Katie Moussouris (she/her/she-hulk/she-ra)🌻
@k8em0.bsky.social
Founder & CEO LutaSecurity @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, 1/2 Greek all-American hacker
🎶 When you’re sloppy and you know it, clap your non existent hands because you’re AI 👏🏼👏🏼
www.linkedin.com/posts/kmouss...
www.linkedin.com/posts/kmouss...
Not going to quote this AI slop or comment on it so that their gambit for engagement farming doesn’t algorithmically pay off, but these aren’t the cyber experts you’re looking for… | Katie Moussouris ...
Not going to quote this AI slop or comment on it so that their gambit for engagement farming doesn’t algorithmically pay off, but these aren’t the cyber experts you’re looking for… | 11 comments on Li...
www.linkedin.com
January 6, 2026 at 7:58 PM
🎶 When you’re sloppy and you know it, clap your non existent hands because you’re AI 👏🏼👏🏼
www.linkedin.com/posts/kmouss...
www.linkedin.com/posts/kmouss...
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
Puerto Rico enters the chat with a line forming behind it, including Guam, the US Virginia Islands, Guam, the Northern Marinara Islands....
KERNEN: Europeans are talking about it almost being like Vladimir Putin and Ukraine.
JEFF LANDRY: I disagree. When has the United States engaged in imperialism? Never. Europe has engaged in imperialism. The reason the Danish have Greenland is because of imperialism.
JEFF LANDRY: I disagree. When has the United States engaged in imperialism? Never. Europe has engaged in imperialism. The reason the Danish have Greenland is because of imperialism.
January 6, 2026 at 7:35 PM
Puerto Rico enters the chat with a line forming behind it, including Guam, the US Virginia Islands, Guam, the Northern Marinara Islands....
“Why would free money make people work more? Because it takes money to make money. Basic income acts like venture capital for regular people.”
New article from me today about a centuries-old policy in Brazil that has a lot to tell us about just how high a universal basic income can be set at without seeing the effects on employment that so many people assume.
The 200-Year Experiment: How a 'Privileged' Basic Income in Brazil Proves We Can Afford to Be Universal
From $500 to $15,000 a Month: How Decades of Data Prove That an Unconditional Basic Income Guarantee Fuels Ambition Instead of Laziness
open.substack.com
January 6, 2026 at 4:28 PM
“Why would free money make people work more? Because it takes money to make money. Basic income acts like venture capital for regular people.”
Happy #SouperBowlSundat to all who celebrate 🍲 🎉
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
December 28, 2025 at 9:43 PM
Happy #SouperBowlSundat to all who celebrate 🍲 🎉
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
The ensloppification* of the internet continues, with VC backing
*/ht Cory Doctorow for “enshittification”
*/ht Cory Doctorow for “enshittification”
NEW: A hacker gained control of 1,100 mobile phones powering covert, AI-generated ads on TikTok. Then, he shared details of the operation with 404 Media.
A look inside how startup Doublespeed, which is backed by Andreessen Horowitz (a16z), is creating AI spam pages on TikTok to promote products.
A look inside how startup Doublespeed, which is backed by Andreessen Horowitz (a16z), is creating AI spam pages on TikTok to promote products.
Hack Reveals the a16z-Backed Phone Farm Flooding TikTok With AI Influencers
A hacker gained control of a 1,100 mobile phone farm powering covert, AI-generated ads on TikTok.
www.404media.co
December 17, 2025 at 6:26 PM
The ensloppification* of the internet continues, with VC backing
*/ht Cory Doctorow for “enshittification”
*/ht Cory Doctorow for “enshittification”
““UBI = a foundation…income is earned on top. A poverty-line UBI is not “the replacement paycheck for the post-work apocalypse.” .... It prevents the worst outcomes, stabilizes consumer demand, & gives ppl leverage to say no to exploitation”
New article from me in response to Eduardo Porter's article in The Guardian where he built a straw man of universal basic income to light on fire again, just as he did back in 2016, showing he's learned nothing new about UBI in a decade but is still happy to opine about it.
Eduardo Porter is Still Wrong About UBI and AI: A Response to The Guardian
Universal Basic Income Isn’t a Job Replacement Plan—It’s an AI Dividend and Stable Income Floor That Protects Work, Wages, and Democracy
open.substack.com
December 17, 2025 at 5:59 PM
““UBI = a foundation…income is earned on top. A poverty-line UBI is not “the replacement paycheck for the post-work apocalypse.” .... It prevents the worst outcomes, stabilizes consumer demand, & gives ppl leverage to say no to exploitation”
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
The "basic" in universal basic income does not mean low. It means basic as in base. Foundational. Primary. First. Basic income is an income floor. All other income adds to it. It's basic income because it's everyone starting income.
December 12, 2025 at 8:23 PM
The "basic" in universal basic income does not mean low. It means basic as in base. Foundational. Primary. First. Basic income is an income floor. All other income adds to it. It's basic income because it's everyone starting income.
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
Dark Web, Underground Hiring Blurs Lines Between Legit and Illicit Work
Some skilled tech and cybersecurity pros are turning to underground forums for work, drawn by lucrative but illegal opportunities. Experts caution that these jobs blur the line between legitimate and…
m.cje.io
December 12, 2025 at 12:27 AM
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
We’ve seen other orgs attempt 3rd party bug bounties, thinking it will help their ecosystem become safer. Inevitably, the safety of software depends more on the maturity of the org producing it than how many bugs are reported to it. Bug foie gras isn’t the safest path to maturity
When I started Microsoft Vuln Research in 2008, we found out just how few orgs were ready for vuln disclosure. When I started Microsoft’s 1st bug bounty in 2013, I never imagined it would grow to paying for 3rd party bugs. I hope the 3rd parties were warned & OSS gets tested patches supplied to them
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
December 11, 2025 at 6:42 PM
We’ve seen other orgs attempt 3rd party bug bounties, thinking it will help their ecosystem become safer. Inevitably, the safety of software depends more on the maturity of the org producing it than how many bugs are reported to it. Bug foie gras isn’t the safest path to maturity
When I started Microsoft Vuln Research in 2008, we found out just how few orgs were ready for vuln disclosure. When I started Microsoft’s 1st bug bounty in 2013, I never imagined it would grow to paying for 3rd party bugs. I hope the 3rd parties were warned & OSS gets tested patches supplied to them
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
December 11, 2025 at 6:24 PM
When I started Microsoft Vuln Research in 2008, we found out just how few orgs were ready for vuln disclosure. When I started Microsoft’s 1st bug bounty in 2013, I never imagined it would grow to paying for 3rd party bugs. I hope the 3rd parties were warned & OSS gets tested patches supplied to them
I spoke with @billgoodwin.bsky.social of @computerweekly.bsky.social on NDA bug bounties failing to increase security & effects of gov disclosure requirements on nat security, plus how AI threatens the future human expert pipeline & why UBI may be our best bet
www.computerweekly.com/news/3666362...
www.computerweekly.com/news/3666362...
Why bug bounty schemes have not led to secure software | Computer Weekly
Computer Weekly speaks to Kate Moussouris, security entrepreneur and bug bounty pioneer, about the life of security researchers, bug bounties and the artificial intelligence (AI) revolution.
www.computerweekly.com
December 9, 2025 at 2:11 PM
I spoke with @billgoodwin.bsky.social of @computerweekly.bsky.social on NDA bug bounties failing to increase security & effects of gov disclosure requirements on nat security, plus how AI threatens the future human expert pipeline & why UBI may be our best bet
www.computerweekly.com/news/3666362...
www.computerweekly.com/news/3666362...
“AI is helping to identify over 70% of targets. Sometimes AI is hallucinating targets. So we always need humans in the loop.” - Heli Tiirmaa-Klaar in her SANS CyberThreat keynote “Cyber war by proxy: What Ukraine teaches us about
defense coalitions and digital policy at scale”
defense coalitions and digital policy at scale”
December 4, 2025 at 10:30 AM
“AI is helping to identify over 70% of targets. Sometimes AI is hallucinating targets. So we always need humans in the loop.” - Heli Tiirmaa-Klaar in her SANS CyberThreat keynote “Cyber war by proxy: What Ukraine teaches us about
defense coalitions and digital policy at scale”
defense coalitions and digital policy at scale”
“why the red team keeps winning: not because they are stronger—but because the blue team keeps mistaking comfort for capability.” — @treyka.bsky.social reveals wisdom in history, physics, & Rick & Morty in his brilliant Bsides Lisbon keynote
youtu.be/egg_83hh0ZA
youtu.be/egg_83hh0ZA
[BSL2025] KEYNOTE Trey Darley - Rick & Morty Walk Across Mordor
YouTube video by BSides Lisbon
youtu.be
November 24, 2025 at 5:27 PM
“why the red team keeps winning: not because they are stronger—but because the blue team keeps mistaking comfort for capability.” — @treyka.bsky.social reveals wisdom in history, physics, & Rick & Morty in his brilliant Bsides Lisbon keynote
youtu.be/egg_83hh0ZA
youtu.be/egg_83hh0ZA
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
The internet is not a network, it's a small handful of platforms held together with rock n roll and silly string (@k8em0.bsky.social ™) and sometimes it falls down. On the @deciphersec.bsky.social pod, @rmogull.com helped me figure out why.
youtu.be/2118EJ4Gb5s?...
youtu.be/2118EJ4Gb5s?...
Rich Mogull on the Cloudflare Outage, Resilience, and Single Points of Failure
YouTube video by Decipher
youtu.be
November 22, 2025 at 3:40 PM
The internet is not a network, it's a small handful of platforms held together with rock n roll and silly string (@k8em0.bsky.social ™) and sometimes it falls down. On the @deciphersec.bsky.social pod, @rmogull.com helped me figure out why.
youtu.be/2118EJ4Gb5s?...
youtu.be/2118EJ4Gb5s?...
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
November 16, 2025 at 4:26 AM
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
@delchi.bsky.social was SUCH a huge cDcNSF booster and organizer. He had a tough time of it, and it affected him a lot of ways, some of which were hard for him and others, but man he put in the work. He was particularly focused on disability access and awareness at hacker cons. RIP.
*FINAL MUSTER*
CULT OF THE DEAD COW is saddened to report that longtime cDc Ninja Strike Force member, Delchi, has passed over the great rainbow teleconference bridge.
He can now be found amongst the most blessed celestial engineers, venerating the great DemonSeed Elite, k-rad be his name.
**
CULT OF THE DEAD COW is saddened to report that longtime cDc Ninja Strike Force member, Delchi, has passed over the great rainbow teleconference bridge.
He can now be found amongst the most blessed celestial engineers, venerating the great DemonSeed Elite, k-rad be his name.
**
November 16, 2025 at 1:47 AM
@delchi.bsky.social was SUCH a huge cDcNSF booster and organizer. He had a tough time of it, and it affected him a lot of ways, some of which were hard for him and others, but man he put in the work. He was particularly focused on disability access and awareness at hacker cons. RIP.
Update on the ffmpeg vs Google Big Sleep AI vuln disclosure debate:
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
November 6, 2025 at 2:04 PM
Update on the ffmpeg vs Google Big Sleep AI vuln disclosure debate:
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
It’s hard to believe but there was a cartoon about an immigrant mouse and it was seen as totally fine and not controversial and not woke because it was an aspirational and nice thing about America that people could come here and find a better life
November 5, 2025 at 9:08 PM
It’s hard to believe but there was a cartoon about an immigrant mouse and it was seen as totally fine and not controversial and not woke because it was an aspirational and nice thing about America that people could come here and find a better life
Election Night Watch parties: 🎉
Me:
Me:
November 5, 2025 at 1:50 AM
Election Night Watch parties: 🎉
Me:
Me:
Meanwhile on X, Google’s Big Sleep AI was called out by ffmpeg to kindly provide patches with their flood of AI vulnerability reports, polarizing security researchers between ‘not our job to fix’ & ‘commercial vendors should support FOSS they use in commercial products with dev help’
November 4, 2025 at 4:34 PM
Meanwhile on X, Google’s Big Sleep AI was called out by ffmpeg to kindly provide patches with their flood of AI vulnerability reports, polarizing security researchers between ‘not our job to fix’ & ‘commercial vendors should support FOSS they use in commercial products with dev help’
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
The most French story since bumbling jewel thieves hit the Louvre.
A French cyclist survived for three days after a horrendous 130-foot fall into a ravine, kept alive by the bottles of red wine he had in his shopping bag, police said.
Cyclist falls down 130-foot ravine in France, survives 3 days by drinking wine he had in shopping bag
A helicopter airlifted him to hospital, with a rescue doctor calling his survival "a miracle."
cbsn.ws
October 31, 2025 at 6:10 PM
The most French story since bumbling jewel thieves hit the Louvre.
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
Today is another good reminder of @k8em0.bsky.social's iconic line: We have an internet built on rock n roll and silly string.
October 20, 2025 at 2:12 PM
Today is another good reminder of @k8em0.bsky.social's iconic line: We have an internet built on rock n roll and silly string.
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
Great to be back at @nohatcon.bsky.social 2025 - after the opening by @embyte.bsky.social , first track is "No pAIn, No gAIn: How AI Will Hurt Bug Bounty Hunters and How to Fix It", from security researcher and entrepreneur @k8em0.bsky.social
Come say hi 👋🏼
Come say hi 👋🏼
October 18, 2025 at 9:15 AM
Great to be back at @nohatcon.bsky.social 2025 - after the opening by @embyte.bsky.social , first track is "No pAIn, No gAIn: How AI Will Hurt Bug Bounty Hunters and How to Fix It", from security researcher and entrepreneur @k8em0.bsky.social
Come say hi 👋🏼
Come say hi 👋🏼
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
Are you ready, Bergamo?
This weekend @k8em0.bsky.social founder of @lutasecurity.bsky.social joins 🇮🇹 for two key events:
- 💻No Hat Computer Security Conference - Oct 18th, 9:30 AM nohat.it/talks#katie_...
- 🧠BergamoScienza - Oct 19th, 11:30 AM eventi.bergamoscienza.it/events/68b86...
This weekend @k8em0.bsky.social founder of @lutasecurity.bsky.social joins 🇮🇹 for two key events:
- 💻No Hat Computer Security Conference - Oct 18th, 9:30 AM nohat.it/talks#katie_...
- 🧠BergamoScienza - Oct 19th, 11:30 AM eventi.bergamoscienza.it/events/68b86...
October 13, 2025 at 1:52 PM
Are you ready, Bergamo?
This weekend @k8em0.bsky.social founder of @lutasecurity.bsky.social joins 🇮🇹 for two key events:
- 💻No Hat Computer Security Conference - Oct 18th, 9:30 AM nohat.it/talks#katie_...
- 🧠BergamoScienza - Oct 19th, 11:30 AM eventi.bergamoscienza.it/events/68b86...
This weekend @k8em0.bsky.social founder of @lutasecurity.bsky.social joins 🇮🇹 for two key events:
- 💻No Hat Computer Security Conference - Oct 18th, 9:30 AM nohat.it/talks#katie_...
- 🧠BergamoScienza - Oct 19th, 11:30 AM eventi.bergamoscienza.it/events/68b86...