News

Despite increasing investment, security awareness training continues to deliver marginal benefits. With a focus on actions over knowledge, AI-based HRM can personalize training to improve employee behavior — and ROI.

Credit: Andrey_Popov / Shutterstock

Cybersecurity guru Bruce Scheier is often quoted as saying, “People are the weakest link in the security chain.” No more accurate words have ever been spoken about cybersecurity. You can spend millions of dollars on firewalls, endpoint security tools, access controls, and data encryption, but one employee can cause a catastrophic security breach, simply by downloading a malicious file or clicking on a rogue link.

Industry research indicates that 70% to 90% of breaches are the result of employees succumbing to social engineering, making skills-based errors, sharing sensitive data with shadow IT services, or through a compromise of a privileged user. Oh, and things seem to be getting worse as adversaries adopt sophisticated AI-based attacks like deepfakes.

Of course, this problem is well known. As a countermeasure, organizations spent around $6 billion on security awareness training (SAT) in 2025. While some firms did so as a best practice, most did so to comply with industry or government regulations such as HIPAA (requires a “security awareness and training program” for all workforce members per 45 CFR § 164.308), GDPR (article 39(1)(b) tasks data protection officers with “awareness-raising and training of staff”), PCI (requirement 12.6 mandates a formal program to make all personnel aware of cardholder data security), and many others.

Industry research indicates that SAT expenses will increase by an estimated 15% per year as organizations continue to invest in what Gartner calls “security behavior and culture programs.”

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.

Our first story of 2026, The Kimwolf Botnet is Stalking Your Local Network, detailed the unique and highly invasive methods Kimwolf uses to spread. The story warned that the vast majority of Kimwolf infected systems were unofficial Android TV boxes that are typically marketed as a way to watch unlimited (pirated) movie and TV streaming services for a one-time fee.

Our January 8 story, Who Benefitted from the Aisuru and Kimwolf Botnets?, cited multiple sources saying the current administrators of Kimwolf went by the nicknames “Dort” and “Snow.” Earlier this month, a close former associate of Dort and Snow shared what they said was a screenshot the Kimwolf botmasters had taken while logged in to the Badbox 2.0 botnet control panel.

Last year, AI companies struck multibillion-dollar deals to build out AI infrastructure. In 2026, as this new computing power starts coming online, experts say we’ll begin to see whether that investment pays off.

1. Advancing science

In November, California startup Edison Scientific said its system, Kosmos, which combs existing scientific literature for new insights, has not only replicated human discoveries but also turned up new ones—like evidence that aging brain cells in Alzheimer’s may tag themselves with signals telling the brain’s cleanup system to dispose of them. The Trump Administration’s Genesis Mission, a Manhattan Project–style initiative, also aims to use AI to advance science. But what counts as an autonomous discovery may be contested. We may be far from a discovery that “we can very confidently say a human would not have done that,” says Edward Parker, a physical scientist at think tank Rand Corp. He expects a “messy middle ground” in which AI assists human researchers more than it discovers on its own.

2. AI shops for you

This year could see many shoppers skip not only physical stores but also websites to buy directly inside chatbots. Forecasters on the online prediction platform Metaculus put a 95% chance on a major company running an AI shopping agent that completes over 100,000 transactions by the end of 2026. “They’ll clear that very, very quickly,” says Tyler Cowen, an economist at George Mason University. The groundwork has already been laid. Last April, Amazon began testing an agent that makes purchases within the site. In September, Open-AI started allowing users to buy from U.S. Etsy sellers within ChatGPT. AI-facilitated shopping could reshape consumer behavior as e-commerce did before it, offering companies like OpenAI a new revenue stream in the process.

3. Companions go mainstream

As the year progresses, it will become better understood “that people develop real and meaningful relationships with these technologies,” predicts Kate Darling, author of The New Breed: How to Think About Robots. Robust research shows people treat machines as if they’re alive, even when they know they’re not. As adoption increases, “that’s going to explode,” she says. Dmytro Klochko, CEO of AI-companion company Replika, expects people will use one AI for productivity and another for emotional connection. Companions are distinct from models like ChatGPT, he says, because they’re designed to proactively engage people. “What we care about is people getting happier,” he says. “Whether or not it’s good, it’s happening.”

4. More political attention

AI will “play a larger, more palpable role on the world stage” this year, says Dean Ball, primary drafter of America’s AI Action Plan. Ball, who has since left the White House, predicts that AI could be a top-five issue in the midterm elections—amid concern about issues like data centers increasing electricity prices and mental-health harms.

Alex Bores, a New York State assembly member working on AI legislation, expects the technology will remain a bi-partisan issue. The tech is evolving faster than political parties can create consensus, and people already feel its impacts in their communities, he says. Bores believes that 2026 will be a pivotal year for U.S. AI governance, as lobbyists angle to prevent regulation, even as the systems and the companies building them both become more powerful.

Introduction

State legislative sessions are kicking into gear, and that means a flurry of AI laws are already under consideration across America. In prior years, the headline number of introduced state AI laws has been large: famously, 2025 saw over 1,000 state bills related to AI in some way. But as I pointed out, the vast majority of those laws were harmless: creating committees to study some aspect of AI and make policy recommendations, imposing liability on individuals who distribute AI-generated child pornography, and other largely non-problematic bills. The number of genuinely substantive bills—the kind that impose novel regulations on AI development or diffusion—was relatively small.

In 2026, this is no longer the case: there are now numerous substantive state AI bills floating around covering liability, algorithmic pricing, transparency, companion chatbots, child safety, occupational licensing, and more. In previous years, it was possible for me to independently cover most, if not all, of the interesting state AI bills at the level of rigor I expect of myself, and that my readers expect of me. This is no longer the case. There are simply too many of them.

It’s not just the topics that vary. It’s also the approaches different bills take to each topic. There is not one “algorithmic pricing” or “AI transparency” framework; there are several of each.

The political economy of state lawmaking (in general, not specific to AI) tends to produce three outcomes. First, states sometimes do converge on common legislative standards—there are entire bodies of state law that are largely identical across all, or nearly all, states. The second possibility is that states settle on a handful of legal frameworks, with the strictest of the frameworks generally becoming the nationwide standard (this is how data privacy law in the U.S. works). Third, states will occasionally produce legitimate patchworks: distinct regulatory regimes that are not easily groupable into neat taxonomies.

Two cyber hacks have highlighted the vulnerability of New Zealand’s digital health systems – and the vast volumes of patient data we rely on them to protect.

Following the hacking of Manage My Health – compromising the records of about 127,000 patients – and an earlier breach at Canopy Health, a concerned public is asking how this happened and who is to blame.

The most urgent question, however, is whether it can happen again.

What we know so far

Manage My Health (MMH) – a patient portal used by many general practices to share test results, prescriptions and messages – published its first public notice about a cyber security incident on New Year’s Day.

According to the company, it became aware of unauthorised access on December 30, after being alerted by a partner. It says it immediately engaged independent cyber security specialists and that the compromise was limited to its “Health Documents / My Health Documents” module.

The Office of the Privacy Commissioner confirmed it was notified on January 1 and later published guidance for those affected. The National Cyber Security Centre also issued an incident notice.

MMH has since obtained urgent High Court injunctions that restrain the use or publication of data taken. In its decision, the court described activity patterns consistent with automation, including unusually high-frequency behaviour and repeated access attempts.

While this sheds some light on how the hacker operated, it does not establish which specific technical control failed – or where responsibility ultimately lies.

We have now also learned that a second provider, Canopy Health, experienced unauthorised access to parts of its administrative systems six months ago, with some patients only being notified this week.

Cybersecurity continues to be one of the fastest-growing sectors, with millions of job openings worldwide.

Global demand for cybersecurity professionals has surged, driven by rising threats and expanding digital infrastructure.

This report breaks down the current state of cybersecurity job openings, regional trends, and key factors contributing to the numbers.

• Top Cybersecurity Job Opening Stats
• Number of Open Cybersecurity Jobs
• Number of Open Cybersecurity Jobs Over Time
• US Cybersecurity Job Openings
• US Cybersecurity Supply vs Demand
• What Affects the Number of Cybersecurity Job Openings?
• Cybersecurity Certification Demand

Top Cybersecurity Job Opening Stats

• There are approximately 4.8 million unfilled cybersecurity roles.
• In the US alone, there are currently 514,359 cybersecurity job openings.
• Over a quarter (26%) of cybersecurity roles in the US are currently vacant.
• Virginia has the most cybersecurity job openings in the US (53,855).
• The US cybersecurity workforce gap has grown each year since 2020.
• CISSO is the most in-demand certification in US cybersecurity openings (82,494).

Number of Open Cybersecurity Jobs

Globally, there are an estimated 4.8 million unfilled cybersecurity jobs.

Source: DeepStrike

As the first year of the Trump administration approaches its end, government cybersecurity experts and even some United States government officials are warning that recent White House initiatives—including downsizing and restructuring of the US federal workforce—risk setting the government back on improving and expanding its digital defenses.

expired: US cybersecurity struggling
tired: US cybersecurity improving
wired: US cybersecurity backsliding

Read more Expired/Tired/WIRED 2025 stories here.

For years, the federal government was playing catch-up on cybersecurity, scrambling to replace ancient software, apply security patches to newer systems, and deploy other baseline protections across a massive and disparate population of PCs and other gadgets. With so many agencies and offices that needed upgrading, it was slow going. But as repeated government data breaches drew urgent attention to the issue, and as the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency—founded in 2018—established itself during the early 2020s, minimum standards seemed to be rising. Now, with major staffing cuts at CISA and in other key departments across the government, that incremental progress could quickly erode.

“We’ve spent a lot of time trying to encourage the government to do more, and CISA was doing, you know, a better job,” retiring comptroller general Gene Dodaro told the US Senate Committee on Homeland Security and Governmental Affairs on December 16. He added that the Government Accountability Office has “a lot of open recommendations still for them to do. But I’m concerned that we’re taking our foot off the gas at CISA, and I think we’ll live to regret it.”

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.

Image: Shutterstock, Younes Stiller Kraske.

In May 2024, we scrutinized the history and ownership of Stark Industries Solutions Ltd., a “bulletproof hosting” provider that came online just two weeks before Russia invaded Ukraine and served as a primary staging ground for repeated Kremlin cyberattacks and disinformation efforts. A year later, Stark and its two co-owners were sanctioned by the European Union, but our analysis showed those penalties have done little to stop the Stark proprietors from rebranding and transferring considerable network assets to other entities they control.

In December 2024, KrebsOnSecurity profiled Cryptomus, a financial firm registered in Canada that emerged as the payment processor of choice for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers. In October 2025, Canadian financial regulators ruled that Cryptomus had grossly violated its anti-money laundering laws, and levied a record $176 million fine against the platform.

2025 turned out pretty much as I anticipated. What comes next?

AGI didn’t materialize (contra predictions from Elon Musk and others); GPT-5 was underwhelming, and didn’t solve hallucinations. LLMs still aren’t reliable; the economics look dubious. Few AI companies aside from Nvidia are making a profit, and nobody has much of a technical moat. OpenAI has lost a lot of its lead. Many would agree we have reached a point of diminishing returns for scaling; faith in scaling as a route to AGI has dissipated. Neurosymbolic AI (a hybrid of neural networks and classical approaches) is starting to rise. No system solved more than 4 (or maybe any) of the Marcus-Brundage tasks. Despite all the hype, agents didn’t turn out to be reliable. Overall, by my count, sixteen of my seventeen “high confidence” predictions about 2025 proved to be correct.

Here are six or seven predictions for 2026; the first is a holdover from last year that no longer will surprise many people.

1. We won’t get to AGI in 2026 (or 7). At this point I doubt many people would publicly disagree, but just a few months ago the world was rather different. Astonishing how much the vibe has shifted in just a few months, especially with people like Sutskever and Sutton coming out with their own concerns.
2. Human domestic robots like Optimus and Figure will be all demo and very little product. Reviews by Joanna Stern and Marques Brownle of one early prototype were damning; there will be tons of lab demos but getting these robots to work in people’s homes will be very very hard, as Rodney Brooks has said many times.
3. No country will take a decisive lead in the GenAI “race”.
4. Work on new approaches such as world models and neurosymbolic will escalate.
5. 2025 will be known as the year of the peak bubble, and also the moment at which Wall Street began to lose confidence in generative AI. Valuations may go up before they fall, but the Oracle craze early in September and what has happened since will in hindsight be seen as the beginning of the end.
6. Backlash to Generative AI and radical deregulation will escalate. In the midterms, AI will be an election issue for first time. Trump may eventually distance himself from AI because of this backlash.

And lastly, the seventh: a metaprediction, which is a prediction about predictions. I don’t expect my predictions to be as on target this year as last, for a happy reason: across the field, the intellectual situation has gone from one that was stagnant (all LLMs all the time) and unrealistic (“AGI is nigh”) to one that is more fluid, more realistic, and more open-minded. If anything would lead to genuine progress, it would be that.

A security review of eight popular internet toys found “widespread security and privacy weaknesses,” per a new report shared first with Axios from Mozilla Foundation and cybersecurity consultant 7ASecurity.

Why it matters: Connected toys like tablets, smartwatches, and robots now store everything from a kid’s photos to their location, raising serious privacy concerns and creating new vulnerabilities for hackers and other bad actors.

What’s inside: “Across the smart toys audited for this report, 7ASecurity found widespread security and privacy weaknesses,” the report reads.

• “In practical terms, that means many toys marketed for children could be misused to spy on families, manipulate what kids hear or see, or expose sensitive data.”

The toys on 7ASecurity’s list are:

1. Amazon Fire Kids Tablet
2. Emo Robot
3. Huawei Watch Kids 4
4. PlayShifu Plugo Count
5. TickTalk 5
6. Powerup 4.0 Airplane
7. Sphero Mini Activity Kit
8. GoCube Edge

Security risks include hackers being potentially able to:

• Hijack the speakers of a toy and talk back if kids are using an insecure WiFi network
• Access location data and other personal information like names, birthdates and phone numbers

• Use a Bluetooth-connected toy to remotely control the toy if they’re in pairing range

7ASecurity said it chose toys to research based on popularity with shoppers around the world.

The big picture: The report comes at a time when lawmakers are raising serious concerns about smart toys.

• Sens. Marsha Blackburn (R-Tenn.) and Richard Blumenthal (D-Conn.) wrote to the CEOs of six companies this week demanding answers on safeguards for children using AI-enabled toys.
• “Not only are these products potentially dangerous, but they also collect sensitive data on American families,” the senators wrote.

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president’s efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren’t even aware of them all.

FREE SPEECH

President Trump has repeatedly claimed that a primary reason he lost the 2020 election was that social media and Big Tech companies had conspired to silence conservative voices and stifle free speech. Naturally, the president’s impulse in his second term has been to use the levers of the federal government in an effort to limit the speech of everyday Americans, as well as foreigners wishing to visit the United States.

In September, Donald Trump signed a national security directive known as NSPM-7, which directs federal law enforcement officers and intelligence analysts to target “anti-American” activity, including any “tax crimes” involving extremist groups who defrauded the IRS. According to extensive reporting by journalist Ken Klippenstein, the focus of the order is on those expressing “opposition to law and immigration enforcement; extreme views in favor of mass migration and open borders; adherence to radical gender ideology,” as well as “anti-Americanism,” “anti-capitalism,” and “anti-Christianity.”

Earlier this month, Attorney General Pam Bondi issued a memo advising the FBI to compile a list of Americans whose activities “may constitute domestic terrorism.” Bondi also ordered the FBI to establish a “cash reward system” to encourage the public to report suspected domestic terrorist activity. The memo states that domestic terrorism could include “opposition to law and immigration enforcement” or support for “radical gender ideology.”

On November 13th, Anthropic reported something truly remarkable: they disrupted an almost entirely AI-orchestrated cyber operation. A Chinese state-sponsored group had jury-rigged a framework allowing Claude to orchestrate a battery of agents and off-the-shelf attack tools against up to thirty high-profile targets including “large tech companies, financial institutions, chemical manufacturing companies, and government agencies.” Data theft was the goal and a small number of attacks, it seems, succeeded. The kicker: humans were relegated to an approval role, authorizing attacks and selecting targets, while AI drove 80-90% of actual execution.

It’s hard to overstate how significant this is. In Washington, ‘Sputnik Moment’ gets tossed around so liberally it’s lost almost all meaning. This time, however, the moniker fits. This is something special.

Just like Sputnik, this was unanticipated. Even Anthropic’s own engineers admitted surprise at how quickly AI cyber capabilities evolved at scale. Just like Sputnik, this demonstrates a powerful new military-relevant capability. Intelligent machines, uncapped by human fatigue, knowledge burdens, or labor constraints, are now truly stepping into the cyber battlefield. The result could be a massive step change in attack volume, speed, and effectiveness that many defenders are unequipped to manage.

Finally, just like Sputnik, this is an as-yet crude capability that will only improve. When Sputnik-1 launched, functions were limited to simple radio transmission while battery powered operational life was just three weeks. Anthropic suggests these AI capabilities were likewise limited. Only a small few attacks succeeded while persistent hallucinations undermined success. As was the case for satellite technology, however, this first version is the worst these capabilities will ever be. This is a floor, not a ceiling.

I really wanted to go to last night’s launch event for the San Francisco Chronicle’s book on the Valkyries’ inaugural season, but went to Google’s holiday PR party instead.

🤖 Situational awareness: Time magazine named “the architects of AI” as 2025’s Person of the Year.

• Also breaking this morning: Disney will invest $1 billion in OpenAI and license hundreds of characters to Sora.

Today’s AI+ is 1,105 words, a 4-minute read.

1 big thing: New models could increase cyber risks

Illustration: Aïda Amer/Axios

OpenAI says the cyber capabilities of its frontier AI models are accelerating and warned yesterday that upcoming models are likely to pose a “high” risk, in a report shared first with Axios.

Why it matters: The models’ advances could significantly expand the number of people able to carry out cyberattacks.

Driving the news: OpenAI said it has already seen an increase in capabilities in recent releases, particularly as models are able to operate longer autonomously, paving the way for brute force attacks.

• The company notes that GPT-5 scored a 27% on a capture-the-flag exercise in August, GPT-5.1-Codex-Max was able to score 76% last month.
• “We expect that upcoming AI models will continue on this trajectory,” the company says in the report. “In preparation, we are planning and evaluating as though each new model could reach ‘high’ levels of cybersecurity capability as measured by our Preparedness Framework.”

Researchers from Anthropic said they recently observed the “first reported AI-orchestrated cyber espionage campaign” after detecting China-state hackers using the company’s Claude AI tool in a campaign aimed at dozens of targets. Outside researchers are much more measured in describing the significance of the discovery.

Outside researchers weren’t convinced the discovery was the watershed moment the Anthropic posts made it out to be. They questioned why these sorts of advances are often attributed to malicious hackers when white-hat hackers and developers of legitimate software keep reporting only incremental gains from their use of AI.

“I continue to refuse to believe that attackers are somehow able to get these models to jump through hoops that nobody else can,” Dan Tentler, executive founder of Phobos Group and a researcher with expertise in complex security breaches, told Ars. “Why do the models give these attackers what they want 90% of the time but the rest of us have to deal with ass-kissing, stonewalling, and acid trips?”

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.

In a lawsuit filed in the Southern District of New York on November 12, Google sued to unmask and disrupt 25 “John Doe” defendants allegedly linked to the sale of Lighthouse, a sophisticated phishing kit that makes it simple for even novices to steal payment card data from mobile users. Google said Lighthouse has harmed more than a million victims across 120 countries.

Lighthouse is one of several prolific phishing-as-a-service operations known as the “Smishing Triad,” and collectively they are responsible for sending millions of text messages that spoof the U.S. Postal Service to supposedly collect some outstanding delivery fee, or that pretend to be a local toll road operator warning of a delinquent toll fee. More recently, Lighthouse has been used to spoof e-commerce websites, financial institutions and brokerage firms.

Wiz, the Israeli cloud security firm being acquired by Google-parent Alphabet (NASDAQ:GOOG), just cleared a big regulatory hurdle. The U.S. Justice Department has finished its antitrust review of the $32 billion deal giving Alphabet the green light to move one step closer to closing its biggest acquisition ever.

This is an important milestone, but we’re still in the journey between signing and closing, Wiz CEO Assaf Rappaport said at a Wall Street Journal event on Tuesday. His comments suggest the two companies are making steady progress but still have a few boxes to check before the deal becomes official.

The acquisition is a huge move for Alphabet as it looks to strengthen its cloud and cybersecurity capabilities, especially in a market where competition with Amazon (NASDAQ:AMZN) and Microsoft (NASDAQ:MSFT) is heating up. Bloomberg had previously reported that the DOJ was reviewing the deal to ensure it wouldn’t hurt competition in the cybersecurity space.

With that review now behind them, Alphabet and Wiz are one step closer to sealing one of the biggest tech deals of the year.
 

The Commonwealth Cyber Initiative Accelerator (CCI+A) program is a jam-packed, five-month innovation program that’s fueling cybersecurity entrepreneurship across Virginia. It’s teaching professors and start-ups what it takes to bring technology to market, including how to pitch to a panel of investors and industry leaders. 

“Supporting cybersecurity start-ups and bringing ideas out of universities and into the marketplace are an essential part of the CCI’s mission,” said Luiz DaSilva, executive director of CCI. “We’re excited to help these start-ups reach their milestones and create new opportunities and jobs in the commonwealth.” 

The program began at George Mason University and has expanded statewide. It’s co-funded by the CCI Northern Virginia Node and the CCI Hub. 

Since its launch at George Mason University in 2022, CCI+A has accelerated 34 technologies from across Virginia,” said Liza Wilson Durant, CCI Northern Virginia Node director, associate dean of strategic initiatives and community engagement at George Mason, and College of Engineering and Computer professor. “Each year we’ve seen the teams increase their customer engagement and elevate their competitive pitch performance. It’s exciting to see several entities undergo acquisition and see the impact of the program on Virginia economic development.” 

The CCI+A program works on two tracks—the CATAPULT Fund supports teams emerging from Virginia public research universities and the ASCEND Fund focuses on start-up teams collaborating with faculty subject matter experts. The teams receive up to $75,000 to help them commercialize their technology. 

CCI funded 10 projects this year. On October 16, teams from both tracks competed to pitch their start-ups to a panel of investors and industry leaders. The winning team from each category received an additional $5,000 in funding. 

• The CATAPULT winning team is DeepScan, led by Rui Ning, an assistant professor in computer science at Old Dominion University (ODU). The team also includes Maia Lin and Yao Wang from ODU. 

• The ASCEND winning team is Glacier21, a start-up led by CEO Ren McEachern, a former FBI agent. Team members include Robert Appleton, Mike Borowski, Neil Alexander, along with George Mason professor Foteini Baldimsti. 

The CCI+A program is coordinated by Gisele Stolz, senior director of entrepreneurship and innovation at George Mason. 

Meet the Winners 

DeepScan 

While artificial intelligence is quickly becoming a requirement on our smartphones and other devices, security is lagging, said Ning, DeepScan team lead. Hidden triggers can hijack behavior, and many apps ship models that are easy to tamper with. DeepScan promises to protect on-device AI without slowing down performance. First-time winner Ning is a veteran of CCI+A and put what he learned from a past program to good use. 

“The program taught me how to communicate technical ideas in a way that connects with broader audiences,” Ning said. “I’ve always been curious about entrepreneurship because it feels like a natural way to translate research into something that can make a difference. It’s another path to extend our impact beyond papers and grants.” 

Glacier21 

Glacier21 is focusing on combating illicit cryptocurrency activities. The platform integrates data from such sources as social media, data leaks, and the deep/dark web to uncover complex connections between crypto wallets, businesses, and individuals. 

CCI+A helped the team with the execution, McEachern said. “When we were lucky enough to be selected into the CCI+A program, it didn’t just open up some resources; it opened up access to people and vast networks that totally changed our strategy and our thinking.” 

Foteini Baldimsti, an associate professor of computer science at Mason, worked with Glacier21 to provide technical expertise. “It’s very nice to see how your academic work can help a start-up and give technical knowledge,” Baldimsti said. “But I think it’s also very interesting as an academic to learn from this project and from the CCI+A program about how you can bring your own ideas and how you can participate in one of the next cohorts and be on the other side as the founder of the company. I think this experience has been very, very valuable.” 

The consulting firm Accenture recently laid off 11,000 employees while expanding its efforts to train workers to use artificial intelligence. It’s a sharp reminder that the same technology driving efficiency is also redefining what it takes to keep a job.

And Accenture isn’t alone. IBM has already replaced hundreds of roles with AI systems, while creating new jobs in sales and marketing. Amazon cut staff even as it expands teams that build and manage AI tools. Across industries, from banks to hospitals and creative companies, workers and managers alike are trying to understand which roles will disappear, which will evolve and which new ones will emerge.

I research and teach at Drexel University’s LeBow College of Business, studying how technology changes work and decision-making. My students often ask how they can stay employable in the age of AI. Executives ask me how to build trust in technology that seems to move faster than people can adapt to it. In the end, both groups are really asking the same thing: Which skills matter most in an economy where machines can learn?

To answer this, I analyzed data from two surveys my colleagues and I conducted over this summer. For the first, the Data Integrity & AI Readiness Survey, we asked 550 companies across the country how they use and invest in AI. For the second, the College Hiring Outlook Survey, we looked at how 470 employers viewed entry-level hiring, workforce development and AI skills in candidates. These studies show both sides of the equation: those building AI and those learning to work with it.

AI is everywhere, but are people ready?

More than half of organizations told us that AI now drives daily decision-making, yet only 38% believe their employees are fully prepared to use it. This gap is reshaping today’s job market. AI isn’t just replacing workers; it’s revealing who’s ready to work alongside it.

Our data also shows a contradiction. While many companies now depend on AI internally, only 27% of recruiters say they’re comfortable with applicants using AI tools for tasks such as writing resumes or researching salary ranges.

In other words, the same tools companies trust for business decisions still raise doubts when job seekers use them for career advancement. Until that view changes, even skilled workers will keep getting mixed messages about what “responsible AI use” really means.

In the Data Integrity & AI Readiness Survey, this readiness gap showed up most clearly in customer-facing and operational jobs such as marketing and sales. These are the same areas where automation is advancing quickly, and layoffs tend to occur when technology evolves faster than people can adapt.

At the same time, we found that many employers haven’t updated their degree or credential requirements. They’re still hiring for yesterday’s resumes while, tomorrow’s work demands fluency in AI. The problem isn’t that people are being replaced by AI; it’s that technology is evolving faster than most workers can adapt.

Fluency and trust: The real foundations of adaptability

Our research suggests that the skills most closely linked with adaptability share one theme, what I call “human-AI fluency.” This means being able to work with smart systems, question their results and keep learning as things change.

Across companies, the biggest challenges lie in expanding AI, ensuring compliance with ethical and regulatory standards and connecting AI to real business goals. These hurdles aren’t about coding; they’re about good judgment.

In my classes, I emphasize that the future will favor people who can turn machine output into useful human insight. I call this digital bilingualism: the ability to fluently navigate both human judgment and machine logic.

What management experts call “reskilling” – or learning new skills to adapt to a new role or major changes in an old one – works best when people feel safe to learn. In our Data Integrity & AI Readiness Survey, organizations with strong governance and high trust were nearly twice as likely to report gains in performance and innovation. The data suggests that when people trust their leaders and systems, they’re more willing to experiment and learn from mistakes. In that way, trust turns technology from something to fear into something to learn from, giving employees the confidence to adapt.

According to the College Hiring Outlook Survey, about 86% of employers now offer internal training or online boot camps, yet only 36% say AI-related skills are important for entry-level roles. Most training still focuses on traditional skills rather than those needed for emerging AI jobs.

The most successful companies make learning part of the job itself. They build opportunities to learn into real projects and encourage employees to experiment. I often remind leaders that the goal isn’t just to train people to use AI but to help them think alongside it. This is how trust becomes the foundation for growth, and how reskilling helps retain employees.

The new rules of hiring

In my view, the companies leading in AI aren’t just cutting jobs; they’re redefining them. To succeed, I believe companies will need to hire people who can connect technology with good judgment, question what AI produces, explain it clearly and turn it into business value.

In companies that are putting AI to work most effectively, hiring isn’t just about resumes anymore. What matters is how people apply traits like curiosity and judgment to intelligent tools. I believe these trends are leading to new hybrid roles such as AI translators, who help decision-makers understand what AI insights mean and how to act on them, and digital coaches, who teach teams to work alongside intelligent systems. Each of these roles connects human judgment with machine intelligence, showing how future jobs will blend technical skills with human insight.

That blend of judgment and adaptability is the new competitive advantage. The future won’t just reward the most technical workers, but those who can turn intelligence – human or artificial – into real-world value.

A team of faculty and students from George Mason University recently discovered a vulnerability in a widely used anonymization tool. They presented their findings last week in Taiwan at the Association for Computing Machinery Conference on Computer and Communications Security (ACM CCS), one of the world’s most prestigious computer security conferences, with a very low paper acceptance rate.

The project was supported by a Commonwealth Cyber Initiative (CCI) grant from the program, “Securing Interactions between Humans and Machines,” and as a requirement of the grant, the project crossed different parts of the university. The College of Engineering and Computing collaborated with Mason and Partners (MAP) Clinics, which provided the data.

When George Mason University cyber security engineering student Noah Hinger interned at Surefire Cyber in summer 2023, his managers were so impressed with his work that they invited him back. Thanks to his previous experience, the Honors College student was able to take on more responsibility this summer at the computer security company and contribute to more projects. 

“The experience from my first summer here let me understand what was happening and contribute across the company,” said Hinger, who is a sophomore in the College of Engineering and Computing. “Surefire Cyber has an amazing internship program. They’re investing in us by having professional development meetings and providing us with the opportunity to talk to experts from different fields.” said Hinger. 

“I think it’s helped me a lot to be able to practice my independence and accountability,” said Hinger, who also competes in George Mason’s Chess and Competitive Cyber Clubs. “I’ve had the chance to do projects on my own without necessarily needing to report to someone, and I’ve also learned so much from all the smart people at Surefire Cyber.” 

What made you choose Surefire Cyber for your internships?  

Surefire Cyber is a digital forensics and incident response company. When an organization gets hacked, they call Surefire Cyber to conduct an investigation and restore systems so that everything’s OK. As a technology intern, I am helping develop the code that our forensic analysts use to figure out what’s happened and retrieve all the essential data. Surefire Cyber is really exceptional at using a lot of automation tools so that the forensic analysts can focus more on the big picture and the data they’re working with.  

What does a typical day interning at Surefire Cyber look like for you?  

I work under two groups: software development and information operations, or DevOps, and security engineering. For DevOps, I help to manage company infrastructure and work on a lot of coding assignments.  

Traditionally, there are software developers, and there are operations, which maintain it. DevOps is kind of a hybrid role, which means it entails coding, setting up servers, and being responsible for maintaining the infrastructure.  

How would you say George Mason has helped prepare you for this role?  

I definitely think more critically when problem-solving this time around, and I think that’s in part due to George Mason, especially the Honors College research and literature classes that I’ve taken. I’m learning about a lot of new technologies in real time, so I have to be able to research and read about them and then apply that knowledge to my work. The courses have definitely helped me when it comes absorbing the information I’m reading about and then transferring it to my assignments at Surefire Cyber.  

Another thing about the Honors College is that I get to meet different people from different disciplines, and that’s really helped me at Surefire Cyber when connecting and networking with colleagues. I think that’s been really rewarding and something that George Mason’s helped prepare me for.  

I’ve also gotten a lot of experience in my systems engineering and digital systems engineering classes, and getting to see what goes into a lot of security minded decisions is very similar to what I’m doing in this internship.  

What’s your favorite thing about interning at Surefire Cyber?  

My favorite thing about the company is that it’s always driving innovation and new discoveries within cybersecurity and digital forensics. They’re always pushing for the best and trying to help people. That’s the whole point of digital forensics is to be there for and helping them out on the worst day of their life.  

Fatima Majid, a George Mason University senior majoring in cyber security engineering, was not just the only one-person team in the top 10 award winners at a recent National Defense Industrial Association (NDIA) cyber competition, she was the only student team. Majid placed ninth out of 51 teams, most of them comprising industry experts.  

“I went in, and they were all professional teams, like from Lockheed Martin. I thought, ‘I want to go home,’” said Majid with a laugh, describing her initial cold feet. “But I told myself I could do it. It helped that it was hosted at George Mason, and I had professors there giving me support.”  

Her project focused on how the Department of Defense (DoD) can protect critical U.S. infrastructure against low-cost drone attacks at scale, informed by Ukraine’s “Operation Spiderweb,” which used 117 drones to attack Russian air bases in June 2025.  

Majid spent the summer in Richmond during a public policy internship. Photo provided

Majid’s lightbulb moment came with a flash as bright as a Virginia speed camera catching a lead-footed driver. Considering the significant network of traffic cameras in the commonwealth, she conceived SkyEyes. This applies an artificial intelligence (AI) model to the live feed of the Virginia 511 camera network, which provides real-time traffic information to citizens and transportation officials. SkyEyes demonstrated how a low-cost, AI-enabled surveillance layer could differentiate threats from non-threats, employing geofencing logic to define safe versus threat zones around sensitive sites. 

“I understand how drones work because of what I’ve done at George Mason’s MIX lab—and since I know how to build it, I also know how to jam it. I trained the AI model on a data set provided from a contest sponsor, and that data set had drone imaging and drone prototyping,” she said. “The camera feeds can find objects flying, but what if it’s an Amazon drone, for example? Then I added geofencing and threat analysis to observe the behavior of the drone—if it’s a drone at 2 a.m., for example, maybe that’s sketchy. So, the model gets smarter.”  

Majid said that to access the cameras, all she had to do was make a phone call to the right person and explain her project. She cited time spent this summer at the Virginia Academy of Science, Engineering, and Medicine in the Undergraduate Policy Program (VASEM UPP) in Richmond as giving her confidence and exposure to how government works.  

K. L. Akerlof, an associate professor in the Department of Environmental Science and Policy at George Mason, said, “The VASEM UPP is a unique opportunity for undergraduates to learn about opportunities in science policy at the state level. The immersive experience of spending a week in Richmond visiting the General Assembly and state agencies, while getting a crash course in how research evidence relates to public policy, can open new doors and career pathways.” 

Majid said the strong showing gave her tremendous exposure to influential professional contacts. She fielded several questions about her simulation and future professional plans from a man she only later realized was Retired Brigadier General and NDIA Executive Vice President Guy Walsh. 

“Because he showed interest, after he walked away, a crowd of people gathered around to ask me questions. It was very validating.”  

She also had a long conversation about her project with Harley Stout, acting chief digital and AI officer at the Joint Chiefs of Staff. 

Majid is still pleasantly shocked by her top-10 finish. She is working with Mohamed Gebril, an associate professor in Cyber Security Engineering, on expanding the research. She is confident that such a cost-efficient solution for critical infrastructure protection against drone attacks will attract more funding opportunities.  

She credited the supportive culture at Mason—and her family—for keeping her grounded and encouraging her throughout, saying their support made the accomplishment even more meaningful.

When George Mason University cyber security engineering major Connor Wadlin learned about ransomware attacks on organizations, such as the one on the Health Service Executive in Ireland, in his CYSE 445 System Security and Resilience class, it confirmed his commitment to dedicating his educational and professional career to protecting and preserving human lives.

“There’s nothing more important than protecting and defending others. As an engineer, I’m driven to get important work done by thinking about complex problems and finding suitable solutions,” said Wadlin, who is from Leesburg, Virginia.

Since winter 2024, the Honors College student has been interning at the Commonwealth Cyber Initiative(CCI) Northern Virginia Node, George Mason’s branch of the statewide network dedicated of excellence in cybersecurity research. CCI’s mission includes workforce development through training the next generation of cybersecurity experts.

“It’s a super exciting job because I get to work with AprilTags, which are on objects that the drone’s camera then sees and scans. Instead of sharing data, the tags utilize location information for navigation, tracking objects, or pathing purposes,” he said.

Wadlin is also simulating drone flight with the Microsoft tool Air Sim, a project he presented at the CCI Symposium in April. “I created a model with a 98% accuracy, really high F1 score—higher than what we could find on the market—detecting collisions so the drones would be able to respond to anomalous factors such as objects that get too close, environmental variables, cyber-attacks, and more,” he explained.

Wadlin learned about many of the tools he’s currently using for CCI in his classes with College of Engineering and Computing professors, such as his mentor Mohamed Gebril, an associate professor in the Department of Cyber Security Engineering. 

“George Mason supports people where they are to get them where they want to be,” Wadlin said.  

The skills Wadlin has acquired during his time at George Mason and in his work with CCI have enable him to help other students in their studies.  

“Connor is a very skilled student and has been able to develop different programs, as well as 12 labs for sophomore- and freshman-level students at George Mason. He even assists the students during our workshops,” said Gebril. 

Wadlin is participating in George Mason’s Bachelor’s to Accelerated Master’s Program and will to pursuing a master’s degree also in cyber security. Gebril said he’s looking forward to having Wadlin in his classes again as a graduate student. 

“It will be a smooth transition from the undergraduate to the graduate level because the curriculum aligns well with the CCI mission, which is to equip our students with the tools to conduct research activity and develop cutting–edge technology,” said Gebril. 

Wadlin’s team is also working to develop a first–of–its–kind cyber drone race that incorporates cybersecurity challenges and artificial intelligence for undergraduate students.  

Wadlin was diagnosed with autism at 19 and sees this diagnosis as working to his advantage by allowing him to see things from different perspectives and approach problems with his own unique ideas. 

“As an engineer, you have to ask yourself ‘how is this making the world a better place?’ That’s always got to be the end goal,” said Wadlin. 

George Mason University has appointed Massimiliano Albanese as executive director of the Institute for Digital Innovation (IDIA)—a pivotal move as the university strengthens its position as a leader in cutting-edge research and technological advancement.

Albanese, who joined George Mason in 2011, currently serves as a professor and associate chair for research in the Department of Information Sciences and Technology within the College of Engineering and Computing. For over a decade, he has served as associate director of the Center for Secure Information Systems, where he has played a critical role in shaping the university’s research strategy in cybersecurity and information technology.

A recognized expert in cyberattack modeling and detection, optimal defense strategies, and adaptive security technologies, Albanese brings a deep understanding of digital systems to his new role. His research portfolio includes participation in projects totaling $13 million, six U.S. patents, two books, and 90 peer-reviewed publications. He is a recipient of George Mason’s Emerging Researcher/Scholar/Creator Award and earned his MS and PhD in computer science and engineering from the University of Naples Federico II, Italy.

“Dr. Albanese is an outstanding leader and researcher who understands the importance of collaboration and innovation in driving progress,” said Andre Marshall, vice president for research, innovation, and economic impact. “His depth of expertise in cybersecurity and digital systems, combined with his proven ability to foster interdisciplinary partnerships, makes him uniquely suited for this role. Under his leadership, we look forward to strengthening IDIA’s mission of advancing digital innovation, expanding cross-disciplinary collaboration across the university, and positioning George Mason as a national leader in solving complex technological challenges.”

Albanese steps into this role at a crucial moment for both George Mason and the technology landscape—particularly with the rise of artificial intelligence (AI) and other emerging technologies. His mission is clear: to drive impact through collaboration and to position George Mason at the forefront of digital innovation.

“This is a very interesting time to be in this position,” Albanese said. “By connecting digital innovation with AI and other emerging technologies, we can make a real difference—not just at George Mason, but for the nation and the world.”

AI’s rapid advancement offers tremendous opportunities as well as complex challenges, he said.

Albanese’s vision for IDIA centers on building a culture of collaboration that unites faculty, students, researchers, and external stakeholders. He said he plans to start by strengthening partnerships with the university’s other research centers and institutes.

The university’s Grand Challenge Initiative (GCI) provides opportunities to apply digital innovation to critical sectors.

“None of these solutions can be achieved without a collaborative mindset because they are inherently complex and multidisciplinary. We are at a point in time of rapid AI growth that is changing the way we approach everything: AI and digital innovation will play a critical role in advancing GCI.”

Another priority for Albanese is diversifying IDIA’s funding sources in response to tighter federal budgets. He said he intends to strengthen existing partnerships with industry and nonprofits, and develop new public-private collaborations to ensure the institute remains resilient and impactful. He notes that as funding becomes more challenging to secure, the university must become more efficient. And one way to do that is for “IDIA to work closely with other institutes and research centers on campus to increase awareness of who is doing what and join forces to have a better impact.”

Albanese sees IDIA as a critical driver in elevating George Mason’s reputation as a leading public research university. His strategy includes promoting technology transfer, supporting start-ups, and creating stronger connections between faculty and industry partners to bring innovations from the lab to the marketplace.

“There is a lot of competition to attract students and resources, and we must establish ourselves as the lead,” he said. “IDIA can help put George Mason at the forefront of research by leveraging our strengths and bringing talented people together to solve big problems.”

Looking ahead, Albanese encourages students and researchers to adopt a problem-driven approach to innovation and become problem solvers. “We should reach out to stakeholders with real-world challenges and develop solutions that truly address those needs.”

By fostering collaboration, driving interdisciplinary research, and forging strong partnerships with industry and government, Albanese aims to position IDIA—and the university—as a national leader in solving complex, real-world problems through technology.

Enable AI. Reduce cybercrime. Unleash abundance

Perhaps the biggest near-term AI opportunity is reducing cybercrime costs. With serious attacks unfolding almost daily, digital insecurity’s economic weight has truly grown out of control. Per the European Commission, global cybercrime costs in 2020 were estimated at 5.5 trillion euros (around $6.43 trillion). Since then, costs have only spiraled. In 2025, Cybersecurity Ventures estimates annual costs will hit $10 trillion, a showstopping 9 percent of global GDP. As Bloomberg notes, global cybercrime is now the world’s third-largest economy. This is truly an unrivaled crisis.

Thankfully, it is also an unrivaled opportunity. Given the problem’s sheer scale, any technology, process, or policy that shaves off just a sliver of these cyber costs has percentage point growth potential. Reduce cyber threats, and abundance will follow.

The immense potential of software translation is far from the only near-term AI opportunity. Already, studies have proven AI can automate vulnerability detection—that is, AI can discover serious security issues without human involvement. Soon, software could be proactively secured even before it ships. Likewise, advances in AI task completion suggest software patches could soon be automated. In a few years, software fixes could be generated and shipped just moments after insecurities are discovered. Beyond, we find countless other possibilities in advanced cyber intelligence, threat detection, real-time response, and more.