Skip to content
PodcastsBusinessThe Security Strategist

The Security Strategist

EM360Tech
The Security Strategist
Latest episode

235 episodes

  • The Security Strategist

    Shadow AI to Shadow Agents: What's Actually Changed in 2026?

    2026/07/17 | 20 mins.
    Key frontier models are now capable of spotting vulnerabilities that no one thought even existed. They are finding software vulnerabilities at scale without any prompting, presenting both opportunities and challenges for security teams. For instance, recently, the Associated Press reported on the Anthropic Mythos model, spotting vulnerabilities in highly sensitive U.S. government computer systems during a testing exercise. Security researchers describe this ability as dual-use.
    The Mythos model, part of Anthropic’s project Glasswing, partnered with national intelligence agencies to find and fix vulnerabilities in critical systems before attackers get to them, as per AP. The frontier AI model “broke into almost all of our classified systems, not in weeks, but in hours,” Joshua Rudd, National Security Agency (NSA) chief, seems to have informed Senator Mark Warner of Virginia.
    This kind of scanning capability helps defenders patch vulnerabilities faster, and also provides attackers with a more effective tool. As our guest noted in the recent The Security Strategist podcast episode, it's "almost like a new weapon." Both sides of the security battle believe they can leverage it to their advantage.
    This tension sets the stage for a conversation that has been growing in enterprise security circles throughout the year – Shadow AI.
    In this episode of The Security Strategist podcast, host Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech, sat down with Guru Sethupathy, Head of AI Governance at Optro, to break down Shadow AI and its looming threats in 2026 and beyond.
    Over the last couple of years, Shadow AI has mainly involved employees entering sensitive data into ChatGPT while IT teams rushed to respond. This summer, the narrative has changed. The EU AI Act's regulatory clock is ticking. Meanwhile, Shadow AI is transforming into autonomous "shadow agents" that operate without waiting for human approval at every step.
    Sethupathy believes many enterprises are about to realise they can't comply with regulations for systems they don’t even know they're using.
    Rogue Chatbots to Rogue Agents
    Shadow AI isn’t a new concept, but Sethupathy challenged the notion that enterprises have been aware of it for years. "Even into 2024, Shadow AI was not the main priority for enterprises," he said. It only gained traction heading into 2025, and "it has dramatically increased in 2026."
    Two factors are driving this shift, he explained. The first is the "democratisation of AI." Any employee within an enterprise can now access and interact with AI tools directly. The second factor is the countless ways AI can enter a company. AI can come through third-party vendor tools, web browsers, internal development, or no-code and low-code platforms. When you combine these entry points with the number of employees interacting with them, he noted, "you can see why there’s so much AI in an organisation that isn’t being tracked."
    However, the real change, Sethupathy argued, isn’t from chatbots but from what followed. "With chatbots, companies could exert control," he said, highlighting the relative ease of restricting the tools staff could use and controlling how data flowed through them. AI Agents present a different challenge entirely: "It’s not just about data leakage. It’s not just about data security. These agents are taking actions, making decisions, and acting."
    This, he said, poses "a level of risk that is much higher."
    Why is Governance Failing Against AI?
    If agentic AI is the new area of risk, why hasn’t governance caught up? Sethupathy attributes this to tempo. "Governance in the past has typically been a point-in-time exercise," he said. But autonomous agents operate constantly. They learn consistently and take actions, access tools, and data around the clock.
    "Imagine you’re driving, and your car only informs you of your speed every half hour. That would be pointless,” the Head of AI explained. The same reasoning applies to agents, he argued. With their continuous work, oversight needs to be continuous as well. This creates two major problems for organisations: a process issue (rebuilding governance frameworks around ongoing review) and a technology issue. As Sethupathy plainly stated, "humans cannot do continuous monitoring. We have to sleep."
    AI needs to monitor other AIs.
    Why the EU AI Act to Shadow AI?
    The compliance deadline for high-risk systems under the EU AI Act has not simply been pushed to August 2026 and left there. Sethupathy clarified that the European Commission revised the timeline recently, dividing it into two separate tracks:
    The first is transparency and watermarking obligations; the rules requiring enterprises to disclose their AI usage have actually been moved forward to December 2026. Secondly, high-risk system obligations involving the detailed governance, risk assessment, and audit requirements for high-risk AI — have been pushed back to December 2027.
    "There have been updates on the EU Act," Sethupathy told Dua. The rules "around transparency of AI use and watermarking have actually been moved forward to December of this year," while the high-risk governance requirements have "been pushed back to the latter half of next year, particularly December 2027."
    Alluding to the challenge of shadow AI challenge, he added that enterprises can't run a compliance process for high-risk systems they haven't identified. "You don’t know what high-risk systems you have if you have shadow AI," he said, adding that he doesn’t think most enterprises could have solved that discovery issue by the original August 2026 deadline.
    Sethupathy believes the extended timeline is a positive development, as long as companies take advantage of it. "I think it’s actually good that the EU has given folks more time. But they need to get started."
    Ultimately, he asks CISOs to "think of governance as your insurance against that investment," referring to the billions of enterprises that are investing in AI. Without buy-in from the top, Sethupathy warned, "governance will become just a side task. Eventually, something will break."
    Key Takeaways
    Shadow AI is becoming a significant concern for enterprises.
    The rise of AI democratisation has increased risk exposure.
    Governance must be continuous and real-time to be effective.
    The EU AI Act's compliance deadlines are crucial for enterprises.
    Enterprises need to identify high-risk AI systems to comply with regulations.
    Technology is essential for the continuous monitoring of AI systems.
    CISOs must take ownership of AI governance within enterprises.
    Training employees on AI risks is vital for effective governance.
    Investing in governance is an insurance against AI investments.
    Top-down support from leadership is necessary for successful governance.

    Chapters
    00:00 Introduction to Shadow AI and Its Implications
    03:12 Understanding the Rise of Shadow AI
    05:52 Governance Challenges in the Age of AI
    09:00 The EU AI Act and Its Impact on Enterprises
    12:09 Technological Solutions for Managing Shadow AI
    14:50 The Dual Nature of AI in Security
    17:34 Strategies for Effective AI Governance
    21:06 The Role of the C-Suite in AI Governance

    For more on Optro’s approach to continuous AI governance, visit optro.ai.
    #ShadowAI #ShadowAgents #AIGovernance #AgenticAI #Cybersecurity #EUAIAct #EnterpriseTech #CISO #RiskManagement #DataSecurity #TheSecurityStrategist #EM360Tech #Optro
  • The Security Strategist

    How Should CISOs Prioritise Risk in the Age of AI-Powered Cyberattacks?

    2026/07/17 | 18 mins.
    Two AI systems reached the offensive and defensive security space five weeks apart. Not because a vendor planned a product launch cycle, but because attackers and defenders are now using the same class of tool. The difference is that only one side built its own to fix things. Attackers are now weaponising a newly disclosed vulnerability in a median of under five days. Most organisations still take more than 60 days to remediate a critical one once a patch exists.
    In a growing share of cases, exploitation starts before the patch is even released. That gap isn't closing, and it has now become the whole problem. This is the subject of this episode of the Security Strategist Podcast, where host Richard Stiennon sits down with Brad Hibbert, COO and CSO at exposure management platform Brinqa, to talk about what changes when AI shows up on both sides of the fight.
    Mythos Thinks Like a Pen Tester
    Mythos, one of the offensive AI tools now circulating, doesn't just scan for known flaws. It reasons through a codebase the way a skilled human pen tester would analyse binaries, builds, and source across hundreds of instances simultaneously, around the clock. "It's like having a whole team of pen testers looking at things 24 by seven," Hibbert says.
    The speed isn't the part that should worry security leaders most, but it's the composition. According to Hibbert, tools like Mythos are chaining together vulnerabilities that individually rate as medium or low severity, combining them into a full system compromise. The exact flaws of a traditional scanner would rank near the bottom of the remediation queue. Stiennon draws the comparison to his own red-teaming days at PwC, when finding an exploit meant manually Googling a known CVE. What's different now, he notes, is that the AI is often generating something that's never been seen before, off the cuff.
    Five weeks after Mythos, Daybreak arrived, built for the other side of the fight. Instead of exploiting what it finds, it recommends remediations, aiming squarely at the gap that tools like Mythos are built to open. Hibbert expects this pattern to continue as agentic AI is moving into the software development lifecycle itself. This means it's reviewing code the moment it's checked in, flagging weaknesses before release, and eventually applying its own fixes before a developer even sees the pull request on Monday morning.
    What Is the Main Challenge of Vulnerability Management?
    The instinct across the industry has been to treat vulnerability management as a volume problem. This means scanning further, uncovering more vulnerabilities, and closing tickets faster. Hibbert offers a different perspective on that framing. Finding vulnerabilities, he argues, has always been the easier half of the job. The real bottleneck is knowing which ones actually matter to your business, and then acting on that knowledge fast enough to outrun both the attacker and your own change-management process.
    He points to a familiar scenario where a scan turns up an outdated firmware version on a casino's fish-tank temperature sensor. On paper, it's considered low severity and non-critical, exactly the kind of finding that sits at the bottom of a ticket queue indefinitely. This is treated as an entry point into a broader attack path; that same low-severity finding becomes the opening move in a full breach. The fix isn't scanning harder, but now it's asking a different question of every finding, like what could an attacker reach from here, and how far could they go?
    This reframing from counting vulnerabilities to mapping attack paths is, in Hibbert's view, the actual job of modern exposure management. It also explains why patch counts make for a misleading scoreboard. Remediation itself is often slower than the finding, not because teams are careless, but because patching carries real operational risk. A fix validated in a lab can still take down a banking system or a trading floor in production. Some systems, like that fish-tank controller, may never receive a vendor patch at all, forcing teams toward compensating controls instead.
    What Should CISOs Prioritise to Reduce Cyber Risk?
    Hibbert encourages CISOs to look beyond weekly patch counts and focus on whether security efforts are reducing risk. He advises leaders to ask their teams what would happen if their top critical exposures were exploited right now; what an attacker could reach, and how far the blast radius would spread. If the team can answer that clearly, the prioritisation program is working. If they can't, the problem isn't remediation speed; it's visibility.
    The uncomfortable implication, which Stiennon raises toward the end of the conversation, is that this shift will widen the gap between organisations that adopt AI-driven exposure management and those that don't, and the latter group won't disappear from the threat landscape. They'll just keep generating the breaches that fund the next generation of attacker tooling.
    AI has already changed the exploitation timeline. The real question is whether your team is still being measured by the number of tickets it closes or by how quickly it eliminates real attack-path risk. If you would like to learn more about Brinqa's approach to exposure management, visit their website.
    Takeaways
    AI is making vulnerability discovery and exploitation much faster.
    Attackers are chaining smaller flaws into major breaches.
    Fixing vulnerabilities remains harder than finding them.
    Attack paths matter more than individual CVE scores.
    Patch counts are a poor metric; risk reduction is a better one.

    Chapters
    00:00 Welcome to the Cybersecurity space
    02:54 Challenges in Vulnerability Management
    05:59 The Role of AI in Cybersecurity
    08:56 Vulnerabilities: Fixing and Prioritising
    12:09 The Future of AI in Offensive and Defensive Security
    14:57 Strategic Insights for CISOs and CIOs

    #CyberSecurity #CISO #ExposureManagement #AI #RiskManagement #InfoSec #Brinqa #SecurityStrategist #CyberThreats #VulnerabilityManagement #TechPodcast #CyberRisk
  • The Security Strategist

    Autonomous Pen Testing & the Next Era of Security Testing

    2026/07/09 | 17 mins.
    As demand for artificial intelligence (AI) increases and investment rises, AI is being used to spot threats more quickly.
    In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, an author, and a trusted advisor to vendors, VCs and private Equity Firms, conversed with Sandeep Kamble, Founder and CTO at SecureLayer7.
    Kamble explained how traditional penetration testing and autonomous security testing are changing offensive security. He highlighted how these tools are designed to empower security teams.
    Kamble told Stiennon that this shift was a logical next step. Years of building manual penetration testing skills, cloud security practices, and vulnerability research at SecureLayer7 formed the basis for AI to enhance that expertise.
    The goal is to create a tool that security professionals can use to be more effective in pentesting using AI.
    Why Traditional Security Scanners Are Outdated
    For years, security testing has relied on rule-based scanners, signatures, and checklists. While these tools could spot known weaknesses, they often faced challenges with complex vulnerabilities, business logic flaws, and context-specific risks.
    Kamble said that this traditional method often led to lengthy vulnerability reports filled with false positives. This made it hard for security teams to determine what truly needed action.
    The real challenge was understanding which ones posed real risks in a specific company's environment in addition to identifying vulnerabilities.
    SecureLayer7's autonomous penetration testing platform was designed to fill that gap. It combines AI agents with deep security expertise that allows the platform to analyse application architecture, understand context, and identify vulnerabilities through reasoning.
    Does Human Expertise Need to Expand?
    Autonomous pen testing means providing security professionals with additional capabilities, not replacing them. Kamble emphasised that human expertise is still vital, but how that expertise is applied is changing.
    Instead of an external team conducting tests in isolation, the platform empowers an enterprise’s pentesters and security experts. This gives them a powerful tool to scale testing on their own terms and timelines.
    With repetitive tasks such as reconnaissance and report writing handled by the AI agent, internal teams can focus on in-depth analysis, prioritisation, and strategic security decisions.
    Kamble noted significant productivity improvements among security professionals using this AI-supported process. AI removes obstacles, allowing security teams to concentrate on the important tasks.
    The SecureLayer7 CTO envisions a future where skilled professionals work with a more robust toolkit. A toolkit that’s equipped with a more powerful toolkit, capable of continuous testing at a scale that manual methods cannot achieve, at a faster, more accurate pace.
    What CISOs Should Prioritise
    Alluding to C-suites and CISOs, Kamble asks them to look beyond current vulnerabilities. For instance, they should prioritise the ongoing changes within their environments, such as the changes brought on by AI.
    Additionally, modern enterprises release thousands of updates, services, and applications quickly. Each change presents new opportunities for attackers, who are also using advanced technologies to speed up their efforts.
    For CIOs and CISOs, this means that having real-time visibility into infrastructure changes is becoming as important as tracking known vulnerabilities. It also means providing internal security teams with tools that allow them to keep up with that pace of change, rather than relying only on periodic, external assessments.
    As AI-driven threats progress, enabling internal teams to conduct continuous testing at scale may become one of the most crucial defences an enterprise can develop.
    Key Takeaways:
    AI is reshaping penetration testing with smarter automation.
    AI agents help uncover complex vulnerabilities faster.
    Human expertise remains vital in cybersecurity.
    Continuous testing helps manage growing attack surfaces.
    AI security needs control and human oversight.

    Chapters
    00:00 The Rise of Autonomous Pen Testing
    03:00 AI-Driven Security Testing: A New Era
    05:50 Complex Vulnerabilities and Human Expertise
    09:11 Scaling Autonomous Pen Testing
    12:08 The Future of Red Teaming and Social Engineering
    16:05 Key Takeaways for CIOs and CISOs

    For further information, please visit securelayer7.net and em360tech.com.
    Follow @enterprisemanagement360 on YouTube for further thought leadership insights on B2B enterprise tech across AI, emerging tech, cybersecurity and data.
    Follow @SecureLayer7 for cybersecurity solutions specialising in autonomous pen testing.
    #CyberSecurity #AutonomousPentesting #AIinSecurity #SecureLayer7 #PenetrationTesting #InfoSec #CISO #CloudSecurity #RedTeaming #TheSecurityStrategist #techinnovation
  • The Security Strategist

    AI Hype vs Reality: What Security Leaders Are Getting Wrong

    2026/06/17 | 22 mins.
    Walk the floor of any security conference, and you'll hear the same story that AI is transforming threat detection, closing the vulnerability gap, and redefining cyber defence. But the data suggests security professionals aren't buying into the hype as much as vendors might expect.
    According to Oliver Spence, CEO of Cybaverse and a former Royal Marine, the cybersecurity industry has a marketing problem, and that problem is making organisations less secure. In this episode of the Security Strategist Podcast, Spencer sits down with Trisha Pillay to examine where security leaders are being misled, why buzzwords are replacing meaningful outcomes, and what organisations should be focusing on instead.
    Why AI Falls Short
    Research conducted with security professionals at Infosec Security found that 87 per cent of respondents believe AI increases risk rather than mitigates it. Six in ten said their organisation didn't have the resources to manage the threats AI introduces. These aren't the numbers of an industry confidently embracing a new era. They're the numbers of a sector that's been oversold.
    Spence puts it plainly: "There's a lot of money from VCs being pumped into cybersecurity, and cybersecurity does marketing extremely well. Which means people end up buying tools. And quite often, tools are purchased, and they barely make it out of the onboarding phase." The hype, in other words, is moving faster than reality, and security leaders are paying the price.
    What the Mythos Release Actually Taught Us
    To understand where AI hype collides hardest with security reality, look at what happened with Mythos. The frontier AI model was made available to a limited group of organisations through Anthropic's Project Glasswing initially around 12 companies, including Microsoft and CrowdStrike, and later expanded to more security businesses. The intent was to test and validate a security-focused AI capability at the highest level.
    Within 24 to 48 hours of Fable's release, the security solution built on Mythos was being released, and someone had already found a prompt that bypassed its controls. Shortly after, the US government restricted access to the model for organisations outside the United States.
    For Spence, the lesson isn't that AI is useless. It's that the hype around AI security outpaces what even the best-resourced organisations can actually control.
    "If the top security companies in the world, dedicated to testing and securing these AI frameworks, still haven't been able to secure it, how does a smaller mid-market business take on that security challenge?"
    His answer cuts against the grain of most vendor messaging that nothing about AI development, including Mythos, has actually changed what organisations should be doing. "If you look at the NCSC's top ten steps, it's all about fundamentals. And if you have those right, you will still be secure from AI-driven attacks." That's not a comfortable message for vendors selling AI-native security platforms, but it's the one the data supports.
    Where Security Leaders Are Getting It Wrong
    The most common mistake Spence sees is organisations acquiring tools in response to fear rather than strategy. AI marketing is particularly effective at generating that fear, which is exactly why the cycle keeps repeating.
    "There's a culture that a product is just going to do everything for you and save your bacon in a time of issues. The magic fairy dust of: buy this product and it solves all your problems."
    The result is tool sprawl at a scale most boards don't realise. The average mid-market company runs between 30 and 40 security products. Enterprise organisations frequently exceed 80 or 90. And yet breaches persist. Operational complexity grows. Security teams burn out managing tools rather than managing threats.
    Six in ten security professionals surveyed said AI hype was pushing them to fixate on the volume of vulnerabilities rather than how to manage them. That's a direct consequence of marketing designed to create urgency, and it's causing leaders to make reactive purchasing decisions instead of strategic ones.
    The fix isn't complicated, but it requires discipline: define the outcome you need to achieve before you look at a single product. "What is the outcome that we need to achieve as a business? Make sure you have those written down. Then look at which tool maps to solving those outcomes." Tool mapping, not tool accumulation, is what an effective security strategy looks like.
    The Vulnerability Volume Trap
    One of the clearest examples of hype distorting reality is how organisations are handling vulnerability management or failing to. AI has made vulnerability discovery faster and more accessible, both for defenders and attackers. The next wave of AI-enabled attacks, beyond the phishing use cases that became widespread first, is exploitation at scale. AI scanning infrastructure for gaps faster than human teams can identify and close them. That's a real threat but the response many organisations have is to treat every vulnerability finding as equally urgent, which is where the hype machine takes over.
    Spence gives a concrete example: a vulnerability scanner might flag four instances of an outdated version of Chrome as four separate critical findings. Teams see four criticals. Boards panic. In reality, there's one action update Chrome. The noise generated by poorly configured tools inflates urgency and slows down the teams trying to respond.
    "People can get so overwhelmed and go, there's so much to do here, it's going to be impossible. But it's about putting a system and structure in place to deal with it. It doesn't matter whether it's one vulnerability or a thousand; it's the same process."
    A healthcare client Spence worked with had a board furious at the IT team over the volume of critical vulnerabilities appearing in reports. The team hadn't done anything wrong. They'd simply never run structured vulnerability management before, so when they started, everything surfaced at once. The fix wasn't faster patching, it was building a process: identify assets, prioritise by actual business risk, remediate in order, track progress. Once the board understood they were closing gaps rather than chasing an impossible zero, the relationship between leadership and the security team stabilised.
    Patch management isn't a solved problem. For businesses running tens of thousands of endpoints with hundreds of applications across their estate, keeping up with remediation at scale is genuinely hard. AI-driven discovery doesn't solve that it amplifies the pressure if there's no management system underneath it.
    How to Evaluate AI Security Claims
    Given the pace of AI development and the volume of vendor claims, security leaders need a practical filter. Spence's is straightforward with his sentiments like does this address a specific outcome your organisation has already identified as a gap?
    Not "does this solve the broad threat category of AI-driven attacks." Not "does this give us AI-powered detection." But specifically, does this map to something we know we need to fix in our environment?
    The same filter applies to internal AI adoption. Two questions should come before anything else: what business risk are you accepting by giving AI agents access to your data, and is that access read-only, or can the agent execute actions? The risk profile of those two scenarios is dramatically different, and most organisations haven't explicitly defined which one they're operating under.
    What Security Leaders Should Do Differently
    The practical takeaways from Spence's position are less about new tools and more about clearer thinking:
    Lead with outcomes, not products. Define what your organisation needs to achieve before engaging with any vendor. Map tools to outcomes, not the other way around.
    Treat vulnerability volume as noise, not signal. Build a prioritisation and remediation process. A thousand vulnerabilities managed systematically is less dangerous than ten vulnerabilities with no process behind them.
    Ask the data access question first. Before any AI deployment, define what it can access and whether it can act on that access. That decision shapes your entire risk profile.
    Consolidate rather than accumulate. The industry is moving toward fewer, better-integrated tools for good reason. Thirty security products that no one fully configures is not a security strategy.
    Stay on the fundamentals. AI hasn't invalidated the NCSC's core steps. If anything, AI-driven threats make...
  • The Security Strategist

    How the Mythos Era Is Reshaping the Future of the SOC

    2026/06/15 | 27 mins.
    Security operations centres have always been a numbers game with too many alerts, few analysts, and never enough hours in a shift. But something has changed. The arrival of AI models capable of identifying vulnerabilities and generating working exploits at machine speed has quietly shifted the terms of engagement between attackers and defenders. In this episode of the Security Strategist podcast, Richard Stiennon sits down with Edward Wu, founder and CEO of Dropzone AI, to unpack what the Mythos era actually means for the SOC and what defenders need to do about it right now.
    The Alert Problem That AI Was Always Going to Solve
    Wu didn't come to this conversation theoretically. Before founding Dropzone AI, he spent eight years at Palo Alto Networks building AI and machine learning detection products, systems that generated millions of security alerts. The conclusion he walked away with was that most security teams don't need another alert cannon. What they need is help processing the ones they already have.
    That insight shaped everything about Dropzone's approach. The problem in most SOCs isn't a lack of signals, but it's analytical capacity. SIEMs stack-rank alerts by criticality, which sounds helpful until you realise that even a well-tuned system routinely surfaces 150 critical alerts per shift. No team handles that volume consistently. The alerts at the bottom of the queue, the ones that often contain the earliest indicators of a breach, simply never get looked at.
    "AI can look at 50 alerts in parallel," Wu explains, and that's not a trivial capability. It means the lows, mediums, and informational alerts that security teams have historically deprioritised out of necessity can finally get attention. Several of Dropzone's customers have gone further; they've actually reversed years of detection tuning alerts that were switched off because they were deemed too noisy, because AI augmentation means the team now has the capacity to handle the volume. The aperture widens. Coverage improves, and holes in the detection fabric get closed rather than quietly accepted.
    Mythos Changed the Timeline, Not the Outcome
    When Anthropic published its findings on Mythos, the cybersecurity community took notice. Here was a model demonstrably capable of analysing code, discovering vulnerabilities, and writing working exploits with tasks that had previously required significant human expertise and time. Wu was watching closely, and his take is more measured than most of the commentary that followed.
    He wasn't surprised. Models had been trending in this direction for some time, and when researchers revisited older models with better prompt engineering after the Mythos announcement, many found comparable outputs. What Mythos represented wasn't a sudden leap into unknown territory; it was confirmation that a step-function in attacker capability had arrived, and that the timeline for impact was no longer theoretical. "It was never a question of if," Wu says. "Mythos made the answer to when very concrete within the next couple of months."
    The strategic implication is important to sit with. Vulnerability management is a slow-moving discipline with significant organisational friction. Patching schedules, competing priorities, and legacy infrastructure, these constraints don't bend quickly, regardless of how capable AI becomes on the offensive side. If attackers can now discover and weaponise vulnerabilities faster than defenders can patch them, the perimeter becomes harder to hold. Initial footholds become easier to gain.
    This shifts the weight of the entire security programme toward detection and response. Wu frames it as a change in where the statistical advantage lies. Before a breach, attackers only need to be right once. But once they're inside, the math flips. On average, an attacker needs to make seven to ten moves to reach their objective. Detection and response teams have multiple opportunities to catch them, if the tripwires are sensitive enough, and if someone is actually paying attention to them.
    Fighting AI with AI
    The phrase "fighting AI with AI" risks sounding abstract. Wu brings it back to operational reality. The most immediate application is alert investigation, still the most labour-intensive function in any detection and response team. AI agents can begin processing an alert within seconds of it being created. Mean time to response drops. Mean time to disposition drops. The window of opportunity for an attacker to move laterally, escalate privileges, or exfiltrate data gets materially smaller.
    For larger teams, this translates into improved coverage and faster response. For smaller teams, it functions as genuine force multiplication; analysts spend less time on repetitive investigation work and more time on detection engineering, threat hunting, and closing gaps in the broader security architecture.
    Wu also addresses the hallucination concern that comes up whenever AI is proposed for high-stakes environments. His answer is direct: "Hallucinations are caused by poor context engineering." Feed a model insufficient or irrelevant information, and it fills in the gaps. Feed it the right data, the specific logs, the relevant threat intelligence, and the contextual detail it needs, and it performs the analytical task accurately. The model isn't the problem. The scaffolding around it is what determines the outcome.
    For CISOs considering where to start, Wu's advice is practical. Audit where the team is actually spending its time. Identify the bottlenecks. Then evaluate vendors — at least three, in production, in your own environment, against three criteria: does the technology work now, is the company's roadmap aligned with where you're trying to get to, and can you trust the engineering team to deliver it?
    The Mythos era hasn't changed the fundamental cat-and-mouse dynamic of cybersecurity. But it has raised the stakes and raised the ceiling on what AI-augmented defence can deliver. If you want to find out more, visit Dropzone AI or connect with Edward Wu on LinkedIn.
    Takeaways
    AI models like Mythos and their capabilities
    Impact of AI on vulnerability discovery and exploit creation
    Enhancing SOC efficiency with AI augmentation

    Chapters
    00:00 Introduction to AI in Cybersecurity
    02:04 The Challenge of Alert Overload
    07:00 The Impact of Mythos on Vulnerability Management
    11:58 Detection and Response as the New Frontline
    16:27 Fighting AI with AI: Practical Implications
    22:00 Customer Experiences and Success Stories
    25:15 Preparing for Automation in SOCs
More Business podcasts
About The Security Strategist
With cyber attacks more common than ever before and each attack becoming increasingly sophisticated, security teams need to be one step ahead of cybercrime at all times. “The Security Strategist” podcast delves into the depths of the cybercriminal underworld, revealing practical strategies to keep you one step ahead. We dissect the latest trends and threats in cybersecurity, providing insights and expect-backed solutions to protect your organisation effectively. Tune into this cybersecurity podcast as we dissect major threats, explore emerging trends, and share proven prevention strategies to fortify your defences.
Podcast website

Listen to The Security Strategist, Investec Focus Radio SA and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
The Security Strategist: Podcasts in Family
  • Podcast The Security Strategist
    The Security Strategist
    Business, News, Tech News, Technology