Katie Moussouris (she/her/she-hulk/she-ra)🌻
@k8em0.bsky.social
Founder & CEO LutaSecurity @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, 1/2 Greek all-American hacker
AI was the accelerant on a perverse incentive fire sparked by bug bounty platforms that reward spray & pray. Both open source & orgs without dedicated vuln response teams get overloaded when they offer cash there. cURL is right to leave AI shark-infested waters to start fresh.
January 21, 2026 at 2:55 PM
AI was the accelerant on a perverse incentive fire sparked by bug bounty platforms that reward spray & pray. Both open source & orgs without dedicated vuln response teams get overloaded when they offer cash there. cURL is right to leave AI shark-infested waters to start fresh.
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
I think there is a discussion to be had here, but it shouldn't be taken out on people who are *using* AI.
we do need to have a reckoning about how UBI gets passed and funded, with taxation of the profits of those developing these labour-replacing/augmenting models. but yelling at users doesn't help
we do need to have a reckoning about how UBI gets passed and funded, with taxation of the profits of those developing these labour-replacing/augmenting models. but yelling at users doesn't help
i think a core beef that i have with a lot of this "automation is bad" sentiment lately is that there is no inherent moral good in laboring
the story of humanity is one of invention, where we improve our conditions by building things that help us do more things more easily
the story of humanity is one of invention, where we improve our conditions by building things that help us do more things more easily
I've been sitting with the discomfort here a bunch, and to me this is it, right? What is being suggested is that I engage in an act of self-flagellation (resolving thousands of lines of merge conflicts by hand) because the richest man in the world uses some of the same underlying tech to peddle CSAM
January 10, 2026 at 7:40 PM
I think there is a discussion to be had here, but it shouldn't be taken out on people who are *using* AI.
we do need to have a reckoning about how UBI gets passed and funded, with taxation of the profits of those developing these labour-replacing/augmenting models. but yelling at users doesn't help
we do need to have a reckoning about how UBI gets passed and funded, with taxation of the profits of those developing these labour-replacing/augmenting models. but yelling at users doesn't help
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
We’re mobilizing across the country this weekend to honor Renee Nicole Good, demand accountability for ICE’s killing of Renee, and make visible the human cost of ICE’s terror: docs.google.com/document/d/1...
January 9, 2026 at 3:11 AM
We’re mobilizing across the country this weekend to honor Renee Nicole Good, demand accountability for ICE’s killing of Renee, and make visible the human cost of ICE’s terror: docs.google.com/document/d/1...
“Unbeknownst to Smith at the time, she had no right to vote… much less run for office. Though she was born in a U.S. territory, and has a U.S. passport and Social Security number, she is not a U.S. citizen.
American Samoa is the only US territory where people are born without automatic citizenship”
American Samoa is the only US territory where people are born without automatic citizenship”
Eleven American Samoans in Alaska face serious prison time for voting in the only country they’ve ever known. Theirs is a wild story of colonialism, cops, “voter fraud” panic, small-town beef, and family. I spent months on this + am so glad to now be able to share it: boltsmag.org/prosecuted-f...
Americans by Name, Punished for Believing It - Bolts
In a small Alaska town, American Samoans face prosecution for voting in the only country they’ve ever known. They live in a limbo, created by colonial expansion, that now confuses even public official...
boltsmag.org
January 8, 2026 at 8:12 PM
“Unbeknownst to Smith at the time, she had no right to vote… much less run for office. Though she was born in a U.S. territory, and has a U.S. passport and Social Security number, she is not a U.S. citizen.
American Samoa is the only US territory where people are born without automatic citizenship”
American Samoa is the only US territory where people are born without automatic citizenship”
🎶 When you’re sloppy and you know it, clap your non existent hands because you’re AI 👏🏼👏🏼
www.linkedin.com/posts/kmouss...
www.linkedin.com/posts/kmouss...
Not going to quote this AI slop or comment on it so that their gambit for engagement farming doesn’t algorithmically pay off, but these aren’t the cyber experts you’re looking for… | Katie Moussouris ...
Not going to quote this AI slop or comment on it so that their gambit for engagement farming doesn’t algorithmically pay off, but these aren’t the cyber experts you’re looking for… | 11 comments on Li...
www.linkedin.com
January 6, 2026 at 7:58 PM
🎶 When you’re sloppy and you know it, clap your non existent hands because you’re AI 👏🏼👏🏼
www.linkedin.com/posts/kmouss...
www.linkedin.com/posts/kmouss...
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
Puerto Rico enters the chat with a line forming behind it, including Guam, the US Virginia Islands, Guam, the Northern Marinara Islands....
KERNEN: Europeans are talking about it almost being like Vladimir Putin and Ukraine.
JEFF LANDRY: I disagree. When has the United States engaged in imperialism? Never. Europe has engaged in imperialism. The reason the Danish have Greenland is because of imperialism.
JEFF LANDRY: I disagree. When has the United States engaged in imperialism? Never. Europe has engaged in imperialism. The reason the Danish have Greenland is because of imperialism.
January 6, 2026 at 7:35 PM
Puerto Rico enters the chat with a line forming behind it, including Guam, the US Virginia Islands, Guam, the Northern Marinara Islands....
“Why would free money make people work more? Because it takes money to make money. Basic income acts like venture capital for regular people.”
New article from me today about a centuries-old policy in Brazil that has a lot to tell us about just how high a universal basic income can be set at without seeing the effects on employment that so many people assume.
The 200-Year Experiment: How a 'Privileged' Basic Income in Brazil Proves We Can Afford to Be Universal
From $500 to $15,000 a Month: How Decades of Data Prove That an Unconditional Basic Income Guarantee Fuels Ambition Instead of Laziness
open.substack.com
January 6, 2026 at 4:28 PM
“Why would free money make people work more? Because it takes money to make money. Basic income acts like venture capital for regular people.”
Happy #SouperBowlSundat to all who celebrate 🍲 🎉
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
December 28, 2025 at 9:43 PM
Happy #SouperBowlSundat to all who celebrate 🍲 🎉
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
www.eatingwell.com/recipe/26574...
(I used bone broth, doubled it & the & thickener, & added fresh thyme, kale 🥬, & salt)
The ensloppification* of the internet continues, with VC backing
*/ht Cory Doctorow for “enshittification”
*/ht Cory Doctorow for “enshittification”
NEW: A hacker gained control of 1,100 mobile phones powering covert, AI-generated ads on TikTok. Then, he shared details of the operation with 404 Media.
A look inside how startup Doublespeed, which is backed by Andreessen Horowitz (a16z), is creating AI spam pages on TikTok to promote products.
A look inside how startup Doublespeed, which is backed by Andreessen Horowitz (a16z), is creating AI spam pages on TikTok to promote products.
Hack Reveals the a16z-Backed Phone Farm Flooding TikTok With AI Influencers
A hacker gained control of a 1,100 mobile phone farm powering covert, AI-generated ads on TikTok.
www.404media.co
December 17, 2025 at 6:26 PM
The ensloppification* of the internet continues, with VC backing
*/ht Cory Doctorow for “enshittification”
*/ht Cory Doctorow for “enshittification”
““UBI = a foundation…income is earned on top. A poverty-line UBI is not “the replacement paycheck for the post-work apocalypse.” .... It prevents the worst outcomes, stabilizes consumer demand, & gives ppl leverage to say no to exploitation”
New article from me in response to Eduardo Porter's article in The Guardian where he built a straw man of universal basic income to light on fire again, just as he did back in 2016, showing he's learned nothing new about UBI in a decade but is still happy to opine about it.
Eduardo Porter is Still Wrong About UBI and AI: A Response to The Guardian
Universal Basic Income Isn’t a Job Replacement Plan—It’s an AI Dividend and Stable Income Floor That Protects Work, Wages, and Democracy
open.substack.com
December 17, 2025 at 5:59 PM
““UBI = a foundation…income is earned on top. A poverty-line UBI is not “the replacement paycheck for the post-work apocalypse.” .... It prevents the worst outcomes, stabilizes consumer demand, & gives ppl leverage to say no to exploitation”
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
The "basic" in universal basic income does not mean low. It means basic as in base. Foundational. Primary. First. Basic income is an income floor. All other income adds to it. It's basic income because it's everyone starting income.
December 12, 2025 at 8:23 PM
The "basic" in universal basic income does not mean low. It means basic as in base. Foundational. Primary. First. Basic income is an income floor. All other income adds to it. It's basic income because it's everyone starting income.
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
Dark Web, Underground Hiring Blurs Lines Between Legit and Illicit Work
Some skilled tech and cybersecurity pros are turning to underground forums for work, drawn by lucrative but illegal opportunities. Experts caution that these jobs blur the line between legitimate and…
m.cje.io
December 12, 2025 at 12:27 AM
When it comes to developing skills through underground organizations, recent geopolitical issues have also helped muddy the waters of how some professionals think about ways to earn a living, said Casey Ellis, founder at @Bugcrowd.
www.dice.com/career-advic...
www.dice.com/career-advic...
We’ve seen other orgs attempt 3rd party bug bounties, thinking it will help their ecosystem become safer. Inevitably, the safety of software depends more on the maturity of the org producing it than how many bugs are reported to it. Bug foie gras isn’t the safest path to maturity
When I started Microsoft Vuln Research in 2008, we found out just how few orgs were ready for vuln disclosure. When I started Microsoft’s 1st bug bounty in 2013, I never imagined it would grow to paying for 3rd party bugs. I hope the 3rd parties were warned & OSS gets tested patches supplied to them
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
December 11, 2025 at 6:42 PM
We’ve seen other orgs attempt 3rd party bug bounties, thinking it will help their ecosystem become safer. Inevitably, the safety of software depends more on the maturity of the org producing it than how many bugs are reported to it. Bug foie gras isn’t the safest path to maturity
When I started Microsoft Vuln Research in 2008, we found out just how few orgs were ready for vuln disclosure. When I started Microsoft’s 1st bug bounty in 2013, I never imagined it would grow to paying for 3rd party bugs. I hope the 3rd parties were warned & OSS gets tested patches supplied to them
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
December 11, 2025 at 6:24 PM
When I started Microsoft Vuln Research in 2008, we found out just how few orgs were ready for vuln disclosure. When I started Microsoft’s 1st bug bounty in 2013, I never imagined it would grow to paying for 3rd party bugs. I hope the 3rd parties were warned & OSS gets tested patches supplied to them
I spoke with @billgoodwin.bsky.social of @computerweekly.bsky.social on NDA bug bounties failing to increase security & effects of gov disclosure requirements on nat security, plus how AI threatens the future human expert pipeline & why UBI may be our best bet
www.computerweekly.com/news/3666362...
www.computerweekly.com/news/3666362...
Why bug bounty schemes have not led to secure software | Computer Weekly
Computer Weekly speaks to Kate Moussouris, security entrepreneur and bug bounty pioneer, about the life of security researchers, bug bounties and the artificial intelligence (AI) revolution.
www.computerweekly.com
December 9, 2025 at 2:11 PM
I spoke with @billgoodwin.bsky.social of @computerweekly.bsky.social on NDA bug bounties failing to increase security & effects of gov disclosure requirements on nat security, plus how AI threatens the future human expert pipeline & why UBI may be our best bet
www.computerweekly.com/news/3666362...
www.computerweekly.com/news/3666362...
“AI is helping to identify over 70% of targets. Sometimes AI is hallucinating targets. So we always need humans in the loop.” - Heli Tiirmaa-Klaar in her SANS CyberThreat keynote “Cyber war by proxy: What Ukraine teaches us about
defense coalitions and digital policy at scale”
defense coalitions and digital policy at scale”
December 4, 2025 at 10:30 AM
“AI is helping to identify over 70% of targets. Sometimes AI is hallucinating targets. So we always need humans in the loop.” - Heli Tiirmaa-Klaar in her SANS CyberThreat keynote “Cyber war by proxy: What Ukraine teaches us about
defense coalitions and digital policy at scale”
defense coalitions and digital policy at scale”
“why the red team keeps winning: not because they are stronger—but because the blue team keeps mistaking comfort for capability.” — @treyka.bsky.social reveals wisdom in history, physics, & Rick & Morty in his brilliant Bsides Lisbon keynote
youtu.be/egg_83hh0ZA
youtu.be/egg_83hh0ZA
[BSL2025] KEYNOTE Trey Darley - Rick & Morty Walk Across Mordor
YouTube video by BSides Lisbon
youtu.be
November 24, 2025 at 5:27 PM
“why the red team keeps winning: not because they are stronger—but because the blue team keeps mistaking comfort for capability.” — @treyka.bsky.social reveals wisdom in history, physics, & Rick & Morty in his brilliant Bsides Lisbon keynote
youtu.be/egg_83hh0ZA
youtu.be/egg_83hh0ZA
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
The internet is not a network, it's a small handful of platforms held together with rock n roll and silly string (@k8em0.bsky.social ™) and sometimes it falls down. On the @deciphersec.bsky.social pod, @rmogull.com helped me figure out why.
youtu.be/2118EJ4Gb5s?...
youtu.be/2118EJ4Gb5s?...
Rich Mogull on the Cloudflare Outage, Resilience, and Single Points of Failure
YouTube video by Decipher
youtu.be
November 22, 2025 at 3:40 PM
The internet is not a network, it's a small handful of platforms held together with rock n roll and silly string (@k8em0.bsky.social ™) and sometimes it falls down. On the @deciphersec.bsky.social pod, @rmogull.com helped me figure out why.
youtu.be/2118EJ4Gb5s?...
youtu.be/2118EJ4Gb5s?...
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
November 16, 2025 at 4:26 AM
#scamalert unauthorized use of my and others’ images on this scam site that claims you can get in touch with various cybersecurity people through them.
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Pretty sure neither @schneier.com nor I have phone numbers in India 🤦🏻♀️
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
@delchi.bsky.social was SUCH a huge cDcNSF booster and organizer. He had a tough time of it, and it affected him a lot of ways, some of which were hard for him and others, but man he put in the work. He was particularly focused on disability access and awareness at hacker cons. RIP.
*FINAL MUSTER*
CULT OF THE DEAD COW is saddened to report that longtime cDc Ninja Strike Force member, Delchi, has passed over the great rainbow teleconference bridge.
He can now be found amongst the most blessed celestial engineers, venerating the great DemonSeed Elite, k-rad be his name.
**
CULT OF THE DEAD COW is saddened to report that longtime cDc Ninja Strike Force member, Delchi, has passed over the great rainbow teleconference bridge.
He can now be found amongst the most blessed celestial engineers, venerating the great DemonSeed Elite, k-rad be his name.
**
November 16, 2025 at 1:47 AM
@delchi.bsky.social was SUCH a huge cDcNSF booster and organizer. He had a tough time of it, and it affected him a lot of ways, some of which were hard for him and others, but man he put in the work. He was particularly focused on disability access and awareness at hacker cons. RIP.
Update on the ffmpeg vs Google Big Sleep AI vuln disclosure debate:
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
November 6, 2025 at 2:04 PM
Update on the ffmpeg vs Google Big Sleep AI vuln disclosure debate:
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
Google responds with all the ways it supports both ffmpeg & open source, which is great, but doesn’t mention if it will use its AI CodeMender to pair patches with bug reports in the future 🤔
Let’s hope they do
x.com/k8em0/status...
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
Reposted by Katie Moussouris (she/her/she-hulk/she-ra)🌻
It’s hard to believe but there was a cartoon about an immigrant mouse and it was seen as totally fine and not controversial and not woke because it was an aspirational and nice thing about America that people could come here and find a better life
November 5, 2025 at 9:08 PM
It’s hard to believe but there was a cartoon about an immigrant mouse and it was seen as totally fine and not controversial and not woke because it was an aspirational and nice thing about America that people could come here and find a better life
Election Night Watch parties: 🎉
Me:
Me:
November 5, 2025 at 1:50 AM
Election Night Watch parties: 🎉
Me:
Me:
Meanwhile on X, Google’s Big Sleep AI was called out by ffmpeg to kindly provide patches with their flood of AI vulnerability reports, polarizing security researchers between ‘not our job to fix’ & ‘commercial vendors should support FOSS they use in commercial products with dev help’
November 4, 2025 at 4:34 PM
Meanwhile on X, Google’s Big Sleep AI was called out by ffmpeg to kindly provide patches with their flood of AI vulnerability reports, polarizing security researchers between ‘not our job to fix’ & ‘commercial vendors should support FOSS they use in commercial products with dev help’