The hottest Data security Substack posts right now

And their main takeaways
Category
Top U.S. Politics Topics

What security categories will stay relevant

Frankly Speaking 203 implied HN points 04 Mar 26
🕹 Technology Data security
  1. Many traditional app-level security tools are at risk because large language models can replicate their core workflows, and a category becomes especially vulnerable if big model providers build it or if security teams can cheaply build it themselves with LLMs.
  2. The strongest security companies will be those with real moats — unique data, sensors, infrastructure, and network effects that give them cross-customer visibility and make their detections hard to replicate.
  3. Expect a build renaissance: teams can now create custom AI-driven security tooling cheaply, which reduces buying, makes technical debt easier to manage, and rewards AI-native companies and talent who can operationalize models.

AI Haves and Have-Nots

Dana Blankenhorn: Facing the Future 59 implied HN points 23 Oct 24
🕹 Technology Data security
  1. AI tools are becoming more focused on specific markets rather than serving everyone broadly. Companies are looking for niche areas to make money instead of trying to compete with big players.
  2. Using AI will likely come with costs in the future, leading to a divide between those who can afford it and those who cannot. This shift could create a two-tiered internet experience.
  3. As AI and tech services become paywall-heavy, they may lose a lot of casual users, much like publications did when they went behind paywalls. This might limit access to quality information for many people.

The Tea App Breach - 60GB of Personal Info

The Lunduke Journal of Technology 6893 implied HN points 25 Jul 25
🕹 Technology Data security
  1. The Tea App was hacked, exposing a massive amount of personal data including selfies and IDs. This shows that even apps claiming to protect users can have serious security flaws.
  2. When user data is stored, there's a high chance it will be hacked eventually, so it's important to be cautious.
  3. To protect yourself, services should delete unnecessary data immediately after it's no longer needed. Keeping less data makes it harder for hackers to steal it.

Cybersecurity predictions for 2025

Frankly Speaking 152 implied HN points 10 Dec 25
🕹 Technology Data security
  1. Security budgets are changing, focusing more on hiring skilled people rather than just buying tools. This shift means companies want to solve problems with real expertise instead of relying heavily on tech alone.
  2. AI is expected to breathe new life into older security areas that haven't kept up with changes in technology. By understanding context better, AI can help improve outdated solutions in data and application security.
  3. The role of security operations centers (SOCs) is likely to change significantly. Companies may reconsider the need for large SOCs and look for more efficient ways to manage security functions, especially using AI.

Issue #10 - The Data Lifecycle

The Data Ecosystem 159 implied HN points 16 Jun 24
🕹 Technology Data security
  1. The data lifecycle includes all the steps from when data is created until it is no longer needed. This helps organizations understand how to manage and use their data effectively.
  2. Different people and companies might describe the data lifecycle in slightly different ways, which can be confusing. It's important to have a clear understanding of what each term means in context.
  3. Properly managing data involves stages like storage, analysis, and even disposal or archiving. This ensures data remains useful and complies with regulations.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

A Comprehensive Approach to Using LLMs

Gradient Flow 519 implied HN points 05 Oct 23
🕹 Technology Data security
  1. Starting with proprietary models through public APIs, like GPT-4 or GPT-3.5, is a common and easy way to begin working with Large Language Models (LLMs). This stage allows exploration with tools like Haystack.
  2. Transitioning to open source LLMs provides benefits like cost control, speed, and stability, but requires expertise in managing models, data, and infrastructure. Using open source LLMs like Llama models from Anyscale can be efficient.
  3. Creating custom LLMs offers advantages of tailored accuracy and performance for specific tasks or domains, though it requires calibration and domain-specific data. Managing multiple custom LLMs enhances performance and user experience but demands robust serving infrastructure.

Data security should be making a comeback

Frankly Speaking 254 implied HN points 10 Jun 25
🕹 Technology Data security
  1. Data security needs a fresh look because the way we use and manage data has changed a lot. With new technologies, protecting data is more complicated now.
  2. Current tools often struggle with identifying what data is sensitive and how to handle it properly. We need better solutions that help organizations use their data wisely while keeping it safe.
  3. Companies must rethink how they approach data risk. Creating clear guidelines on how data can be used could help in managing security while still allowing businesses to benefit from their data.

NIST's "Strategies for Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines"

Resilient Cyber 159 implied HN points 13 Feb 24
🕹 Technology Data security
  1. Software supply chain attacks are on the rise, so companies need to protect their processes from potential risks. Understanding these threats is key for organizations that rely on software.
  2. NIST provides guidelines to help organizations improve their software security in DevSecOps environments. By following their advice, companies can ensure that their software development processes are safe from compromise.
  3. Implementing zero-trust principles and automating security checks during software development can greatly reduce the risk of attacks. This means controlling access and regularly checking for vulnerabilities throughout the development cycle.

Import AI 319: Sovereign AI; Facebook's weights leak on torrent networks; Google might have made a better optimizer than Adam!

Import AI 439 implied HN points 06 Mar 23
🕹 Technology Data security
  1. Google researchers achieved promising results by scaling a Vision Transformer to 22B parameters, showcasing improved alignment to human visual perception.
  2. Google introduced a potentially better optimizer called Lion, showing outstanding performance across various models and tasks, including setting a new high score on ImageNet.
  3. A shift toward sovereign AI systems is emerging globally, driven by the need for countries to develop their own AI capabilities to enhance national security and economic competitiveness.

SB 1047 with Socialist Characteristics: China’s Algorithm Registry in the LLM Era

ChinaTalk 355 implied HN points 14 Nov 24
🕹 Technology Data security
  1. China has introduced strict rules for generative AI, requiring all output to reflect socialist values. This highlights the government's focus on controlling AI content that interacts with the public.
  2. There are two separate registration processes for algorithms in China: a simpler one for regular algorithms and a more complex one for generative AI. The more complicated process involves direct testing by authorities, making it tougher for companies to launch AI products.
  3. The regulatory environment is still evolving and can be confusing for companies. Some might face delays in getting their models approved, which could lead to a preference for targeting businesses over regular consumers.

Net Positive?

Technically Optimistic 39 implied HN points 03 May 24
🕹 Technology Data security
  1. Net neutrality ensures equal access to internet services without discrimination or throttling by ISPs.
  2. Government oversight aims to hold providers accountable for service quality, security, and consumer data protection.
  3. Allowing ISPs to control access and pricing without regulation could widen the privilege gap and hinder access to essential services.

How Privacy Policies Really Work

DeFi Education 459 implied HN points 25 Nov 22
🔮 Crypto Data security
  1. Companies must follow privacy laws like GDPR, which set strict rules on how to collect and use personal data. Breaking these rules can lead to big fines and even legal trouble for executives.
  2. Privacy policies are crucial because they inform users about what data is collected and how it is used. Companies are updating their privacy policies to reflect what they actually do with data.
  3. Using services like Metamask means sharing your data, like your IP address and Ethereum wallet address. It's essential to be cautious and consider using privacy tools to protect your information.

China's CCP-controlled 'Little Red Book' app drives home two messages: America stinks and China rules

The Dossier 168 implied HN points 17 Jan 25
🇺🇸 U.S. Politics Data security
  1. The 'Little Red Book' app is heavily controlled by the Chinese government, promoting ideas like 'America stinks' and 'China rules'.
  2. Users experience strict censorship on sensitive topics, which is very different from American social media where more free expression is allowed.
  3. Downloading this app carries risks due to Chinese data laws that allow the government access to personal user data, posing privacy concerns for American users.

Data Wars and the DOJ

ChinaTalk 207 implied HN points 12 Nov 24
🇺🇸 U.S. Politics Data security
  1. The DOJ is creating new data security rules to help protect American personal data from foreign threats. This is important because foreign adversaries could use sensitive information against us.
  2. Companies need to be careful about how they handle sensitive data, especially when dealing with countries considered 'adversarial'. There will be strict rules about who they can sell data to and how to keep it secure.
  3. Public feedback is vital in shaping these new rules. The DOJ wants companies to share their thoughts so they can finalize a plan that protects national security without harming the economy.

Would you like some surveillance capitalism with your sandwich?

The Joyous Struggle 197 implied HN points 14 Oct 22
🕹 Technology Data security
  1. Technology and capitalism are intertwined, impacting our daily experiences and evolving our lived realities.
  2. Surveillance capitalism, based on data extraction and manipulation, can lead to a loss of personal control and invasion of privacy.
  3. The normalization of compulsory data sharing in society poses a threat to individual autonomy and shifts the balance from citizens to consumers.

Securing Data in an AI-First World with Microsoft Purview

Rod’s Blog 19 implied HN points 06 Feb 24
🕹 Technology Data security
  1. Microsoft Purview is a top industry solution for managing data estates, offering governance, protection, and management.
  2. The latest enhancements to Microsoft Purview and Microsoft Defender focus on securing data in the context of generative AI, providing visibility, protection, and compliance controls.
  3. Organizations can leverage Microsoft Purview and Microsoft Defender to securely adopt AI, ensuring data protection while harnessing AI's full potential.

Colorado Farmers Win Their Right To Repair: Week in Repair

Fight to Repair 19 implied HN points 28 Apr 23
🇺🇸 U.S. Politics Data security
  1. Colorado became the first state to pass a right to repair law for agricultural equipment. This empowers farmers to access information, parts, and software for repairs, reducing delays and costs.
  2. National and federal momentum is growing for right to repair laws. Federal legislation has gained more bipartisan support, with 8 new sponsors joining the REPAIR Act in the U.S. House of Representatives.
  3. Discarded routers still contain sensitive data, highlighting the need for more efficient data wiping methods. Research shows that a significant portion of discarded electronics can still be functional or in need of minor repairs, urging for mandatory reuse efforts.

Announcing the 2025 Cyber 150

The Security Industry 21 implied HN points 13 Jan 25
🕹 Technology Data security
  1. The 2025 Cyber 150 list highlights the fastest growing midsize cybersecurity companies, showcasing how many of them have expanded significantly over the last year.
  2. Dopple was the standout performer, increasing its headcount by 217%, which shows that some companies can grow rapidly even in a competitive market.
  3. Overall, these companies have raised a total of $8.6 billion in funding, and their success attracts even more investment, allowing them to grow and hire more employees.

August Open Thread and Data Leak Update (2025)

The Corbett Report 6 implied HN points 03 Aug 25
🕹 Technology Data security
  1. There's been a major data leak affecting some users, but luckily no financial info or passwords were exposed. Only names and email addresses were involved.
  2. The response to the leak has been slow, with limited media coverage and the organization behind the service not treating it with the urgency it deserves.
  3. The membership sign-up process is being updated, and there will be new resources released soon on how to better manage email privacy.

Security Is Not An Encryption Problem

Security Is 1 HN point 17 Jul 24
🕹 Technology Data security
  1. Encryption is important, but it's often treated as a checkbox in cloud environments. Many people believe that encryption at rest and in transit fully secures their data, but this isn't always the case.
  2. In cloud settings, especially with services like AWS, anyone with the right permissions can access data regardless of whether it's encrypted at rest. This means encrypting data on the storage level may not offer as much protection as people think.
  3. Instead of focusing heavily on encryption, businesses should prioritize their access controls and permissions. Properly managing who can access what data is often a much more critical aspect of security.

Do text embeddings perfectly encode text?

The Gradient 42 implied HN points 06 Mar 24
🕹 Technology Data security
  1. Text embeddings may not perfectly encode text, raising concerns about security protocols for embedded data.
  2. The 'Vec2text' solution aims to accurately revert embeddings back into text, highlighting the need for data security measures.
  3. The challenge of recovering text from embeddings is being addressed in research, questioning the security of using embedding vectors for information storage and communication.

Cảnh báo: lỗ hổng lộ thông tin gần 25 triệu người đã tiêm vaccine ở Việt Nam

Thái | Hacker | Kỹ sư tin tặc 59 implied HN points 04 Oct 21
🕹 Technology Data security
  1. Nearly 25 million people who have received vaccines in Vietnam may have had their personal information exposed due to security vulnerabilities in the national electronic health record system.
  2. The leaked information includes sensitive data like names, addresses, ID numbers, phone numbers, workplaces, and health insurance details, putting individuals at risk of privacy breaches and potential misuse.
  3. Discovering and addressing software vulnerabilities is crucial, but fixing underlying systemic issues, fostering transparency, and inviting expert collaboration upfront can prevent larger security breaches in the future.

Beyond the attention economy, true power lies in access to individuals

storyvoyager 7 implied HN points 21 Jan 25
🕹 Technology Data security
  1. Access to individuals is the key to power in today's digital world. Just like past authoritarian regimes used information to control people, social media platforms use our data for economic gain.
  2. TikTok's popularity raises concerns about privacy and power. Its ability to collect user data makes it a potential national security threat, highlighting how digital platforms can influence politics and society.
  3. The future of social media could either deepen inequalities or promote positive change. As technology evolves, we need to decide how we want to use these platforms to influence our lives and the world.

Câu hỏi thường gặp về vụ lộ dữ liệu Sổ sức khỏe điện tử

Thái | Hacker | Kỹ sư tin tặc 19 implied HN points 06 Oct 21
🏥 Health & Wellness Data security
  1. Data from COVID vaccination in Vietnam may end up in an electronic health book, including personal information like name, birthday, address, phone number, ID numbers - which can be exploited by malicious individuals.
  2. If personal data is compromised, it can lead to identity theft and phishing scams, where attackers use the information to impersonate for financial gain.
  3. Advocating for open-source systems in COVID apps can increase security by allowing experts to assess and enhance the products, potentially preventing data breaches and vulnerabilities.

20250112

Curious futures (KGhosh) 4 implied HN points 12 Jan 25
🕹 Technology Data security
  1. Big food companies are using marketing tactics similar to those of Big Tobacco, especially targeting children and minorities, making processed foods addictive.
  2. Many employees feel overwhelmed by AI in the workplace, despite executives believing it will improve productivity. This added pressure is causing burnout for workers.
  3. There's an exciting future ahead with new technologies, like nuclear batteries, but we need to be careful about their use and how we protect data as we embrace innovation.