Joe Uchill
@joeuchill.bsky.social
Potential game show contestant.
Former Axios, The Hill, Passcode. Founder of the Codebook cybersecurity newsletter. Once got lost in a Starbucks.
Former Axios, The Hill, Passcode. Founder of the Codebook cybersecurity newsletter. Once got lost in a Starbucks.
I have no idea what being a contributing writer for a fascist rag has to do with despising [mOLa rAM fROM inDiANA jONeS] that was created for children to sympathize with indigenous populations
November 10, 2025 at 7:45 PM
I have no idea what being a contributing writer for a fascist rag has to do with despising [mOLa rAM fROM inDiANA jONeS] that was created for children to sympathize with indigenous populations
The claim here is that they analyzed 2800 ransomware events and 2272 were from groups that use AI. That's not necessarily the same thing as AI being used in 2272 events.
The 2272 events are separated by group in a chart on page 9.
The 2272 events are separated by group in a chart on page 9.
November 4, 2025 at 2:00 AM
The claim here is that they analyzed 2800 ransomware events and 2272 were from groups that use AI. That's not necessarily the same thing as AI being used in 2272 events.
The 2272 events are separated by group in a chart on page 9.
The 2272 events are separated by group in a chart on page 9.
p.14-16 lists threat actors who use AI. A ton of these are not ransomware actors. It doesn't explain what ai "data exfiltration" or "malware" or any of these mean. There are no sources.
The aristocrats.
The aristocrats.
November 3, 2025 at 5:59 PM
p.14-16 lists threat actors who use AI. A ton of these are not ransomware actors. It doesn't explain what ai "data exfiltration" or "malware" or any of these mean. There are no sources.
The aristocrats.
The aristocrats.
I can't find anything to suggest that conti - now defunct for a few years - ever used artificial intelligence. I do not see it in the source the study links to.
If anyone can back up the below claim, I'm glad to delete.
If anyone can back up the below claim, I'm glad to delete.
November 3, 2025 at 5:43 PM
I can't find anything to suggest that conti - now defunct for a few years - ever used artificial intelligence. I do not see it in the source the study links to.
If anyone can back up the below claim, I'm glad to delete.
If anyone can back up the below claim, I'm glad to delete.
I can't find anything that suggests Revil uses this technique, though there is evidence they've used vibe coding. Both links to sources are dead.
If anyone can back up the below claim, I'm glad to delete.
If anyone can back up the below claim, I'm glad to delete.
November 3, 2025 at 5:35 PM
I can't find anything that suggests Revil uses this technique, though there is evidence they've used vibe coding. Both links to sources are dead.
If anyone can back up the below claim, I'm glad to delete.
If anyone can back up the below claim, I'm glad to delete.
The paper doesn't mention it, but I will: DeepLocker was a proof of concept designed by IBM.
It's not commercially available malware.
It's not commercially available malware.
November 3, 2025 at 5:26 PM
The paper doesn't mention it, but I will: DeepLocker was a proof of concept designed by IBM.
It's not commercially available malware.
It's not commercially available malware.
I cannot find anything, including the citations in the text, that says Cl0p uses AI to identify important files, rather than a simple search for files. I'm tenuously calling this claim suspicious, but if anyone can confirm Cl0p has an ML scheme, I will delete
November 3, 2025 at 5:23 PM
I cannot find anything, including the citations in the text, that says Cl0p uses AI to identify important files, rather than a simple search for files. I'm tenuously calling this claim suspicious, but if anyone can confirm Cl0p has an ML scheme, I will delete
If you're wondering why any of this matters, here's me fact checking claims in the MIT paper.
There's a claim about Cl0p using AI not substantiated by the citations (one doesn't mention AI, one is 404). But when I Googled to find something to substantiate it...Google AI references the MIT study.
There's a claim about Cl0p using AI not substantiated by the citations (one doesn't mention AI, one is 404). But when I Googled to find something to substantiate it...Google AI references the MIT study.
November 3, 2025 at 5:15 PM
If you're wondering why any of this matters, here's me fact checking claims in the MIT paper.
There's a claim about Cl0p using AI not substantiated by the citations (one doesn't mention AI, one is 404). But when I Googled to find something to substantiate it...Google AI references the MIT study.
There's a claim about Cl0p using AI not substantiated by the citations (one doesn't mention AI, one is 404). But when I Googled to find something to substantiate it...Google AI references the MIT study.
Here's the widely discussed Emotet section. This was a popular point of contention online because Emotet has been defunct for a number of years.
This is the only time "AI-like" shows up in the text. I don't know what that means, especially in a section about AI identifying vulnerable systems.
This is the only time "AI-like" shows up in the text. I don't know what that means, especially in a section about AI identifying vulnerable systems.
November 3, 2025 at 5:04 PM
Here's the widely discussed Emotet section. This was a popular point of contention online because Emotet has been defunct for a number of years.
This is the only time "AI-like" shows up in the text. I don't know what that means, especially in a section about AI identifying vulnerable systems.
This is the only time "AI-like" shows up in the text. I don't know what that means, especially in a section about AI identifying vulnerable systems.
P.8: This is the central claim.
November 3, 2025 at 4:31 PM
P.8: This is the central claim.
p.7 Here, the researchers understand that 2022 (ChatGPT) was the real beginning of the AI boom. It makes the Wannacry and NotPetya claims a little more curious.
November 3, 2025 at 4:28 PM
p.7 Here, the researchers understand that 2022 (ChatGPT) was the real beginning of the AI boom. It makes the Wannacry and NotPetya claims a little more curious.
The linked article here (p. 5) does not say that Shodan and Censys. Censys has some AI features - though it's debatable if they dramatically impact attacker activity. Shodan, as near as I can tell, does not.
Either way, this is a kind of tenuous link between AI and ransomware.
Either way, this is a kind of tenuous link between AI and ransomware.
November 3, 2025 at 4:24 PM
The linked article here (p. 5) does not say that Shodan and Censys. Censys has some AI features - though it's debatable if they dramatically impact attacker activity. Shodan, as near as I can tell, does not.
Either way, this is a kind of tenuous link between AI and ransomware.
Either way, this is a kind of tenuous link between AI and ransomware.
Here's the whole paragraph. Genuinely, if you've got a way for this to make sense, let me know.
November 3, 2025 at 3:39 PM
Here's the whole paragraph. Genuinely, if you've got a way for this to make sense, let me know.
I was going to do a big wrap up thread after reading the entire report. But...hoo boy.
NotPetya and Wannacry were not AI attacks.
NotPetya and Wannacry were not AI attacks.
November 3, 2025 at 3:31 PM
I was going to do a big wrap up thread after reading the entire report. But...hoo boy.
NotPetya and Wannacry were not AI attacks.
NotPetya and Wannacry were not AI attacks.
So, Musk tweeted last week that X is ending their likes-and-retweets algorithm and replacing it with an LLM.
He claims the change is coming 4 to 6 weeks from October 19. Let’s call that mid November to early December. x.com/elonmusk/sta...
He claims the change is coming 4 to 6 weeks from October 19. Let’s call that mid November to early December. x.com/elonmusk/sta...
October 26, 2025 at 3:58 PM
So, Musk tweeted last week that X is ending their likes-and-retweets algorithm and replacing it with an LLM.
He claims the change is coming 4 to 6 weeks from October 19. Let’s call that mid November to early December. x.com/elonmusk/sta...
He claims the change is coming 4 to 6 weeks from October 19. Let’s call that mid November to early December. x.com/elonmusk/sta...
Without looking it up, what percentage of people in your neighborhood know what this means?
October 22, 2025 at 4:24 PM
Without looking it up, what percentage of people in your neighborhood know what this means?
Her line wasn't "As humans have done since before there were records, I'd like you to keep this quiet." It was "By the way - everything I ever sent you was off the record. You're not [someone with a legally or professionally binding reason to abide by this], so it's weird saying that."
October 21, 2025 at 12:57 AM
Her line wasn't "As humans have done since before there were records, I'd like you to keep this quiet." It was "By the way - everything I ever sent you was off the record. You're not [someone with a legally or professionally binding reason to abide by this], so it's weird saying that."
Fun fact: While a journalist might agree to take a conversation off the record, someone not being a journalist doesn't mean they'll automatically keep things you tell them private.
October 21, 2025 at 12:26 AM
Fun fact: While a journalist might agree to take a conversation off the record, someone not being a journalist doesn't mean they'll automatically keep things you tell them private.
I mean, this was the last piece John Mac Ghilonn wrote before explaining male voting migrations.
There’s a chance he might not be a neutral actor
There’s a chance he might not be a neutral actor
October 20, 2025 at 12:53 PM
I mean, this was the last piece John Mac Ghilonn wrote before explaining male voting migrations.
There’s a chance he might not be a neutral actor
There’s a chance he might not be a neutral actor
Today in counterintuitive fourth quarters...
October 20, 2025 at 12:06 AM
Today in counterintuitive fourth quarters...