Good morning. Whisper it quietly, but there might be that rarest of scents in the spring air of San Francisco this week—optimism.

Yes, this is about artificial intelligence, again.

The strong sense on the ground is that the wheel is turning in the direction of the defenders for a change, thanks to AI’s access to internal data that can help identify threats, and react with lightning-fast speed.

“I haven't seen that in 25 years and 21 RSA conferences I've been to, I haven't seen cautious optimism around like this,” said Dave DeWalt, managing director of venture-capital firm NightDragon.

Granted, the lion’s share of that optimism comes from the people selling AI systems. And there is a tendency on the part of companies attending RSAC to claim with conviction that AI can solve everything, mainly the pesky human problem. But others see real applications for the blue team.

Kathleen Fisher, the director of the Information Innovation Office at the Defense Advanced Research Projects Agency, is hoping that the end result of the agency’s current AI challenge—in which participating teams compete to find and patch vulnerabilities in open-source software—may usher in a new era of efficiency in clearing the backlog of known vulnerabilities that hackers exploit.

“This is a way that we can really enable our technical debt to get knocked down much, much faster than it would be using other approaches,” she said.

More news below.

The French cybersecurity agency said Tuesday a group of Russian hackers that Western security officials call APT28 was behind more than a dozen attacks in France since 2021, targeting think tanks, French government entities and a sports organization involved in the 2024 Paris Olympics. (WSJ)

Judge Tosses Oregon Driving License Breach Lawsuit. An Oregon judge dismissed a class-action lawsuit filed on behalf of 3.5 million of the state’s residents, whose information was stolen inb a 2023 data breach. The breach was related to the breach of file-transfer software MoveIt, and involved data collected by Oregon Driver & Motor Vehicle Services, a division of the state’s Department of Transportation.

The judge ruled that the plaintiffs couldn’t prove financial losses resulted from the breach, and dismissed it with prejudice. (The Oregonian)

Quirky, off-beat and interesting quotes from around RSAC.

“At the end of the day [quantum computing] is just yet another accelerant for certain work.If you look at a lot of the cryptographic defenses, it’s making sure the right algorithms, right keying and everything are in place… but there are still a lot of companies that don't encrypt.”  —David Reber, chief security officer and head of product security at Nvidia, on the challenges of thinking too far ahead on quantum computing.

“Jack [Stockdale, chief technology officer] has had a very keen eye on the sort of talent that he brings in. It's not all computer scientists, we've got microbiologists and linguists – think about how well linguists play in the AI world.” —Jill Popelka, chief executive of Darktrace, about hiring for the next generation of AI-enabled companies.

“What I like about him is he has ideas and opinions of what to do. And it's going to piss off a lot of people. Not because they're bad, but because they are opinions and I think that's sort of needed,” —Rob Lee, chief executive of Dragos, on the nomination of Sean Plankey to be the CISA director.

“I was sitting the airport in Austin at five in the morning, and I just happened to be carrying a CrowdStrike bag and wearing a CrowdStrike shirt, so people thought I worked for CrowdStrike, while getting on a Delta Airlines flight.” —John Sapp Jr., chief information security officer at Texas Mutual Insurance Co., on his experience during the July 19, 2024 CrowdStrike outage.

The WSJ Pro Cybersecurity team is Deputy Editor Kim S. Nash (on X @knash99), reporter James Rundle and reporter Catherine Stupp (@catstupp). Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.