EPISODE · Jun 29, 2026 · 1H 13M
The Five-Dollar Agentic AI Hacker
from The GIST of Govt IT · host Swish
Four days. A spare $500 mini PC from Microcenter. An open-source quantized model running on 512 MB of VRAM. And by Thursday morning, an autonomous AI agent named Jenkins was finding vulnerabilities, chaining exploits, gaining root, and maintaining persistence — entirely on its own, with no human in the loop. In Episode 11 of The GIST of Govt IT, Brian and Sean are joined by Marlin McFate, Federal CTO and CISO at Cohesity to dig into the experiment Marlin documented on his new Substack, Peripheral Tech. Marlin walks through the architectural choices that made Jenkins possible — the "discussion skill" approach to working with agents like colleagues, the orchestrator-subagent model, the safety capability files that proved more effective than external guardrails — and why the implications go far beyond "Mythos changed everything." The conversation digs into the real thesis: the barrier to nation-state-grade offensive cyber didn't just fall — it fell years ago, and most organizations are still spending 80% of their cybersecurity budget trying to prevent attacks rather than recover from them. Brian, Sean, and Marlin unpack the digital jump bag, the minimum viable agency concept, why finding the last clean backup is "a bad lie" the industry has been telling for years, and what Cohesity's RAG-enabled secondary data approach means for agencies trying to feed AI without standing up a fifth copy of their data. Plus, AI agents throw fits and take on personalities for their own. ----------RESOURCES MENTIONED IN THIS EPISODEFeatured Guest- Marlin McFate, Federal CTO & CISO, Cohesity- Peripheral Tech (Marlin's Substack)- Jenkins- Cohesity Federal- Cohesity Gaia (conversational AI search for backup data)The Experiment & The Stack- Kali Linux (penetration testing OS)- Ollama (local LLM runtime)- Qwen open-source models (Alibaba)- The Mythos vulnerability discovery report (Cloud Security Alliance)- Anthropic Project GlasswingAgentic AI & Security- Gambit Security research on multi-AI hacker (Anthropic + OpenAI split-context attack on Mexican government)Federal Cyber Policy & Frameworks- OMB M-26-14 (cybersecurity logging and monitoring for IT/IoT/OT)- CISA Industrial Control Systems resources- NIST AI Risk Management FrameworkConcepts Discussed- Westrum Organizational Culture Typology- Project Bravo (Stuart Wagner, formerly Air Force, now Navy)- Platform One (DoD DevSecOps platform)Open Source AI Frameworks- vLLM (high-throughput LLM inference)- Red Hat OpenShift AILearning Resources- O'Reilly Learning Platform- O'Reilly AI Sandboxes & Guided LabsRelated Episodes- Episode 7: Iran Came for the Dams and We Lucky- Episode 2: Fighting Fire with Fire to Secure Federal AgentsUpcoming Event- Marlin speaking at AWS Public Sector Summit DC — Tuesday, June 30, 2:00 PM, Convention Center side theaterThe Hosts & Show- Swish- GIST 360 program----------CONNECT WITH USGot an idea for a future episode? Want to be a guest? Let us know.Brian Lake - [email protected] Applegate - [email protected] wherever you get your podcasts: Apple Podcasts, Spotify, or gist360.com.
What this episode covers
Four days. A spare $500 mini PC from Microcenter. An open-source quantized model running on 512 MB of VRAM. And by Thursday morning, an autonomous AI agent named Jenkins was finding vulnerabilities, chaining exploits, gaining root, and maintaining persistence — entirely on its own, with no human in the loop. In Episode 11 of The GIST of Govt IT, Brian and Sean are joined by Marlin McFate, Federal CTO and CISO at Cohesity to dig into the experiment Marlin documented on his new Substack, Periph...
NOW PLAYING
The Five-Dollar Agentic AI Hacker
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m