Beyond AI: Creative Solutions for the Vulnerability Apocalypse
So it looks like some of you only skimmed my recent #VulnMgt blog https://t.co/6Wu6ApVyN8 and did not make it to the "15 minute experiment" ... Sure, vuln apoc is fun (for some), but "what do we do" also needs creative solutions, not just "MOAR AI"
Prioritize AI Projects with Practical Risk Tiering Guide
"Risk Tiering AI Use Cases - A Practical Guide" https://t.co/oEya02EMLO <- a new blog from our team, high-level but very useful if you are struggling with "ban vs FOMO" with AI
AI ROI Isn't Always Obvious, Yet Still Valuable
Here is an odd convo that I had with somebody (not in cybers) about "ROI from AI." Their view at first seemed peculiar: "if there is no blindingly obvious ROI from an AI project in business, there won't be any."...
Seeking Metrics to Predict Impending Vulnerability Apocalypse
OK, humans, I plan to vibe code an app to predict the coming of vuln apocalypse, like when do we know it is here. Growth in KEVs? Lowering of VRP numbers? More vulns in general? What else to track? ...
Manual Updates Reveal Outdated Security Practices
"If your security strategy relies on a sysadmin logging into a server to run apt-get upgrade on a Tuesday morning, you aren't running a modern security program; you’re running a historical reenactment society." #overheard
AI May Not Deliver Perfectly Secure Code in 5 Years
Given massive AI advances, do you believe than within 5 years it would be feasible to write 100% vulnerability-free code? #NoNuancePoll
Devoured Stephenson’s Seveneves in One Epic Weekend
One of my favorite scifi books I ever read is "Seveneves" by Neal Stephenson (https://t.co/hApVL0M3J7) - I literally read it in "one night from Friday to Sunday" :-) (1/n)
Live Demo: Hacking AI SOC at Google Cloud Next
Some of you have asked for a video of @hackerxbella and me having fun at the expense of AI SOC :-) at #GoogleCloudNext, and here it is: https://t.co/lIfcpWJSwF
Exploring Vibe-Replaced Security Tools: Lessons Coming Soon
Inspired by recent "can I vibe-replace my security tools" discussions.... more lessons next week :-) https://t.co/s63hzaCpBb
Don't Trust Hype: Vibe‑code GRC Replacements Fail
If somebody comes to you and says "we will #vibe code a replacement for our GRC tool?" you say
What’s Your Ideal Price for an AI SOC?
If you had a magic wand, what is your ideal pricing for "AI SOC" (aka AI/agent SOC triage tool) #question
Automating Basic Security Tasks Erodes Critical Skills
"Trap: Organizations, especially those in the early stages of AI maturity, may attempt to reduce entry-level or core cybersecurity roles, believing that AI can fully replace these functions. However, this leads to skills erosion, where automating foundational tasks removes the...
AI Will Empower, Not Undermine, Security Teams
Somebody asked me here at the conference: given AI advances, are we fucked in D&R and SOCs? I said “no, AI will help a lot here, this is fine, defenders will be fine.” (1/2)
AIBOM Not a Fix for Shadow AI, Says Critic
Subtweet alert... Hi @grok .. why do some people think that AIBOM is a solution to shadow AI? This is not accurate, right?
Second Coding Vibe: Security Prediction App Nears Functional
So my 2nd vibe coding experience is about building an app to do security prediction validation. My v0.3 kinda works (but has annoying issues, obviously). (1/n)