{"id":222492,"date":"2026-05-29T12:10:00","date_gmt":"2026-05-29T16:10:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/29\/governing-luminaries-the-global-cyber-war-hits-home\/"},"modified":"2026-05-29T12:20:09","modified_gmt":"2026-05-29T16:20:09","slug":"governing-luminaries-the-global-cyber-war-hits-home","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/29\/governing-luminaries-the-global-cyber-war-hits-home\/","title":{"rendered":"Governing Luminaries: The Global Cyber War Hits Home"},"content":{"rendered":"<p><a href=\"https:\/\/www.governing.com\/magazine\/governing-luminaries-the-global-cyber-war-hits-home\">Governing Luminaries: The Global Cyber War Hits Home<\/a><\/p>\n<p><a href=\"https:\/\/www.governing.com\/magazine\/governing-luminaries-the-global-cyber-war-hits-home\">https:\/\/www.governing.com\/magazine\/governing-luminaries-the-global-cyber-war-hits-home<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-29 12:10:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.governing.com\">www.governing.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                                    Editor&#8217;s Note: This article appears in Governing&#8217;s\u00a0Q2 2026 Magazine. You can subscribe\u00a0here.Nicole Perlroth spent more than a decade covering cybersecurity for The New York Times, reporting on everything from state and local ransomware attacks to global cyber warfare.In 2021, she turned her experiences into a best-selling book, This Is How They Tell Me the World Ends, which documents the international digital arms race and details an unregulated gray market where private hackers develop and sell dangerous cyber weapons to the highest bidder. Perlroth\u2019s popular 2025 podcast series, To Catch a Thief, investigated the evolution of China\u2019s state-sponsored hackers.Today, she advises multiple cybersecurity companies and regularly keynotes on cybersecurity topics. She is also the founding partner of Silver Buckshot Ventures, a San Francisco-based venture capital firm that invests in early-stage cybersecurity startups.Perlroth spoke with Governing about how cybersecurity threats are evolving \u2014 especially with the emergence of powerful AI software \u2014 and why state and local governments are a prime target for a growing class of uniquely dangerous threats from hostile foreign governments.You spent years reporting on cyber warfare and vulnerabilities. What should state and local government officials be concerned about?I\u2019ll start by saying the threat landscape has never moved so quickly. A few years ago, I would have talked about ransomware. Cities and counties were being held hostage with ransomware attacks.Now, the bigger threat is that there are actors \u2014 predominantly China \u2014 probing state and local computer systems and critical infrastructure like water systems, ports, railways and vendors that supply all those entities. They\u2019re getting inside those systems and then lying in wait. They\u2019re not dropping malware. They\u2019re not siphoning off personal data.They\u2019re doing that because if there\u2019s an escalation around Taiwan or the South China Sea, they want to be in position to paralyze us from mobilizing forces and logistical support. But also \u2014 and this is really where state and local government comes in \u2014 they want to be able to disrupt basic services like clean water and fuel. It\u2019s a psychological deterrent to supporting Taiwan \u2014 so that we think, \u201cWhy are we supporting this island 7,000 miles away? I just need gas today.\u201d China is very strategic like that.What does this mean for government leaders?They need to know that state and local governments are the most targeted entities. They\u2019re the ones who\u2019ll have to show up on national television when the water shuts off, or worse, it\u2019s contaminated by a cyber attack.One thing China has really figured out is that large utilities \u2014 the PG&#038;Es and Southern Powers of the world \u2014 have enterprise-grade security. But local entities like water treatment facilities often aren\u2019t investing appropriately. They\u2019re relying on software that can\u2019t even be patched for security vulnerabilities because it\u2019s so old.One example that I think is illustrative for your audience is what happened in Littleton, Mass. The city\u2019s Electric Light and Water Departments discovered in 2023, through a notification from the FBI and CISA [Cybersecurity and Infrastructure Security Agency], that they had been infiltrated by Volt Typhoon [a state-sponsored Chinese hacking group]. Why is China sitting in the systems of a local water treatment and grid operator that only serves 15,000 people? They\u2019re probably a lot easier to break into than PG&#038;E, and disrupting water and power creates chaos and panic; it creates political pressure.How does the current conflict with Iran impact local communities?I think it\u2019s safe to say that Iran views the current conflict as an existential crisis. We are seeing a tremendous amount of aggressive activity on two fronts. They\u2019re targeting administration officials who are involved in the ceasefire talks, but we\u2019re also seeing a huge pickup in Iranian attacks on local infrastructure like water facilities and power grids.Iran is far less sophisticated than China, but they look for targets of opportunity \u2014 anyone who\u2019s essentially left the door open by using old software or default passwords. And they\u2019re not going to lie in wait; they are there to turn things off.How is AI changing the threat landscape?Ransomware never went away. But in the past, your security measures just needed to be good enough that threat actors would pass you by and hit the next guy down the street.Now AI is going to scan for any open doors. It will get in, and without any human guidance whatsoever, encrypt your data, hold you hostage and manage the payment negotiation. AI automates the whole kill chain. Anyone who is not using best practices will be compromised.We\u2019re seeing ransomware groups train AI chatbots to identify which business-critical assets to encrypt, figure out who is most likely to pay, and manage payment negotiations for maximum psychological pressure. These automated attacks will target known security vulnerabilities where people haven\u2019t run their software updates or haven\u2019t implemented things like multifactor authentication.What\u2019s even scarier is that [AI developer] Anthropic recently previewed a new AI model called Mythos that can find previously unknown vulnerabilities \u2014 in some cases, bugs in our most hardened software that have been undiscovered for 20 years.According to industry reports, Mythos identified thousands of unknown vulnerabilities in major software operating systems and web browsers during testing \u2014 flaws that had not been detected by human security reviews or automated assessments. Anthropic has not released the technology publicly. Instead, the firm is working with a coalition of technology companies to use the tool to find and fix vulnerabilities in important software systems. However, experts expect similar capabilities to rapidly appear from other AI developers.Your book details the value of these undiscovered software flaws, known in the information security world as \u201czero-day\u201d vulnerabilities because software makers have had zero days to fix them. Hackers who discover these flaws, which give attackers an invisible doorway into computer hardware and software, could sell them for millions of dollars to national governments, cyber criminals, defense contractors and others. What does it mean that AI can now make zero days so easy to discover?I think we\u2019re now experiencing the coda to my book. Anthropic\u2019s Mythos model can find undiscovered vulnerabilities that are very severe and exploit them automatically. So that market I wrote about is essentially being eviscerated. The barrier to entry is gone. AI can find and develop zero-day exploits on a scale that we can\u2019t even really fathom as humans. And anyone will be able to use these models, potentially.Anthropic is partnering with security companies to find those vulnerabilities first to protect customers. That\u2019s the responsible way to do it. Will that be enough? I don\u2019t think so. They have a host of competitors, many of which are not based in the U.S., and they may not have the same view of accountability.Won\u2019t this technology also lead to better and more resilient systems?Yes, ultimately, we\u2019ll use it defensively to vet software before it\u2019s released and to go back and fix vulnerable code. That will be a huge step in up-leveling security. But for now, attackers will have a major advantage \u2014 there\u2019s just going to be more code with vulnerabilities that can be exploited autonomously. It\u2019s going to be a wild ride for the next few years. And, unfortunately, where we\u2019ll see this play out is state and local governments and their critical infrastructure suppliers.What should leaders be doing to prepare?The fundamentals are now urgent. Get rid of old software. Use cybersecurity tools from the best providers. Modernize the industrial control systems used by water and power authorities and use security tools designed to protect those systems.I know this is very tough to do. These are resource-constrained environments that often work off annual budgets. Communities bought their technology systems years ago, and replacing them is an entirely new line item. But that model is about to be exposed as completely broken. It\u2019s a national security imperative that we find new models.Officials also need to plan for a cyber attack the same way they would prepare for a terrorist attack. Make sure you\u2019re getting threat briefings. Conduct tabletop exercises regularly. Practice how you would communicate if everything shuts down and you can\u2019t access your email. What communication channels can you revert to? What are your manual fallback systems?These things are critical \u2014 and they\u2019re something state and local officials can lead on.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Governing Luminaries: The Global Cyber War Hits Home https:\/\/www.governing.com\/magazine\/governing-luminaries-the-global-cyber-war-hits-home Publish Date: 2026-05-29 12:10:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222493,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/erepublic.brightspotcdn.com\/dims4\/default\/4b7aff1\/2147483647\/strip\/true\/crop\/840x408+0+0\/resize\/1440x700!\/quality\/90\/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2F47%2Fc2%2F2377463148e1b56fae4e6a093e23%2Fgovq2web-art-luminary.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,32],"class_list":["post-222492","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222492"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222492"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222492\/revisions"}],"predecessor-version":[{"id":222494,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222492\/revisions\/222494"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222493"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}