Cybersecurity Maturity Model Certification requirements have officially descended upon the defense industrial base, the global network of businesses that produce materials, components and services to support the Defense Department, setting off something of a witching hour for a huge number of companies.

With DoD’s September publication of final rules, it could formally include CMMC requirements in its solicitations and contracts starting Nov. 10. It will be a phased-in scenario: within three years, nearly all DoD solicitations will stipulate that contractors must conform to one of three levels of cybersecurity requirements.

A number of forward-thinking companies are proceeding as if third-party certification of CMMC compliance for themselves and subcontractors is already a must today. In fact, that will be the case for a big chunk of the DoD contracting ecosystem over the next 12 months, as supply chains recognize both the risks of waiting and the advantages of racing forward.

Yet industry estimates suggest that only around 200 companies have been assessed so far by authorized third parties — even though up to 80,000 firms, plus many of their subcontractors, will be required to be officially vetted soon under Level 2 cyber hygiene certification.

A crisis brewing

Given the small number of early adapters, it’s reasonable to assume that a CMMC crisis is brewing at many companies, with some panicking, some in denial that a certification requirement is really here, and some underestimating what compliance and certification really entail.  Others are travelling a complex, expensive path toward compliance that may lead to success, or may lead to more complexity and expense.

We know of many, many companies that have backburnered taking action on the latest phase of CMMC because there had been no firm timetable for roll-out for so long. That approach has undoubtedly created significant risk and disadvantage for many businesses — because there is now very little time to act.

Taking a step back, the CMMC framework aims to ensure that defense contractors can adequately protect controlled unclassified information and federal contract information. Several hundred thousand companies have been self-reporting at Level 1 CMMC certification level, which does not involve third-party assessment. Level 2 not only demands an assessment, but it also requires compliance with 93 more practices than Level 1 does.

The challenges

We convened some of our counterparts in the IT and compliance world, including cybersecurity risk management expert Gray Analytics, to discuss CMMC compliance issues percolating for defense contractors. Here are some of the collective observations:

• Limited qualified resources: As mentioned, nearly 80,000 firms will need Level 2 certification. But there are only about 70 firms authorized to provide assessments and certification. These companies are known as certified third-party assessor organizations (C3PAOs), and they are accredited by the cyber accreditation body. They, along with a subset of CMMC certified assessors who work under them, may be among the only sources of truly effective gap analyses and guidance for Defense contractors and subcontractors needing to succeed with Level 2 CMMC certification.
• Too many unqualified resources: Many companies are relying on or bringing in in-house capabilities to conduct a gap analysis and then address the subsequent remediation. Or they’re entrusting work to consultants that may not be well-versed and experienced enough with CMMC. Accordingly, many of their customers could fail the certification assessment and have to go back to the drawing board — and thus lose more time, money and contracts, both current and prospective ones.
• Narrowing opportunities: Many big Defense contractors are starting to weed out their subcontractors — sticking with those that have been assessed by a C3PAO and are certain to be in Level 2 compliance. In these contractors’ view, it’s critical to be well along in preparation, as remediation takes time and waiting will be costly.

And then there’s the challenge of a company’s actual IT environment: hardware, software, processes, procedures, workflows and continuous updates. CMMC puts pressure on that function. Some companies may be best served finding a qualified provider of an external IT platform they can use as a service or utility. That raises the questions of whether it’s feasible and which one to go with.

Important steps

Given this daunting, time-compressed backdrop, what’s a company to do? Here are key steps to consider:

• Review contracts carefully. Companies with DoD contracts or subcontracts should review what they’ve signed, or are planning to sign, extremely carefully. If there’s Defense Federal Acquisition Regulation Supplement language in the contract, it means you’ll probably need to be CMMC compliant, perhaps at Level 2.
• Understand CUI. If that’s the case, then you’ll need to do the work to really understand CUI and whether you’ll be working with that kind of information. The National Archives offers the detailed information, and DoD offers free CUI training, which may be mandatory for you.
• Assess business impact. Look at the company’s book of business and pipeline to determine whether it will be worthwhile to move toward assessment-proof CMMC compliance. If Defense work involving CUI is only a tiny part of the corporate strategy, it may not be and make more sense to forego certain contracts. Or it may be extremely worthwhile — an imperative.
• Identify internal expertise. If the latter, determine if there’s someone at the company well-versed in CUI and what CMMC compliance entails who can spearhead the process and gather the right resources.
• Choose the right partner. If there’s not a superb internal resource, look for outside help. But that’s easier said than done. As noted, there’s only a small group of firms that qualify as C3PAOs. Some outfits that are CCAs are also effective; others may have less — or no — experience doing the work.
• More due diligence. If you cannot engage a C3PAO and must turn to the cyberab.org marketplace for a list of CCA firms, it’s critical to ask the ones you speak with for references at companies they’ve helped successfully pass the assessments. If they have not done so yet, it’s probably best to move on.

These steps should help you get through a gap analysis to understand the necessary actions to successfully pass an assessment.

From there, you’ll need to make sure your IT environment can handle all the requirements. If the company uses a managed service provider or cloud service provider, you’ll need to evaluate — with the help of a C3PAO or reliable CCA — whether your service provider is CMMC-focused enough and will stay ahead of evolving requirements and updates.

If you need to switch service providers, it may be worth searching for one with a compliant, CMMC-ready platform that amounts to IT-as-a-service. This would probably be a service provider moving rapidly toward FedRAMP certification. That would signal that the program continuously evolves its approach to the security requirements of federal agencies.

An existential challenge for the whole defense industrial base

Looking at the big picture, CMMC compliance represents an existential challenge not just to companies that know they’ll be subject to Level 2 certification; companies in the Level 1 category — where they simply have to self-report — may, in actuality, need to pass assessments. If there’s a data breach at the firm, DoD will automatically assess with Level 2 standards what was self-reported. If the company doesn’t live up to what it reported, it will, at best, need to scramble. At worst it could be a business-destroying problem.

The bottom line: The reality of CMMC compliance is accelerating and demanding, impacting the defense industrial base with force and speed. Be prepared.

Rob McCormick is CEO of Avatara.

The post CMMC compliance reckoning for defense contractors arrives first appeared on Federal News Network.

© Getty Images/phakphum patjangkata

Interview transcript

Terry Gerton PopVox has been advocating for a long time for a number of reforms to congressional operations. Three have kind of risen to the top of your stack lately. Talk us through what those three are and how you think if they pass, they would improve congressional operations?

Danielle Stewart Beginning of this year at the beginning of the appropriations process, we spoke with offices on both sides of the aisle to advocate for recommendations and reforms in the legislative branch bill text that would address the pacing problem. And that is everything from AI training to caseworker office support. And the way that we have been able to work with offices and continue this work over many years really speaks to the continued need in the House to prioritize these items, but also we’ve been able to prioritize them and champion them because there have been members that have been alongside us working towards these reforms as well. And so the importance here is that modernization is an ongoing project for the legislative branch. This is something that’s personal and important for me because I was a staffer on the Select Committee on the Modernization of Congress in the 116th Congress when the committee was first stood up. As a then-House staffer, being able to work with our member offices to advance over 100 recommendations on a bipartisan basis to deliver that final report in what was then still a very divided Congress really speaks to how meaningful this work can be for people. And so there was a second select committee in the 117th Congress. And last Congress, the select committee was enveloped and turned into a subcommittee under the Committee on House Administration. And so that subcommittee has helped to continue that work on a bipartisan basis and has continued to work with us for Congress to have improved technology and a better resourced workforce. And so getting back to what was included in the ledge bill was the highlighted importance of AI training and continued use of AI tools in the House. The continued emphasis on the need for caseworkers to have access to better resources and better tools, which we are seeing in what’s called the Case Compass Project. And a congressional liaison directory, which is housed and managed by the Congressional Research Service, which also helps, speaks to supporting staff and ensuring that they have the tools they need to better do their jobs, which in turn they can better help their constituents and provide results for their districts.

Terry Gerton I’m speaking with Danielle Stewart. She serves as the PopVox Foundation’s advisor for congressional initiatives. Danielle, let’s take each one of those in turn. The data map or the legislative branch data map, what would it really take to implement that now that it’s in law? And how will it change how the congressional offices operate?

Danielle Stewart Sure. Yeah, that’s a great question. So I believe last Congress, they started the process of, of starting to put this together, at least within the House. We have said, and we’ve advocated for a full legislative branch data map, which would include all of the agencies in addition to Congress, right? So not just Congressional offices and everything within the Congressional complex. It would include GAO, CRS, Library of Congress. Everything that you see touched sort of through that legislative branch operations umbrella. There’s no complete map showing how the data flows through each of these branches or agencies through its life cycle. So this isn’t something that necessarily each member office or each congressional staffer would need to sort of think about or manage. This is something that is more of an institutional entity and in what would need to be managed at the technical level. But data maps at their core are, you know, visualization diagrams of data ownership formats, where the data is being transferred and they help an organization better understand the who, what, when and where of data to be able to maximize use and ensure its security. And so included in the legislative branch bill was language — or, the bill report — was language highlighting the need to continue putting this data map for Congress together. And so that is in the works, we’re very encouraged by that. It’s being increasingly, become increasingly essential as government entities begin responding to the emergence of AI and other technologies. And so, that is something that was certainly a priority for us, and we were encouraged to see the language included.

Terry Gerton Talk to us about Case Compass because that’s really interesting in terms of getting a more synchronized picture of how constituent offices are working.

Danielle Stewart Yeah, Case Compass, we’re incredibly excited about this project. And a lot of credit goes to my colleague, Anne Meeker, who is a former district staffer constituent services representative, and this is a real passion of hers. So the Case Compass project is, we’ve seen the development over the last couple of years. Right now, 50 member offices have opted into the pilot project. And what the pilot does is it anonymizes and aggregates constituent casework data. And the data then feeds into Case Compass. And so Case Compass itself is a dashboard that we have championed to track this data to be able to identify systemic issues and areas for improvement within the federal government. And so this helps caseworkers at the local level, better understand agency trends, they get to have potential issues or concerns within their districts. And also, caseworkers as PopVox Foundation has learned and helped really cultivate through a lot of Ann’s work — caseworkers are some of the best, well-connected congressional staffers because they see and hear everything that’s going on on the ground in these districts. And they are able to talk to each other and help each other regardless of party affiliation. And that is something that has always been worth celebrating and worth supporting. And so continued resources for caseworkers through this Case Compass project, this is a bipartisan achievement. The report language encourages continued development of the project. And through this project, Congress will be able to have the data to act when caseworkers see trends or issues. For example, you know, a couple of years ago, I think you probably remember, there was a huge, huge uptick after the COVID pandemic in passport delays, passport processing. And being able to get ahead of that, ahead of time, while caseworkers are being able to see sort of this creep up of these cases coming in, being able say, hey, red flag, we see this is happening. How can we get ahead of it and try to provide more resources to fix the problem, or to speak with the agency head and identify ways that we can work together to better support the American people. So that’s a huge win, and it’s better inter-branch communication and coordination, which is critically important.

Terry Gerton That makes a lot of sense. And it seems like the third initiative is closely related to that, a congressional liaison directory, maybe to help those awesomely connected local case workers stay even better connected.

Danielle Stewart Yes, and this is, I’m simplifying this tremendously, but I always, when I think about this one and I read about it in our materials, I always think about it as like a mega yellow pages for caseworkers, just a giant, beautiful phone book, which you would be disappointed and shocked to learn does not really exist. Like, you know, I have been able to open multiple freshman member offices and when you walk in the door and you open a district office, you’re not handed a packet of agency contacts, who to get in touch with at the VA, who to call if you have a Medicare question. Those contacts, they are available, but it is not as easy as a Google search. And so CRS maintains the only extensive list of congressional liaisons at executive branch and independent agencies. But the scope of casework is bigger than just those executive branch agencies as you would think of executive branch agencies just being here in D.C., right? There are D.C.-based liaisons, but regional contacts, processing center contacts and more. And so the language in this year’s report requests that CRS examine the feasibility of expanding this list and the appropriations committee will be working with them to do so. So that is huge. And the more resources that caseworkers and district staff and congressional staff as a whole have to better do their jobs, or more efficiently and effectively do their job, the better the service and representation will be for constituents.

The post New provisions in the shutdown-ending funding deal aim to modernize Congress first appeared on Federal News Network.

© Getty Images/suwadee sangsriruang

Visitors who don't live in Rome will have to pay to view the Baroque monument up close from February.

Kylie Minogue has secured her first Christmas number one in the UK with her hit track XMAS.

A driver has been found guilty of murder after killing one man and ploughing into several others during a drink-fuelled spree in London's West End on Christmas Day.

Resident doctors in Scotland have voted to go on strike in January – as their union called on the devolved government to present a "credible" pay offer.

 

• House Republicans are seeking annual reauthorization of key programs at the Veterans Affairs Department. Top lawmakers on the House VA Committee are leading a series of bills that would reauthorize the department’s Veteran Readiness and Employment program. This is the third wave of VA reauthorization bills lawmakers have introduced. The legislation would also move the Labor Department’s Veterans Education and Training Service program to the VA.
  (Chairman Bost, House Republicans introduce Veteran Education and Workforce Reforms, acquisition improvements through reauthorization strategy - House Veterans Affairs Committee)
• The protests of GSA's OneGov deals for AI tools don't make the grade. The Government Accountability Office dismissed the complaints filed by AskSage over the low-cost contracts for artificial intelligence tools made by GSA under its OneGov program. In a decision released yesterday, GAO says its dismissal is on jurisdictional grounds as it does not review matters of contract administration. GAO says because GSA modified existing contracts under its schedule program, it doesn't generally review protests of allegedly improper contract modifications because such matters are related to contract administration and therefore not subject to review pursuant to its bid protest function. AskSage filed multiple protests in August, claiming GSA's deals for these AI tools are inconsistent with commercial practices and risked “an impermissible vendor lock-in scenario."
  (GAO dismisses protests of GSA's OneGov deals for AI tools - Government Accountability Office)
• President Trump has tapped Lt. Gen. Joshua Rudd to lead both U.S. Cyber Command and the National Security Agency. NSA and Cyber Command have been without a permanent leader since April when Trump fired Gen. Timothy Haugh from the role. The Defense Department also announced the nomination of Marine Corps Maj. Gen. Lorna Mahlock to serve as deputy commander of U.S. Cyber Command. The role does not require congressional approval.
  (Trump nominates Lt. Gen. Joshua Rudd to lead Cyber Command - Department of Defense)
• Most civilian federal employees are set for a 1% pay bump beginning in January. President Trump signed an executive order Thursday afternoon, finalizing the 1% pay raise for 2026, for most feds on the General Schedule. It’s the smallest annual increase civilian employees have received since 2021, and does not include any locality pay adjustments. Both law enforcement officers and military members will likely receive a larger pay raise of 3.8% in the new year.
  (Trump finalizes 1% federal pay raise for 2026 - Federal News Network)
• Federal employees are in for a holiday treat, with two additional days off next week. President Donald Trump signed an executive order yesterday declaring both the day before and the day after Christmas as holidays for the federal workforce this year. Christmas Day is already a federal holiday, but presidents will often give additional days off for feds around the holidays. Certain employees, however, will still need to report for duty those days for national security, defense and other public needs.
  (Trump gives most federal employees two days off around Christmas - Federal News Network)
• The IRS is moving 1,000 IT employees out of its tech shop with few signs of what work they’ll do next. Impacted employees say they have few details about what work they’ll be doing, and have been told by the agency to instead “focus on completing an orderly transition of your current work.” The notice they received states that they will no longer be working on IRS IT projects. Employees must upload their resumes to be considered for other jobs at the IRS and the Treasury Department. Last month, IRS IT directed hundreds of its employees to complete a “technical skills assessment.”
  ( IRS moves 1,000 IT employees out of its tech shop, with few signs of what work they’ll do next - Federal News Network)
• More than 4,300 8(a) small businesses have extra time to collect and submit data to the Small Business Administration as part of the agency's ongoing program audit. SBA set a new deadline of Jan. 19, giving vendors nearly two more weeks to compile 13 different datasets. Along with deadline extension, SBA also posted answers to 14 questions it received from firms to help inform the process. SBA asked every company in the 8(a) program on Dec. 5 to submit information to help inform its ongoing audit seeking to root out fraud.
  (8(a) firms get two more weeks to submit data to SBA - Small Business Adminisrtration)
• President Trump’s “Warrior Dividend” bonus for service members, which he suggested would be funded by tariff revenue, is actually a one-time basic allowance for housing stipend already approved by Congress. The $1,776 bonus payment Trump announced while addressing the nation Wednesday night will be paid using funds Congress appropriated to the Defense Department in the One Big Beautiful Bill Act to supplement the basic allowance for housing. The funding was originally intended to address rising housing costs and reduce service members’ out-of-pocket housing expenses. The Pentagon will disburse $2.6 billion of that funding as a one-time payment to roughly 1.28 million active-duty service members.
  (Trump’s ‘Warrior Dividend’ bonuses for troops is housing money approved by Congress - Federal News Network)
• Federal employees have a final chance to weigh in on their experience in the workplace this year. The window for taking the Partnership for Public Service’s “Public Service Viewpoint Survey” closes at midnight tonight. The Partnership launched its own external questionnaire for federal employees, after the Trump administration canceled the 2025 Federal Employee Viewpoint Survey earlier this year.
  (Public Service Viewpoint Survey - Partnership for Public Service)

The post House lawmakers seek reauthorization of key VA programs first appeared on Federal News Network.

© AP/Pablo Martinez Monsivais

The Marine Corps is implementing changes to its physical fitness test and body composition standards in accordance with the secretary of war's military fitness standards memorandum issued Sept. 30.

Conservatives traded criticims at this year's annual Turning Point USA America Fest conference.

It introduced stricter gun laws after the 1996 Port Arthur massacre, but some say they now need to be tightened further.

Ukraine has struck a Russian tanker in the Mediterranean Sea for the first time, a Kyiv intelligence source has said.

Three criminals have been convicted of killing a man who jumped from a window in a bid to escape their attempts to extort money from him.

Interview transcript

Terry Gerton Before we get into the case that we’re going to talk about today, can you give us a rundown of the difference between the Trade Agreements Act and the Buy America Act, because that plays into the case we’ll examine.

Dan Ramish Absolutely. So there are two domestic sourcing regimes that apply to government contracts, the Trade Agreements Act and the Buy American Act. And generally, the line between the two statutory regimes is dictated by the value of the procurement. So the Buy American Act applies to contracts that are below the free trade agreement thresholds. The most notable one is the World Trade Agreement Government Procurement Agreement, or WTO GPA, which has thresholds of 174,000 for supply and service contracts and then 6,708,000 construction contracts. The sort of basic difference is, of course, the Buy American Act has been around a long time and establishes preferences for American-made goods. The Trade Agreements Act kind of came in with the free trade movement and established equal treatment for trading partner countries. And there are also a number of other so-called designated countries, mostly developing countries. And the products of those countries can also be used along with domestic products. But there’s a critical point on how these two frameworks are applied, which is that the Buy American Act institutes a price preference, whereas the Trade Agreements Act prohibits procurement of foreign products that are not designated countries.

Terry Gerton Sounds like it could be a pretty confusing space for contracting officers, so I think it will be helpful to walk through this case. The Veterans Affairs Department was engaged in buying medical supplies and pharmaceuticals. Tell us about this particular case.

Dan Ramish Yes. So the procurement was for a drug called Prasugrel, which is a blood thinner that’s used to reduce risk of heart attacks and strokes. And the prasugrel was available to the VA on Cosette’s federal supply schedule contract and also on an open market basis. But the agency wanted to establish a standardized contract to obtain volume discounts essentially and have set prices that it could rely on and anticipated that the contract would be used both by the VA and also by other agencies, the Department of Defense and Indian Health Service and the Bureau of Prisons. And so they established in the solicitation fixed price indefinite delivery requirements contract that was gonna have a base year and four option periods. And so, they put this out for bid, Golden State Medical Supplies proposed a generic version of the Prasugrel drug that was manufactured in India. And India is not compliant with the Trade Agreements Act, they’re not a trading partner, not a developing country that is a designated country for TAA, so non-compliant with TAA. Cosette Pharmaceuticals proposed to supply a brand name version of the drug that was much more expensive. And their drug was manufactured in Germany, the active pharmaceutical ingredient was from Japan. Now, in some cases, they’re questions about which is the actual country of origin for Trade Agreements Act purposes, but both Germany and Japan are TAA compliant countries. So that wasn’t an issue. Everyone agreed that Cosette’s drug was compliant with TAA and Golden State Medical Supplies’ drug was not compliant. And there were a number of other drugs also from India that other offerors supplied, all generic. So the VA decided to award to Golden State Medical Supplies. They argued that the Trade Agreements Act exception applied because Cosette’s price was excessively high and they argued that the offer was therefore insufficient to fulfill the government’s requirement, which is one of the narrow exceptions of the Trade Agreements Act.

Terry Gerton I’m speaking with Dan Ramish. He’s a partner at Haynes Boone. So Dan, if you’re the contracting officer and you’re looking at this wide differential in prices, how would you know to make a choice one way or the other?

Dan Ramish Well, so the solicitation in this case was lowest price technically acceptable. So of course, the VA wanted to get the, you know, the lowest available price for these drugs, they’re standardized. And so it was understandable. And I think the court certainly saw where the agency was coming from in trying to get a good deal for the taxpayer. However, the court said, well, you have to look at the language of the statute and this exception for offers where no offers are received that meet the government’s requirement isn’t intended to encompass price. And in part, the court looked at the difference between the Buy American Act, which does actually specifically have an unreasonable cost exception, and the Trade Agreements Act, which only says, well, if you don’t receive any compliant offers or offers that meet the government requirement than you can procure from foreign sources.

Terry Gerton So the Court of Federal Claims sided with Cosette, the more expensive one that met the Trade Agreement Act requirements. What did the court say specifically about VA’s interpretation of the Trade Agreements Act?

Dan Ramish The VA’s approach was, in one part, to say that it was making use of this insufficiency to fulfill the government’s requirement exception. They also essentially excluded Cosette from the competitive range because of their price. And the court said, well, that approach wasn’t appropriate and didn’t comply with the Trade Agreements Act because you’re not allowed to effectively compare the price of a compliant, Trade Agreements Act product with non-compliant products, that that’s an apples to oranges comparison, and that that couldn’t be a valid basis for excluding Cosette from the competitive range.

Terry Gerton So does that mean that government agencies are locked into buying these really expensive products if they’re the only TAA compliant option? Do they have other choices? What did the court say about that?

Dan Ramish So the court pointed out that the statute, among other things, includes the option of a waiver issuance by the agency head, which is available on a case-by-case basis when it’s in the national interest. There was no waiver here. So the agency, if they felt there was a compelling interest, could have the agency head issue a waiver. They also could cancel solicitation, issue the drug, solicitation on the open market. And so they weren’t locked into making an award. And of course they needed to establish that there was a fair and reasonable price that they were paying for the award, but they couldn’t ignore the requirements of the Trade Agreements Act and award to a non-compliant offer when there was Trade Agreement Act compliant offer that was received.

The post A recent court ruling could reshape how agencies source under the Trade Agreements Act first appeared on Federal News Network.

© The Associated Press

The 61-year-old has been sentenced to eight-and-a-half years in prison after posting the videos online.

BBC Russia editor Steve Rosenberg had the opportunity to ask Vladimir Putin about his plans for the future of the country.

Kylie Minogue has secured her first Christmas number one in the UK with her hit track XMAS.

YouTube star Jake Paul will step into the ring with British heavyweight world champion Anthony Joshua in a highly anticipated (and highly criticised) boxing event.

The elections watchdog has criticised the government for offering to consider delaying 63 local council elections next year - as five authorities confirmed to Sky News that they would ask for a postponement.

Interview transcript

Terry Gerton Anthropic says Chinese hackers used its Claude chatbot to automate a cyber espionage campaign against tech firms, financial institutions, and government agencies, marking what could be the first large-scale AI-driven attack. Joining me to explain what this means for defenders and what’s next for nation-state tactics is the former department head of AI security at MITRE and co-founder of AI security consulting firm Fire Mountain Labs, Dr. Josh Harguess. Dr. Harguess, thank you for joining me.

Josh Harguess Thank you very much for having me.

Terry Gerton We’re going to talk about something that really made the news not too long ago. Anthropic said that its AI tool Claude was used by Chinese hackers with minimal human intervention to launch a cyber espionage campaign. Can you tell us more about what really happened?

Josh Harguess Yeah, I can. So a really nice report that they lay it out, really detailed, but some of the high marks. So they used Claude code to do this. So this is Anthropic’s own tool that allows you to sort of, you know, vibe code as it were, and create a code that was able to do these exploits. And by create, what I mean is they were able to execute something like 80 to 90% of these operations completely independently from human interaction. That 10 to 20% was sort of like human-on-the-loop, human-in-the-loop verifying, validating some of the things that came back from Claude code, like hallucinations  things that weren’t actually real, but there were plenty of exploits that were real, that were able to execute without any human intervention. And they really did this by doing these safeguard bypasses, things like social engineering, so doing prompt injection techniques, these kinds of things, convincing the tools that they were using. That everything that they’re doing was on the up and up. You know, no issues, don’t worry about what we’re trying to do. This is, you know, we’re security professionals. We’re trying to secure our own infrastructure, our own networks. So you’re doing us a service by providing this code to us. And yeah, the breach was, this was a campaign. I think they started to notice this maybe back in September. So they were able to kind of follow this campaign and eventually disrupt it.

Terry Gerton You mentioned some things like prompt injection and social engineering. Tell us a little bit more about how those were able to bypass Claude’s safety guardrails and what that means for the average person who might be a victim of some of this approach.

Josh Harguess Yeah, absolutely. So this has been around since ChatGPT Was released, so essentially these are ways to convince the model to do things that it’s not supposed to do. So particularly over the past two or three years, OpenAI, Anthropic, Google, they’ve spent a ton of money on trying to build in these safeguards so that you can’t get instructions for how to make a nuclear weapon or how to do other nefarious things that these models, they don’t want you to be able to do. However, there are ways around this and we’re seeing this even with today’s models. It’s more sophisticated. It’s not as easy as some of the early days where you just say the word poem infinitely and then it spits out user data. So now you do have to dig a little deeper. You have to do what’s called maybe crescendo attacks. You have to, you know, sort of aggregate different attacks together in order for this to be successful. But these models are all susceptible at some point to this kind of prompt injection technique.

Terry Gerton It sounds like you and others with your expertise might have been expecting something like this to come along. It’s not just something that woke up overnight.

Josh Harguess Definitely. Absolutely. We’ve been sounding the warning alarms about this for many years So it’s very well known and really that awareness piece is number one. I mean, I think a lot of people, to your point, are going to be very surprised that this is even possible

Terry Gerton So tell us more about how that 10 or 20% of human interaction played in with the cyber attack.

Josh Harguess Yeah, definitely. So, yeah, it’s interesting. So we’re not at the place where you can just say, go execute all of this for me, actually execute the campaign, you know. Get back to me in a few days when you’ve actually been able to recover these credentials and get into accounts and all that kind of thing. So right now we’re still at the phase where, you know, there’s a certain amount of trust for these models to do something that you tell it to do. And this is in, you know, your everyday task. If you’ve ever tried to write a summary of an article or something like that, you know, you’re not always gonna get 100% of what you’re expecting out of these models. So there’s some amount of human-on-the-loop or human-in-the-loop to kind of validate and verify what you are getting back. And this is no different. So, you know some of the things that came back were, you know, code that didn’t run or code that actually didn’t do the task that they were trying to do. So it was very much breaking the problem up into smaller pieces. Executing those small pieces, validating that they worked, and so on.

Terry Gerton I’m speaking with Dr. Josh Harguess. He’s the former department head for AI security at MITRE and co-founder of the AI security consulting firm, Fire Mountain Labs. The organizations that were targeted in this cyber attack, everything from financial institutions to tech companies to chemical manufacturers and government agencies, these might be the folks that you would expect to have the most resilient defense. How did they fare?

Josh Harguess Yeah, I mean, it’s difficult to protect yourself against the unknown, right? So I think a lot of these organizations, like you mentioned, they will be doing their best to protect themselves against kind of known adversaries. So they’re protecting their data, they’re protection their identities, these sorts of things, but they’ve never seen something this sophisticated kind of come at their infrastructure, and so quickly. So I think a lot times in the past if they saw a campaign like this, and it was human operated. They would be able to sort of see the signals and be able to react. In this case, the campaign was so fast acting that they weren’t able to react in time. And I think that’s really the escalation of these types of attacks.

Terry Gerton What does that mean for AI defense or hacking defense going forward? If the hacker is AI powered and can adjust so quickly, how can the defenders meet that kind of attack?

Josh Harguess Absolutely, so we’re definitely getting into that space that we were fearing in the beginning where we’re going to have to use AI tools to help us defend against these kinds of attacks. And not just these types of attacks, probably all attacks. The same exact thing is going to happen though where you’re going want to defend yourself against attacks using AI, however, that AI may not do exactly what you expect it to do all the time. So it’s the same kind of back and forth. You’re going to need a human-in-the-loop, human-on-the-loop to sort of validate, verify these defenses, check in, make sure that they’re operating as they should. These are the kinds of things that we do as a consultancy, help folks through this. So, you know, how do you secure your own AI systems? That’s a big question mark. That’s what we help people through. And you have to be able to secure your own AI systems before you can use them for these types of defenses.

Terry Gerton If AI is attacking and AI is defending and all of that is happening at machine speed, what is the risk — what are the vulnerabilities there and what is risk of escalation?

Josh Harguess Yeah, absolutely. So same as we kind of talked about earlier, you have to break the problem down into kind of consumable pieces. So look at your entire ecosystem of defense. Where can you instantiate AI? One place that’s really obvious is attacking yourself. So firming up your own defenses by pretending you’re an adversary. So red teaming your own system using these tools before someone else on the outside does that.

Terry Gerton As you look forward, what does this mean in terms of nation-state relations? How do nations prepare and how does this change the threat landscape?

Josh Harguess Yeah, certainly. So there’s multiple ways of looking at the changing of the threat landscape. My co-founder likes to talk about this in terms of these three words, intent, opportunity, and capability. Intent, that’s not really going to change. There’s always going to be bad actors that are trying to do nefarious things. Opportunity, that’s certainly expanding. So as these AI models and these AI agents kind of dig deeper into our digital infrastructures, we have new avenues for exploitation. So, you know, in this case, it was the social engineering way of getting into the models. There’s going to be other ways of getting in in the future that we’re not aware of yet. And then capability, that’s really the big one here. You know, AI is the force multiplier in this case, and that’s what we need to be utilizing, but also securing for our own systems.

The post When hackers weaponize AI, the rules of cyber defense change overnight first appeared on Federal News Network.

© Getty Images/iStockphoto/Urupong

While Santa Claus prepares his Christmas Eve deliveries, the Defense Logistics Agency has already delivered holiday cheer in the form of meals to service members stationed around the world.