Ron Gula

vRon became a cyber game show host ..... youtu.be/2_21XMJVQ5c

In 2006, an Italian filmmaker quietly made the best cybersecurity movie nobody watched — and predicted the NSA surveillance debate 7 years before Snowden. New vRon: why The Listening still holds up. youtu.be/OFC_9RtHApY

There Is No Security Meter For AI. That's the title of the new Berryville Institute of Machine Learning paper from Gary McGraw, Harold Figueroa, Katie McMahon, and Richie Bonett. The argument: every "AI security score" you've been shown is theater. In 12 minutes vRon walks the badness-ometer, the Strange Loop, the WHAT pile, and where whitebox interpretability fits. youtu.be/6hpvMzxNyCM 📄 #AISecurity #MLsec #BIML

I had my AI comedian debate my AI Mentat from Dune about the pros and cons about AI. Lots of fun, a sword fight, a sandworm, a Bene Gesserit and more show up. youtu.be/N7B4cj2TVDc

Gary Cynfeld on the CANVAS hack: youtu.be/WHPuiqS1fP0

You used to need to retrain a six-figure LLM to change one behavior. That's ending. Last week the Qwen team open-sourced Qwen-Scope — interpretability tools that let you find a specific feature inside a trained model and edit it. No retraining. Our portfolio company @StarseerAI is doing the same across model families: 3 layers out of 32 catch jailbreaks at 99.2% accuracy in 38ms. New vRon explainer: youtu.be/BmO8GBY2ExQ

We analyzed the new Copy Fail exploit and have a detection you can use agentlessly with @SandflySecurity to find processes that likely had privilege escalation with this attack. You can read more about it and get a rule to deploy here: sandflysecurity.com/blog/detecting…

€5.65 billion in GDPR fines. 2,500+ enforcement actions. All sitting in a free, public database almost nobody outside the privacy bubble actually reads. It's called the GDPR Enforcement Tracker (EnforcementTracker.com), run by CMS. If you're a CISO, board member, insurer, or founder building in privacy or data governance — bookmark it. Thirty minutes in the data beats a quarter of compliance theater. vRon walks through why it matters and the seven ways to use it 👇 youtu.be/jLobPuOPRLU

I’m speaking about Linux malware at a private telecom security conference at @ericsson HQ in Stockholm. They have all their gear on display. It’s really impressive.

When a nation-state runs an AI through tens of thousands of prompts to copy it, that's not "misuse" — that's the new supply chain attack. youtu.be/glWnN3OH2LU

Codename: CARR. Sponsor: FSB. Cover: Telegram hacktivists. They opened pumps at US water plants and ordered operators to disable oil-and-gas alarms — "to increase the probability of a real accident." One indictment that reads like a James Bond evil cyber villain. youtu.be/3oEgZmaJF24?si…

May the 4th, but for the SOC. Our AI comedian, Gary Cynfeld, does a new set that treats Star Wars as what it actually is: the longest-running case study in cyber malpractice ever filmed. youtube.com/watch?v=u1mI1f…

Thank you @Dave_Maynor for pointing out that the CARR Indictment would make a great vRon short: youtu.be/3oEgZmaJF24

New Gary Cynfeld bit — "NOT SCHEDULED" — the only maintenance window that ever started on time was the one nobody told you about. youtu.be/Gv4qxnie5EY

@ramizwebti Bromure is free and keeps your browsing isolated. I use one policy for work, one for browsing the Internet, one for Claude to use and let go wild through MCP, one for my banks.

@RonGula the isolation layer is insurance nobody values until the breach hits. convincing someone to spin up a VM when chrome loads in 0.2 seconds? you're selling future pain prevention to people who don't feel current pain.

Just dropped a new video on Bromure — a free secure browser and agentic coding solution from fellow Tenable co-founder Renaud Deraison. Under the hood it's Chromium running inside a Linux VM on a hypervisor, with super minimal access to your host system — but it's slick enough that it just feels like a browser. Classic Renaud: solving the right problem the right way. I had vRon go wild showing how much LinkedIn pulls off your browser — and how Bromure keeps you in control with your choice of VPN, privacy settings, and policy. youtube.com/watch?v=2RRInn…

Threat intell company @GreyNoiseIO just measured the internet's pre-disclosure scanning surge against 18 edge-device vendors and found a median 11 days of free warning before a CVE drops; the data is real, the methodology is honest, and the warning window is shrinking everywhere. youtu.be/A5USuP-o4co

Jericho (@attritionorg) wrote a great piece on how NVD was playing shell games with enriching vulnerability definition. I had vRon expand on this in a video below. youtu.be/JY63jOpWFPc

vRon introduction video on how network and internet scanning works: youtu.be/XkN-1EC7RGU