Ransomware That Negotiates Back

This solo Zero Signal works through the news week with a single throughline — AI is shifting the unit economics of attack, defense, work, and capital concentration faster than most security programs are positioned to respond to. The opening segment hits the AI Darwin Awards angle (Taco Bell and McDonald's pulling AI drive-throughs after testing in production went exactly as you'd expect) before pivoting to the substantive material: Anthropic's Economic Index data on the widening AI divide, the M&A consolidation wave hitting cybersecurity, and the first documented LLM-embedded ransomware — PromptLock, identified by ESET this week.

The throughline ties the macro to the micro. The Anthropic data shows productivity gains clustering in the regions and demographics that already had access; the M&A data shows enterprise security collapsing into 11-ish platform giants in a pattern that mirrors the defense-industrial-base consolidation Ross Haleliuk has been writing about; the PromptLock disclosure shows attackers building agentic capabilities into the malware payload itself. The CISO has to operate against all three at once — defending an organization that is itself unevenly AI-adopted, navigating vendor consolidation that creates new lock-in risk, and preparing for a defender's playbook that doesn't yet exist for autonomous, in-environment, decision-making malware.

Thank you to our Sponsors:

Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North

Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending 

The Anthropic Economic Index landed this week and the headline finding deserves more attention than it got. AI productivity gains are clustering geographically and demographically in the regions already best positioned to capture them — wealthy, high-adoption metros across the US and a handful of similar markets globally. That's a meaningful break from the global-convergence pattern technology has produced for the past 15 years, where each new tooling cycle eventually distributed to the rest of the world. Whether it stays a break or just a lag is unclear. What's clear is that the assumption every multinational has been making — that AI is going to be evenly distributed across the workforce within 18-24 months — is wrong, and the operational implications haven't been fully internalized. 

The most useful operational version of this for a CISO running a global program is to stop assuming homogeneous AI capability across business units. The team in San Francisco is operating with materially different AI fluency than the team in Mississippi or in Bangalore — for a mix of legislation, infrastructure, and cultural reasons. Security awareness, AI governance, and policy enforcement need to acknowledge that delta, not paper over it. The teams that succeed will be the ones that meet each region where it actually is, not where the global all-hands assumed it was. 

Zoom's Eric Yuan, NVIDIA's Jensen Huang, and a handful of other CEOs have been floating the three- or four-day work week as the future of AI-augmented productivity. The framing is structurally suspect. Historically every previous technology wave was supposed to deliver this — the 1940s and 50s telegraphed the same thing, and it never materialized. The harder problem is the cost-cutting framing the entire question lives inside. The current Wall Street incentive is to use AI to do the same work with fewer people, and the reward function for executives is reducing headcount, not growing output.

The reframe both hosts converged on is the right one. The job of leadership in this era is not to shrink the team to maintain the same output — it's to grow the output with the team you already have. If your top-line sales rep is doing $1M in quota, the question shouldn't be how to make that $1M cheaper. It should be how to make that rep do $5M with the same AI-augmented capability. The companies that get this reframe right are going to outperform. The companies that don't are going to compound the youth-unemployment problem already showing up in the data — 16-to-24-year-olds are at roughly 12% unemployment versus 4% nationally, and the on-ramp into the workforce is closing at exactly the moment AI augmentation is unlocking new categories of work.

The CISO version of this same reframe is direct. Instead of asking how to reduce security headcount because AI can do more, ask what work the team has never been able to get to — the architectural debt, the threat-modeling backlog, the resilience exercises that always slip. That's the work AI augmentation should free the team for. The result is a more defendable organization, not a thinner one. 

This week's cybersecurity M&A — CrowdStrike acquiring Pangea, Checkpoint acquiring Lakera, SentinelOne's earlier acquisition of Prompt Security — is the latest evidence of a structural pattern. Ross Haleliuk has been making the case that cybersecurity is consolidating along the same arc the defense industrial base did between 1980 and 2001. That arc went from dozens of mid-tier players down to roughly five primes. Cybersecurity is currently at roughly 11 platform giants — Palo Alto, CrowdStrike, Cloudflare, Zscaler, and the rest of the cohort — that are absorbing the AI-native upstarts that were supposed to be the next-generation independents.

The trade Haleliuk's framing forces is the right one to surface for boards. Consolidation creates operational simplicity for buyers and feeds back on itself competitively, but it also produces lock-in risk and reduces the diversity of architectural approaches in the market. The CISO question to ask any platform vendor coming off an acquisition spree is operational, not promotional. Show me the cross-product detections that the acquisition actually enabled. Show me the integration that produced a capability you couldn't deliver before. If the answer is just SKU consolidation at procurement time, the deal didn't produce real value — it produced the appearance of it. The CISOs who hold platform vendors accountable for real integration are going to get materially more from their security investment than those who don't.

There's also a structural counter-argument worth holding onto. Cybersecurity will not stop at 11 giants because new categories keep getting born. The boundaries of what's defensible keep moving outward as new technologies (agentic AI being the current one) introduce new attack surfaces that the legacy platform players don't naturally cover. There will always be upstarts. The cycle will repeat. The 2030s version of CrowdStrike is being founded right now — and it will probably be acquired by a 2030s version of CrowdStrike before it ever IPOs. 

The most consequential technical news of the week was ESET's discovery and naming of PromptLock — the first documented ransomware with an embedded LLM. The malware isn't doing anything novel at the encryption layer. The novelty is that it brings its own model along for the ride and uses it to personalize the extortion notes, reason about the target environment locally, and (in the future versions every defender should already be modeling) negotiate the ransom in real time with the responder.

This is the starting gun for a new class of malware that defenders haven't built tooling against yet. Polymorphic malware was about evading detection. Agentic malware is about making decisions in the environment after detection — about countering containment, manipulating responders, identifying high-value data dynamically rather than via pre-coded heuristics, and negotiating from a position of more contextual information than a human responder under load can match. The technical sophistication of PromptLock today isn't the headline. The architectural pattern is.

The defender's response can't be incremental. The right framing is the three-stage attacker AI adoption model that several security leaders on the show have converged on this season. Stage one: AI used to do more of the same — better phishing, better credential harvesting, faster reconnaissance. Already happening at scale, well documented in the Anthropic and Mandiant reporting. Stage two: AI infrastructure as the new attack surface — prompt injection, model exfiltration, MCP supply chain attacks. The Postmark mirror disclosure two episodes back was a clean example. Stage three: full agentic kill-chain orchestration with humans only at strategic breakpoints. Anthropic's August threat-actor report on the GTG-1002 group documented this against ~30 organizations. PromptLock is a sub-stage of three — agentic malware that makes local decisions, fights back during incident response, and reasons about the target environment without phoning home.

The CISO who walks into 2026 without an architectural plan for stage three — including agentic blue-team tooling, LLM-aware incident response playbooks, and detection capabilities tuned for malware that adapts in real time — is going to be defending against a generation of threat that their existing stack wasn't designed for. The defender's only credible response is the same architectural shift the attackers are already executing: agent versus agent, with humans at the strategic breakpoints. We're not there yet. We're walking before we run. But that's where this goes.

Guests — solo episode (Conor Sherman and Stuart Mitchell, hosts; no in-studio guest)

Books mentioned — none

Frameworks / models / tools named — Anthropic Economic Index (AI productivity geographic concentration data); the AI Darwin Awards (Gadi Evron's project); PromptLock (ESET-named ransomware with embedded LLM); the three stages of attacker AI adoption; Ross Haleliuk's cybersecurity-as-defense-industrial-base framing; the "11 platform giants" map (Palo Alto, CrowdStrike, Cloudflare, Zscaler, and the rest of the cohort)

Other people / shows / resources referenced — Eric Yuan, CEO of Zoom (three-day work week comments); Jensen Huang, CEO of NVIDIA (four-day work week comments); MIT Sloan's 95% AI adoption failure stat (referenced as a frequently misread headline); CrowdStrike acquisition of Pangea; Checkpoint acquisition of Lakera; SentinelOne's earlier acquisition of Prompt Security; Palo Alto's reported $2.9B in cash and short-term investments; Daniel Miessler (referenced re: AI adoption friction); Julie Chapman (LinkedIn surfacing for the PromptLock disclosure); Anthropic's August threat-actor report on GTG-1002; Liquid Death (Conor's running plug)