6.6K
Downloads
66
Episodes
Stay ahead of the latest cybersecurity trends with Cyberside Chats! Listen to our weekly podcast every Tuesday at 6:30 a.m. ET, and join us live once a month for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity professional or an executive looking to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you stay informed and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!
Join us monthly for an interactive Cyberside Chats: Live! Our next session will be announced soon.
Episodes
12 hours ago
12 hours ago
Anthropic’s Project Glasswing and its unreleased Mythos model signal a potential turning point in cybersecurity: AI that can find—and potentially exploit—software vulnerabilities at unprecedented scale.
In this episode of Cyberside Chats, Sherri Davidoff and Tom Pohl break down what this means for organizations today. If AI can uncover decades-old bugs in seconds, what happens to patching cycles, vulnerability management, and the balance between attackers and defenders?
They explore the uncomfortable reality: we may be entering a period where vulnerabilities are discovered faster than organizations can fix them—and where access to powerful AI tools could determine who wins and loses in cybersecurity.
From continuous patching to network segmentation and vendor accountability, this episode focuses on what security leaders need to do right now to prepare for a rapidly shifting threat landscape.
Key Takeaways
1. Reduce your internet exposure - If a system doesn’t need to be publicly accessible, don’t put it on the internet. Move services behind firewalls, VPNs, or restricted access controls wherever possible. Attack surface matters more than ever.
2. Vet your vendors’ security practices - Don’t just trust that vendors are handling security well. Ask how they:
- Secure their development lifecycle (SDLC)
- Detect and respond to vulnerabilities
- Patch and distribute fixes
- Vendor risk is now a direct extension of your own risk.
3. Budget for ongoing maintenance of custom code - Custom applications aren’t “done” at deployment. Plan for:
- Regular security testing
- Continuous patching
- Developer time to fix vulnerabilities
- Software is a living system and requires ongoing care and feeding.
4. Segment your network to limit attacker movement - Assume attackers will get in. The goal is to stop them from moving laterally:
- Separate critical systems
- Limit privileged account access
- Control how systems communicate
- Containment is just as important as prevention.
5. Update your incident response plan for zero-day reality - Your IR plan should assume:
- Exploits may exist before patches are available
- Detection may lag behind compromise
- Prepare for faster response, imperfect information, and active exploitation of unknown vulnerabilities.
Resources & References
1. Anthropic – Project Glasswing - https://www.anthropic.com/glasswing
2. Anthropic – Mythos Preview - https://red.anthropic.com/2026/mythos-preview/
3. Historical example discussed: Microsoft bug tracking system breach (2017)
4. Example referenced: ProxyShell (Microsoft Exchange vulnerabilities and rapid exploitation)
No comments yet. Be the first to say something!