惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Blog — PlanetScale
Blog — PlanetScale
SecWiki News
SecWiki News
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
小众软件
小众软件
C
CERT Recently Published Vulnerability Notes
Jina AI
Jina AI
N
Netflix TechBlog - Medium
GbyAI
GbyAI
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
C
Cybersecurity and Infrastructure Security Agency CISA
I
Intezer
T
Tor Project blog
P
Palo Alto Networks Blog
P
Privacy & Cybersecurity Law Blog
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Proofpoint News Feed
T
Tailwind CSS Blog
C
Check Point Blog
Cloudbric
Cloudbric
Y
Y Combinator Blog
The Last Watchdog
The Last Watchdog
Forbes - Security
Forbes - Security
Last Week in AI
Last Week in AI
S
Security Affairs
博客园 - Franky
F
Fortinet All Blogs
量子位
M
MIT News - Artificial intelligence
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
V
Visual Studio Blog
AI
AI
美团技术团队
B
Blog RSS Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 三生石上(FineUI控件)
阮一峰的网络日志
阮一峰的网络日志
Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
Microsoft Security Blog
Microsoft Security Blog
T
Threatpost
Cyberwarzone
Cyberwarzone

Forbes - CIO Network

Ralliant’s Amir Kazmi On Wiring AI Into Critical Infrastructure Nvidia Buys Kumo AI To Bring AI Predictions To Business Data Anthropic's Fable 5 AI Model Offers More Power At A Higher Price Argentina Wants To Let AI Own Companies. Here’s What That Means The AI Conversation CEOs Are Not Having Out Loud Moneyball Meets AI: How The New York Jets Are Charting An AI Future How Anthropic, OpenAI and Nvidia Are Driving the AI Economy Wall Street Is About To Test AI's Trillion-Dollar Valuations The VPN Risk Too Many Companies Ignore The Agentic Enterprise Got A Major Upgrade This Summer. OpenAI, Anthropic And The $1 Trillion Question: Who Really Wins From AI? Trump's AI Evaluations Order: Right Policy, Unfinished Governance Trump's AI Order Creates A New Test For Frontier AI—And Public Trust Microsoft Build 2026 Reveals the Future of AI, Data and ERP Artificial Intelligence Positioned To Disrupt $5 Trillion Industry Healthcare CIOs Should Take Note Of Copilot Health Innovation At The Pace Of AI Requires A Different Corporate Metabolism How Expedia Is Reinventing Travel Through AI And Agentic Design The AI Risks CISOs Aren’t Talking About Enough Prat Vemana On Leading Technology, Product And AI Innovation At Target AI Spurs A Cultural Shift In A 1,000-Developer Insurance Company Rewiring Omnicom’s Operating Model For AI At Scale 4 AI Strategy Questions Every Executive Needs To Drive ROI Building A Retail Platform Across Iconic American Brands Why AI Likely Means More Work For Humans AI Flattening Organizations Is The Latest Chapter In A Continuing Story OpenAI And Anthropic Are Testing Two Very Different AI Business Models Why Nvidia Needs More Than GPUs To Win The AI Infrastructure Race Google Wants Gemini To Become The Operating Layer For AI Tokenomics 101: Cost Of Getting Work Done (Not The Cost Of Tokens). AI Security Threats Coming From Outside And Inside, And Few Are Ready The AI Trade Is Moving Beyond GPUs AI Turns Solo Workers Into Departments And VCs Are Paying Attention Employee’s AI Shortcut Triggers SEC Filing — Boards, Take Note Transforming Wealth Management Using AI At Citi Uber Burns Its 2026 AI Budget In Four Months On Claude Code The Cyber Resilience Standard Every Hospital CIO Must Meet AI Layoffs Are A Substitute For A Strategy The Last Competitive Advantage In Software Isn't Software Knowledge Management, The Tech World’s Step Child, May Be AI’s Salvation The AI Governance Talent Gap Is Smaller Than It Looks Capgemini Warns CEOs: Physical AI Can No Longer Be Ignored AI Opens Work Opportunities — We Just Can’t Imagine Them Yet Friendly Chatbots Make More Mistakes — And Annoy Your Customers More From Information Provider To AI Partner: Thomson Reuters’ Next Chapter AI Is Breaking Silicon Valley’s Global Playbook AI’s Data Surge Demands Action In A New Battle Over Creator Rights AI Transformation Of An Internet Era Success: The SurveyMonkey Story Could The Musk V. Altman Trial Change The AI Race? At Least 18% of Jobs Face Major AI Risk, OpenAI Economist Predicts As Musk Takes OpenAI To Court, Its $130 Billion Philanthropy Bet Faces A Trial OpenAI Publishes 5 Principles For Its AGI Push How Hearst Is Using Data And AI To Transform A 140-Year-Old Business 6 Employee Critiques About Their Companies’ AI Practices AI Boosts Productivity — And Fears Of Layoffs, Anthropic Study Finds How Mythos’ Vulnerability Apocalypse Will Play Out Alleged Claude Mythos Breach Raises Questions About AI Security Consumers Warm Up To AI, Will Trust Follow? Stop Cleaning Your Data. Start Finding The Signal. Architecture: A Question At The Core Of AI In The Enterprise Why Healthcare AI Still Struggles To Deliver QClaw Goes Global. The Agent Built Itself In 5 Days Apple’s Tim Cook Exit Hides A $4 Trillion Agentic AI Power Move AI’s Missing Link Is Accountability Can A Startup Turn Night Into Day Using Space Mirrors? Most Employees Are Learning AI By Osmosis These Days OpenAI GPT-5.4-Cyber — The Security Of Tomorrow Or A PR Response To Claude Mythos? UF Health Names Healthcare Vet Craig Richardville As New Tech Leader Allbirds Ran Toward AI And The Stock Surged 800% Lisa Davis Is Doing Something About Being The Only Woman In The Room AI May Be Running Out Of Data, Stanford Report Warns Is The Cult Of ‘Tokenmaxxing’Just Another Fad Or The New Normal? Inside Syngenta’s AI Driven Approach To Modern Agriculture Forget Bigger Models, Neuromorphic AI Thinks Like A Human Brain CoreWeave Becomes AI's Landlord With Meta And Anthropic Deals AI Slop Is Real. Your Adoption Strategy May Be Making It Worse. Cloud Investments Not Keeping Up With AI With AI, Job Searches And Recruiting May Be Less Onerous, Hopefully The One AI Question Boards Should Stop Asking Their CEOs Turner Construction Appoints Former GE Aerospace Exec As CIO Ignore The Doom Talk: AI’s Real Value Only Arises When Humans Step Up China’s Grassroots OpenClaw Is Rewriting The Global Agentic AI Race Anthropic–Pentagon Dispute Brings A Turning Point For The AI Industry AI Delivering Value And ROI, But Think Twice Before You Cut March 31 Is World Backup Day. Here’s How To Protect Your Data Now AI Doesn’t Fix Systems — It Exposes Them The Healthcare Rule CIOs Shouldn’t Overlook AI: The Cybersecurity Crisis That Vendors Love Where Digital And Robot-Based AI Agents Now Prevail Quantum Computing’s Next Major Breakthrough May Come From Australia 6 Ways To Rise Above An Increasingly AI-Saturated World The Real Shift Is Not AI Tools. It Is Workflow Ownership We Trust AI Over Our Own Brains, Research Finds Pravina Ladva On How Swiss Re Uses Data And AI To Build Resilience We’re Still Only Seeing AI’s First-Order Effects, Former Tesla Head States Why China Is Winning The Open Source AI Race AI Doesn’t Own The Customer Yet. Here’s How Retailers Can Keep It That Way Shobhit Varshney Of Citi On Scaling AI With Purpose And Discipline How AI Is Transforming Patient Health At Genentech Agentic AI Reshapes Nvidia Strategy Beyond GPUs At GTC
Why Sam Altman’s Warning About A Big Cyberattack In 2026 Is Overblown
Tim Keary · 2026-04-18 · via Forbes - CIO Network
OpenAI CEO Sam Altman who recently warned about a cyber attack

OpenAI CEO Sam Altman (Photo by JOEL SAGET / AFP) (Photo by JOEL SAGET/AFP via Getty Images)

AFP via Getty Images

OpenAI CEO Sam Altman sat down for a video interview in April with Axios cofounder Mike Allen and agreed that it’s “totally possible” there could be a “world-shaking” cyberattack in 2026.

“I suspect in the next year, we will see significant threats that we have to mitigate from cyber and these models are already quite capable and will get much more capable,” said the OpenAI cofounder in the interview. He also suggested that society needs to become resistant to the potential of terrorist groups using these models to create novel pathogens and cause harm.

Since the interview, there’s been a lot of debate over whether his comments were an accurate reflection of the evolving threat landscape or overblown. The recent announcement that Anthropic’s Claude Mythos could autonomously identify software vulnerabilities has added fuel to the fire.

However, many security experts suggest it isn’t necessarily the risk of a massive cyberattack that presents the biggest risk to modern enterprises, but the lack of governance around everyday AI adoption, introducing new risks to the workplace.

Challenging Sam Altman’s Concept of World-Shaking

Reflecting on Altman’s comments, Justin Fier, SVP of offensive security at AI-security vendor Darktrace, told me, “I think the concern is legitimate, but I also think it helps to define what ‘world-shaking’ actually means. We have already experienced cyberattacks with broad, disruptive impact. WannaCry is one example and I do think there is a degree to which people have become desensitized because cyber incidents are now such a regular feature of the landscape.”

WannaCry, a ransomware outbreak that occurred in 2017, stands out due to the scale of damage it caused. According to Microsoft, in May 2017, the WannaCry ransomware outbreak spread across over 150 countries and infected over 300,000 computers across 100,000 businesses, including the UK’s National Health Service.

“To me, a truly world-shaking event would be something that moves beyond a major enterprise breach and starts affecting the systems people rely on every day or the broader stability of the economy. If you are talking about power, water or the financial system, something that creates a real cascading effect across society, that is a very different category of cyber event,” Fier said.

It’s arguable that the ransomware attack on Colonial Pipeline in May 2021 also fulfills this criterion, with the breach disrupting critical supplies of gasoline and other refined products across the East Coast of the U.S.

These incidents highlight that widespread damage from cyber attacks isn’t just a theoretical possibility; it’s already happened. As AI advances, there is the potential for incidents of a similar scale, but Fier believes there are more immediate issues to address.

For Fier, the issue isn’t that AI will suddenly produce a new class of attack, but that enterprises are adopting AI faster than they are building the controls to understand and govern it. Companies that deploy AI agents without the proper oversight are introducing risks inside their organizations that threat actors can exploit.

The Biggest Threat Is Lack Of Oversight

In the world of cybersecurity, misconfiguring internal systems can be just as dangerous as any malicious action taken by a threat actor. Dr. Joye Purser, global field CISO of Cohesity and the first senior executive regional director for CISA, led the federal response across eight states to the Colonial Pipeline ransomware attack and told me in an email that the biggest risk from AI wasn’t necessarily a particular threat, but a lack of guardrails.

“Enterprises lack awareness of the AI systems in place, the extent of ‘copy-paste’, data leakage and the details of how models were designed and trained. All of this generates risks that are invisible; and invisible risks cannot be evaluated and mitigated,” Purser said.

For Purser, strict data retention controls can help reduce the risk of data loss through copy-paste leakage, while employee education can increase awareness of the potential risks of losing intellectual property. As more employees use tools like ChatGPT and Claude as part of their workflows, it’s becoming more likely that sensitive proprietary information will be leaked to these models.

“The biggest threat isn’t an attack from the outside, but that companies have no visibility into how their own workers are using AI. Workers are connecting personal AI tools to work systems, delegating tasks to agents that act with the worker's permissions, and building AI-powered personal knowledge systems that mix corporate and personal data. The traditional governance model assumes you can draw a line between ‘inside’ and ‘outside,’ but that line doesn't exist anymore,” Brian Madden, VP, technology officer and futurist at Citrix, told me via email.

Madden notes that you can’t govern what you can’t see. Most companies have zero visibility into the AI tools their workers are using, how they’re using them or even how data is flowing in and out of those tools. Instead of worrying about how to secure AI, companies should be looking to understand what employees are doing with it.

“I don’t see the risk as a single catastrophic cyberattack, but rather the ‘drip drip drip’ slow structural exposure that comes from thousands of workers connecting AI agents to corporate systems (with their full permissions!) and limited to no oversight. Most companies don't have the governance infrastructure to even see or know it's happening,” Madden said.

Are AI Agents A Threat?

AI agents are playing a bigger role in the enterprise than ever before. A PWC survey of 300 senior executives released last year found that 79% say AI agents are already being adopted in their companies. All of these agents present new risks that organizations need to be prepared to confront.

“The biggest threat isn’t someone using AI to attack your enterprise from the outside. It’s the AI agents you invited inside,” Naor Paz, CEO and co-founder of Capsule Security, an agentic AI vendor that this week emerged from stealth with $7 million in seed funding, told me via email.

Today, many companies are deploying agents with broad access to sensitive data, internal tools, code repositories and customer records without providing meaningful oversight.

“Think of it as hiring an employee you’ve never met, giving them keys to everything, and hoping for the best. A coding agent like Claude Code can bypass guardrails and act autonomously and by the time the damage surfaces, it’s already done. That’s the real risk: not a dramatic external attack, but an internal agent operating unchecked at machine speed,” Paz said.

In this sense, while developments in AI technologies do present new external risks, there are significant internal risks emerging that companies do have the power to address. In the case of agents, this starts by governing what data they can access and setting guardrails to determine what actions they can perform.

While human-in-the-loop is one way to mitigate the risks around AI agents, Paz notes that agents-in-the-loop can be used to provide runtime security for AI agents. In short, companies that use agents can reduce the chance of data breaches by watching the actions they take and blocking high risk activities before they are executed.

Altman isn’t necessarily wrong about the potential for a high-impact cyberattack, but it appears that the most pressing risk comes from companies leaving cybersecurity as an afterthought.