Under Trump 2.0, everything the cybersecurity industry knew about D.C. is up for debate — even who is considered an adversarial nation.

Why it matters: For decades, U.S. presidents of both parties have viewed China, Russia, Iran and North Korea as the biggest cyber threats. But that list is now in question.

The big picture: President Trump's push to reset diplomatic ties with Russia is likely to upend long-standing cybersecurity norms, with consequences that could play out for years.

Driving the news: The U.S. Cyber Command was recently ordered to pause planning any offensive cyber operations against Russia, multiple outlets reported over the weekend.

• A senior Department of Defense official declined to confirm the order but told Axios, "There is no greater priority to Secretary Hegseth than the safety of the Warfighter in all operations, including the cyber domain."
• Meanwhile, Trump is reportedly drafting a plan to ease sanctions on Russia and has sent back Russian cybercriminals in prisoner swaps.
• The administration has also reportedly reassigned dozens of FBI officials investigating foreign election interference — which Russia has repeatedly been accused of.
• The Kremlin has celebrated these actions, saying yesterday that the new American foreign policy "largely coincides" with its own.

Yes, but: The Cybersecurity and Infrastructure Security Agency said Sunday it is still prioritizing cyber threats from Russia, despite news reports suggesting otherwise.

• "There has been no change in our posture," the agency wrote on X. "Any reporting to the contrary is fake and undermines our national security."

Between the lines: Russia has long been a top cyber threat, hosting ransomware gangs, crypto money launderers, disinformation operations, and elite government hackers.

• Cyber Command has been a key tool in disrupting Russian cyber operations, from botnet takedowns to supporting Ukraine against Russian cyberattacks.

Threat level: A pause in offensive operations — even briefly — could take months to recover from, Jake Williams, a former National Security Agency hacker and current faculty member at IANS Research, told Axios.

• Planning a cyber offense requires months of lurking and learning about a target's networks to understand their weak points.
• Russian cyber operatives could decide to completely rewire their networks while Cyber Command has its pause in effect — and cyber adversaries from other countries could obfuscate their own activities by disguising them with known Russian tactics.
• The downtime in activity could out any U.S. hackers whom Russia was already suspicious of and monitoring closely, Williams added.

Zoom in: The order applies only to Cyber Command, not to the NSA's intelligence collection, according to the reports.

• Also, separating intelligence gathering from operations planning is nearly impossible in the cyber realm. Analysts often need to collect tips and open-source information before they can confidently link particular hackers to specific countries.
• "I'm not sure how to split those hairs," Williams said. "Every intelligence asset is a potential jumping-off point for an offensive cyber operation."

What we're watching: Trump has made it clear that, among the four major cyber adversaries, China is his top priority.

• Many of his administration's new cyber officials are pushing for more aggressive operations against China.
• But Russian hackers were responsible for some of the cyberattacks in recent years that were most disruptive to civilian life.

A little over a month into the second Trump administration, a handful of new hires are offering the clearest look yet at the White House's cyber priorities for the next four years.

Why it matters: Personnel is policy, and these appointments signal a strong focus on countering Chinese cyber threats.

Zoom in: The White House's National Security Council has named several new cyber leaders, according to a source familiar with the matter.

• Alexei Bulazel is now the NSC's senior director of cybersecurity — the highest-ranking cybersecurity role within the White House. He previously served as a director of cyber policy during Trump's first term.
• Three new directors also report to Bulazel: Emily Goldman, who previously was a cyber strategist for the U.S. Cyber Command; JD Work, a former intelligence official; and Robert Brose, whose experience includes a stint at the Office of the Director of National Intelligence.
• Politico first reported the new NSC staff names.

Meanwhile, Karen Evans, a seasoned cyber official from the first Trump administration, is now leading the cyber mission at CISA.

• Trump has also nominated former Republican National Committee COO Sean Cairncross as his national cyber director.
• Though Cairncross lacks cybersecurity experience, he has the president's ear and key operational experience — a factor experts say could be crucial as the Office of the National Cyber Director pushes to harmonize federal cyber regulations.

Yes, but: Many of these hires are not political appointees, and Trump has yet to nominate leaders for CISA and key Senate-confirmed cyber positions across federal agencies.

• Budget cuts and personnel firings are also bound to change the shape of the federal cyber workforce.

Reality check: Political cyber appointments often take months to fill — former President Biden didn't name his CISA director or first national cyber director until April of his first year in office.

• Trump is expected to prioritize filling top senior roles at the Department of Homeland Security before nominating a new CISA director.

What we're watching: Sean Plankey is still widely considered the frontrunner to head up CISA.

Defending against new cyber threats demands unprecedented collaboration between political leaders and business executives.

Why it matters: Failure to act decisively opens a wide variety of risks, from devastating attacks that shut down water systems and ports to the destabilization of financial markets to a broader erosion of public trust in institutions.

Zoom in: Each week, Axios Future of Cybersecurity will delve into the most-pressing issue that's top of mind for government officials, business leaders and their cybersecurity teams.

• We'll still have the classic Axios 1 Big Thing, our news roundup and a fun thing to close out.
• But we're also adding two new weekly sections: One that features advice from security leaders on actions readers can take this week to strengthen their security, and another that spotlights a new hacking tactic uncovered in the last week.
• And we'll be launching a few recurring series, including one where I'll chat with executives about one defining, off-the-wall prediction they have for the next year and what it would look like — and another discussing lessons learned from past incidents with business leaders and government officials.

Yes, but: When there's big news, I'll be back in your inboxes with Axios Thought Bubble updates on the cyber threats, regulations and business deals you need to know about.

The big picture: Our coverage will be hyper-focused on the key problems across cybersecurity, including the shifting Washington cyber landscape, cyber warfare's ever-changing role in global conflicts, and the rise of AI-driven cyber threats.

The bottom line: Think of Future of Cybersecurity as a natural evolution of our past cybersecurity coverage — tailored more specifically to you, the smart professional.

For the first time, a large language model achieved a nearly perfect score in a competency test of offensive hacking capabilities, raising fresh concerns about the role generative AI could play in cyberattacks, according to a new paper from research lab Mitre.

Why it matters: The model with the perfect score came from DeepSeek, the China-based startup that has alarmed national security hawks in recent months.

Zoom in: Mitre tested DeepSeek's reasoning model in two tests — a competency test and a cyberattack simulation.

• DeepSeek's R1 reasoning model correctly answered more than 90% of the competency questions Mitre asked about offensive cyber strikes, outperforming every other AI system the lab had tested before.
• During the simulation, the model showed adaptability, including the capacity to change its plans and execute them in real time.

The intrigue: Mitre researchers say this marks a significant shift, with LLMs no longer serving just as assistants but rather as increasingly autonomous cyber threats.

Reality check: While DeepSeek-R1 demonstrated an advanced knowledge set, it was significantly slower than OpenAI's GPT-4o, taking 31 minutes to complete tasks in the test.

• So while AI hacking capabilities are growing, their real-time application remains super limited — for now.

What we're watching: Mitre's researchers plan to expand testing to assess DeepSeek's capacity for exploiting actual vulnerabilities, rather than just answering knowledge-based questions.

This story is part of a new weekly feature that highlights eye-catching insights from the last week about hackers' capabilities — including those seen in research reports and observed in ongoing cyberattacks.

• Hit reply if you have suggestions for the coming weeks.

Do you reuse the same password across sites and apps? Sadly that's the easiest way for me to hack you! Don't lose your money, pictures, or messages — instead start using a password manager.

@ D.C.

💪🏻 Booz Allen Hamilton — which relies on the U.S. government for 98% of its annual revenue and consults on a myriad of tech and security issues — is preparing for short-term disruption as the Trump administration slashes contracts. (Wall Street Journal)

🧳 The General Services Administration eliminated the 18F program, which specialized in developing open-source tools to improve digital services across the federal government. (FedScoop)

⚠️ A former senior agency official warned that the cancellation of nearly three dozen cybersecurity contracts at the Consumer Financial Protection Bureau endangers the security of the agency's sensitive data. (Bloomberg)

@ Industry

💰 Anthropic raised $3.5 billion, led by Lightspeed Venture Partners, at a $61.5 billion valuation. (Axios)

📲 TikTok is under investigation in the U.K., where the government is looking at the company's use of personal information tied to child users. (Politico)

@ Hackers and hacks

🚔 An unlikely trio of hackers — a Canadian high school dropout, an American living abroad in Turkey, and a U.S. solider — are facing charges tied to last year's Snowflake hack. (Bloomberg)

📰 A Russian ransomware gang is claiming responsibility for a cyberattack on Lee Enterprises, which owns dozens of newspapers across the U.S. (SC Media)

⚠️ CISA has urged federal agencies to secure their systems against a set of Cisco and Windows vulnerabilities that hackers are actively targeting. (BleepingComputer)

This weekend's Oscars somehow led me down a rabbit hole to Colman Domingo's wild meet-cute at a Berkeley Walgreens. Sometimes, the internet is still good.