Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses.
Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach.
Topic
For this week’s topic segment, we’ve got two very interesting data sources.
The first is Anthropic’s first update on Project Glasswing, where they’re absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings.
The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don’t matter.
Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here).
The Weekly Enterprise News
Finally, in the enterprise security news,
Less funding, more acquisition
the AI SOC startup space is CROWDED
your CEO is suffering from AI psychosis
Some CISOs are done with the job, IT can have it
detecting and removing dangerous secrets from dev workstations
230,000 security advisories roll up to 6 attacker behaviors
The FBI’s 2025 IC3 report is out
When tech billionaires make predictions, they’re actually sales pitches
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-461
México