Connect with us

Published

1 week ago

on

Almost a year into the second Trump administration, public sector leaders and cybersecurity experts say budget cuts and gutting of federal agencies are weakening critical lines of government communication to help companies prepare and respond to cyberattacks, even as AI threats are rising.

The most recent assessment of cybersecurity, based on the goals set forward by the bipartisan U.S. Cyberspace Solarium Commission, found that the U.S. was slipping in its progress toward 82 goals to create a strong cyber defense. “We were surprised and disappointed,” said Ret. Admiral Mark Montgomery, the executive director of Cybersolarium.org. The goals include things like reducing complex regulations on critical infrastructure companies, adding to cyber capacity in the FBI and within intelligence agencies, and improving K-12 cybersecurity education.

Montgomery said the primary causes of the slip in cyber readiness are cuts at the Cybersecurity and Infrastructure Agency, as well as earlier DOGE efforts carving a wide swath through the State Department, the National Science Foundation, National Institute of Standards and Technology and the U.S. Department of Commerce.

Meanwhile, a law that enabled companies to share information about cybersecurity without antitrust or liability concerns lapsed on Sept. 30.

The assessment of the Cyberspace Solarium Commission, now part of the Foundation for Defense of Democracies, came despite public commitments by the Trump administration to cyber defense improvements, which the White House outlined in a June executive order framing its approach as “sustaining select efforts to strengthen the nation’s cybersecurity.” 

“Under the leadership of President Trump and Secretary Noem [Department of Homeland Security Secretary Krisit Noem], CISA is steadfastly fulfilling its core mission by demonstrating daily operational collaboration, accelerating intelligence sharing, and strengthening our defense of cybersecurity and critical infrastructure across the nation,” wrote a CISA spokeswoman in an emailed statement.

“I agree that we have more pessimistic view of government cybersecurity efforts over the past eight months, as opposed to the administration’s self assessment,” said Montgomery.

A less proactive federal government when it comes to cybersecurity is concerning based on the recent history of rising nation-state linked attacks. On Thursday, the Congressional Budget Office was targeted in a hack, reportedly by a foreign nation-state actor, according to the Washington Post.

Some cybersecurity actions are also stalled in Congress. For instance, the Trump administration’s nominee for head of CISA, Sean Plankey, has yet to be confirmed since summer hearings.  

The upshot, according to national security experts, is a federal government that is less active than it should be in cybersecurity efforts across the country.

“We’re shifting responsibility for primary coordination of cybersecurity to states and industry while simultaneously gutting the resources that would help them do that. Federal grant funding for state and local cybersecurity and critical partnerships has been slashed, while the Cybersecurity Information Sharing Act protection expired in October,” wrote Carole House, former National Security Council Special Advisor and CEO of Penumbra Strategies in a message. “We’re handing off coordination (to industry) while kicking away the ladder,” she added.

Experts are also concerned about a rule that would have made big tech companies responsible for developing safer software for businesses and consumers, which has been stripped of its enforcement mechanism. The result, according to experts’ assessments, is that Americans and the U.S. economy are less safe from cyberattacks than a year ago.

Nor are military agencies necessarily picking up the slack. “I’ve been very concerned about the top leadership at Cyber Command and the (National Security Agency) being vacant for eight months. That translates to inertia and lack of direction,” said U.S. Rep. Don Bacon, a Republican from the second district of Nebraska who is not running for re-election, in an emailed statement. “Further, this Administration has been significantly cutting the budget and personnel for CISA, which is out on the front lines to defend our private sector and infrastructure from cyberattack.” 

‘Death by a thousand papercuts’

Montgomery cited the 2023 discovery of Volt Typhoon, a cyber attacker from the People’s Republic of China that had infiltrated critical infrastructure companies such as those operating in telecoms, water, transportation and energy, as an example of what is happening while the federal government retreats. Volt Typhoon could have been “operational preparation of the battlefield,” said Montgomery. When it was discovered, CISA issued recommendations of patches and steps that private companies should take. But not all of the infiltrations have been detected; and meanwhile, there are probably new attacks happening now. But the mechanisms for sharing that information have been gutted by the administration’s cuts and the political gridlock in Washington, D.C.

“The only way you’re going to detect this is with assistance from the government,” said Montgomery. “There are tell-tale signs that can be shared.”

In the springtime, cybersecurity experts began referring to the situation as “death by a thousand papercuts.”

Because critical infrastructure in the United States is owned and managed by companies large and small across the company, the cybersecurity defense system that had evolved under the past few administrations was complex and relied on public-private partnerships. The weakening of the public sector support for cybersecurity is throwing more responsibility onto companies.

Among many other reductions, the Trump administration disbanded an entity called the CIPAC, which enabled sharing of information between the federal government and the owners of parts of critical infrastructure, ranging from water systems to finance companies to electric grid operators to hospitals. Because it was disbanded, many industrial councils, including the one that pulled companies in the defense industrial base together to share information, are not operating as they were before. Montgomery said he believed companies were exchanging information, but not as freely or in as coordinated a way. 

The responses across industries have been haphazard. For instance, the E-ISAC, a cybersecurity information sharing council for the electric industry, is operating, but others, including the elections infrastructure council, have been defunded.

“The biggest regression is not technology, it is coordination,” said Evan Reiser, CEO of Abnormal AI, who said by email that he agreed with the concern from public sector leaders. “Signals are trapped in silos across agencies and vendors. Without real-time sharing of high-quality telemetry, defenders fight blind,” he said.

AI makes retreat on cyber defense more dangerous

Meanwhile, the threat is changing and growing exponentially because of artificial intelligence, said Kaitlin Betancourt, a partner at law firm Goodwin who focuses on cybersecurity law and compliance, and AI strategy and governance. “I think the cybersecurity risks that we’re being presented with right now have gone sharply up. Any cutting back of resources is the opposite direction of where we need to be,” she said.

Cybercriminals are embedding AI throughout their operations, from victim profiling, to automated service delivery and creating false identities. In one case in late summer, generative AI company Anthropic said criminals used its Claude chatbot to attack 17 different organizations with psychologically targeted, industry-specific extortion threats ranging from $75,000 to $500,000. The company said it was able to stop the attack.

Most cyberattacks come through legacy systems, such as email and spreadsheets, used by humans who fall prey to increasingly sophisticated lures. The Biden administration put in place a new measure requiring large software companies to attest to CISA that they had secure software. Those that failed would be referred to the attorney general for enforcement.

In June, Trump issued an executive order amending Obama and Biden executive orders on cybersecurity. The Trump order kept the requirements for attestation — meaning software companies need to report and show that they developed their software in a safe fashion. But the order also removed language that encouraged the national cyber director to refer attestations that fail validation to the attorney general for action as appropriate. In February, the Justice Department had brought an enforcement action against a software company related to compliance with cybersecurity standards. 

“Trump’s order retains an emphasis on software supply chain cybersecurity. It retains much of the Biden administration’s framework but scales back prescriptive directives and enforcement mechanisms, particularly those related to secure software development “attestations,” Betancourt and her colleagues wrote.

Cybercriminals generally aim to steal data or shut down systems in extortion schemes. In some cases, they are simply criminals; in other cases, the criminals are affiliated with nation-states, such as China, North Korea or Iran, whose missions are to damage the U.S. or fund their own operations. For instance, in February, hackers sponsored by North Korea stole approximately $1.5 billion in ethereum from the Binance cryptocurrency exchange, which has no official headquarters. Officials suspect the money will be laundered and used for the North Korean missile program.

In other cases, the attackers, especially those affiliated with geopolitical foes, may simply be undermining the economy of the United States without triggering a conventional war. And, of course, in the cat-and-mouse game, the United States can be waging its own instructions and cyberattacks on other countries’ systems. Officials from the Trump administration have spoken publicly about beefing up offensive capabilities, though it’s not clear how. Meanwhile, experts say both offense and defense are necessary – with the latter relying heavily on the private sector to spend in an informed way to protect their systems.

“I think we can recover from this,” Montgomery said. “But you can’t continue to cut.”

Related Topics:
Continue Reading

Technology

How tariffs and AI are giving secondhand platforms like ThredUp a boost

Published

3 hours ago

on

November 15, 2025

By

How tariffs and AI are giving secondhand platforms like ThredUp a boost

At ThredUp‘s 600,000-square-foot warehouse in Suwanee, Georgia, roughly 40,000 pieces of used clothing are processed each day. The company’s logistics network — four facilities across the U.S. — now rivals that of some fast-fashion giants.

“This is the largest garment-on-hanger system in the world,” said Justin Pina, ThredUp’s senior director of operations. “We can hold more than 3.5 million items here.”

Secondhand shopping is booming. The global secondhand apparel market is expected to reach $367 billion by 2029, growing almost three times faster than the overall apparel market, according to GlobalData.

President Donald Trump’s tariffs were billed as a way to bring manufacturing back home. But the measures hit one of America’s most import-dependent industries: fashion.

About 97 percent of clothing sold in the U.S. is imported, mostly from China, Vietnam, Bangladesh and India, according to the American Apparel and Footwear Association.

For years, Gen Z shoppers have been driving the rise of secondhand fashion, but now more Americans are catching on.

“When tariffs raise those costs, resale platforms suddenly look like the smart buy. This isn’t just a fad,” said Jasmine Enberg, co-CEO of Scalable. “Tariffs are accelerating trends that were already reshaping the way Americans shop.”

For James Reinhart, ThredUp’s CEO, the company is already seeing it play out.

“The business is free-cash-flow positive and growing double digits,” said Reinhart. “We feel really good about the economics, gross margins near 80% and operations built entirely within the U.S.”

ThredUp reported that revenue grew 34% year over year in the third quarter. The company also said it acquired more new customers in the quarter than at any other time in its history, with new buyer growth up 54% from the same period last year.

“If tariffs add 20% to 30% to retail prices, that’s a huge advantage for resale,” said Dylan Carden, research analyst at William Blair & Company. “Pre-owned items aren’t subject to those duties, so demand naturally shifts.”

Inside the ThredUp warehouse, where CNBC got a behind-the-scenes look. automation hums alongside human workers. AI systems photograph, categorize, and price thousands of garments per hour. For Reinhart, the technology is key to scaling resale like retail.

“AI has really accelerated adoption,” said Reinhart. “It’s helping us improve discovery, styling, and personalization for buyers.”

That tech wave extends beyond ThredUp. Fashion-tech startups Phia, co-founded by Phoebe Gates and Sophia Kianni, is using AI to scan thousands of listings across retail and resale in seconds.

“The fact that we’ve driven millions in transaction volume shows how big this need is,” Gates said. “People want smarter, cheaper ways to shop.”

ThredUp is betting that domestic infrastructure, automation, and AI will keep it ahead of the curve, and that tariffs meant to revive U.S. manufacturing could end up powering a new kind of American fashion economy.

“The future of fashion will be more sustainable than it is today,” said Reinhart. “And secondhand will be at the center of it.”

Watch the video to learn more.

Continue Reading

Technology

AI anxiety on the rise: Startup founders react to bubble fears

Published

4 hours ago

on

November 15, 2025

By

AI anxiety on the rise: Startup founders react to bubble fears

Markets were on edge this week as a steady stream of negative headlines around the artificial intelligence trade stoked fears of a bubble.

Famed short-seller Michael Burry cast doubt on the sustainability of AI earnings. Concerns around the levels of debt funding AI infrastructure buildouts grew louder. And once high-flyers like CoreWeave tanked on disappointing guidance.

CNBC’s Deirdre Bosa asked those at the epicenter of the boom for their take, sitting down with the founders of two of the buzziest AI startups.

Amjad Masad, founder and CEO of AI coding startup Replit, admits there’s been a cooldown.

“Early on in the year, there was the vibe coding hype market, where everyone’s heard about vibe coding. Everyone wanted to go try it. The tools were not as good as they are today. So I think that burnt a lot of people,” Masad said. “So there’s a bit of a vibe coding, I would say, hype slow down, and a lot of companies that were making money are not making as much money.”

Masad added that a lot companies were publishing their annualized recurring revenue figures every week, and “now they’re not.”

Navrina Singh, founder and CEO of startup Credo AI, which helps enterprises with AI oversight and risk management, is seeing more excitement than fear.

“I don’t think we are in a bubble,” she said. “I really believe this is the new reality of the world that we are living in. As we know, AI is going to be and already is our biggest growth driver for businesses. So it just makes sense that there has to be more investment, not only on the capability side, governance side, but energy and infrastructure side as well.”

Watch this video to learn more. 

Continue Reading

Technology

Google and Disney reach deal to restore ESPN, ABC to YouTube TV

Published

16 hours ago

on

November 15, 2025

By

Google and Disney reach deal to restore ESPN, ABC to YouTube TV

Alphabet and Disney on Friday announced that they’ve reached a deal to restore content from ABC and ESPN onto Google’s YouTube TV.

The deal comes after a two-week standoff between the two companies that started on Oct. 31. The stalemate resulted in numerous live sporting events, including college football games and two Monday Night Football games, being absent from the popular streaming service.

“We’re happy to share that we’ve reached an agreement with Disney that preserves the value of our service for our subscribers and future flexibility in our offers,” YouTube said in a statement. “Subscribers should see channels including ABC, ESPN and FX returning to their service over the course of the day, as well as any recordings that were previously in their Library. We apologize for the disruption and appreciate our subscribers’ patience as we negotiated on their behalf.”

Disney Entertainment’s co-chairs Alan Bergman and Dana Walden, along with ESPN Chairman Jimmy Pitaro, said in a statement that said the agreement reflects “how audiences choose to watch” entertainment.

“We are pleased that our networks have been restored in time for fans to enjoy the many great programming options this weekend, including college football,” they said.

More than 20 Disney-owned channels were removed from YouTube TV, which offered its subscribers $20 credits this week due to the dispute. In addition to ABC and ESPN, other networks that were unavailable included FX, NatGeo, Disney Channel and Freeform. 

The main sticking point between the two companies was the rate Disney charges YouTube TV for its networks. Disney’s most valuable channel, ESPN, charges carriage of more than $10 a month per pay-TV subscriber, a higher fee than any other network in the U.S., CNBC previously reported.

It’s not the first conflict this year between YouTube and legacy media.

NBCUniversal content was nearly removed from YouTube TV before the companies reached an agreement in October, preventing shows like “Sunday Night Football” and “America’s Got Talent” from being pulled.

YouTube TV also found itself in a standoff with Fox in August that almost resulted in Fox News, Fox Sports and other Fox channels going dark on the service just before the start of the college football season. The two sides were able to strike a deal to prevent a blackout.

YouTube said it has the option for future program packages with Disney and other partners.

Disney said that access to a selection of live and on-demand programming from ESPN Unlimited, which includes content from ESPN+ and new content on its all-inclusive digital service coming later this year, will be available on YouTube TV to base plan subscribers at no additional cost by the end of 2026.

Here’s the memo that Disney executives sent to employees:

Team,

We’re pleased to share that we’ve reached a new agreement with YouTube TV, and all of our stations and networks are in the process of being restored to the service.

While this was a challenging moment, it ultimately led to a strong outcome for both consumers and for our company, with a deal that recognizes the tremendous value of the high-quality entertainment, sports, and news that fans have come to expect from Disney.

Over the past few years, we’ve led the way in creating innovative deals with key partners –
each one unique, and each designed to recognize the full value of our programming. This new agreement reflects that same creativity and commitment to doing what’s best for both our audiences and our business.

We’re proud of the work that went into this deal and grateful to everyone who helped make it happen — especially Sean Breen, Jimmy Zasowski, and the Platform Distribution team for their tireless commitment throughout this process.

Thank you all for your patience and professionalism over the past several weeks. As you all know, the media landscape continues to evolve quickly, which makes these types of negotiations complex. What hasn’t changed is our focus on the viewer. Our priority is — and will always be — delivering the best experiences and the best value to fans, and we’ll continue working closely with our partners to ensure we’re fulfilling that mission for our audiences.

We’re incredibly optimistic about what’s ahead and grateful to all of you for continuing to set the standard for entertainment around the world.

Alan, Dana & Jimmy

Disclosure: Comcast is the parent company of NBCUniversal, which owns CNBC. Versant would become the new parent company of CNBC upon Comcast’s planned spinoff of Versant.

WATCH: Google has a lot more leverage over Disney in their carriage fight: LightShed’s Rich Greenfield

Continue Reading

Trending