Get the brief

One email per week. The threats that change the risk picture, assessed at the executive level. No CVE dumps, no vendor pitches, no noise.

One email. Every Sunday. Unsubscribe anytime. Stored with Buttondown, no tracking pixels.

Also from the same intelligence shop: Attack · Defense

Here's what last week looked like

  • The week's theme is reassigned risk: across AI, insurance, sanctions, and M&A, exposure you assumed someone else carried became yours, and your vendors, coverage, and compliance have not caught up.
  • AI is now a dependency a government can switch off, an output your company is liable for, and an oversight duty that lands on your board personally.
  • Cheaper cyber insurance is a warning, not a reward: only about a quarter of 2024 cyber claims paid out, and most denials trace to controls the insured certified but never fully deployed.
  • The exposures that hide are the ones nobody owns: the appliances and outsourced IT you cannot monitor, and the gap between the controls you signed for and the ones you actually run.
  • Regulatory regimes are diverging and reaching backward: a US-cleared transaction can violate EU sanctions, and a closed European deal can be reopened for up to five years.
1. Your AI Vendor Has an Off Switch in Washington
2. Whatever Your AI Says, You Said It
3. The AI Lawsuit Names the Board, and the Insurer May Not Be There
4. Cheaper Cyber Insurance Is the Warning Sign
5. They Lived on the Firewall for Eighteen Months
6. Cleared in Washington, Banned in Brussels
7. In Europe, a Closed Deal Is No Longer Closed

Read the full brief