Latest Articles
An Attacker Quietly Read a Global Stock Exchange Executive’s Inbox for Five Months
For five months, an attacker silently read a senior executive’s Outlook mailbox at a major global stock exchange, exfiltrating in small batches through Dropbox and OneDrive. No CVE to hide behind. Five layers of defence were soft on the same endpoint, on both sides of the contract. The institution and its security vendor have questions to answer.
Claude Security and the Cyber Quadrilemma
Anthropic Claude Security is impressive; however, it is just one pillar of four. Config, Compliance, and Culture remain unbuilt. A Quadrilemma is only resolved when all four pillars stand.
Your AI Tool Doesn’t Know Who It’s Talking To. Neither Do You.
A free tool on GitHub silently swaps Anthropic's Claude Code for cheaper models, and the developer never knows. No hacking. No breach. Just a design gap with a track record. The AI client trusts whatever server it points at. That assumption is now the supply chain.
DeepSeek V4 Has Launched. Time to Seek Deeper and Compare AI Models.
DeepSeek V4 launched on 24 April 2026. Open source. MIT licence. 1 million token context. $0.28 per million output tokens. 99% cheaper than GPT-5.5 and Claude on output. The advisory brief I wrote six weeks ago is now testable. No single model wins everything. But the door for regulated enterprises is now open.
Post-Mortem of 2026’s Biggest Crypto Exploit: Attributed, Not Recovered
The attacker has been attributed. The money may never come back. LayerZero says North Korea's Lazarus Group, the same actors behind the $285M Drift exploit three weeks earlier. KelpDAO and LayerZero now blame each other for the configuration. The bigger truth: you can't sanction a smart contract or extradite a wallet.
2026’s biggest crypto exploit. $13B wiped out.
One transaction. Forty-six minutes. $292M gone. The ensuing panic wiped $13B in the next 48 hours. DeFi has yet to demonstrate the control maturity of a regulated institution. The solution is not complicated. What is missing is the will to prioritise cybersecurity and governance over speed to market.
Year 2029: How Google’s Quantum Warning (Q-Day) Came True, Triggering a Confidence Crisis and Costing One Bank Millions in just two weeks!
A fictional 2029, a real Q-Day. Not a single account hacked. Not one key cracked. Sinasia Financial Group was asked a question it could not answer. The suspension cost millions. The memo had warned them three years earlier. The board deferred. Q-Day is not a technical event. It is a trust event. With thanks to Marin Ivezic, whose framing reshaped how I see this threat.
Your AI Is Already Hacked
Your AI is already hacked. You just haven't found the breach yet. Three real incidents from Perplexity, McKinsey, and an AI recruiter, and one fictional X thread that feels more like prophecy. Together they reveal the same uncomfortable truth: the industry's rush to deploy AI has outpaced its commitment to securing it. Six things boards and senior leaders must do differently.
Beyond the Market Noise — Rethinking Cybersecurity Vendor Landscape in 2026
When Anthropic launched Claude Code Security last week, cyber stocks fell sharply. The narrative that followed was predictable. This analysis looks beyond the market noise — at what the shift means for CrowdStrike, Okta, SailPoint, Zscaler, Wiz, and others, and how technology and security leaders should think about their vendor landscape in 2026.
From Cryptos to Quantum: The Great Financial Convergence
Seventeen years after the first Bitcoin block, the conversation is no longer centralised versus decentralised. It is how they converge. DeFi, stablecoins, tokenised real-world assets, CBDCs, instant payment rails, AI, and quantum are not separate stories. They are one architecture taking shape. A practitioner's view on how this evolved since 2009, and what it means for leaders today.