US cyber agency CISA had to build its incident playbook during the incident 14%

By Zack Whittaker61% https:51% techcrunch.com50% #47% schema47% person47% image50% a4aa205a6e0b0be27451d0fe581310b738%

7/11/2026, 1:01:28 AM

BS Summary: This article contains 1 faulty reasoning type, including Attempt to Sell a Product or Service, with Attempt to Sell a Product or Service as the most egregious example at 9.4% saturation with 50 hits. Analysis detected 50 faulty-reasoning hits from 530 analyzed words, generating a BS Score of 31.8% and a BS Rank of 14% (11,891 of 13,821 articles). This article is better (less manipulative) than 86.00% of the article peer group.

U.S. federal cybersecurity agency CISA said it did not have a prepared response plan for how it should handle a cybersecurity incident in May, after an investigative reporter notified the agency that a contractor had publicly exposed sensitive keys and credentials for accessing U.S. government systems. 
CISA, the Homeland Security unit tasked with defending federal networks and helping to safeguard critical infrastructure, revealed Friday in a post-mortem report that its staff “had to spend time building [a playbook] during the early stages of the incident.” 
The agency said it is important to prepare playbooks for “all anticipated needs” to ensure that organizations are ready to respond in the event of a security incident rather than scrambling to improvise one in real time. 
The agency did not say how long the missing playbook delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment. 
Independent cybersecurity journalist Brian Krebs reported in May that a security researcher with cyber firm GitGuardian alerted him to reams of exposed passwords stored in a publicly accessible GitHub repository, which an employee of a CISA contractor had uploaded. 
According to Krebs, the researcher tried to alert the contractor but didn’t hear back. 
Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all of the exposed credentials to prevent any potential future abuse. 
CISA said that no customer or mission data was exposed in the incident and thanked the researcher and reporter for their help. 
The agency said that its channels for allowing security researchers to notify CISA of potential incidents “were not well defined,” and that it has made changes to make it easier and faster for researchers to contact the agency. 
CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. 
The agency has also been affected by cuts, furloughs, and layoffs affecting about a third of its workforce since Trump took office. 
CISA , cybersecurity , Security , us government 
When you purchase through links in our articles, we may earn a small commission . 
This doesn’t affect our editorial independence. 
Zack Whittaker is the security editor at TechCrunch. 
He also authors the weekly cybersecurity newsletter, this week in security . 
He can be reached via encrypted message at zackwhittaker.1337 on Signal. 
You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com . 
Last chance to save up to $190 on TechCrunch Founder Summit. 
Join 1,000+ founders and VCs at all stages for real-world scaling insights and connections that move the needle. 
Savings end June 26, 11:59 p.m. 
PT . 
Instagram users: Here’s how to stop Meta’s AI from using your photos 
Figma acquires team behind a vibe-coding app 
If you use Google, you’re training its AI. 
Here’s how to opt out. 
Reddit is using LLMs to solve a problem LLMs largely created 
Amazon will stop accepting new customers for Mechanical Turk 
5 desk gadgets that can make your workday better 
Almost 90 new unicorns have been minted so far this year  here they are 
Dominic-Madori Davis 
Confirmation Bias
0%
Anchoring Bias
0%
Availability Heuristic
0%
Representativeness Heuristic
0%
Hindsight Bias
0%
Overconfidence Bias
0%
Framing Effect
0%
Loss Aversion
0%
Status Quo Bias
0%
Sunk Cost Effect
0%
Optimism Bias
0%
Pessimism Bias
0%
Negativity Bias
0%
Self-Serving Bias
0%
Fundamental Attribution Error
0%
Actor-Observer Bias
0%
In-Group Bias
0%
Out-Group Homogeneity Bias
0%
Halo Effect
0%
Horn Effect
0%
Dunning-Kruger Effect
0%
Recency Bias
0%
Primacy Effect
0%
Blind-Spot Bias
0%
Ad Hominem
0%
Straw Man
0%
Appeal to Authority
0%
False Dilemma
0%
Slippery Slope
0%
Circular Reasoning
0%
Hasty Generalization
0%
Red Herring
0%
Bandwagon
0%
Appeal to Emotion
0%
Begging the Question
0%
Post Hoc (False Cause)
0%
Tu Quoque
0%
Burden of Proof
0%
Appeal to Nature
0%
Composition/Division
0%
Anecdotal
0%
No True Scotsman
0%
Ambiguity (Equivocation)
0%
Gambler’s Fallacy
0%
Middle Ground
0%
Personal Incredulity
0%
Special Pleading
0%
Genetic Fallacy
0%
Unattributed Quote
0%
Quote-first Misdirection
0%
Biased Writer Voice
0%
Indoctrination
0%
Politically Left Leaning Bias
0%
Politically Right Leaning Bias
0%
Attempt to Sell a Product or Service
9.4%

530 words analyzed.

Analysis

Hover over highlighted words in the article to view the associated bias or fallacy analysis.