Ollie Whitehouse
@ollieatnowhere.bsky.social
CTO at the UK's National Cyber Security Center
Pinned
We know more about what is in our sausages than our software.
SBOMs tell us that 3rd party libraries are patched but not that the 1st party code is 25 years old, in a memory unsafe language of which only 8% has been touched in the last 4 years.
Transparency has a way to go..
SBOMs tell us that 3rd party libraries are patched but not that the 1st party code is 25 years old, in a memory unsafe language of which only 8% has been touched in the last 4 years.
Transparency has a way to go..
CTO at NCSC Summary: week ending January 4th
Happy New Year...
ctoatncsc.substack.com
January 3, 2026 at 7:52 AM
Reposted by Ollie Whitehouse
Reposted by Ollie Whitehouse
If you're looking out for good Boxing Day deals, stay ahead of scams by enabling 2-Step Verification (2SV).
Keep the fraudsters out of your online accounts with an extra step to verify your identity after a login attempt.
Learn more:
https://stopthinkfraud.campaign.gov.uk/
Keep the fraudsters out of your online accounts with an extra step to verify your identity after a login attempt.
Learn more:
https://stopthinkfraud.campaign.gov.uk/
December 26, 2025 at 10:56 AM
If you're looking out for good Boxing Day deals, stay ahead of scams by enabling 2-Step Verification (2SV).
Keep the fraudsters out of your online accounts with an extra step to verify your identity after a login attempt.
Learn more:
https://stopthinkfraud.campaign.gov.uk/
Keep the fraudsters out of your online accounts with an extra step to verify your identity after a login attempt.
Learn more:
https://stopthinkfraud.campaign.gov.uk/
Reposted by Ollie Whitehouse
Reposted by Ollie Whitehouse
At @ncsc.gov.uk we have been running cyber deception experiments across 121 organisations from across the UK..
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
Cyber deception trials: what we’ve learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
www.ncsc.gov.uk
December 11, 2025 at 7:56 PM
At @ncsc.gov.uk we have been running cyber deception experiments across 121 organisations from across the UK..
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
At @ncsc.gov.uk we have been running cyber deception experiments across 121 organisations from across the UK..
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
Cyber deception trials: what we’ve learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
www.ncsc.gov.uk
December 11, 2025 at 7:56 PM
At @ncsc.gov.uk we have been running cyber deception experiments across 121 organisations from across the UK..
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
.. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
Prompt injection != SQL injection - There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
Why do researchers keep finding so many prompt injection issues?
Perhaps it is because many AI system designers and defenders are misunderstanding the risks.🚨
Find out more⬇️
https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sql-injection
Perhaps it is because many AI system designers and defenders are misunderstanding the risks.🚨
Find out more⬇️
https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sql-injection
Prompt injection is not SQL injection (it may be worse)
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
www.ncsc.gov.uk
December 9, 2025 at 9:24 AM
Prompt injection != SQL injection - There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
Reposted by Ollie Whitehouse
Reposted by Ollie Whitehouse
Reposted by Ollie Whitehouse
Reposted by Ollie Whitehouse
Reposted by Ollie Whitehouse
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Tech Talks - Call for Papers
www.cyberuk.uk
November 6, 2025 at 8:12 PM
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Tech Talks - Call for Papers
www.cyberuk.uk
November 6, 2025 at 8:12 PM
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Zero Trust is not a product it is an approach - at @ncsc.gov.uk we have just released demystifying zero trust which addresses common misconceptions, and provides practical advice on when and how it should be adopted.
www.ncsc.gov.uk/collection/z...
www.ncsc.gov.uk/collection/z...
Demystifying Zero Trust
Addressing common misconceptions, and providing practical advice on when and how it should be adopted.
www.ncsc.gov.uk
November 6, 2025 at 5:57 AM
Zero Trust is not a product it is an approach - at @ncsc.gov.uk we have just released demystifying zero trust which addresses common misconceptions, and provides practical advice on when and how it should be adopted.
www.ncsc.gov.uk/collection/z...
www.ncsc.gov.uk/collection/z...
At @ncsc.gov.uk we have just released guidance on using Privileged Access Workstations (PAWs) in Operational Technology (OT) environments..
www.ncsc.gov.uk/collection/o...
www.ncsc.gov.uk/collection/o...
Using PAWs in OT environments
Considerations for the use of Privileged Access Workstations (PAWS) in OT environments.
www.ncsc.gov.uk
November 4, 2025 at 9:05 PM
At @ncsc.gov.uk we have just released guidance on using Privileged Access Workstations (PAWs) in Operational Technology (OT) environments..
www.ncsc.gov.uk/collection/o...
www.ncsc.gov.uk/collection/o...
Reposted by Ollie Whitehouse
Reposted by Ollie Whitehouse
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.
November 1, 2025 at 4:00 AM
‼️ Update: the MIT-linked “AI-powered ransomware” report appears to have been taken offline. We updated our article to include an Internet Archive link to the original paper.