Cybersecurity Headlines Department of Know: CISA's cryptography categories, Gottumukkala's ChatGPT gotcha, NTLM says goodbye
8 snips
Feb 2, 2026 Nick Espinosa, cybersecurity practitioner focused on incident response and AI risk, and Steve Zalewski, technical analyst with a strategic security lens. They debate CISA's post-quantum cryptography categories and urgency. They call out a misstep uploading sensitive CUI to ChatGPT. They discuss ransomware that destroys keys, NTLM being disabled by default, and autonomous AI agent risks.
AI Snips
Chapters
Transcript
Episode notes
Post-Quantum Readiness Is Becoming Procurement
- CISA's PQC guidance signals post-quantum readiness moving from research to procurement reality.
- Nick Espinosa warns organizations should plan now to prevent future retroactive decryption breaches.
Lock Down AI Acceptable Use
- Reinforce AI acceptable-use policies and enforce data handling controls for sensitive documents.
- Treat public LLMs as unsafe for CUI and use approved internal systems instead.
AI Lowers The Skill Floor For Malware
- AI-generated malware varies widely in quality, creating both amateurish and dangerous variants.
- Poorly built ransomware like Sakari can still cause irreversible damage despite being incompetent.