The AI "Vulnpocolypse" Is Real? - PSW #922

Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how he expects LLMs and agents to influence what the list will look like for next year. He also shares some insights on using LLMs for his own blackbox research, giving us a peek into the work he'll be sharing at Black Hat USA this summer. Resources https://portswigger.net/research/top-10-web-hacking-techniques-of-2025 https://blackhat.com/us-26/briefings/schedule/index.html#can-ai-do-novel-security-research-meet-the-http-terminator-51894 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-380

Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source. The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries. Segment Resources: https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078 ​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today’s distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them! Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware’s Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise. See it in action. Request a demo at https://securityweekly.com/resiliencersac. Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-456

SScylla and Charybdis, Latin Phrasebook, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-575

This week: Larry’s in the host seat and chaos ensues. We dig into: A very questionable story about tracking a warship with a $5 Bluetooth tracker Serial-to-IP devices quietly sitting in critical infrastructure… and full of holes New York regulators mandating MFA and asset inventory—aka CIS Control #1 is now breaking news A ransomware negotiator who decided to double-dip (and landed in prison) “Brand new” hard drives that come preloaded… with someone else’s data The Vercel breach: no zero-day, just shadow IT, stolen tokens, and bad decisions AI-driven vulnerability discovery and the looming “vulnpocalypse” Quantum crypto debates: real threat or just another security boogeyman? Mirai is STILL alive—because apparently we still don’t patch routers And yes… Flipper Zero makes an appearance (no, you’re not hacking airplanes… calm down) Then, we rebroadcast an interview from RSAC. Breach Readiness for Measurable Risk Reduction in the Age of AI Cyber leaders no longer debate whether a breach will occur. What has changed is the speed and scale at which AI now enables those breaches. The real question is how far an attacker can move once inside. In this conversation, Rajesh Khazanchi explores why breach readiness, including AI-assisted containment, measurable blast radius reduction, and pervasive microsegmentation, has become mission-critical for business continuity in 2026. This segment is sponsored by ColorTokens. Visit https://securityweekly.com/colortokensrsac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-923

Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don't like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it's time to rethink cyber literacy. Craig Taylor, CEO and Co-founder at CyberHoot, joins Business Security Weekly to discuss why we need to shift our Cyber Literacy industry from shame and punishment towards gamification, positive reinforcement, and small rewards. If we truly aspire to change behaviors, then we need a different approach. Craig will discuss how a multi-disciplinary approach rooted in science is the future of training and phishing programs. Segment Resources: Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/ Newsletter Registration: https://cyberhoot.com/newsletters/ Blog Articles: https://cyberhoot.com/blog/ Cybrary (Library of 1000+ Cybersecurity Terms in non-technical language): https://cyberhoot.com/cybrary/ Special Podcast Offer: 20% off CyberHoot for 1 year using the podcast’s unique coupon code: "Business Security Weekly" From Reactive to Autonomous: Real-Time Endpoint Intelligence in the Age of AI As organizations experiment with agentic AI and autonomous security operations, many are discovering a difficult reality: AI is only as effective as the data and visibility behind it. Yet most enterprises still struggle to answer basic questions about their endpoints in real time. In this conversation, we’ll explore how IT and security teams are evolving from reactive operations toward proactive, preventative, and ultimately autonomous models. The journey begins with real-time endpoint intelligence—the ability to see, understand, and act across every endpoint in seconds. This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumrsac to learn more about them! Hard Truths: The Lies We Keep Buying in Cybersecurity Cybersecurity isn’t broken because of a lack of technology—it’s broken because the industry avoids hard truths. Fear still drives budgets. AI is oversold as a cure‑all while foundations remain weak, and CISOs are held accountable without the authority to change outcomes. In this conversation, Illumio CEO and founder Andrew Rubin breaks down what must change to build real resilience—because the next breach won’t just impact the business, it could end a career. For more information about Illumio, please visit: https://securityweekly.com/illumiorsac Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-444

Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-574

Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwyddon "Data" Owen shares his experience building a red team, creating an exercise, and leveraging the results to improve security. And while the adoption of LLMs will accelerate a red team's activities, there are still plenty of foundational security controls that orgs can establish that would require a red team to be more than just fast, but fast and very careful. Coding Agents Are Getting More Cautious, But Not Safer A new study finds that while frontier AI coding models are hallucinating less than they did a year ago, they still preserve a significant amount of avoidable software risk when left ungrounded. Sonatype’s research shows that connecting these models to real-time software intelligence dramatically improves remediation quality and reduces critical and high-severity vulnerability exposure by 60–70%. The takeaway is clear: safer AI-assisted development will depend not just on better models, but on grounding them in accurate, current dependency and vulnerability data. This segment is sponsored by Sonatype. Read the study: https://securityweekly.com/sonatypersac How We Achieve Agentic Outcomes in CyberSecurity: The “Do-It-For-Me” Mobile Defense If you look at deepfakes, synthetic identity, social engineering, and new malware variants coming to market, it seems like attackers have a first-mover advantage in using AI. The volume and variety of threats are growing faster than the current cyber stack can address. Against this backdrop, organizations are moving away from “do-it-yourself” delivery models (more tools, more alerts, more headcount) to “do-it-for-me” agentic AI delivery models (using platforms that unify data, execute policy, and automate outcomes). The emphasis outside of cyber is on empowering the expert human-in-the-loop — so teams spend less time in the noise and more time delivering business outcomes. This segment explores how cybersecurity leaders can make the most of the AI Age, leveraging it for good while staying relevant amid the explosive AI adoption curve. This segment is sponsored by Appdome. Visit https://securityweekly.com/appdomersac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-379

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn’t a typical ESW guest. I think it’s essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That’s what we’re doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We’ll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet’s FortiGuard Labs 2026 Global Threat Landscape Report Fortinet’s Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here’s how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY’s hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-455

Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-573

This week: CSA issues guidance to CISOs on Mythos Vuln management woes Windows tells you about Secure Boot AI-assisted firmware vuln hunting The dumbest hack Edge decay and the failing perimeter Mac OS X on a Wii Little snitch comes to Linux CPUID served malware Buying plugins to backdoor them Addicted to hacking Is Mythos just a sales pitch? We are still talking about Adobe Acrobat vulns A single line AI jailbreak Hacking Apple Intelligence Don't leave your ICS device or RDP exposed to the Internet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-922