-- I have no doubt about it -- and sooner than we are ready for. We can?t
predict how much more these models will improve in general, but software seems
to be a specialized language that is optimal for AIs.

A couple of weeks ago, I wrote about security in what I called ?the age of
instant software,? where AIs are superhumanly good at finding, exploiting, and
patching vulnerabilities. I stand by everything I wrote there. The urgency is
now greater than ever.

I was also part of a large team that wrote a ?what to do now? report. The
guidance is largely correct: We need to prepare for a world where zero-day
exploits are dime-a-dozen, and lots of attackers suddenly have offensive
capabilities that far outstrip their skills.

** *** ***** ******* *********** *************
How Hackers Are Thinking About AI

[2026.04.14] Interesting paper: ?What hackers talk about when they talk about
AI: Early-stage diffusion of a cybercrime innovation.?

    Abstract: The rapid expansion of artificial intelligence (AI) is raising
concerns about its potential to transform cybercrime. Beyond empowering novice
offenders, AI stands to intensify the scale and sophistication of attacks by
seasoned cybercriminals. This paper examines the evolving relationship between
cybercriminals and AI using a unique dataset from a cyber threat intelligence
platform. Analyzing more than 160 cybercrime forum conversations collected over
seven months, our research reveals how cybercriminals understand AI and discuss
how they can exploit its capabilities. Their exchanges reflect growing curiosity
about AI?s criminal applications through legal tools and dedicated criminal
tools, but also doubts and anxieties about AI?s effectiveness and its effects on
their business models and operational security. The study documents attempts to
misuse legitimate AI tools and develop bespoke models tailored for illicit
purposes. Combining the diffusion of innovation framework with thematic
analysis, the paper provides an in-depth view of emerging AI-enabled cybercrime
and offers practical insights for law enforcement and policymakers.

** *** ***** ******* *********** *************
Upcoming Speaking Engagements

[2026.04.14] This is a current list of where and when I am scheduled to speak:

    I?m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April
18, 2026.
    I?m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington,
Virginia, USA, at 9:40 AM ET on April 20, 2026.
    I?m speaking at the Greater Good Gathering in New York City, USA, on
Tuesday, April 21, 2026.
    I?m speaking at the Nemertes [Next] Virtual Conference Spring 2026, a
virtual event, on April 29, 2026.
    I?m speaking at RightsCon 2026 in Lusaka, Zambia, on May 6 and 7, 2026.
    I?m giving a keynote address and participating in a panel discussion at an
ICTLuxembourg event called ?Europe at the Crossroads of AI, Power & the Future
of Democracy.? The event will be held at the University of Luxembourg?s Belval
Campus on May 12, 2026.
    I?m speaking at the Potsdam Conference on National Cybersecurity at the
Hasso Plattner Institut in Potsdam, Germany. The event runs June 24 -- 25, 2026,
and my talk will be the evening of June 24.
    I?m speaking at the Digital Humanism Conference in Vienna, Austria, on
Tuesday, June 26, 2026.
    I?m speaking at the Nuremberg Digital Festival in Nuremburg, Germany, on
Wednesday, July 1, 2026.

The list is maintained on this page.

** *** ***** ******* *********** *************

Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries,
analyses, insights, and commentaries on security technology. To subscribe, or to
read back issues, see Crypto-Gram's web page.

You can also read these articles on my blog, Schneier on Security.

Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and
friends who will find it valuable. Permission is also granted to reprint
CRYPTO-GRAM, as long as it is reprinted in its entirety.

Bruce Schneier is an internationally renowned security technologist, called a
security guru by the Economist. He is the author of over one dozen books --
including his latest, Rewiring Democracy -- as well as hundreds of articles,
essays, and academic papers. His newsletter and blog are read by over 250,000
people. Schneier is a fellow at the Berkman Klein Center for Internet & Society
at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy
School; a board member of the Electronic Frontier Foundation, AccessNow, and the
Tor Project; and an Advisory Board Member of the Electronic Privacy Information
Center and VerifiedVoting.org. He is the Chief of Security Architecture at
Inrupt, Inc.

Copyright ? 2026 by Bruce Schneier.
--- FMail-lnx 2.3.2.6-B20251227
 * Origin: TCOB1 A Mail Only System (618:500/1)