-- I have no doubt about it -- and sooner than we are ready for. We can?t predict how much more these models will improve in general, but software seems to be a specialized language that is optimal for AIs.

A couple of weeks ago, I wrote about security in what I called ?the age of instant software,? where AIs are superhumanly good at finding, exploiting, and patching vulnerabilities. I stand by everything I wrote there. The urgency is now greater than ever.

I was also part of a large team that wrote a ?what to do now? report. The guidance is largely correct: We need to prepare for a world where zero-day exploits are dime-a-dozen, and lots of attackers suddenly have offensive capabilities that far outstrip their skills.

** *** ***** ******* *********** *************
How Hackers Are Thinking About AI

[2026.04.14] Interesting paper: ?What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation.?

Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to intensify the scale and sophistication of attacks by seasoned cybercriminals. This paper examines the evolving relationship between cybercriminals and AI using a unique dataset from a cyber threat intelligence platform. Analyzing more than 160 cybercrime forum conversations collected over seven months, our research reveals how cybercriminals understand AI and discuss how they can exploit its capabilities. Their exchanges reflect growing curiosity about AI?s criminal applications through legal tools and dedicated criminal tools, but also doubts and anxieties about AI?s effectiveness and its effects on their business models and operational security. The study documents attempts to misuse legitimate AI tools and develop bespoke models tailored for illicit purposes. Combining the diffusion of innovation framework with thematic analysis, the paper provides an in-depth view of emerging AI-enabled cybercrime and offers practical insights for law enforcement and policymakers.

** *** ***** ******* *********** *************
Upcoming Speaking Engagements

[2026.04.14] This is a current list of where and when I am scheduled to speak:

I?m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026.
I?m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026.
I?m speaking at the Greater Good Gathering in New York City, USA, on Tuesday, April 21, 2026.
I?m speaking at the Nemertes [Next] Virtual Conference Spring 2026, a virtual event, on April 29, 2026.
I?m speaking at RightsCon 2026 in Lusaka, Zambia, on May 6 and 7, 2026.
I?m giving a keynote address and participating in a panel discussion at an ICTLuxembourg event called ?Europe at the Crossroads of AI, Power & the Future of Democracy.? The event will be held at the University of Luxembourg?s Belval Campus on May 12, 2026.
I?m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24 -- 25, 2026, and my talk will be the evening of June 24.
I?m speaking at the Digital Humanism Conference in Vienna, Austria, on Tuesday, June 26, 2026.
I?m speaking at the Nuremberg Digital Festival in Nuremburg, Germany, on Wednesday, July 1, 2026.

The list is maintained on this page.

** *** ***** ******* *********** *************

Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security technology. To subscribe, or to read back issues, see Crypto-Gram's web page.

You can also read these articles on my blog, Schneier on Security.

Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of over one dozen books -- including his latest, Rewiring Democracy -- as well as hundreds of articles, essays, and academic papers. His newsletter and blog are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc.

Copyright ? 2026 by Bruce Schneier.
--- FMail-lnx 2.3.2.6-B20251227
* Origin: TCOB1 A Mail Only System (21:1/229)