A discussion on the evolving cybersecurity landscape, covering the persistent threat of ransomware gangs adapting with AI, the critical failures in identity security highlighted by the Zestix case, the emergence of AI agents as a new class of insider threats, and the physical-world risks demonstrated by hacking humanoid robots.
Explore Jeff Crume's cybersecurity predictions for 2026 and beyond, detailing the dual impact of AI in security, the rise of autonomous AI agents, the futility of deepfake detection, and the critical importance of post-quantum cryptography and passkeys for future defense.
Experts discuss Gartner's advisory to ban AI browsers due to significant security risks like zero-click attacks. The conversation expands to the role AI vendors should play in threat intelligence, the frustrating persistence of old software vulnerabilities on the MITRE Top 25 list, the conditional safety of social logins, and a novel 'bring-your-own-virtual-machine' attack that bypasses traditional endpoint security.
This podcast episode dives into critical cybersecurity topics, starting with Gartner's warning to ban AI browsers in the workplace due to significant security risks, like zero-click exploits. The conversation then broadens to the role of AI model providers in the threat intelligence community, questioning their responsibility in sharing data after attacks. The panel also analyzes MITRE's latest list of top software weaknesses, the pros and cons of using social logins (SSO), and a novel 'bring-your-own-virtual-machine' attack vector that challenges traditional endpoint security.
A deep dive into the human side of cybersecurity, exploring the motivations of bad actors, the evolution of social engineering in the age of AI, and the defensive strategies being developed. The discussion covers the move beyond passwords with passkeys and risk-based authentication, and confronts the complex security and privacy challenges introduced by autonomous agents.
Mazharul Islam from the University of Wisconsin—Madison introduces CASPER, a novel deception-based framework designed to detect the misuse of passkeys stolen from cloud storage providers. CASPER uses a system of decoy secrets and passkeys to enable relying parties (websites) to identify and flag unauthorized login attempts, effectively balancing security, usability, and deployability without disrupting the user experience.