President Trump quietly took a red pen to much of the Biden administration's cyber legacy in a little-noticed move late Friday.

Why it matters: Until now, it has been unclear which Biden-era cybersecurity policies the Trump administration would keep — if any.

• Cybersecurity is a rare bipartisan area. It's pretty common for new administrations to keep their predecessors' programs in place.

Driving the news: Under an executive order signed just before the weekend, Trump is tossing out some of the major touchstones of Biden's cyber policy legacy — while keeping a few others.

• The order preserves efforts around post-quantum cryptography, advanced encryption standards, and border gateway protocol security, along with the Cyber Trust Mark program — an Energy Star-type labeling initiative for consumer smart devices.
• But hallmark programs tied to software bills of materials, zero-trust implementation, and space contractor cybersecurity requirements have been either rescinded or left in limbo.
• The new executive order amends both the Biden cyber executive order signed in January and an Obama administration order.

Zoom in: Each of the following Biden-era programs is now out the door or significantly rolled back:

• A broad requirement for federal software vendors to provide a software bill of materials — essentially an ingredient list of code components — is gone.
• Biden-era efforts to encourage federal agencies to accept digital identity documents and help states develop mobile driver's licenses were revoked.
• Several AI cybersecurity research mandates, including those focused on AI-generated code security and AI-driven patch management pilots, have been scrapped or deprioritized.
• The requirement that software contractors formally attest they followed secure development practices — and submit those attestations to a federal repository — has been cut. Instead, the National Institute of Standards and Technology will now coordinate a new industry consortium to review software security guidelines.

The big picture: If this executive order is a blueprint, Trump 2.0 appears poised to adopt a less prescriptive, more decentralized approach to cybersecurity — focused on paring back federal mandates and shifting more discretion to agencies and state governments.

Flashback: The Biden administration emphasized holding not just foreign adversaries accountable for cyberattacks, but also software makers whose insecure products left federal systems vulnerable.

• Much of that vision involved a long-term public-private effort to build stronger accountability and transparency in software development — a campaign that now appears to be on pause.

What they're saying: Reaction to the executive order has been mixed as officials have only begun to parse its full implications.

• Jordan Burris, head of public sector at identity verification company Socure, called on the administration to "put forward a new blueprint for digital identity protection and fraud prevention," noting recent Chinese and Russian attacks on digital identity infrastructure.
• Other stakeholders appeared to be reassured that the administration is continuing to focus on secure software development, even if the mechanisms are changing.

The CEO of United Natural Foods, the primary distributor for Whole Foods, told investors Tuesday that the company is helping customers find "short-term solutions wherever possible" to navigate an ongoing cyber incident.

Why it matters: The company shut down some of its systems Friday after finding signs of an apparent cyberattack — making it difficult for the major grocery supplier to fulfill customers' orders.

Driving the news: United Natural Foods said in an SEC filing yesterday that it noticed "unauthorized activity" on some of its IT systems Friday, prompting the company to proactively shut down some of its systems and call in law enforcement and third-party cybersecurity investigators.

• It's unclear when those systems will be back up and running — or what kind of incident spurred the shutdowns.
• United Natural Foods said in a statement on its website that it is working closely with customers and suppliers to "minimize disruption as much as possible" in the short term.
• A Whole Foods spokesperson told Axios in an email yesterday that "we are working to restock our shelves as quickly as possible and apologize for any inconvenience this may have caused for customers."

What they're saying: United Natural Foods CEO Sandy Douglas told investors in a quarterly earnings call this morning that the company is working to "rapidly and safely restore our capabilities."

• "While this might be a short-term incident, in the longer picture of our business, we see a defining character moment to show up for our customers in a way that reflects the challenges of the time and the character of the company we want to be," Douglas said.

Threat level: News of the possible cyberattack comes as a group of ransomware hackers who wreaked havoc on British retailers last month started turning its attention to American companies.

State of play: United Natural Foods works with more than 30,000 retail locations across North America to supply them with a variety of fresh, branded and private-label grocery items, according to its website.

• Last year, the company signed an eight-year extension of its deal with Amazon-owned Whole Foods to be the health-focused supermarket's primary distributor.
• Past cyberattacks on food distributors have prompted their customers to get savvy about how they sell their supplies or how to temporarily pivot to other distributors to keep food on shelves.

📲 Are you a cybersecurity investigator looking into this ongoing attack? Or an employee at one of the many affected retail locations? I'd love to chat for an upcoming story. Signal: @SamSabin.01.

OpenAI has banned ChatGPT accounts linked to the ongoing North Korean IT worker schemes that are plaguing nearly every Fortune 500 company.

Why it matters: In a report released last week, OpenAI found evidence that suggests North Korea is advancing its use of AI tools in its yearslong pervasive scheme designed to help fund the regime's missile program.

The big picture: North Korean IT workers have for years posed as U.S. citizens to land remote jobs at Western tech companies, generating revenue for the government and, in some cases, collecting IP and sensitive data.

Zoom in: OpenAI has found evidence that these banned accounts used ChatGPT to streamline every step of the fraud, including drafting cover letters, solving coding assignments, configuring VPNs and video spoofing tools, and even writing scripts to keep laptops active and appear online.

• The actors also tried to get ChatGPT to automate resumes en masse based on specific job descriptions, skill templates and U.S. persona profiles they'd created.
• They also used ChatGPT to help recruit people in the U.S. to run so-called laptop farms, where North Korean workers house their company-issued laptops.

The intrigue: In a prior report in February, OpenAI had only seen evidence of AI being used to build fake identities.

• This time, the company said, it found signs of workflow automation and outsourcing — a sign of operational maturity.

Yes, but: OpenAI said it could not confirm the success of North Korea's operations or precisely where the users were based. But the tactics closely resembled those of known North Korean schemes.

Go deeper: North Korean scammers land jobs in U.S. with help from Chinese companies

Generative AI is evolving so fast that security leaders are tossing out the playbooks they wrote just a year or two ago.

Why it matters: Defending against AI-driven threats, including autonomous attacks, will require companies to make faster, riskier security bets than they've ever had to before.

The big picture: Boards today are commonly demanding CEOs have plans to implement AI across their enterprises, even if legal and compliance teams are hesitant about security and IP risks.

• Agentic AI promises to bring even more nuanced — and potentially frightening — security threats. Autonomous cyberattacks, "vibe hacking" and data theft are all on the table.

What they're saying: "Nobody thought the concept of agents and the usage of AI would get rolled out so quickly," Morgan Kyauk, managing director at late-stage venture firm NightDragon, told Axios.

• Even NightDragon's own framework, rolled out in mid-2023, likely needs to be revised, Kyauk added.
• "Things have changed around AI so quickly — that's been the surprising part about being an investor in this category," he said.

Zoom in: Kyle Hanslovan, CEO and co-founder of cybersecurity platform Huntress, told Axios that his company is making decisions about AI — including how to implement it and how to secure against it — on only a six-week basis.

• "I think that is probably too long," Hanslovan said in an interview on the sidelines of Web Summit Vancouver. "But if you do more than that, then what happens is whiplash."

Read the full story, which ran in Friday's edition of the daily Axios AI+ newsletter.

@ D.C.

⚠️ The Supreme Court ruled that DOGE employees can have access to Americans' Social Security data. (Axios)

☎️ Trump answers pretty much any phone call that comes to his personal cell — raising concerns about how susceptible he could be to spies and scammers. (Axios)

👀 DOGE deployed an AI tool across the Department of Veterans Affairs' systems that is now hallucinating the size of contracts and often inflates their value. (ProPublica)

@ Industry

🔍 CrowdStrike said in its quarterly earnings that it's cooperating with ongoing investigations into last summer's global software outage. (Wall Street Journal)

🚘 Palo Alto Networks CEO Nikesh Arora has joined the board of Uber. (CNBC)

@ Hackers and hacks

🇨🇳 China-backed Salt Typhoon breached U.S. telecom networks a year earlier than previously reported (Bloomberg). The group is also believed to have hacked Comcast and data center giant Digital Realty, according to internal government assessments. (Nextgov)

📈 The FBI estimates that the Play ransomware gang has attacked roughly 900 victims since June 2022. (BleepingComputer)

👨🏻‍💻 "Vibe coding" is on the rise, bringing the world a step closer to autonomous cyberattacks. (Wired)

"Jeopardy!" gave us cyber nerds a shoutout last week — although the advice is something that even the non-nerds need to take!