Initial Access

This episode explores how access is being created, scaled, and kept with less friction, from a critical cPanel authentication bypass to AI-generated vulnerable code, AI-assisted attacks, persistent footholds in trusted systems, and stealthier data exfiltration.

This episode explores how access control is breaking down across AI systems, consumer apps, and vulnerability management, from leaked AI tooling and bypassed EU verification apps to actively exploited Windows zero-days and growing strain on the NVD. 

In this Initial Access episode, we look at how attackers are reusing trust that is already in place, from hijacked sessions and malicious browser extensions to overlooked industrial systems infrastructure and tightly controlled AI capabilities.

In this special episode, we break down Anthropic’s Project Glasswing announcement and what it signals for the future of cybersecurity. At its core, Glasswing is a defensive initiative built around a new class of AI capability: models that can identify, exploit, and help remediate software vulnerabilities.The conversation goes beyond the announcement to unpack what this actually means in practice: where the capability holds real weight, where it remains constrained, and how security leaders should be thinking about control, oversight, and risk as AI begins to meaningfully accelerate offensive security outcomes.Key Takeaways:Glasswing reflects a real inflection point in offensive capabilityThe discussion enforces that AI systems are now capable of performing meaningful vulnerability discovery and exploitation tasks. The significance isn’t just in finding bugs, but in doing so at scale and speed that begins to outpace traditional human-led approaches.The core shift is compression of the attack lifecycleA major theme from the conversation is how AI reduces the time between discovery and exploitation. What historically required time, expertise, and iteration can now be accelerated, which has direct implications for how quickly defenders need to detect and respond.This is as much about attacker enablement as defender toolingWhile Glasswing is positioned as a defensive effort, the underlying capability is inherently dual-use. The experts highlight that the same advancements enabling defenders will inevitably lower the barrier for attackers, making this a race to adapt rather than a one-sided advantage.Control—not capability—is the real constraint todayThe limitation isn’t what the AI can do, but how safely it can be deployed. The discussion emphasizes that governance, access restriction, and controlled usage are currently the primary mechanisms preventing misuse—not a lack of technical capability.Human-in-the-loop remains a necessary safeguardWhile the technology is advancing quickly, the experts stress that human oversight is still critical, particularly when validating findings, making remediation decisions, and preventing unintended consequences from automated actions. This is less about slowing AI down and more about ensuring reliability and accountability.Security programs are not designed for this speed yetExisting security processes (patching cycles, validation workflows, detection models) are not built for a world where vulnerabilities can be discovered and operationalized at machine speed. This creates a growing gap between attacker capability and defender readiness.Validation and testing models need to evolveThe conversation highlights the need for more realistic testing approaches that account for AI-driven discovery and exploitation. Traditional assessments may not fully capture how these systems behave or how quickly weaknesses can be identified and chained together.The long-term impact is an expanding and accelerating attack surfaceAs AI continues to improve in code understanding and system analysis, the number of exploitable paths, and the speed at which they can be uncovered, will increase. This isn’t a single breakthrough moment, but the start of a compounding effect on both offense and defense.

In this Initial Access podcast episode, we examine how trust, speed, and automation are reshaping initial access across software supply chains, network infrastructure, and AI systems. 

In this Initial Access podcast episode, we examine how attackers are inheriting access through trusted systems, default permissions, and unpatchable infrastructure.

In this Initial Access podcast episode, we examine how attackers are turning normal workflows and trusted systems into reliable paths for initial access as exploitation timelines continue to shrink. 

In this Initial Access podcast episode, the team looks at several recent examples of that compression in action, from a supply chain compromise that led to AWS admin access, to malware spreading through GitHub, npm, and VS Code, to ClickFix lures that convince technical users to run malicious commands themselves.

In this Initial Access episode, we examine how attackers are gaining initial access through social engineering, identity abuse, and vulnerable edge infrastructure. The team also discusses the rise of phishing-as-a-service platforms, leaked mobile exploit chains entering the criminal ecosystem, and how AI is accelerating reconnaissance and offensive tooling for both attackers and defenders.

In this Initial Access podcast episode, we cover AI coding agents operating inside developer environments, automated attack platforms accelerating exploitation cycles, long-lived connected devices exposing unexpected telemetry risks, and why identity systems remain the primary entry point for attackers.

In this Initial Access podcast episode, we cover autonomous vulnerability discovery, AI agents that ignore instructions, and why models are becoming strategic national assets.

In this Initial Access podcast episode, we cover SSO phishing, patching failures, exposed APIs, and zombie infrastructure remind us that basic security hygiene still decides the outcome.

In this Initial Access podcast episode, we cover prompt injection, a hijacked Outlook add-in, commoditized mobile spyware, AI executive deepfake scams, IT-to-OT pivoting, and nation-state use of commercial LLMs to accelerate exploitation.

In this Initial Access podcast episode, we cover the rollback of federal software security guidance, insider-driven access risks, ongoing state-sponsored espionage, and the security implications of giving AI tools deep control over infrastructure.

In this Initial Access podcast episode, we cover AI prompt injection risks, continued social engineering via LinkedIn and QR codes, credential theft and session hijacking, patch reliability and appliance security, and how AI is being used to accelerate malware development, distinguishing meaningful risk from overhyped claims.