Good day. Day two of the RSAC Conference focused on the threat environment, both the Middle East conflict and the growing view that the world is entering a dangerous, volatile period of geopolitical and technological risk not seen in years.

Much of that translates to cyber. There is a palpable sense of urgency that companies aren't coming to grips with the threat posed by AI. Or at least, not fast enough to counteract what many people I spoke with predict will be a very difficult few years for corporate security as the AI advantage accrues to the attackers.

Hackers don't have corporate approval processes, compliance concerns, internal politics, or multimillion-dollar budgets. They can deploy AI capabilities faster, scanning for vulnerabilities and weaknesses at scale and speed. That troubles cyber experts.

" It's gonna get a little spicy," said Bob Ackerman, co-founder and managing partner at venture capital firm Datatribe.

But there are deeper concerns about evolving tactics. The Stryker cyberattack, for example, didn't involve much malware. The attackers used tools already installed and trusted on Stryker's network, save for a malicious file deployed to let them hide their tracks. The implication is that groups that once employed relatively amateurish tactics are quickly learning from others.

"That Iranian group used to deploy wiper malware, but this time, they didn't. They didn't need to. This is the kind of stuff the Russians have been pioneering," said Dick O'Brien, principal threat intelligence analyst at Broadcom.

More news below.

Amazon is helping move cloud customers in the Bahrain area to other Amazon Web Services facilities after a disruption due to drone activity in the region. The company didn't say whether its AWS center was hit in a drone attack. An AWS site in the United Arab Emirates was hit earlier this month, losing power and suffering physical damage. (Reuters)

“ When Iran compromised water utilities, they did it because those companies were using Israeli-made technology. They're always looking for either a retaliatory or a lesson-giving opportunity. But their attack vectors are not sophisticated, either.” — Matthieu Chan Tsin, executive vice president of resiliency services at cyber insurer Cowbell, referring to cyber strikes on U.S. water facilities.

— James Rundle

Bug bounty company HackerOne is notifying nearly 300 employees of a data breach related to a hack late last year at Navia Benefit Solutions, one of its benefits administrators. Social Security numbers and other personal information about HackerOne staff was stolen. Navia has said that claims and financial data weren't breached. (Bleeping Computer)

• Israel Barak joined agentic AI startup 7AI as CISO, after 10 years at Boston-based Cybereason. 7AI recently raised $130 million in a Series A funding round. 
• Former SolarWinds CISO Tim Brown joined venture capital firm Team8 as CISO-in-Residence. Brown led SolarWinds through its recovery from a nation-state cyberattack and faced a securities-fraud case brought by the U.S. Securities and Exchange Commission that was later dropped. 
• Alfredo Hickman joined AI cybersecurity company Kai as CISO after more than seven years at Obsidian Security, most recently as CISO. 

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.