Join Katie Moussouris, Founder and CEO of Luta Security and a global pioneer in vulnerability disclosure, in conversation with Ciaran Martin, Professor of Practice at the Blavatnik School of Government and Co-Director of the Oxford Programme for Cyber and Tech Policy at the Blavatnik School of Government.

In an increasingly volatile digital landscape, the relationship between governments, corporations, and the hacker community has shifted from one of mutual suspicion to essential collaboration. As software vulnerabilities become the ammunition of modern statecraft, the Blavatnik School of Government is thrilled to welcome Katie Moussouris, one of the world’s leading experts in finding the Internet’s vulnerabilities, for a deep dive into the global governance of digital vulnerabilities.

Moussouris will share her remarkable personal journey and explore the critical issues at the intersection of AI and cybersecurity. The discussion will examine the sustainability of bug bounties, the ethical implications of vulnerability markets, and how organizations must adapt their defense strategies in an era of AI-driven exploits.

This event is part of the Global Tech Policy Seminar Series hosted by the Oxford Programme for Cyber and Technology Policy (OxCTP), supported by Just Security.

Katie Moussouris

Katie is the founder and CEO of a bootstrapped & profitable security company called Luta Security, which specialises in helping businesses and governments work with hackers to better defend themselves from digital attacks, building sustainable Bug Bounty programs and vulnerability disclosure programs.

Katie serves in two advisory roles for the US government as a member of the Information Security and Privacy Advisory Board and the Information Systems Technical Advisory Committee. She was also an inaugural member of the US Federal Government's Cyber Safety Review Board, and she is a cybersecurity fellow at New America and the National Security Institute.

During her tenure with Microsoft, her work included industry-leading initiatives such as starting Microsoft Vulnerability Research, which formalised multiparty vulnerability and supply chain vulnerability coordination across hardware and software as well as launching Microsoft’s first bug bounty program. Katie is also the co-author and co-editor of ISO 29147 (vulnerability disclosure) and ISO 30111 (vulnerability handling processes). Working with the US Department of Defense, Katie led the launch of the US government’s first bug bounty program, "Hack the Pentagon." She also worked with the US State Department to help renegotiate the Wassenaar Arrangement, specifically changing the export control language to include technical exemptions for vulnerability disclosure and incident response.