Katie🌻Moussouris (she/her/she-ra/she-hulk) 🪷
@k8em0
@LutaSecurity CEO @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, hacker @k8em0.bsky.social Legacy blue check
@LutaSecurity is announcing our new Workforce Platform private alpha with automatic profit-sharing, inviting US individuals & companies to apply. This is an evolution in capitalism & how we work & succeed together Blog: lutasecurity.com/post/hacking-c… Apply: lutasecurity.com/alpha-platform
One of the strangest myths about vulnerability disclosure policies & programs is that they have always been ways for vendors to receive vulnerability reports. Nah, these policies were borne out of hackers telling vendors when to expect public disclosure to inform & protect users.
For any newcomers who are reading along: There were certainly Disclosure policies before Microsoft’s, but they were mostly from hackers, like RFPolicy by rain forest puppy. I based Microsoft’s & Symantec Vuln Research’s Disclosure policies on AtStake’s, which was based on RFP’s
No more AI that uses DEI? Better stop all those voice commands & voice outputs then. Them’s a disability accommodation right thar.
🚨Today, the NCSC is revealing that Russian military intelligence has been responsible for deploying a sophisticated malware dubbed AUTHENTIC ANTICS as part of its operations. ncsc.gov.uk/news/uk-call-o…
There’s bad trouble & there’s #GoodTrouble Make good choices, on and off the kiss cam goodtroubleliveson.org
Let’s get into some #GoodTrouble today
Healthy wildlife and communities depend on a healthy democracy. The legacy of the late great #JohnLewis was rooted in the fight for voting access for all Americans. This fight continues – Good Trouble Lives On! To find a #GoodTroubleLivesOn event, visit goodtroubleliveson.org
This podcast with @ianlpaterson was such a pleasure to record. It has some of the origin lore of Hack the Pentagon and my thoughts on the inescapable realities of the Vulnerability Equities Process and much more. plurilock.com/podcast/code-a… @LutaSecurity
Another fun fact: This vulnerability was one that helped me launch Microsoft Vulnerability Research (MSVR), the first major software vendor multiparty vulnerability coordination process & 3rd party vuln research & reporting process. Google Project Zero followed ~7 years later.
Fun fact: this vulnerability spurred the creation of the pwnies.
My nephew loves the outdoors & he’s competing to win a spot in a Ranger Rick magazine. You can vote for free with Facebook verification. Votes are doubled today (Sunday). Si Yu'us Ma'åse (that’s thank you in CHamoru)🙏🏼 jr-ranger.org/2025/alexander…
UBI would make every day #IndependenceDay
Universal basic income is what true independence would look like. A high enough UBI would be FU money for all of society. They don't want you to have the power to refuse low wages and the freedom to make your own choices and pursue what you want. It's why we have to fight for it!
. @CurrentJen tops the list of people who have enabled me to grow as a person & professional. She’s the best person to strategically work towards company goals while effortlessly handling the gnarliest security crisis comms. Hire Jen Wood if you “take security very seriously.”
After five incredible years at @LutaSecurity, I’ll be moving on at the end of the month and looking for a new senior communications leadership role within the cybersecurity industry. For more info about my background, please read: tinyurl.com/yeyw4xb6. Thanks!
BREAKING: New report jointly-published by the NSF and @fundforhumanity on the impact of AI on the labor market concludes that 25% of workers will be displaced in the next 3 years. You can use this link to input your job to check your job risk score. 👇 fundforhumanity.org/national-scien…
"AI isn't coming for everybody's job — it's coming for the jobs of people who don't learn to use AI." I don't think he means for that to come off as a threat, but it is. Here's the deal. We all should benefit from AI, whether we choose to use it or not, our work helped train it
🎤 Keynote Announcement 🎤 We're excited to announce Katie Moussouris (@k8em0) as keynote speaker for No Hat 2025! Founder/CEO of @LutaSecurity, leading voice in vuln disclosure & bug bounties. Seen at Black Hat, DEF CON, RSA now live in Bergamo, Italy on Oct 18th! #nohat2025
It's time to reorient ourselves with the Disgruntled Former Teammate & Insider Threat Prevention Handbook.
This was just posted by Elon Musk. (Not a joke)
It’s not every day one of my quotes is used as part of a headline, but when it is, I’m glad it’s @WIRED The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare | @mjgault writing for WIRED wired.com/story/youre-no…
There will be significant effects on national security from these CISA budget & personnel cuts. There has also been a general sharp downturn in cyber spending & jobs across the board in the private sector. The net effect is a nation weakening as attacks increase.
New: Trump's proposed CISA budget would cut $425M and >1,000 positions, w/ deep cuts to partner engagement & risk analysis. Cuts would affect vuln assessments, shared services, trainings, election security, intl affairs, & more. My story w/ full details: cybersecuritydive.com/news/cisa-trum…
Voice clones are easy. Be suspicious even if a call appears to be from someone you know. Also…Don’t set up voice authentication for banking.
AI voice clones have hit the White House! If your team isn’t prepared to catch and stop these voice clone attacks, now’s a good time to get them educated and set up. Use a 2nd method of communication to verify identity before sending money, docs, data, etc. Be politely paranoid.
We're now up to 29 out of 45 @wisporg scholars donated for thanks to Phil Hagen, @shawnbass, @alvaroprieto, Michael Saldivar, Charlie Thomas, Anons, and @ellwoodthewood!! Who can get us to 30 today!? wisporg.app.neoncrm.com/forms/hackersu…
I just donated $1000 to send a @wisporg Scholar to @defcon @BlackHatEvents @DianaInitiative @_squadcon Join us in opening doors for fellow travelers! Link below.
In only 4 days we're now at 18 (!!!) @WISPorg Scholars covered for @defcon @BlackHatEvents @DianaInitiative @_squadcon to show their skills & find their next job! Thank you @wendiwhitmore, Jake, Sara, Helen, anons! Who can help us hit 20 scholars today??! wisporg.app.neoncrm.com/forms/hackersu…
NIST’s proposed Likely Exploited Vulnerabilities equation is interesting, & similar predictive attempts were made by Microsoft over 16 years ago w the Exploitability Index. My concern is always an over reliance on data that may not apply to your org. My comments in the article
Includes comments from @LutaSecurity CEO @k8em0