PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 12th July 2025
Welcome back!
📓 Editor's Note
Not going to lie, life has been pretty hectic over the last few months, and the frequency of the newsletter has suffered as a result. I'm doing my best to fix that and get the right system back in place!
This week’s edition is a bit longer, with lots of links and content that’s been accumulating—so enjoy the read! A couple of other quick notes:
It’s becoming more and more apparent to me that AI security has to follow the same principles as cybersecurity:
Definition matters more than you think: If you can’t agree on what an AI system is, you’ll struggle.
You can’t protect what you don’t know: Get your inventory set up as early as possible and integrate it with your existing inventory.
Trust but verify: Governance is critical, but you also need to know what’s actually running in your environment.
Visibility is key: You must be able to query your data and understand the full lineage—from application to AI use case, to model, to data, to cyber controls, to third parties, to network zones, to vulnerabilities, to software libraries, etc. You should also be able to run what I call a “negative query” to find gaps (e.g. applications running unapproved models that support critical functions).
Absolutely awesome discussion about AI between Daniel Miessler and Marcus Hutchins (also known as MalwareTech—the guy who stopped WannaCry). Lots of interesting arguments for and against AI.
For the sake of transparency, I’ve added a note at the bottom of the newsletter about how much AI was used to generate it.