Most people know what they should be doing within their community: shopping locally, watching local news, and…running large language models?

That last one may be a bit of a head-scratcher, but with open-source models like Llama, Mistral, and now DeepSeek, AI experimenters can host models locally to their enterprise data centers or even, in some cases, their phone.

That kind of offline containment offers the usual tradeoff—a benefit for security pros and threat actors alike. And CEO of fraud-prevention company Arkose Labs Kevin Gosschalk gives the edge to attackers.

“This technology is really democratized for everybody, and adversaries always use it better,” Gosschalk told IT Brew.

“They don’t have restrictions and policies,” he said. “They don’t need to move slowly. They don’t need to worry about AI rollout. They don’t need to train their employees. They just go and use these things.”

Tools like Ollama and LM Studio allow users to run billion-parameter AI models like Meta’s Llama 3, Microsoft’s Phi-3, and Mistral’s offerings on users’ individual machines. Apps like Fullmoon allow CEOs like Gosschalk to “chat with” AI models like DeepSeek and Llama on a mobile device.

Read more here.—BH

A council of security pros in industry and government no longer have a paper due, it seems, but no one’s celebrating.

A Jan. 20 memo, signed by Acting Department of Homeland Security (DHS) Secretary Benjamine C. Huffman, announced the termination of advisory committees under the DHS, reportedly including the investigatory Cyber Safety Review Board (CSRB). (The original page announcing the launch of the CSRB in February 2022 has been classified as “archived content.”)

The consequences of shutting down a government–industry collaboration like CSRB concerns IT pros, including a former member of the advisory group who spoke with IT Brew.

“Only the administration can answer whether the CSRB is done or whether they will try to resurrect it in some form,” said Katie Moussouris, founder and CEO of Luta Security and an inaugural member of the review board, which was under the Cybersecurity and Infrastructure Security Agency (CISA) within the DHS.

What is the CSRB? The CSRB investigated major cybersecurity incidents: the software vulnerability Log4j in 2022; Lapsus$ threat actors in 2023; and most recently, the 2023 Microsoft Online Exchange intrusion.

The group’s efforts have been compared to the National Transportation Safety Board, an independent federal agency charged with investigating aviation accidents, determining causes, and providing preventative recommendations.

When investigating Log4j, Moussouris and 14 other members, including government and cybersecurity industry leaders, interviewed nearly 80 organizations and individuals to collect insights and provide protection recommendations.

Read more here.—BH

Not everything is changing in the new Trump administration—but some projects left in place are seeing adjustments.

One such project is the Pentagon’s “Cyber Command 2.0” overhaul. Put in place by the Biden administration under former Secretary of Defense Lloyd Austin in December, the revisionary project focuses on four points of change—streamlining responsibilities, improving talent development, training and education support, and a cyber warfare innovation center.

Restructuring the command requires a review on how best to implement the changes. Austin gave the Pentagon 180 days to finish the review.

Speed racer. Former Fox News presenter and recently appointed US Defense Secretary Pete Hegseth, after being briefed about the initiative on Feb. 5, told Cyber Command (Cybercom) to come back in 45 days with the findings, severely cutting the response time. Hegseth’s shortened timeline decree means the review will be due by Mar. 22. Once complete and approved, the Pentagon will begin implementing the new standards.

While an accelerated timeline is a shift, the overall cyber landscape remains positive for the Pentagon, with Hegseth exempting Cyber Command from $50 billion in defense spending cuts that would be reappropriated to the White House’s preferred priorities.

Read more here.—EH