! At @Google we're celebrating the journey on deprecating passwords! We're happy to report passkeys have been used 1B+ times across 400M Google Accounts. We're also sharing how we'll use them to protect high risk users: blog.google/technology/s...
Passkeys, Cross-Account Protection and new ways we’re protecting your accounts
For World Password Day, we’re sharing updates to passkeys across our products and sharing more ways we’re keeping people safe online.
blog.google
May 2, 2024 at 9:33 PM
It's #WorldPasswordDay!! At @Google we're celebrating the journey on deprecating passwords! We're happy to report passkeys have been used 1B+ times across 400M Google Accounts. We're also sharing how we'll use them to protect high risk users: blog.google/technology/s...
‘Brand new’ ‘greenfield’ and ‘multi-billion dollar global business’ are not reassuring words to see in a CISO job posting.
April 17, 2024 at 1:40 PM
‘Brand new’ ‘greenfield’ and ‘multi-billion dollar global business’ are not reassuring words to see in a CISO job posting.
Today @MunSecConf #MSC2024 @Google is announcing its AI Cyber Defense Initiative aimed at tapping into the potential AI can bring to defenders and continuing investments in AI-ready tools, research and AI security training: blog.google/technology/safety-security/google-ai-cyber-defense-initiative/
February 16, 2024 at 5:00 AM
Today @MunSecConf #MSC2024 @Google is announcing its AI Cyber Defense Initiative aimed at tapping into the potential AI can bring to defenders and continuing investments in AI-ready tools, research and AI security training: blog.google/technology/safety-security/google-ai-cyber-defense-initiative/
‼️🚨NEW report and blog from the @Google TAG and @Mandiant teams explores the implications of the Israel-Hamas war and where things stand with cyber in the Russian war in Ukraine: blog.google/technology/s...
February 14, 2024 at 6:47 AM
‼️🚨NEW report and blog from the @Google TAG and @Mandiant teams explores the implications of the Israel-Hamas war and where things stand with cyber in the Russian war in Ukraine: blog.google/technology/s...
Excited to see some awesome Safety Engineers in Munich this week!
February 12, 2024 at 9:17 AM
Excited to see some awesome Safety Engineers in Munich this week!
Today I am grateful for those all over the world that dedicate their lives to keeping others safe. Thank you for all the work you do, and wherever you are on the world, Happy Thanksgiving!
November 23, 2023 at 11:46 PM
Today I am grateful for those all over the world that dedicate their lives to keeping others safe. Thank you for all the work you do, and wherever you are on the world, Happy Thanksgiving!
During @AspenDigital's #AspenCyber Summit today in #NYC we announced our latest Titan Security Key which now works with #passkeys & our commitment to provide 100,000 keys to high risk users in 2024. More from at blog.google/technology/safety-security/titan-security-key-google-store/
November 15, 2023 at 6:15 PM
During @AspenDigital's #AspenCyber Summit today in #NYC we announced our latest Titan Security Key which now works with #passkeys & our commitment to provide 100,000 keys to high risk users in 2024. More from at blog.google/technology/safety-security/titan-security-key-google-store/
Today, CISA’s Cyber Safety Review Board announced it will review Cloud Security and assess the recent Microsoft intrusion. Given scope, I have recused myself from the Board’s review. https://www.dhs.gov/news/2023/08/11/department-homeland-securitys-cyber-safety-review-board-conduct-review-cloud
Department of Homeland Security’s Cyber Safety Review Board to Conduct Review on Cloud Security ...
Secretary of Homeland Security Alejandro N. Mayorkas announced that the Cyber Safety Review Board (CSRB) will conduct its next review on the malicious targeting of cloud computing environments.
www.dhs.gov
August 11, 2023 at 3:02 PM
Today, CISA’s Cyber Safety Review Board announced it will review Cloud Security and assess the recent Microsoft intrusion. Given scope, I have recused myself from the Board’s review. https://www.dhs.gov/news/2023/08/11/department-homeland-securitys-cyber-safety-review-board-conduct-review-cloud
The CSRB has released its second ever report on cyber safety, a study of a loosely affiliated hacker group that compromised dozens of well-defended companies with low-complexity attacks. https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-report
Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report | CISA
www.cisa.gov
August 10, 2023 at 1:44 PM
The CSRB has released its second ever report on cyber safety, a study of a loosely affiliated hacker group that compromised dozens of well-defended companies with low-complexity attacks. https://www.cisa.gov/resources-tools/resources/review-attacks-associated-lapsus-and-related-threat-groups-report
Irrationally excited about Blackhat/Defcon/hacker summer camp. See you all in Vegas!
August 7, 2023 at 1:32 AM
Irrationally excited about Blackhat/Defcon/hacker summer camp. See you all in Vegas!
A beautiful Friday afternoon.
April 29, 2023 at 3:52 AM
A beautiful Friday afternoon.
My feed is fully of puppy dogs so balancing the universe with a kitty photo. He apologizes for his sad face, as he is mysteriously missing a claw and is not feeling well. Be rest assured he’s being extremely pampered.
April 28, 2023 at 5:04 AM
My feed is fully of puppy dogs so balancing the universe with a kitty photo. He apologizes for his sad face, as he is mysteriously missing a claw and is not feeling well. Be rest assured he’s being extremely pampered.