PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 13th April 2025
Welcome back!
📓 Editor's Note
Hey there! I'm excited to introduce a fresh look for the newsletter. I've decided to switch things up a bit, and here's why: I noticed that longer newsletters weren't getting as much engagement, and honestly, writing a full article every week was quite the task!
So, here's the new plan:
I'm bringing back my trusty matrix to break down the week's info into categories like disruptive, predictable, significant, and trivial. The goal is to help you focus on what really matters!
You'll still find a curated list of key articles, news, and research, with an even sharper focus on the intersection of AI and cyber. I'll also be adding my own thoughts and insights.
Plus, I'll continue to share longer articles twice a month, which you'll find in the "My Work" section (which there is none this week as I was traveling for work 😁)
And don't worry, the "Wisdom of the Week" is still here to offer a bit of relaxation or philosophical musings.
I'd love to hear your thoughts—feel free to use the pool below to share your feedback. Enjoy!
I’m also on holidays for the next two weeks so can’t guarantee you will receive a newsletter! Sometime it’s great to fully disconnect and enjoy family, friends and life!
🚨 What you need to know
📰 AI / Cyber Security News
[Cyber] The (Geo)Politics and Cyber Security
This is obviously not meant to be a political newsletter and I won’t comment on everything that is happening in the world. That we like or don’t like the new US administration is not the question, the question is how are those decisions impacting the overall cyber security ecosystem. And the least we can say is that there will be some impact. You might think you are not impacted by this but cutting CISA workforce, going after a previous CISA Director (and here), firing the head of US Cyber Command and NSA will have a lasting impact on the whole industry.
Some good insight from Tenable as well on how to approach the impact of geopolitics on your cyber security program.
[AI] Interoperability of Agent - the Big Agent Marketplace is Coming?
Previously, we discussed the workflow of agents and MCP. A crucial element that was lacking was the full interoperability and connectivity between agents. We now have a new Agent-to-Agent protocol that facilitates communication between agents, allowing company A agent to depend on company B agent. This capability effectively enabling specialized agents to operate using specific data and context. The future envisions a vast marketplace of agents capable of interacting with one another, utilizing appropriate context and memory. This development is highly exciting. » READ MORE
[AI Security] Model Context Protocol: Implication on Identity Security and Access Risks for modern AI-powered apps
Still on MCP 😀 the promises to unify AI-to-data integration, streamlining how agents access enterprise resources. But this convenience introduces significant identity and access risks. AI agents often operate through ephemeral service accounts, lacking MFA or human-like profiles, and can silently accumulate broad entitlements. Without clear boundaries, they risk triggering permission creep, identity masquerading, and cross-system access drift. » READ MORE
[AI Security] New Vulnerability in GitHub Copilot and Cursor
My social media timeline is so full of vibe coding posts…I’ll skip the part where people are promising “one prompt to build a full application”…I covered previously some of the security risk and this one is even more sneaky. By compromising some of the key files used by GitHub Copilot or Cursor an attacker can literally influence the AI directly » READ MORE
[AI Threat] AkiraBot: AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale
SpamBots are nothing new, they have been around for a long time. However, they are getting an “AI upgrade”. The AkiraBot is leveraging LLM to shill dubious SEO strategy “en mass”. The LLM part of this is interesting because it shows exactly what was anticipated: creation of custom messages for each website, highly accurate and targeted. » READ MORE
[Cyber] Ivanti|Fortinet debacle
This is not new, this is known and sadly will continue to happen. How can a security company misidentified a buffer overflow as a “product bug”? Not to ask why do we still have buffer overflow in such security product? Well, guess what nation state actors are not waiting and have been exploiting it. The random script kiddies has started to do the same as PoC have been released on Github. The usual words of advise: If you can’t patch your internet facing system in less than 24h then you shouldn’t be in this business. And check your telemetry. You can’t hunt or investigate what you don’t have. You need all of the telemetry you can have from those appliances. » READ MORE
PS: the same apply for Fortinet
[Cyber] A Plan is Not a Strategy
I’m not going to hide that I’m a big fan of Phil Venable and he just posted another very interesting article. Do me a favor and even if you are in the cyber/CISO business for a long time go read this one. Love the conclusion: “[…] planning is not strategy. Strategy is something entirely different. It’s your coherent theory of how to win […]”. » READ MORE
🔬 Research Papers
Hallucination Mitigation Using Agentic AI Natural Language-Based Frameworks
As we all know, hallucinations is still a big problem and causing significant trust issue towards AI applications. Whilst the implication are not too terrible for your personal usage (you might look foolish at diner) the consequences of it in an enterprise setup could be much more important. In this study, researchers explore how using multiple specialized AI agents can help reduce inaccuracies in AI-generated content by refining responses through a structured multi-agent framework. » READ MORE
SPONSORED BY
Learn how to make AI work for you
AI won’t take your job, but a person using AI might. That’s why 1,000,000+ professionals read The Rundown AI – the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.
Wisdom of the week
At your absolute best, you still won't be good enough for the wrong person. At your worst, you'll still be worth it to the right person.
Till next time!
Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.