Cybersecurity experts Jeff Crume and Patrick Fussell outline the essential skills, mindset, certifications, and career paths for aspiring ethical hackers, offering practical advice for breaking into the field of penetration testing and red teaming.
Nikesh Arora, CEO of Palo Alto Networks, discusses the transformative impact of AI on search, enterprise business models, and cybersecurity. He explores the shift from search to agentic AI, the challenges and opportunities for enterprise adoption, and how AI is fundamentally compressing cyberattack timelines while enabling new, data-centric defense strategies.
Mazharul Islam from the University of Wisconsin—Madison introduces CASPER, a novel deception-based framework designed to detect the misuse of passkeys stolen from cloud storage providers. CASPER uses a system of decoy secrets and passkeys to enable relying parties (websites) to identify and flag unauthorized login attempts, effectively balancing security, usability, and deployability without disrupting the user experience.
A discussion on novel methods for hijacking AI agents through social engineering, the evolution of DDoS attacks, the legacy of Zero Trust, and the glaring security flaws in AI training data apps.
Explores the mechanics of zero-click attacks, which require no user interaction, and details how the integration of autonomous AI agents can amplify these threats. The summary covers historical examples like Pegasus and proposes a multi-layered defense strategy, including AI firewalls, the principle of least privilege, and a zero-trust architecture.
Hanna Kim from KAIST explores the significant cybersecurity risks posed by web-enabled Large Language Model (LLM) agents. The research investigates how these agents, equipped with web search and navigation tools, can be misused to automate and scale cyberattacks involving personal data, such as PII collection, impersonation, and spear-phishing, while easily bypassing existing safety measures.