Corelight DefeNDRs

Episode 15 - The Right Eyes: Mythos, and the Future of Vulnerability Discovery

The emergence of advanced large language models like Anthropic's Mythos represents an epochal shift in cybersecurity, fundamentally altering how zero-day vulnerabilities are surfaced and remediated. In this episode, host Richard Bejtlich sits down with Corelight Co-founder Greg Bell to analyze the security implications of this AI-driven bug explosion, highlighting recent AI-assisted vulnerability discoveries across infrastructure mainstays like FreeBSD and Firefox. Together, they challenge the classic open-source maxim that "with enough eyes, all bugs are shallow," arguing instead that the arrival of the right automated eyes exposes an overwhelming pool of latent software flaws. Moving beyond the immediate operational chaos, Richard and Greg discuss the economics of declining token costs, the critical survival need for an assume-breach mentality, and how Corelight’s new agentic triage capabilities help defenders automate mind-numbing log review to achieve a resilient, human-led cybersecurity equilibrium.

Episode 14 - Harvest Now, Decrypt Later: The Shift to Post-Quantum Cryptography

The emergence of quantum computing has introduced a definitive expiration date for classical encryption, fueling a "harvest now, decrypt later" strategy among sophisticated nation-state actors. In this episode, Vince Stoffer joins Richard Bejtlich to demystify Post-Quantum Cryptography (PQC) and explain why organizations must move beyond a "set it and forget it" mentality regarding their encryption standards. They explore the critical role of Automated Cryptography Discovery and Inventory (ACDI) and how Network Detection and Response (NDR) provides a unique, passive vantage point to identify vulnerable cipher suites and track the real-time negotiation of quantum-resistant algorithms. By maintaining a clear picture of the cryptographic assets on the wire, defenders can proactively secure sensitive data against future decryption and meet the rising demands of modern regulatory standards.

Episode 13 - Battle-Hardened Research: Navigating the Intersection of AI and Open Source

Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands. Finally, they explore the accelerating role of artificial intelligence in cybersecurity, weighing its ability to reduce analyst fatigue against the growing sophistication of AI-powered phishing and malware development.

Episode 12 - The Agentic SOC: Upleveling Analysts with AI Knowledge Multipliers

Richard Bejtlich sits down with Stan Kiefer, Corelight’s Senior Manager for Data Science, to discuss how AI serves as a vital "abstraction layer" and "knowledge multiplier" for security analysts. Stan explains that while AI can synthesize complex information, it remains untrustworthy without high-fidelity network data at its center to provide verifiable evidence. The episode explores the shift toward an "agentic ecosystem" and a tiered architecture where a central orchestrator manages specialized sub-agents to accelerate detection and investigation. Looking toward the future, Stan envisions a hybrid SOC environment where adaptive systems learn an analyst's specific workflows to automate routine tasks, acting as a professional companion that can cut the time needed to reach competency in half.

Episode 11 - The AI Maturity Journey: Data, Agents, and the Shift from Craft to Art

Richard Bejtlich talks with Vijit Nair, VP of Product at Corelight, about the evolving "AI Maturity Journey" for modern security teams. Vijit outlines a three-level spectrum of AI adoption, moving from basic human-driven assistance to automated swarms of agents, and eventually toward fully autonomous systems. They discuss why high-quality, unopinionated data remains the essential foundation for building trust in AI and how technologies like the Model Context Protocol (MCP) are turning human language into the primary interface for tool integration. The conversation explores the partnership between Corelight and CrowdStrike Charlotte AI as a real-world example of this connected ecosystem. Finally, Vijit and Richard reflect on how AI is "eating the craft" of security—automating away the mind-numbing manual tasks of a SOC—to allow analysts to focus on the "art" of judgment, creativity, and strategic defense.