This week’s Department of Know is hosted by Rich Stroffolino with guests Dan Holden, CISO, Commerce, and Mark Eggleston, CISO, CSC
Missed the live show? Check it out on YouTube
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
Threat actors break out in under 30 minutes
According to CrowdStrike’s annual global threat report, the average breakout time from initial network intrusion to other systems fell to 29 minutes in 2025, 65% faster than last year. The fastest time seen was 27 seconds. Of these incidents, 82% didn’t involve malware; most involved legitimate credentials or social engineering. But don’t forget good old vulnerabilities, exploited zero-days increased by 42%. Activity from nation-state-affiliated groups increased 266% year over year, with attacks attributed to North Korea up 130%. We have a link to the report in our show notes.
Pentagon gives Grok the green light
A US Department of Defense official confirmed to Axios that xAI signed an agreement to allow the Pentagon to use its Grok model on classified systems. The agreement allows the Pentagon to use it for “all lawful use,” unlike Claude, which makes carveouts for autonomous weapons development and mass surveillance. Up until now Anthropic was the only model cleared for classified use. In related news, an Axios source says DoD informed Anthropic CEO Dario Amodei that it had until February 27th to comply with similar unfettered access to its models, or it will either label the company a “supply chain risk” or invoke the Defense Production Act to force the company to offer a version tailored for military use.
iPhone and iPad cleared for classified NATO work
The announcement was made yesterday by Apple that its phones and tablets are the first consumer devices to receive approval of working at the NATO RESTRICTED level. The devices are now part of the NATO Information Assurance Product Catalogue (NIAPC). This means iPhones and iPads can be “used with classified information without requiring special software or settings. The listing specifies that the native Mail, Calendar, and Contacts apps for iOS and iPadOS provide secure access to data.”
AI-driven development makes security unattainable, warns Veracode
In its annual State of Software Security report, the company says that based on data from 1.6 million applications tested on its cloud platform, more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable. The researchers do say, however, that the higher numbers may be a result of increasing use of testing tools, meaning that more problems are being spotted that might previously have been missed. Veracode also suggests that there is also an accelerating pace of software releases causing new code to be added more quickly than existing vulnerabilities are addressed, and that AI-generated code makes remediation more difficult.
Huge thanks to our sponsor, Adaptive Security
Hackers weaponize Claude Code in Mexican government cyberattack
According to researchers at cybersecurity startup Gambit Security, ten Mexican government bodies and one financial institution were compromised in this attack, starting with the country’s tax authority in late December. In analyzing the attacker logs, Gambit assessed that “over 1,000 prompts were sent to Claude Code to mount the attacks, and that information was also passed to OpenAI’s GPT-4.1 for analysis.” The researchers added, “AI didn’t just assist, it functioned as the operational team: writing exploits, building tools, and automating exfiltration.” The attack bypassed Claude’s guardrails by convincing it that all actions were authorized. As a result, the attacker “exfiltrated over 150GB of data, including civil registry files, tax records, and voter data, exposing 195 million identities in the process.
Ransomware payments dropped in 2025, but attack numbers reached record levels
A new report released yesterday by blockchain research company Chainalysis stated that claimed attacks grew by 50%, but victim payment rates dropped to a record low of 28%. This translates to a total of $820 million in payments to ransomware actors in 2025, which might rise to $900 million as more data arrives. Chainalysis researchers attribute the increase in attacks and slowdown in payments to the fact that companies are getting better at incident response, and that “regulatory scrutiny has increased to the point where payouts are now heavily discouraged.”
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
AirSnitch is the name the researchers gave to a series of attacks that capitalize on newly discovered weaknesses in WiFi. “Various forms of AirSnitch work across a broad range of routers, including those from Netgear, D-Link, Ubiquiti, Cisco, and those running DD-WRT and OpenWrt.” According to researchers, AirSnitch “breaks worldwide Wi-Fi encryption, and it might have the potential to enable advanced cyberattacks,” adding that their research physically “wiretaps the wire altogether so these sophisticated attacks will work,” creating a potential threat to worldwide network security.”