Schneier on Security

Clive Robinson • January 16, 2026 5:05 AM

@ Winter,

With regards your “note 2” of,

“Non-trivial in the mathematical sense, ie, probably impossible.”

I made a similar point about AI “Prompt Injection” attacks above.

But it’s got really quite bad as researchers have found out how to do it on legitimate URLs that you only need click on once that cascade into a chain attack.

See my comment on the squid page,

https://www.schneier.com/blog/archives/2026/01/friday-squid-blogging-the-chinese-squid-fishing-fleet-off-the-argentine-coast.html/#comment-451370

And actually see the announcement article,

https://thehackernews.com/2026/01/researchers-reveal-reprompt-attack.html

Because it has a whole load of links to other Prompt Injection attack type etc, I suspect you will be interested in.

Clive Robinson • January 16, 2026 9:48 AM

@ Winter, ALL,

With regards,

“SBOMs might eventually help in this. But no one seems to know when”

Call me cynical but I do not think they ever will.

Legislative wise SBOMs have no real teeth, and those who should be responsible thus have “no skin in the game”.

To get the teeth, requires not subject legislation with real penalties, but a compleate overhall if corporate law, regulation and oversight with very real “person natural” punishments such as long jail time and striping of all assets they’ve ever touched. The “person legal” pretense that boils down to fines that can be turned into tax deductables are thus just seen as,

“The lower cost of doing business.”

It was only when the EU came up with fines relating to a percentage of global turn over that those execs and large share holders suddenly started taking notice.

Also I like Cory Doctorow’s idea of killing DMCA 1201 equivalents as punishment.

It’s having it forced in as part of every trade agreement and dispute resolution process the equivalent of 1201… Built into every countries legislation to protect only US Corporate Interests that has caused US Corporates to have an unfair advantage that they abuse in every way possible…

Suspend or remove it and suddenly a Corporate is facing very real issues, the cost of which can not be made tax deductable thus will rapidly start to bite.

Clive Robinson • January 17, 2026 8:04 AM

@ iAPX, ALL,

With regards your,

“AI Agentic and security in the same sentence is an oxymoron.”

Is true enough, but it does not address the very real issue of,

“Benefits to attackers, and significant harms to defenders.”

Microsoft for “share price / politics” reasons has made three things abundantly clear,

1, Your computer will be connected to their cloud servers so rent can be levied on you ad infinitum.

2, Your computer will have “client side scanning” built in and non disableable to keep legislators “happy” and Guard Labour entities “informed”.

3, You will have “AI in everything both locally and via the cloud” to make a very very poor investment choice look like it has a future ROI to keep shareholders happy.

The harms to a user of such a computer are without doubt immense both now and increasingly into the future.

Put simply you will not be able as a person with a legal duty of care to maintain “privilege”…

Likewise Government entities will need for “National Security” reasons to not have any form of connectivity that is visible outside of highly restricted domains and their perimeters that they define (think segregation / gapping).

Which means that Microsoft will have to have customers,

1, That have privilege and rights.
2, The rest that have the opposite.

It’s why I’ve repeatedly warned Current AI LLM and ML Systems are the most insidious form of surveillance yet made (and it will get worse).

Hence I’ve said on a few occasions that Microsft has the “Be Plan” for AI of,

“Bedazzle, Beguile, Bewitch, Befriend and Betray””

Which so far covers ChatBots and AI Agents which I expect will also be the case for other computer and electronic communications use.

Where Microsoft and others profit directly and indirectly from the “Betray” aspect of what is “Client sides scanning with System Administrator Privileges”.

Not just to “See Anything and Anywhere”(SAA) a user and administrator can, but more importantly “Put Anything Anywhere”(PAA) effectively in a compleatly undifferentiated from the human user or administrator…

Imagine if you will how an attacker could use that with regards CSAM for which in many jurisdictions there is “No legal defence” if found in your possession.

But you don’t actuall have to “imagine” in the UK we know from two decades ago what can happen, because in a way it already has.

Look up “Operation Ore” where criminals in Hong Kong used unlawfully acquired Credit Card Details to “enroll people” into a financial gateway / Portal in Texas USA controlled by “Landslide Productions Inc” that was investigated by the FBI for around three years from 1999 or before.

https://en.wikipedia.org/wiki/Operation_Ore

The FBI having no duty of care to non US Citizens fabricated evidence to increase the likelihood of convictions. UK police authorities likewise fabricated and failed to disclose.

Somebody I knew professionally got accused and it destroyed his career, his marriage, his family and his mental health.

After we independently investigated we could show that he had never used the portal. As he traveled a lot on business he was provably on an aircraft when the supposed access by him was made. Back then the internet was not available on aircraft. So the Police tried to accuse another member of his family all based on records the FBI had supplied to the UK Police task force run by a man with a more than somewhat questionable past in Military Police and Northern Ireland RUC during “The Troubles” (Jim Gamble even admits indirectly his past had consequences),

https://en.wikipedia.org/wiki/Jim_Gamble

What is said publicly is the FBI provided a list of credit cards to UK Met Police that were on the Landslide Portal, but they failed to disclose two things,

1, The FBI had tampered with evidence they had provided.
2, There were no legally sound connection that could be drawn from the Landslide records and CSAM (in fact the opposite was true and the FBI knew it).

Those in Operation Ore sucked in policing and other resources at such a level that the UK Government had to make special provisions that on the “Peter Robs Paul Principle” were taken from legitimate “child safeguarding” agencies and activities. So causing actual harm to children (that is still happening as a consequence).

They were thus pressured by “the need to succeed” and it quickly became clear to them they were going to fail and fail badly. So their behaviour became at best “unreal” (hence the more than 30 suicides).

What the Met Police and UK CPS did not reveal to those accused was that independent investigators including myself and a friend had found out that most of the defendants had nothing in common other than they had used their credit card at UK Supermarket chain “Sainsburys” via new ePos “swipe readers”.

Sainsbury’s during a supposedly “unrelated” investigation discovered that the ePos readers had an extra built in… Of a mobile phone dongle that was being accessed from abroad to download Credit Card and PIN information. The only clue to the fact that some of the ePos devices were “bugged” in this way was that they were very slightly heavier than ones that were not. Apparently this was found by comparing one from their “gas station” to one from a store. The former being known to have been used by cards that appeared on the FBI list the other not having any record of e-crime against it.

It was later found that the mobile phone dongle of Chinese manufacture had been installed in the Chinese manufactures ePos devices before the cases were “security welded” shut.

So a deliberately organised “Supply Chain Poisoning Attack” long before even most ICT Professionals realised such attacks were possible. The Met Police in effect knew and thus “hushed it up” so causing a lot of other unrelated people “financial harm” via fraudulent credit card charges (and people wonder why I’m a “cash only” person).

As things started to become public the UK Government tried to draw a line in the sand. First by ousting various people on Operation Ore, or shuffling them around into “new areas” then disbanding many Met Operational Units and creating the “Serious Organised Crime Agency”(SOCA)[1] then disbanding SOCA and creating the “National Crime Agency”(NCA) and so on so that “records are mislaid and Operation Ore personnel retired or out of the Met and NCA” so “nothing to see”… Only the independent investigators know the story and most only little bits. Some however that know where “the skeletons are buried” have been prosecuted to “keep them quiet” or out of plain maliciousness / revenge others have died mysteriously “Falling out of windows”…

[1] There is a funny side story to SOCA… they had at least five supposedly secret bases in the UK near to major roads that connected easily to transport hubs (one was supposedly under a motorway where “towed cars” were stored). One such that I know about was a “Communications Center” in Merton Surrey, opposite a pub –now demolished– at “Merton Abby Mills”. That was used very frequently in a long running ITV Drama series about the police called “The Bill”. And it was used by both the series actors and SOCA staff as a place to get lunch and to socialise (no I don’t know if the actors were aware of the SOCA staff but I’d be surprised if some of them had not seen them enter/egress from the site). As a result the sign on the SOCA gateway ended up being broadcast repeatedly, I suspect nothing was done because most would assume it was just a prop… But also it was on one side of a large parking area the other side of which was a multistorey Sainsbury’s Superstore…

‘https://stores.sainsburys.co.uk/0566/merton

The SOCA site was approximately due south of it.

Honestly you could not make this stuff up…