The hottest Security Substack posts right now

And their main takeaways
Category
Top U.S. Politics Topics

Day in the Life: Building a Prototype with My AI Agent

Boring AppSec 7 implied HN points 13 Feb 26
🕹 Technology Security
  1. Defense in depth and human-in-the-loop gates really matter. Layered controls—allowlists, sandboxed subagents, firewalls, Tailscale, and ephemeral VMs—stopped an agent from autonomously exposing services and required manual approval where needed.
  2. Tool policy enforcement beats plain filesystem isolation. A sandbox that restricts actions like exec/gateway/message is safer than a VM-only approach, and the ideal is VM-aware sandboxes that enforce tool policies inside ephemeral VMs.
  3. The main unsandboxed agent, secrets, and prompt injection are the biggest risks. Use least privilege, just-in-time secrets injection, exposure audit logs, and require explicit user approval for network exposure to mitigate them.

Multi-agent orchestration in Slack | Saleforce's Kurtis Kemple

Dev Interrupted 9 implied HN points 10 Feb 26
🕹 Technology Security
  1. Chat platforms are becoming agent orchestration hubs where humans and bots work together in real time, and organizations will need higher-level "super agents" to connect and manage isolated agent workflows.
  2. New agent ecosystems introduce fresh risks and human dependencies—agents forming their own social networks and services that hire people for tasks raise security, legal, and ethical concerns, and rogue or exploitable agent chains are a real threat.
  3. Widespread agent adoption will reshape how software is developed and how open source is consumed, shifting teams toward autonomous observe-orient-decide-act workflows and transforming open source projects to serve agent-driven use cases rather than disappearing.

#42: Five Enterprise AI Reversals From 2025

OSS.fund Newsletter 37 implied HN points 01 Jan 26
🕹 Technology Security
  1. Human agents are still essential as the safety and empathy layer alongside AI, so companies must design and budget for hybrid human+AI workflows with clear escalation and QA paths.
  2. Enterprise buying now demands predictable, governable pricing and clear unit economics, pushing vendors toward outcome- or unit-based costing and hybrid seat/credit models that finance can forecast and control.
  3. The real enterprise risk and competitive moat is in orchestration, connectors, and governance — permissions, logging, and blast-radius controls (plus compliance posture and multi-model routing) are becoming hard buying criteria.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Iran Will Strike Back Hard

John’s Substack 16 implied HN points 30 Jan 26
🌍 World Politics Security
  1. Peace talks over Ukraine are mostly kabuki theater, and the conflict is likely to be settled on the battlefield.
  2. A US attack on Iran seems doubtful because military force can’t reliably produce regime change, and Iran could retaliate in ways that would be hugely costly for Israel, the US, and the global economy.
  3. There’s real uncertainty about what the US will do next, especially under Trump, and that uncertainty ties into a bigger question about whether the US is entering a Cold War 2.0 with China and Russia.

German lawmaker denounces Ukraine 'proxy war' and US 'terrorist attack' on Nord Stream pipelines

Geopolitical Economy Report 538 implied HN points 24 Feb 23
🌍 World Politics Security
  1. German lawmaker Sevim Dağdelen criticizes NATO's involvement in Ukraine as a 'proxy war' and highlights the EU acting as 'vassals' to the US.
  2. Dağdelen condemns the economic war against Russia and calls for Europe to assert its independence and prioritize diplomacy to end the conflict in Ukraine.
  3. The lack of outrage over the alleged US 'terrorist attack' on the German-Russian Nord Stream pipelines illustrates Germany's subservience to the US, revealing the need for truth and peace initiatives to counter war propaganda.

Bowling with Bowe Bergdahl on Bragg

The Hunt for Tom Clancy 275 implied HN points 19 Jan 24
🌍 World Politics Security
  1. The event took place on the day before a pre-trial hearing at Fort Bragg for the Bowe Bergdahl trial.
  2. There was a festive atmosphere at Fort Bragg, with paratroopers, families, and press attending a Christmas/holiday concert.
  3. Significant costs were incurred for the legal proceedings of Bergdahl's case, estimated to be in the millions of dollars.

Third-party risk management needs to change

Frankly Speaking 50 implied HN points 03 Dec 25
💼 Business Security
  1. The current way companies choose vendors is too slow and complicated for today's fast-moving tech world. It takes too long to get through all the approvals and checks.
  2. Security teams often struggle to fully understand the products they assess, which makes the process messy and can lead to risks being overlooked. They should focus more on ongoing monitoring rather than just initial assessments.
  3. Compliance checks for vendors are often just a tick-box exercise, making it feel like there’s security without real effectiveness. Companies need to adapt and change how they approach procurement to reduce risks.

NATO/West or Global Majority? Unipolar destruction or multipolar development? The world must choose

Geopolitical Economy Report 358 implied HN points 05 Dec 23
🌍 World Politics Security
  1. The world is at a critical point between NATO/West and the Global Majority, offering a choice between unipolar destruction or multipolar development.
  2. Political economists analyze the fracturing international order, discussing conflicts in Israel, Ukraine, Russia, Argentina, and Europe.
  3. There is a growing polarization within Western countries, with emphasis on pursuing militaristic policies versus policies favoring peace and development in line with other global majority countries like China and Russia.

February 5, 2024: Russian Digest

Unmasking Russia 235 implied HN points 06 Feb 24
🌍 World Politics Security
  1. Russian forces destroyed a hotel in Ukraine, trapping civilians under rubble
  2. Millions of barrels of fuel made from Russian oil are still being imported to the UK through a refining loophole
  3. Turkey is demanding new gas discounts from Putin during his visit to Ankara

Closed vs Open

Points And Figures 612 implied HN points 28 Jan 25
🔮 Crypto Security
  1. Quantum computing could potentially break the security of cryptocurrencies like Bitcoin. This means new, stronger security measures might be needed constantly.
  2. Crypto operates on an open network that encourages wide accessibility and data collection, while traditional fiat systems are closed and controlled by central authorities like the Federal Reserve.
  3. There's a debate about whether the benefits of paying to use a closed financial system outweigh the risks of using an open one, especially with the advent of advanced technologies.

There is a Russia Iran news outlet blackout across the internet.

C.O.P. Central Organizing Principle. 24 implied HN points 04 Jan 26
📰 News Security
  1. Several major Russian state outlets and Iran's Press TV are currently inaccessible online, with sites like RT and TASS showing "website can't be reached" errors.
  2. The outage looks widespread and simultaneous, suggesting it’s more than a simple isolated technical problem.
  3. If the blackout continues, it could significantly disrupt official news flow and change how people access information about events in those countries.

Staking Ethereum and Safe Wallets

DeFi Education 659 implied HN points 28 Jun 23
🔮 Crypto Security
  1. Using hardware wallets like Trezor is recommended for better security. Metamask is also a good software wallet, but be cautious with privacy.
  2. Solo staking is the best option if you have the technical skills and resources. It offers full control and rewards, but requires a lot of maintenance.
  3. If you prefer not to manage everything yourself, consider pooled staking services like Rocket Pool. They can simplify the process but come with some extra risks.

Import AI 343: Humanlike AI; LLaMa 2 protests; the NSA's new AI center

Import AI 439 implied HN points 09 Oct 23
🕹 Technology Security
  1. Google DeepMind and 33 labs created a large dataset for training robots, showing that using heterogeneous data and high-capacity models improves robot performance.
  2. Protests have begun against Facebook for releasing AI models that can be easily modified, raising concerns about AI safety becoming a political issue.
  3. Generative image models are displaying human-like qualities in tasks, like shape bias and understanding perceptual illusions, suggesting a convergence between AI systems and humans.

Issue #116

Infra Weekly Newsletter 4 implied HN points 26 Feb 26
🕹 Technology Security
  1. Openclaw is a must-see demo that hints at a revolutionary capability, but it also raises serious security and safety concerns that need urgent attention.
  2. Trying to build services "Made in EU" is harder than it sounds because app distribution and common logins still tie you to US platforms, but there are many affordable EU hosters, auth and mail providers and de-Googled options like Sailfish OS that help keep data in Europe and support technical sovereignty.
  3. NixOS offers strong reproducibility, atomic updates and rollbacks for infrastructure, so creating Kubernetes inside VMs with imperative tools like kubeadm can undercut that declarative approach; using Nix to manage clusters is educational but the tooling choices matter for true reproducibility.

Introducing the Symposium

The Cosmopolitan Globalist 7 implied HN points 10 Feb 26
🌍 World Politics Security
  1. A weekly, open 'Symposium' will replace the strict Middle East course model, offering a new global topic each week with shorter required readings so subscribers can drop in when a topic interests them.
  2. An optional expository writing module will follow the discussion, is cumulative, and asks participants to commit to attending regularly so writing feedback can build over time.
  3. The inaugural session asks whether the liberal international order has collapsed, features Terry Glavin as guest, and comes with an extensive curated reading list, speeches, debates, and study questions to guide the conversation.

Caution: Hack Impacting Crypto-Savvy Users (+ Market Update)

DeFi Education 839 implied HN points 20 Apr 23
🔮 Crypto Security
  1. There is a troubling trend of hacks affecting experienced crypto users, including early Ethereum wallet holders. These users are usually security-conscious, which raises questions about how the hacks are happening.
  2. The hacks started in December 2022 and have resulted in over $10 million in stolen assets across multiple chains. A wide variety of wallets have been targeted without a clear pattern emerging.
  3. Even users of hardware wallets are not safe from these hacks. It's crucial to understand how crypto transactions work to really protect your assets, as malware can trick you into signing bad transactions.

New DARPA Tidbit

FOIA Around And Find Out 432 implied HN points 28 May 23
🕹 Technology Security
  1. ODNI engaged DARPA for litigation consultation on October 7, 2016 attribution statement
  2. Connection between Alfa Bank researchers, DARPA, and DNC hack attribution being explored
  3. Progress being made in uncovering information related to the DNC hack

MCP Is Just an API

The API Changelog 9 implied HN points 06 Feb 26
🕹 Technology Security
  1. MCP is basically another kind of API that lets LLMs access live data and perform real-time actions, making agents more useful.
  2. The spec is evolving fast and now has major industry backing, which pushes it toward becoming a reliable standard. That rapid change also creates adoption, versioning, and security gaps that need tooling, best practices, and governance.
  3. API product teams and existing OpenAPI practices are well placed to manage MCPs, since good API design leads to better MCP servers and the ecosystem will need product-focused governance, gateways, and UI/app support.

Academia's Putinverstehers

The Cosmopolitan Globalist 15 implied HN points 21 Jan 26
🌍 World Politics Security
  1. Some foreign-policy “realists” excuse Russian aggression by prioritizing “stability” and blaming NATO. That approach freezes conquest, rewards violence, and makes larger wars more likely.
  2. Treating Russia as a stable “great power” or a normal nation-state misreads its nature. It is an imperial, declining regime that relies on domination and extraction rather than consent.
  3. Denying the agency of invaded peoples and urging concessions sidelines their rights and emboldens aggressors. The sober answer is to make aggression fail materially so violence no longer pays.

The Last Laptop You'll Ever Need For Crypto

DeFi Education 1019 implied HN points 07 Feb 23
🔮 Crypto Security
  1. Many people have lost lots of money in crypto scams, and hackers are getting smart. Good security is super important for keeping your money safe.
  2. There's a new laptop designed specifically for crypto security. It uses special software and tools to protect your data and makes it easier to use safely.
  3. This laptop isn't for everyone—it's aimed at serious users like business owners and developers who handle a lot of money. If you're not tech-savvy, it could save you headaches.

Mass Hysteria? Iran? China? The U.S. Military? How the Leading Drone Theories Stack Up.

Common Sense with Bari Weiss 635 implied HN points 17 Dec 24
🇺🇸 U.S. Politics Security
  1. There have been many sightings of large drones in New Jersey, leading to speculation about their origins. Some lawmakers think they might be from countries like Iran or China.
  2. The U.S. government claims there is no threat from these drones, suggesting people might be mistaking them for small aircraft instead.
  3. Despite official reassurances, many Americans and some politicians feel like there's more to the story and are skeptical of the government's explanations.

Demystifying secure NFS

Blog System/5 744 implied HN points 04 Nov 24
🕹 Technology Security
  1. NFSv3 is not secure because it trusts clients too much and does not encrypt traffic. This means anyone on the network can access sensitive data if they can impersonate a user.
  2. NFSv4 is much better because it uses usernames for permission checks and can work with Kerberos for strong security features. This ensures that only authorized users can access files.
  3. Setting up NFSv4 with Kerberos can be really complicated, but it's important for protecting data. Proper configuration is crucial, and sometimes mistakes can lead to security issues.

Improving Security Data Lake Efficiency with Log Filtering

Detection at Scale 119 implied HN points 08 Apr 24
🕹 Technology Security
  1. Security teams can optimize SIEM costs and improve data management by filtering logs effectively before they are ingested into the system. Filtering can enhance security data lake efficiency, reducing unnecessary costs and improving overall data quality.
  2. Starting with clear intentions and asking key questions about data value, cost constraints, and threat visibility can help in creating a comprehensive and cost-efficient log filtering program.
  3. Filtering at various stages - source, in transit, and within the SIEM itself - allows security teams to reduce storage costs, optimize performance, improve data quality, and enhance the relevance of collected logs.

Is RBAC Still Relevant? Am I?

Permit.io’s Substack 99 implied HN points 25 Apr 24
🕹 Technology Security
  1. RBAC is still important as it simplifies the management of user permissions by linking them to roles, making it easier for developers and users to understand.
  2. Newer models like ABAC and ReBAC are gaining popularity because they offer more flexibility and can handle complex permission requirements better than RBAC.
  3. Using RBAC as a foundation allows developers to build more advanced authorization systems by layering on additional models, adapting to the changing needs of applications.

✨⏩ AI acceleration: the solution to AI risk

Faster, Please! 548 implied HN points 15 Jan 25
🕹 Technology Security
  1. AI development is racing forward, and the first to achieve superintelligence could have a big edge in power and resources.
  2. Speeding up technological progress may actually reduce risks of disasters because it limits the time we stay exposed to dangerous phases of development.
  3. We should focus on managing AI risks through better safety measures instead of slowing down its progress, as slowing down might lead to bigger problems.

Ma Ying-jeou on Sanae Takaichi's recent remarks on Taiwan

Pekingnology 64 implied HN points 15 Nov 25
🌍 World Politics Security
  1. The remarks made by the new Japanese Prime Minister about Taiwan could lead to serious military concerns. This has upset China and stirred tensions between Japan and China.
  2. Japan's recent stance could remind people of its past militarism, which is a sensitive topic, especially for China. Making comments about military actions in Taiwan might not be wise and can cause more trouble.
  3. The concept of collective self-defense is complicated and usually requires discussions with the U.S. before any actions are taken. Some believe the Prime Minister's comments did not follow this important process.

‘If I Die, They’re Dying with Me’

Common Sense with Bari Weiss 1446 implied HN points 28 Feb 24
🇺🇸 U.S. Politics Security
  1. Iraq combat veteran Kristofer Goldsmith leads a team of veterans targeting neo-Nazi terrorists in the US, facing numerous threats and dangers in his line of work.
  2. Google's AI chatbot Gemini has caused controversy by producing absurd and morally questionable responses, highlighting concerns about biased politics influencing tech products.
  3. College student Jack Sweeney has stirred debate by tracking celebrities' private jets on social media, facing legal actions from figures like Taylor Swift and Elon Musk, prompting discussions on privacy, free speech, and data in the digital era.

Unlawful Solicitation

DeFi Education 619 implied HN points 06 Jun 23
🔮 Crypto Security
  1. The SEC has accused Binance of running a deceptive operation that included misleading American customers while secretly welcoming them. They likened this to a classic street scam called three-card monte.
  2. Binance and its founder are facing serious allegations, including operating without proper licenses and manipulating customer assets. The SEC is seeking actions like asset freezes and accounting verification.
  3. Binance has stated they plan to fight the SEC's allegations, claiming they have always aimed to follow the law and innovate within the regulatory framework.

Introducing LizardOS: The Ultimate Software Solution for Crypto Security

DeFi Education 759 implied HN points 06 Apr 23
🔮 Crypto Security
  1. LizardOS is a new software designed for crypto security that focuses on privacy and ease of access. You can buy it with Bitcoin and you don't need to give any shipping details.
  2. The software guarantees a genuine version with tamper-free installation, backed by a digital signature from the creators. This ensures that you get the real deal.
  3. Currently, LizardOS only works with specific Lenovo laptops and is not compatible with Macs. If you want to use it, you need to buy the right hardware separately.

Unraveling SIEM Correlation Techniques

Detection at Scale 119 implied HN points 01 Apr 24
🕹 Technology Security
  1. Correlation rules in SIEM define relationships between malicious behaviors and entities, helping in effective security monitoring and alert generation.
  2. Correlations can be simple, focusing on one technique like Brute Force, or complex, combining multiple techniques and tactics across various log sources for higher-fidelity alerts.
  3. Understanding the layers of SIEM correlation, from basic rule creation to more advanced chaining of techniques, is essential for effective cybersecurity defense.

Level Up Your Transaction Security

DeFi Education 699 implied HN points 25 Apr 23
🔮 Crypto Security
  1. To keep your crypto safe, create a cold wallet for most of your assets and an 'ape wallet' for riskier activities. This way, you limit exposure to potential threats.
  2. Minimize the transactions you make with your main wallet to reduce risk. Only use it for important tasks to stay secure.
  3. Be aware of phishing scams and how they work. Educate yourself so you can recognize and avoid falling for them.

Permissions, AI, and Plato’s Ideal API

Permit.io’s Substack 79 implied HN points 09 May 24
🕹 Technology Security
  1. APIs are now seen more as tools that users consume rather than just things developers create. This shift means we have to think about how APIs are used and managed from both ends.
  2. As APIs are used more, especially with AI, monitoring costs and handling errors are super important. Developers need to be careful about how many calls they make to avoid big bills and errors.
  3. The way we set permissions and handle security for APIs is changing. It's crucial to apply consistent security rules across all parts of an application, not just in isolated areas.

EXCLUSIVE: As private citizen, Dr. Fauci received $15 million taxpayer-funded security detail

OpenTheBooks Substack 646 implied HN points 07 Nov 24
🇺🇸 U.S. Politics Security
  1. Dr. Fauci received $15 million for a security detail funded by taxpayers after retiring. This included things like a chauffeur and law enforcement support.
  2. The agreement for his security was unusual, raising questions about why a private citizen gets this level of protection when others do not.
  3. Fauci's security costs were justified by him, citing threats he's received, but it highlights how taxpayers are often unaware of where their money is going.

Weaponizing Antisemitism in Australia to Protect Israel

John’s Substack 12 implied HN points 28 Jan 26
🌍 World Politics Security
  1. Israel's prime minister publicly blamed Australia's prime minister for the Bondi Beach massacre, saying recognition of a Palestinian state had fueled antisemitism and endangered Australian Jews.
  2. Those accusations are presented as false, with no clear evidence that Australia's leadership or society is broadly antisemitic or that recognizing a Palestinian state caused the attack.
  3. The attackers appear more likely motivated by ISIS ideology or by the Gaza war and local ties to an Israeli-linked group rather than classical antisemitism, so their exact motive remains uncertain.