Thomas Brewster
@thomasbrewster.bsky.social
Forbes senior writer, covering privacy, surveillance and cybercrime. Editor of The Wiretap newsletter, featuring all of the above.
Pinned
OpenAI Ordered To Unmask ChatGPT User Behind 2 Prompts
First known warrant of its kind reveals the government can ask OpenAI to provide identifying information on anyone who enters specific prompts.
www.forbes.com
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
Correction: $75m!
This is Tenzai, which is already worth $330 million after an $80 million seed round, just five months after launching.
AI agents are ready to hack your apps now... this time for good.
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
November 11, 2025 at 1:56 PM
Correction: $75m!
This is Tenzai, which is already worth $330 million after an $80 million seed round, just five months after launching.
AI agents are ready to hack your apps now... this time for good.
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
AI Hacking Agent Startup Tenzai Raises $80 Million
Tenzai offers AI agents, built on frontier models from the likes of OpenAI and Anthropic, to hack apps and find their weaknesses.
www.forbes.com
November 11, 2025 at 1:09 PM
This is Tenzai, which is already worth $330 million after an $80 million seed round, just five months after launching.
AI agents are ready to hack your apps now... this time for good.
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
AI Hacking Agent Startup Tenzai Raises $80 Million
Tenzai offers AI agents, built on frontier models from the likes of OpenAI and Anthropic, to hack apps and find their weaknesses.
www.forbes.com
November 11, 2025 at 1:07 PM
AI agents are ready to hack your apps now... this time for good.
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
Agents, built on frontier AI models from the likes of Anthropic and OpenAI, have been fine tuned by this startup to exploit customer applications with “elite, nation-grade offensive capabilities."
www.forbes.com/sites/the-wi...
Reposted by Thomas Brewster
So just how much money is OpenAI dumping on this firehose of imbecilic video? More than $5 billion annualized, or around $15 million per day, according to Forbes estimates and conversations with experts www.forbes.com/sites/phoebe...
Here’s How Much Cash OpenAI Is Burning On AI Video App Sora. What It Means
Some back-of-napkin math suggests OpenAI is spending more than a quarter of what it’s making to power the AI slop factory.
www.forbes.com
November 10, 2025 at 5:06 PM
So just how much money is OpenAI dumping on this firehose of imbecilic video? More than $5 billion annualized, or around $15 million per day, according to Forbes estimates and conversations with experts www.forbes.com/sites/phoebe...
Reposted by Thomas Brewster
If you read an amazing article from Teen Vogue about politics in the last several years, chances are that Lex McMenamin wrote it. Any publication that is serious about meeting this moment would be lucky to have them.
I was laid off from Teen Vogue today along with multiple other staffers, and today is my last day.
certainly more to come from me when the dust has settled more, but to my knowledge, after today, there will be no politics staffers at Teen Vogue.
certainly more to come from me when the dust has settled more, but to my knowledge, after today, there will be no politics staffers at Teen Vogue.
November 3, 2025 at 9:42 PM
If you read an amazing article from Teen Vogue about politics in the last several years, chances are that Lex McMenamin wrote it. Any publication that is serious about meeting this moment would be lucky to have them.
Interesting - I'd heard of a cop's account getting hacked on at least one occasion.
One thing I will note, however, is that Flock has been pushing and in some cases enforcing multi-factor authentication, per public records.
See here for an email sent by Flock to a customer...
One thing I will note, however, is that Flock has been pushing and in some cases enforcing multi-factor authentication, per public records.
See here for an email sent by Flock to a customer...
November 3, 2025 at 8:38 PM
Interesting - I'd heard of a cop's account getting hacked on at least one occasion.
One thing I will note, however, is that Flock has been pushing and in some cases enforcing multi-factor authentication, per public records.
See here for an email sent by Flock to a customer...
One thing I will note, however, is that Flock has been pushing and in some cases enforcing multi-factor authentication, per public records.
See here for an email sent by Flock to a customer...
Reposted by Thomas Brewster
🚨🚨🚨 Absolutely insane stuff here. @lorenzofb.bsky.social spent months working on this story.
Peter Williams, former L3Harris Trenchant boss — the division that makes cyber exploits, zero-days and spyware for Western governments — has pleaded guilty to selling Trenchant's exploits to Russia.
Peter Williams, former L3Harris Trenchant boss — the division that makes cyber exploits, zero-days and spyware for Western governments — has pleaded guilty to selling Trenchant's exploits to Russia.
Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker | TechCrunch
Prosecutors confirmed Peter Williams, the former Trenchant boss, sold eight exploits to a Russian buyer. TechCrunch exclusively reported that the Trenchant division was investigating a leak of its hac...
techcrunch.com
October 29, 2025 at 5:44 PM
🚨🚨🚨 Absolutely insane stuff here. @lorenzofb.bsky.social spent months working on this story.
Peter Williams, former L3Harris Trenchant boss — the division that makes cyber exploits, zero-days and spyware for Western governments — has pleaded guilty to selling Trenchant's exploits to Russia.
Peter Williams, former L3Harris Trenchant boss — the division that makes cyber exploits, zero-days and spyware for Western governments — has pleaded guilty to selling Trenchant's exploits to Russia.
Reposted by Thomas Brewster
Reposted by Thomas Brewster
New: Videos show ICE/CBP agents are scanning peoples' faces on the street to verify citizenship. ICE has tool to instantly look up unprecedented number of databases with just a photo
“I’m an American citizen so leave me alone”
“Alright, we just got to verify that”
www.404media.co/ice-and-cbp-...
“I’m an American citizen so leave me alone”
“Alright, we just got to verify that”
www.404media.co/ice-and-cbp-...
ICE and CBP Agents Are Scanning Peoples’ Faces on the Street To Verify Citizenship
Videos on social media show officers from ICE and CBP using facial recognition technology on people in the field. One expert described the practice as “pure dystopian creep.”
www.404media.co
October 29, 2025 at 2:42 PM
New: Videos show ICE/CBP agents are scanning peoples' faces on the street to verify citizenship. ICE has tool to instantly look up unprecedented number of databases with just a photo
“I’m an American citizen so leave me alone”
“Alright, we just got to verify that”
www.404media.co/ice-and-cbp-...
“I’m an American citizen so leave me alone”
“Alright, we just got to verify that”
www.404media.co/ice-and-cbp-...
Reposted by Thomas Brewster
SCOOP: On Mon, Kaspersky said it found new spyware called Dante targeting Windows users in Russia & Belarus, saying the spyware was developed by Milan-based Memento Labs.
Memento's CEO confirmed to TechCrunch that Dante is its spyware, and blamed one of its government customers for getting caught.
Memento's CEO confirmed to TechCrunch that Dante is its spyware, and blamed one of its government customers for getting caught.
Exclusive: CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker's chief executi...
techcrunch.com
October 29, 2025 at 5:09 AM
SCOOP: On Mon, Kaspersky said it found new spyware called Dante targeting Windows users in Russia & Belarus, saying the spyware was developed by Milan-based Memento Labs.
Memento's CEO confirmed to TechCrunch that Dante is its spyware, and blamed one of its government customers for getting caught.
Memento's CEO confirmed to TechCrunch that Dante is its spyware, and blamed one of its government customers for getting caught.
Reposted by Thomas Brewster
Filling in for @thomasbrewster.bsky.social on this week's edition of our cybersecurity newsletter The Wiretap. What's inside:
🃏 The hacking at the center of the (alleged) NBA/Mafia poker cheating.
🤖 A startup working to make AI agents more secure.
🐞 Apple's bigger bug bounties
And more!
🃏 The hacking at the center of the (alleged) NBA/Mafia poker cheating.
🤖 A startup working to make AI agents more secure.
🐞 Apple's bigger bug bounties
And more!
The Hacking Technique The Mafia Allegedly Used To Rig Poker Games
This edition of the Wiretap looks at securing AI agents, Apple's big bug bounty and more.
www.forbes.com
October 28, 2025 at 7:48 PM
Filling in for @thomasbrewster.bsky.social on this week's edition of our cybersecurity newsletter The Wiretap. What's inside:
🃏 The hacking at the center of the (alleged) NBA/Mafia poker cheating.
🤖 A startup working to make AI agents more secure.
🐞 Apple's bigger bug bounties
And more!
🃏 The hacking at the center of the (alleged) NBA/Mafia poker cheating.
🤖 A startup working to make AI agents more secure.
🐞 Apple's bigger bug bounties
And more!
Reposted by Thomas Brewster
I just wrote about this warrant, what it means for a potential new chapter of the "reverse warrants" saga, and some questions we should be asking for the future: cyberlaw.stanford.edu/eight-or-so-...
October 25, 2025 at 12:12 AM
I just wrote about this warrant, what it means for a potential new chapter of the "reverse warrants" saga, and some questions we should be asking for the future: cyberlaw.stanford.edu/eight-or-so-...
Reposted by Thomas Brewster
One of Europe’s most successful startup investors Klaus Hommels who made early bets on Facebook, Spotify, and Skype, has told backers of his fund Lakestar that future startup bets will be made with his own capital.
www.forbes.com/sites/iainma...
www.forbes.com/sites/iainma...
Europe Venture Fund Lakestar Calls Halt On New Startup Bets
Klaus Hommels who made early bets on Facebook, Spotify, and Skype, has told backers of his fund Lakestar that future startup bets will be made with his own capital.
www.forbes.com
October 23, 2025 at 2:40 PM
One of Europe’s most successful startup investors Klaus Hommels who made early bets on Facebook, Spotify, and Skype, has told backers of his fund Lakestar that future startup bets will be made with his own capital.
www.forbes.com/sites/iainma...
www.forbes.com/sites/iainma...
Reposted by Thomas Brewster
Just published: "Trump’s White House Demolition Isn’t His First Time Leveling A Building — Or Ignoring Preservationists"
me, for @forbes.com
me, for @forbes.com
Trump’s White House Demolition Isn’t His First Time Leveling A Building — Or Ignoring Preservationists
In 1980, Trump destroyed Art Deco sculptures he'd promised to the Met to speed up Trump Tower's construction—now he's demolishing the White House's East Wing for a massive ballroom despite preservatio...
www.forbes.com
October 22, 2025 at 10:03 PM
Just published: "Trump’s White House Demolition Isn’t His First Time Leveling A Building — Or Ignoring Preservationists"
me, for @forbes.com
me, for @forbes.com
Also in the article: the warrant is to unlock the phone of one of the WhatsApp users, also identified as a fake ID dealer.
It allows ICE agents to force the suspect to open their phone with thumb, finger or face.
It allows ICE agents to force the suspect to open their phone with thumb, finger or face.
🚨NEW🚨 In a recently-unsealed warrant ICE's HSI division detailed a case in which it spied on an undocumented immigrant's WhatsApp account.
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
How ICE Spies On WhatsApp
ICE’s HSI division gets contacts from the WhatsApp account of a fake ID dealer and has little trouble identifying them, according to warrant.
www.forbes.com
October 22, 2025 at 1:07 PM
Also in the article: the warrant is to unlock the phone of one of the WhatsApp users, also identified as a fake ID dealer.
It allows ICE agents to force the suspect to open their phone with thumb, finger or face.
It allows ICE agents to force the suspect to open their phone with thumb, finger or face.
Reposted by Thomas Brewster
ICYMI from yesterday: A former Trenchant employee working in exploit development says he was wrongly accused of leaking internal tools and fired. Weeks later, he received a threat alert from Apple saying his own iPhone was targeted with mercenary spyware.
Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware
A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and was fired. Weeks later, Apple notified him that his personal iPhone was targeted with...
techcrunch.com
October 22, 2025 at 12:50 PM
ICYMI from yesterday: A former Trenchant employee working in exploit development says he was wrongly accused of leaking internal tools and fired. Weeks later, he received a threat alert from Apple saying his own iPhone was targeted with mercenary spyware.
Reposted by Thomas Brewster
🚨NEW🚨 In a recently-unsealed warrant ICE's HSI division detailed a case in which it spied on an undocumented immigrant's WhatsApp account.
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
How ICE Spies On WhatsApp
ICE’s HSI division gets contacts from the WhatsApp account of a fake ID dealer and has little trouble identifying them, according to warrant.
www.forbes.com
October 21, 2025 at 4:20 PM
🚨NEW🚨 In a recently-unsealed warrant ICE's HSI division detailed a case in which it spied on an undocumented immigrant's WhatsApp account.
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
Reposted by Thomas Brewster
A potential playbook for ICE here on mapping out networks of immigrants by using/abusing WhatsApp's maintenance of metadata...
🚨NEW🚨 In a recently-unsealed warrant ICE's HSI division detailed a case in which it spied on an undocumented immigrant's WhatsApp account.
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
How ICE Spies On WhatsApp
ICE’s HSI division gets contacts from the WhatsApp account of a fake ID dealer and has little trouble identifying them, according to warrant.
www.forbes.com
October 21, 2025 at 5:35 PM
A potential playbook for ICE here on mapping out networks of immigrants by using/abusing WhatsApp's maintenance of metadata...
Reposted by Thomas Brewster
But then I saw that TikTok had recently changed its policies about when and how it notifies users that their data has been requested. And the new policy was weaker than most of TikTok's competitors'. 5/8
www.forbes.com/sites/emilyb...
www.forbes.com/sites/emilyb...
TikTok Won’t Say If It’s Giving ICE Your Data
Changes to TikTok's policies make it easier for the company to share users’ personal information with governments. TikTok did not respond to questions about the changes.
www.forbes.com
October 21, 2025 at 6:25 PM
But then I saw that TikTok had recently changed its policies about when and how it notifies users that their data has been requested. And the new policy was weaker than most of TikTok's competitors'. 5/8
www.forbes.com/sites/emilyb...
www.forbes.com/sites/emilyb...
A potential playbook for ICE here on mapping out networks of immigrants by using/abusing WhatsApp's maintenance of metadata...
🚨NEW🚨 In a recently-unsealed warrant ICE's HSI division detailed a case in which it spied on an undocumented immigrant's WhatsApp account.
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
How ICE Spies On WhatsApp
ICE’s HSI division gets contacts from the WhatsApp account of a fake ID dealer and has little trouble identifying them, according to warrant.
www.forbes.com
October 21, 2025 at 5:35 PM
A potential playbook for ICE here on mapping out networks of immigrants by using/abusing WhatsApp's maintenance of metadata...
🚨NEW🚨 In a recently-unsealed warrant ICE's HSI division detailed a case in which it spied on an undocumented immigrant's WhatsApp account.
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
How ICE Spies On WhatsApp
ICE’s HSI division gets contacts from the WhatsApp account of a fake ID dealer and has little trouble identifying them, according to warrant.
www.forbes.com
October 21, 2025 at 4:20 PM
🚨NEW🚨 In a recently-unsealed warrant ICE's HSI division detailed a case in which it spied on an undocumented immigrant's WhatsApp account.
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
She was dealing fake ID documents. An ICE HSI agent spied on who she contacted on WhatsApp, then identified those contacts.
www.forbes.com/sites/the-wi...
ICYMI yesterday
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
OpenAI Ordered To Unmask ChatGPT User Behind 2 Prompts
First known warrant of its kind reveals the government can ask OpenAI to provide identifying information on anyone who enters specific prompts.
www.forbes.com
October 21, 2025 at 4:11 PM
ICYMI yesterday
Updated this story with EFF comment, noting that it shows how the likes of DHS are increasingly turning to ChatGPT records for help on investigations.
How broad could data grabs get here?
How broad could data grabs get here?
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
OpenAI Ordered To Unmask ChatGPT User Behind 2 Prompts
First known warrant of its kind reveals the government can ask OpenAI to provide identifying information on anyone who enters specific prompts.
www.forbes.com
October 20, 2025 at 8:35 PM
Updated this story with EFF comment, noting that it shows how the likes of DHS are increasingly turning to ChatGPT records for help on investigations.
How broad could data grabs get here?
How broad could data grabs get here?
Reposted by Thomas Brewster
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
OpenAI Ordered To Unmask ChatGPT User Behind 2 Prompts
First known warrant of its kind reveals the government can ask OpenAI to provide identifying information on anyone who enters specific prompts.
www.forbes.com
October 20, 2025 at 1:14 PM
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
Reposted by Thomas Brewster
“However, the government did not require the OpenAI data to identify their man. Instead, they were able to glean enough information during undercover chats with the suspect to discover that he was connected to the U.S. military.”
🚨SCOOP🚨 DHS ordered OpenAI to identify a user who'd made 2 specific prompts.
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
User was anonymous and accused of helping run 15 child abuse sites. They'd disclosed the prompts to an undercover agent.
First example of what I'm calling a reverse AI prompt search.
www.forbes.com/sites/thomas...
OpenAI Ordered To Unmask ChatGPT User Behind 2 Prompts
First known warrant of its kind reveals the government can ask OpenAI to provide identifying information on anyone who enters specific prompts.
www.forbes.com
October 20, 2025 at 3:05 PM
“However, the government did not require the OpenAI data to identify their man. Instead, they were able to glean enough information during undercover chats with the suspect to discover that he was connected to the U.S. military.”