Casey Ellis - Latest News and Information
Technology Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Founder/executive and advisor (security sector); frequent executive advisory perspectives on risk, leadership, and operating in complex environments.
Had a great conversation with Mackenzie Jackson from Aikido Security on The Secure Disclosure — we got into some contrarian takes: not every org should run a bug bounty (yes, from the Bugcrowd founder), AI slop is really just 2014 all over again, AI won't replace hackers because bad guys aren't packing up and going home, and the fact that the internet still works is a minor miracle. https://www.youtube.com/watch?v=QtcBhb_aqxk
If I had a nickel for every time I was asked "How does AI impact bug bounty programs" last week, I would have several nickels... That's partly (*) why it was a hoot to sit down with my long-time vulnerabilityresearch...
CVE funding secured, but the deal details remain a black box. Plus: lookup.disclose.io is live in beta, exploited vulns surged 105%, and the EU CRA clock is ticking. Policy Pulse #8: https://blog.disclose.io/policy-pulse-issue-8-week-of-march-29-2026/
Talked to Fletcher Heisler from Authentik about Extended Identity Access Management — XIAM. Open source identity, seven years in the making. Worth a listen: https://risky.biz/RBNEWSSI120/
Q: When is an SQLi bug just a sparkling API? A: When you ask an LLM to grab a bunch of data from a website, and it realizes that one is there. imho, this is one of those "don't hate the finder,...
🔥🔥🔥 This hits on something that has bothered me for most of my career... Much of what orgs do to "assess risk" is largely performative, and has very little do with actual risk. Impact is what matters. Your AI Pentester Found...
