This episode of Security Intelligence delves into three critical cybersecurity topics: the implications of AI agents managing passwords, the impact of AI on vulnerability discovery and "Patch Tuesday" volumes, and the C-suite's evolving appetite for cyber risk in pursuit of innovation. Experts discuss the promises, pitfalls, and necessary strategic shifts in an AI-driven security landscape.
This week's podcast delves into the rapidly evolving landscape of AI-powered vulnerability management, discussing OpenAI's Daybreak, Microsoft's MDASH, and Mistral's Mythos competitor. The panel analyzes the measured real-world results of Anthropic's Mythos on the curl project and explores the implications of the notorious Shai-Hulud npm worm going open source.
This episode explores the security risks of AI, including 'agentic blabbering' in AI browsers that aids phishing attacks, the ability of models like Claude Opus to resurrect vulnerabilities in legacy code, the debate on 'shift left' security practices, and new threats like AI-generated 'ephemeral malware' and the challenges of the post-authentication perimeter.
A deep dive into the [un]prompted AI security conference, the new Zero Day Clock initiative for vulnerability management, the emergent risks of autonomous AI agents, and the pervasive issue of burnout in the cybersecurity field.
A deep dive into the human side of cybersecurity, exploring the motivations of bad actors, the evolution of social engineering in the age of AI, and the defensive strategies being developed. The discussion covers the move beyond passwords with passkeys and risk-based authentication, and confronts the complex security and privacy challenges introduced by autonomous agents.
Panelists debate the likelihood of an "AI vulnerability cataclysm", discussing whether AI will overwhelm defenses or if it's an arms race where both attackers and defenders level up. The discussion covers the return of threat group Scattered Spider using AI-powered vishing, the persistent and significant risks of cloud misconfigurations, the emergence of firmware-level ransomware like HybridPetya, and the importance of focusing on security fundamentals and user education over punitive rules.