Follow the White Rabbit - IT Security Podcast - English Edition
A security analyst experimented with a public AI, meticulously crafting malware capable of evading detection. This wasn't done by a nation state or a criminal gang; it was Northwave, a Dutch cybersecurity firm. Their CTO, Christiaan Ottow, a former ethical hacker, oversaw the experiment. In this episode of Follow the White Rabbit, Kofi Osae-Attah talks with Christiaan about the experiment's findings and his belief that we've reached a critical point he and his team predicted in September. Christiaan isn't an alarmist. He was skeptical of LLM hype, but the data changed his mind. His incident response team investigated a breach where they gained rare access to the attacker's staging server and found files documenting the AI's reasoning, plans, and execution steps. The attack used zero-day vulnerabilities, pivoted between cloud environments, and went undetected despite the victim having EDR and next-generation firewalls. The attacker didn't need hacking skills; they just needed to find a way around the AI's guardrails. This is the new baseline. The barrier to entry has collapsed, and attribution is becoming impossible as every threat actor uses the same models. The implications for defenders are stark, but Christiaan's advice is practical. Agentic AI isn't a competitive advantage; it's a baseline requirement. However, speed without structure is dangerous. Automated response needs a fine-grained authority matrix, prompt injection risks need to be engineered around, and most security teams are missing a complete, accurate inventory of their assets and identities. The organizations waiting for proof that this shift is real are about to get it. In the worst possible way. TAKEAWAYS: 1. The inflection point has arrived. Christiaan's team predicted it would arrive in April 2026. It arrived on schedule: Anthropic's Mythos, GPT 5.5, and the first fully AI-driven attack investigated by their incident response team all occurred in the same month. 2. AI attackers operate like an entire team. A human hacker has one area of expertise. An AI agent has them all simultaneously: software vulnerabilities, cloud misconfigurations, Windows environments, and identity exploitation. Attribution is becoming nearly impossible. 3. Your defensive AI is also an attack surface. Prompt injection into agentic SOC systems poses a real threat. Treat your AI agent as you would software or a human employee: isolate it technically, provide guardrails, and explicitly train it on what it is allowed to do. 4. Asset and identity inventory is now a top-tier security priority. Knowing what systems you have, what software they run, which API keys exist, and what permissions they carry used to be basic hygiene. Under AI-speed attacks, it's critical infrastructure for incident response. 5. The question isn't whether AI changes the threat landscape. It already has. Run this thought experiment: What if the volume of attacks triples? What if the time between discovering a vulnerability and its exploitation is reduced to zero? If you can't answer these questions, you should. Subscribe to Follow the White Rabbit If this episode made the threat feel more concrete than it did an hour ago, then we've done our job. Subscribe on your preferred platform, leave a review, and share this episode with every CISO, SOC lead, and security engineer in your network. The gap between now and then is smaller than most defenders realize. LINKS: * Christiaan Ottow, CTO, Northwave Cyber Security on Linkedin [https://www.linkedin.com/in/christiaanottow/] * Kofi Osae-Attah Jr. | LinkedIn [https://www.linkedin.com/in/kofi-osae-attah-jr-444861255/] * How AI-Driven Cyberattacks Are Changing the Threat Landscape in 2026 [https://northwave-cybersecurity.com/articles/how-ai-driven-cyber-attacks-are-changing-the-threat-landscape-in-2026] * "The Day-Zero Normal" [ https://www.linkedin.com/feed/update/urn:li:activity:7450542077001662464/?originTrackingId=k0JlK3ummGQgdmR4yPQwpg%3D%3D ] Rob Fuller · Chief Information Security Officer [https://robfuller.net/] * Anthropic: Project Glasswing & Mythos Preview [https://www.anthropic.com/glasswing] * MITRE ATT&CK: Agentic AI Threat Modeling [https://attack.mitre.org] * Recommended book: The Art of Intrusion – Kevin Mitnick
10 Folgen
Kommentare
0Sei die erste Person, die kommentiert
Melde dich jetzt an und werde Teil der Follow the White Rabbit - IT Security Podcast - English Edition-Community!