Resilient Cyber Titelbild

Resilient Cyber

Resilient Cyber

Von: Chris Hughes
Jetzt kostenlos hören, ohne Abo

Über diesen Titel

Resilient Cyber brings listeners discussions from a variety of Cybersecurity and Information Technology (IT) Subject Matter Experts (SME) across the Public and Private domains from a variety of industries. As we watch the increased digitalization of our society, striving for a secure and resilient ecosystem is paramount.

© 2026 Resilient Cyber
  • Securing the Future with Autonomous Defense
    Feb 23 2026

    Summary:

    In this conversation, Chris Hughes and Stanislav Fort discuss the transformative role of AI in cybersecurity, particularly in vulnerability management. Stanislav shares insights on how AI can discover zero-day vulnerabilities in widely used codebases, the challenges of balancing AI-driven discoveries with quality assurance, and the importance of proactive security measures. They also explore the economic sustainability of AI in cybersecurity, the burden on maintainers, and the ongoing arms race between defenders and attackers. The discussion emphasizes the potential for AI to significantly enhance software security and the aspiration towards achieving zero vulnerabilities in critical infrastructure.


    Takeaways:

    AI is revolutionizing vulnerability management in cybersecurity.
    The ability to find long-hidden vulnerabilities is unprecedented.
    AI can enhance both offensive and defensive security measures.
    Proactive security integration into development pipelines is essential.
    The quality of vulnerability reports is declining due to AI-generated noise.
    Maintainers face increasing burdens from rapid AI-driven discoveries.
    AI can help secure open source projects effectively.
    Sustainability in AI cybersecurity requires financial backing.
    The arms race between attackers and defenders is intensifying with AI.
    Achieving zero vulnerabilities is an aspirational yet achievable goal.


    Chapters

    00:00 Introduction to AI in Cybersecurity
    02:52 The Evolution of AI and Vulnerability Discovery
    05:45 AI's Impact on Software Development
    08:59 Discovering Zero-Day Vulnerabilities
    11:48 The Great Bifurcation in Security Research
    14:52 Balancing AI-Driven Discoveries and Quality
    17:59 Proactive Security Measures in Software Development
    20:53 The Role of AI in Securing Open Source Projects
    23:54 Sustainability of AI in Cybersecurity
    27:07 Addressing the Burden on Maintainers
    30:09 The Tension Between Autonomy and Security
    33:03 The Arms Race Between Defenders and Attackers
    36:12 Aiming for Zero Vulnerabilities
    38:58 Conclusion and Future Outlook

    Mehr anzeigen Weniger anzeigen
    41 Min.
  • Selling Cyber: Deal Flow and Market Signals with Momentum Cyber
    Feb 18 2026

    In this episode of Resilient Cyber I catch up with Momentum Cyber's Founder & CEO, Eric McAlpine.

    We will be unpacking 2025's M&A and capital market activities, using Momentum Cyber's 2025 Cybersecurity Almanac Report, as well as discussing some of the overlooked and untold details under the hood of cyber M&A, building world class teams and more.

    Mehr anzeigen Weniger anzeigen
    42 Min.
  • Exploiting AI IDEs
    Feb 17 2026

    In this episode of Resilient Cyber, we will be sat down with Ari Marzuk, the researcher who published "IDEsaster", A Novel Vulnerability Class in AI IDE's.

    We will be discussing the rise of AI-driven development and modern AI coding assistants, tools and agents, and how Ari discovered 30+ vulnerabilities impacting some of the most widely used AI coding tools and the broader risks around AI coding.

    • Ari's background in offensive security — Ari has spent the past decade in offensive security, including time with Israeli military intelligence, NSO Group, Salesforce, and currently Microsoft, with a focus on AI security for the last two to three years.
    • IDEsaster: a new vulnerability class — Ari's research uncovered 30+ vulnerabilities and 24 CVEs across AI-powered IDEs, revealing not just individual bugs but an entirely new vulnerability class rooted in the shared base IDE layer that tools like Cursor, Copilot, and others are built on.
    • "Secure for AI" as a design principle — Ari argues that legacy IDEs were never built with autonomous AI agents in mind, and that the same gap likely exists across CI/CD pipelines, cloud environments, and collaboration tools as organizations race to bolt on AI capabilities.
    • Low barrier to exploitation — The vulnerabilities Ari found don't require nation-state sophistication to exploit; techniques like remote JSON schema exfiltration can be carried out with relatively simple prompt engineering and publicly known attack vectors.
    • Human-in-the-loop is losing its effectiveness — Even with diff preview and approval controls enabled, exfiltration attacks still triggered in Ari's testing, and approval fatigue from hundreds of agent-generated actions is pushing developers toward YOLO mode.
    • Least privilege and the capability vs. security trade-off — The same unrestricted access that makes AI coding agents so productive is what makes them vulnerable, and history suggests organizations will continue to optimize for utility over security without strong guardrails.
    • Top defensive recommendations — Ari emphasized isolation (containers, VMs) as the single most important control, followed by enforcing secure defaults that can't be easily overridden, and applying enterprise-level monitoring and governance to AI agent usage.
    • What's next — Ari is turning his attention to newer AI tools and attack surfaces but isn't naming targets yet. You can follow his work on LinkedIn, X, and his blog at makarita.com.
    Mehr anzeigen Weniger anzeigen
    25 Min.
Noch keine Rezensionen vorhanden