An article from Recorded Future points out new legislation in North Carolina and Florida that bars state backed organizations from paying ransomware attacks. Surely that means they have their stuff on lock and have no misconfigured assets, right? Google has an AI and privacy program that seem to be intersecting and could impact all of us, and Apple is dealing with those issues as well. How do we handle this problem? According to new research from Tessian "apathy" is the biggest vulnerability for an organization, but don't we train our folks enough to mitigate that risk? Those questions and more on this episode.