How Safe Is Agentic AI? #Cybersecurity
The discussion centers on the security challenges of agentic AI systems, focusing on how these autonomous agents interact with tools, data sources, and other agents. Gw, a research director at Cyber Arc Labs, outlines the emerging threat landscape as organizations integrate AI-driven workflows into core operations. He identifies the connection layer between agents and their tools as the largest attack surface, noting the absence of clear security boundaries. Demonstrations of AI coding agents being manipulated to execute shell commands illustrate how vulnerable these interfaces can be. Consequently, traditional isolation mechanisms—such as sandboxing, containers, and mode controls—are recommended to protect the resources the agents consume. Gw emphasizes that the most effective controls reside on the tools rather than the language model itself, stating, “the most effective security control are the ones we placed on the tools and resources that the agent uses.” He also stresses the need for a well‑defined kill‑switch protocol that can halt rogue behavior while allowing seamless recovery or replacement of the compromised agent. For enterprises, these safeguards are critical to prevent AI‑induced disruptions and to maintain business continuity. Implementing layered isolation and emergency shutdown mechanisms will become a baseline requirement as autonomous AI agents assume greater roles in multi‑step business processes.
Techstrong TV - March 26, 2026
Day two of RSA Conference in San Francisco featured a high‑energy panel with leaders from Nvidia, Cerebras and Glean, moderated by security veteran Dr. Cheny Wang. The discussion centered on the rapid rise of agentic AI in the enterprise, highlighting...
LLMs Solve Firmware Upgrade Chaos
The video highlights how large language models (LLMs) are being deployed to untangle the notoriously chaotic process of firmware upgrades across diverse hardware ecosystems. Operators must first locate each device, determine its exact hardware revision, identify the firmware version it...
Object First Honeypot Demo with Geoff Burke
Geoff Burke walked attendees through ObjectFirst’s built‑in honeypot demo, showcasing a turnkey security layer that lives inside the appliance yet remains isolated from production traffic. The feature is activated with two clicks in the Settings → Security menu, offering either a static...
Why Object First Is Best for Veeam
The video explains why Object First’s storage solution is positioned as the optimal backup target for Veeam customers, especially after Veeam’s recent acquisition of the startup. Founded by Veeam’s own co‑founders, Object First was built to address a glaring weakness:...
Millions of Secrets Exposed - LiteLLM Compromised
The video details a supply‑chain breach affecting the open‑source Python library LightLLM. Versions 1.82.7 and 1.82.8 were published to PyPI with hidden malware that silently copies secrets from any system where the package is installed, giving attackers direct access to SSH keys,...
Live at #RSAC 26 with James Stanger
James Stanger of CompTIA addressed the RSAC 2026 audience, outlining a three‑part framework he calls the cyber security AI trifecta. He emphasized that the first priority is safeguarding the AI models and data pipelines themselves, a step often overlooked as...
Cyber Attacks In Business: Case Studies And Prevention Tips | Real Case Study Lessons | Simplilearn
The Simplilearn webinar framed cyber attacks as inevitable business crises, emphasizing that every organization will be targeted and must shift from a purely technical mindset to an enterprise‑wide preparedness strategy. Host Ana introduced the agenda—impact statistics, three real‑world case studies,...
Black Hat USA 2025 | Use and Abuse of Personal Information -- Politics Edition
The Black Hat USA 2025 presentation revealed a five‑year research project that generated 1,400 realistic fake voter identities to probe how political campaigns collect and use personal data during the 2024 election cycle. By automating sign‑ups for newsletters and phone lines, the...
Black Hat USA 2025 | Smart Charging, Smarter Hackers: The Unseen Risks of ISO 15118
The Black Hat USA 2025 talk examined ISO 15118, the emerging standard that underpins smart‑charging and vehicle‑to‑grid (V2G) communication for electric vehicles. By allowing chargers to modulate demand and feed power back to the grid, the protocol promises to alleviate...
When AI Starts Acting on Its Own...
At RSA, Cisco senior vice president Peter Bailey explained that zero‑trust security must evolve when the "identity" is an autonomous AI agent rather than a human user. He noted traditional zero‑trust assumes breach and relies on static credentials, but agents act at...
Why Cisco Is Changing Firewalls FOREVER 🌐
At RSA, Cisco’s VP of Cloud and Network Security, Rick Miles, unveiled a radical redesign of the company’s firewall portfolio, emphasizing a shift toward a hybrid‑mesh architecture that distributes security functions across the entire network fabric. The announcement positions Cisco’s...
Open Source SecurityCon | Closing Remarks - Brandt Keller & Constanze Roedig
The closing remarks of Open Source SecurityCon were delivered by co‑chairs Brandt Keller and Constanze Roedig, who thanked attendees, speakers, and the CNCF/OpenSF partnership that hosted the event. They emphasized the importance of the post‑event survey as a tool for...
Tarmageddon: One Bug, Four Forks, and a Disclosure Scavenger Hunt - Marina Moore & Alex Zenla, Edera
The video recounts how Ada’s research team uncovered a severe parsing flaw in the Rust‑based asynchronous tar library Tokyo‑tar. The vulnerability, triggered by a malformed PAX header, caused the extractor to treat embedded data as a separate tar archive, allowing...
Lightning Talk: A Case Study in Cross-Ecosystem Security Response - Lori Lorusso, Rust Foundation
The Rust Foundation used a Lightning Talk to illustrate how cross‑ecosystem collaboration can harden open‑source supply‑chain security. Identified as a critical project by OpenSSF in 2022, Rust launched its Security Initiative, securing crates through threat modeling, ecosystem scanning, and trusted...
AI Expands the Scam Target Pool
The video discusses how artificial intelligence is reshaping fraudulent schemes, allowing scammers to produce flawless, grammatically correct communications that mimic legitimate business correspondence. Historically, scammers relied on obvious errors—misspellings, broken grammar—to filter for the most gullible victims. With AI tools like...
Are Data Centers the New Battlefield?
The video examines Iran’s recent publication of a list of 29 technology targets, which notably includes data‑center facilities operated by IBM, Amazon Web Services, Microsoft, Google and Palantir. This marks the first documented instance of a nation explicitly naming data...
Build This DevSecOps AI Agent Workflow and Sell It for $5k | No Coding
In this tutorial Abhishek demonstrates how to construct a full‑stack DevSecOps AI workflow without writing a single line of code, leveraging the SIM.AI platform’s “mothership” prompt‑driven builder. The workflow is activated by a GitHub pull‑request webhook, extracts changed files, hands...
When Virtual Machines Fail You
The video warns that virtual machines are not a panacea for security; a malicious actor can break out of a VM and gain control of the underlying host. The speaker stresses that relying solely on a locally‑run virtual box or...
Black Hat Asia 2026 Speaker Spotlight - Tal Be'ery
Tal Be'ery returned to Black Hat Asia 2026 to spotlight a growing crisis: billions of WhatsApp users are exposed to newly uncovered flaws that allow strangers to hijack their devices. Leveraging the conference’s blend of cutting‑edge research and Singapore’s relaxed vibe, he framed the...
Official Game Installs Malware
The video warns that the indie title “Do at Night Abyss” was compromised in a supply-chain attack, delivering the UmbrellaStealer info‑stealer to unsuspecting players. The breach did not require any user click; the malicious payload was bundled with the game’s...
Your Attack Surface Just Expanded
Security leaders are redefining the attack surface beyond traditional endpoints, incorporating identities, applications, cloud workloads, and even IoT devices into asset inventories. The video explains how modern security platforms—whether marketed as attack surface management or exposure management—are broadening the asset...
Live From RSAC 2026: Cybersecurity Leaders, AI Threats & What’s Next
RSAC 2026, the premier cybersecurity conference, is live from San Francisco’s Moscone Center March 23‑26. The event’s theme, “The Power of Community Starts with You,” frames discussions on AI security, threat detection, cloud protection, identity, and governance. A real‑time livestream...
The New Doxxing Playbook (How to Protect Yourself)
Josh and journalist Taylor Lorenz discuss the escalating threat of online harassment and doxxing. They explain how attackers compile personal data from public profiles, data‑broker sites, and social networks. The conversation offers practical defenses, including privacy‑removal services, strong authentication, and...
Allianz Risk Barometer 2026
Allianz's 2026 Risk Barometer, now in its 15th year, surveyed over 3,300 risk professionals across nearly 100 countries and 23 sectors to rank the top ten global business threats. The report highlights how technology, geopolitics and regulation are increasingly interwoven,...
The Hardest Part of Security
The video tackles what the speaker calls the "hardest part of security" – remediation – within the broader context of proactive security programs. It outlines the traditional three‑step framework: identifying assets, gaining visibility, and then prioritizing risks based on the...
Episode 4: From Fear to Framework: Building a Secure and Compliant AI Operating Model
The episode outlines a practical framework for CIOs and CISOs to secure AI deployments, moving beyond generic fear narratives. It details guardrails for large language models, methods to protect proprietary data, and a governance structure that meets compliance requirements. Viewers...
Techstrong TV - March 24, 2026
The Techstrong TV episode highlighted a surge in quantum‑era threats, noting that “harvest now, decrypt later” attacks are accelerating as adversaries hoard encrypted data. Experts urged immediate adoption of quantum‑ready safeguards such as quantum random number generators, crypto‑agility, and scalable...
Leading Without Burning Out Your Team - UNH
The video addresses a common leadership dilemma: how to drive results without exhausting the workforce. The speaker, a senior manager at UNH, admits his own “foot stays on the gas” mentality and acknowledges the downstream stress it creates for his...
How Call Recordings Can Become the Best Security Training - UNH
In a recent UNH podcast, Steven Ramirez explains how healthcare organizations can repurpose call recordings as a powerful security‑training tool. By systematically reviewing real patient‑service interactions, teams identify common phishing cues, credential‑sharing mistakes, and policy violations. The approach blends compliance...
Fighting AI with AI: PANW Chief SIO Talks Cybersecurity & Adjusting to Cyberattacks
At RSA 2026, Palo Alto Networks’ Chief Security Intelligence Officer Wendi Whitmore warned that AI‑powered cyber‑attacks are accelerating dramatically, with Unit 42 reporting a 400% year‑over‑year increase in attack speed—malicious actors can breach a network and exfiltrate data in under...
Why One-Time Pen Testing Isn’t Enough
The video argues that traditional, once‑a‑year penetration testing is obsolete in today’s fast‑moving tech environment. Adrian emphasizes the shift toward continuous, offensive testing that mirrors real‑world attacks, providing organizations with up‑to‑date visibility into exploitable weaknesses. Key points include the need for...
Black Hat USA 2025 | HTTP/1.1 Must Die! The Desync Endgame
The Black Hat presentation titled “HTTP/1.1 Must Die! The Desync Endgame” warned that the fundamental design flaw in HTTP/1.1—its inability to reliably delineate where one request ends and the next begins—continues to enable powerful desynchronisation attacks. While many organisations have...
🔴 Mar 27's Top Cyber News NOW! - Ep 1098
Episode 1098 of the daily cyber briefing delivers the most relevant cybersecurity headlines for analysts, CISOs, and business leaders. It highlights ThreatLocker’s Zero Trust platform as a simple, deploy‑and‑manage solution. The show also promotes free or pay‑what‑you‑can training options from...
Ethereum’s Quantum Plan Before Q-Day with Justin Drake
The video discusses Ethereum's strategy to become post‑quantum secure before the anticipated Q‑Day, featuring cryptographer Justin Drake. Drake outlines recent quantum computing advances—error‑correction achieving logical qubits, algorithmic improvements cutting required physical qubits from millions to ~100,000, and massive VC funding—shifting quantum...
Why Your Cyber Risk Assessments Change Nothing (5 Fixes)
The video challenges the status quo of cyber risk assessments, arguing that most of today’s GRC practices produce heat maps and registers without influencing real business decisions. Steve McMichel deconstructs why risk management has become ritualistic, citing “risk theater” and...
Black Hat USA 2025 | Peril at the Plug: Investigating EV Charger Security and Safety Failures
The Black Hat USA 2025 presentation titled “Peril at the Plug” examined the alarming security and safety gaps in electric‑vehicle (EV) chargers, drawing on findings from the PON (Pon Automotive) hacking contest. The speakers outlined the extensive attack surface—multiple CPUs,...
Every Insane Hack in the 2026 Iran War (So Far)
The video catalogues a wave of cyber attacks that have accompanied the 2026 Iran‑Israel‑U.S. conflict, ranging from state‑run operations to hacktivist raids. It argues that the digital battlefield opened before any missiles hit Tehran, with the U.S. Cyber and Space...
Black Hat USA 2025 | Hackers Dropping Mid-Heist Selfies
The Black Hat USA 2025 talk focused on a novel AI‑driven approach to dissecting “mid‑heist selfies” – screenshots harvested by information‑stealer malware. These malware families exfiltrate credentials, crypto wallets, password managers and system details without needing admin rights, then...
HackTheBox - Conversor
The video walks through the Hack The Box "Conversor" machine, an ostensibly easy box that hides two distinct attack vectors. The target is a Flask‑based web application that accepts XML and XSLT files to generate HTML reports, while the underlying...
Revisiting RowHammer - Top Picks in Hardware and Embedded Security - Prof. Onur Mutlu - 30.10.2025
The talk revisits the seminal Rowhammer problem, presenting the 2020 "Revisiting Rowhammer" paper that conducted the largest experimental study to date on real DRAM chips. By testing roughly 1,600 devices from three major vendors across DDR3, DDR4, and LPDDR4 generations,...
What Is AWS MFA? ( Multi-Factor Authentication Explained )
The video introduces AWS Multi‑Factor Authentication (MFA) as a critical safeguard against credential compromise, explaining that a stolen username and password alone are insufficient when MFA is active. It outlines how MFA works: after entering standard credentials, users must supply a...
What Is an AWS IAM Policy?
The video introduces AWS Identity and Access Management (IAM) policies as JSON‑formatted documents that explicitly allow or deny actions on AWS services and resources. It explains that policies can be highly granular—down to individual API calls such as “s3:CreateBucket” while denying...
IETF 125: Transport Layer Security (TLS) 2026-03-20 06:00
The TLS Working Group wrapped up its IETF 125 session by reviewing several high‑priority items, notably the extended key‑update draft for TLS 1.3, a proposal to ban ephemeral key reuse, and ongoing liaison work on post‑quantum cryptography. Participants were reminded of...
Meta Ending End to End on Instagram- Threat Wire
Meta announced it will retire the end‑to‑end encrypted (E2EE) direct‑message feature on Instagram, with the shutdown slated for May 8, 2026. The capability, introduced in 2021, saw minimal opt‑in rates, prompting the company to pull the option and steer privacy‑focused users toward...
How Secure by Design and Public Partnerships Drive Deterrence: A Conversation with Jen Easterly
The podcast features a deep‑dive conversation with Jen Easterly, former Army lieutenant colonel and current chief executive of the RSA Conference, about how secure‑by‑design engineering and public‑private partnerships shape U.S. cyber deterrence. Easterly recounts her early immersion in cyber while deployed...
Black Hat USA 2025 | Analyzing Smart Farming Automation Systems for Fun and Profit
The Black Hat USA 2025 talk examined the rapid rise of smart‑farming automation kits that retrofit conventional tractors with GPS‑guided steering, tablet HMI, and cloud‑connected services. The presenters, Felix and Bernhard, highlighted how inexpensive add‑on solutions—typically $5‑10 k—are being sold...
Operation Winter SHIELD: FBI Philadelphia on Safeguarding the Communications Sector
Operation Winter Shield, the FBI’s Philadelphia field office, announced a focused initiative to protect the city’s communications infrastructure—a critical hub for the Northeast—by partnering with public and private entities to counter evolving cyber threats. The briefing highlighted four tactical priorities: enforcing...
Black Hat USA 2025 | BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets
At Black Hat USA 2025, Microsoft’s Storm team unveiled “Bit Unlocker,” a proof‑of‑concept that abuses the Windows Recovery Environment (WinRE) to extract BitLocker keys and decrypt protected volumes. The researchers explained that WinRE runs from a separate recovery partition and loads...
The FBI Experience Brief: Cybercrime
The FBI’s “Cybercrime” Experience Brief introduces visitors to the expanding threat landscape that accompanies today’s interconnected world, where everything from refrigerators to automobiles is network‑enabled. The presentation traces cybercrime’s evolution from early room‑sized computers—where vandalism and theft were primary concerns—to modern,...
