FOR IMMEDIATE RELEASE
Contact: Marsha Espinosa, marsha_.29, marsha@theconexion.com
Feb 12, 2026

Hacker Research Illuminates Solutions to Threats from Offensive AI, Cyber Crime and Despots

New Hackers’ Almanack Shows Governments are Falling Behind Pace of Cyber Threats and Their Real World Impacts

Munich, Germany — While world leaders gather in Munich to debate the future of global security, hackers have already mapped its weakest points.

Today, DEF CON Franklin released the DEF CON 33 Hackers’ Almanack, an unvarnished report translating the most consequential vulnerabilities disclosed by the global hacker community into plain language for policymakers, security leaders, and the public. The message is blunt: the threats are real, the systems are fragile, and the gap between what hackers know and what governments act on is still dangerously wide.

The Almanack distills a year of research presented at DEF CON 33 — the world’s largest and longest running hacker conference — where hackers demonstrated how artificial intelligence can outperform humans in cyber offense, how authoritarian regimes weaponize digital infrastructure against civilians, and how small teams continue to dismantle ransomware empires while governments stall.

“The Hackers’ Almanack exists because over the 33 years of DEF CON, policymakers could not keep up with the exploits and vulnerabilities identified by the researchers - many with profound policy implications involving cryptography, privacy, transparency around disclosure, liability of those producing vulnerable products, and even election security,” said Jeff Moss, founder of DEF CON. "Today the question is whether policy makers will heed the hackers’ warnings and proposed solutions and take action for all of us.”

“Hackers aren’t forecasting cyber risk — they’re demonstrating it. They’re finding the cracks, building the exploits, and showing what breaks first. The Almanack translates that reality into a policy roadmap leaders can’t afford to ignore,” said Jake Braun, co-founder of DEF CON Franklin and Executive Director of the University of Chicago Harris Cyber Policy Initiative.

“Attacks on our water systems and wastewater show how vulnerable our nation could be if we don’t protect it,” said Craig Newmark, Founder of craigslist and Craig Newmark Philanthropies. “We need resources like the Hackers’ Almanack to cut through the noise and inform stakeholders how they can protect critical infrastructure.”

What Hackers Disclosed — and Governments Still Haven’t Fixed
  • AI Offense Is Moving Faster Than AI Governance

    At DEF CON 33, researchers showed AI agents cracking challenges, finding zero-day vulnerabilities, poisoning machine-learning libraries, and even cloning air traffic control voices. Yet global standards for AI red teaming remain largely performative. The Almanack calls for non-governmental, globally trusted standards bodies to step in — because industry has not.

  • Authoritarianism Has Technical Problems — and Hackers Are Exploiting Them

    From mesh networks that survive censorship to emergency digital archiving in Ukraine, hackers are building what the Almanack calls a “Digital Arsenal of Democracy.” These tools are already helping civilians evade surveillance, preserve culture, and communicate under repression — often faster than governments can respond.

  • Cyber Criminals Have a New Foe — Civil Society Hackers (With One Arm Tied Behind Their Back)

    Hackers continue to infiltrate, expose, and dismantle criminal networks across Russia, China, and North Korea by exploiting simple operational failures. Governments, meanwhile, still lack scalable mechanisms to formally empower the researchers already doing this work. The Almanack argues this isn’t a legal problem — it’s a failure of imagination.

  • Critical Infrastructure Is Still Wide Open

    From maritime vessels running outdated systems to IoT surveillance devices quietly recording in schools and public housing, the report documents how “secure by design” remains a slogan, not a reality.

Why This Almanack Exists

The Hackers’ Almanack is not a marketing report. It is not consensus-driven. And it is not written to make anyone comfortable.

It is a translation layer between two communities that still don’t talk to each other enough: the people who break systems to understand the truth, and the people tasked with keeping the public safe.

“Hackers are deeply skeptical of power — especially power that claims it has things under control,” Braun said. “That skepticism is a feature, not a bug. Ignoring it is how we end up here every year.”

About the DEF CON 33 Hackers’ Almanack

Produced by DEF CON Franklin, the Hackers’ Almanack captures the most policy-relevant findings from DEF CON 33, spanning artificial intelligence, cybercrime, authoritarian surveillance, critical infrastructure, and civil society resilience. It is designed to give policymakers, journalists, and security leaders an unfiltered view of what hackers already know — and what the rest of the world is still catching up to.

About DEF CON Franklin

Named for Benjamin Franklin — founder of America’s first volunteer fire brigade and publisher of Poor Richard’s Almanack — DEF CON Franklin works to translate hacker research into public-interest action. The initiative also operates a cyber volunteer task force that pairs vetted DEF CON hackers with under-resourced critical infrastructure operators, starting with water and wastewater systems across the United States.

Follow us for updates:

Twitter/X: @DefConFranklin │ Bluesky: @projectfranklin.bsky.social │ LinkedIn: def-con-franklin

###