Security Café

SecurityCafe Special | Mythos – Facts, Fiction and What You Need to Do Now

About this episode In this special edition of SecurityCafe, Quint Ketting and Koen Maris join host Menno van der Horst for an open, no-nonsense conversation about Mythos — Anthropic's frontier AI model expected to become more widely available around mid-August. No panic, no hype — just an honest look at what will actually change, and what your organization should already have been doing. ---------------------------------------- What we cover Mythos: revolution or evolution? Koen opens with a sharp reality check: if it takes five days to build an exploit today and Mythos brings that down to twenty hours — how much really changes? The hype around Mythos risks drawing attention away from what's already happening. Claude Opus 4.7 is already live, carrying many of the same capabilities, with barely anyone noticing. The real shift: accessibility The barrier to sophisticated attacks is dropping fast. It's not that experts are becoming more dangerous — it's the new wave of attackers without deep technical skills that warrants concern. Quint illustrates the point with his own experience using Claude: from building custom tools to recovering audio from a faulty recording. What this means for your organization * Cyber hygiene first. If your foundations aren't in order, you already have a problem — Mythos just makes it more visible and more urgent. * Third-party contracts. Patch response clauses of 90 days or more are no longer viable. Time to renegotiate. * Asset management. If you don't know what you have, you don't know what to protect. A scan often reveals 40% more assets than organizations think they manage. * Exposure management. Unmanaged assets are exactly where attackers will strike first. * Patch cycles. Microsoft recently released 250 patches in a single Patch Tuesday — normally 10 to 20. That pattern is not a coincidence. Prepare, Respond, Adapt Koen introduces the PRA framework: we are currently in a fragile peace. Use this window well. Organizations that prepare thoroughly will weather the storm quickly. Those that don't may find themselves in a prolonged and costly recovery. Frontier AI: the next buzzword — and what it actually means Mythos is part of a broader phenomenon. Vendors like Palo Alto are already embedding the same AI engines into their defensive toolsets. The question isn't whether this will affect you — it's whether you'll be ready. Project Glasswing & responsible disclosure Anthropic has given early access to a select group of major technology companies, resulting in both an explosion of patches and new AI-powered defenses. Responsible management of this capability is exactly the right approach — and a model the industry should follow. ---------------------------------------- Key takeaways * Start an internal working group now. Structure it with proper governance, board-level reporting, and weekly progress reviews. * Review your third-party agreements: do your SLAs still hold in a world of 24/7 patching? * Don't wait for Mythos to get your basics right. A low security maturity level cannot be fixed in two months. * Frontier AI is the bigger frame. Follow developments across Anthropic, Google, and others — not just the Mythos headlines. ---------------------------------------- Guests * linkedin.com/in/menno-van-der-horst-74710794 [http://linkedin.com/in/menno-van-der-horst-74710794] * linkedin.com/in/koen-maris [http://linkedin.com/in/koen-maris] * linkedin.com/in/quintketting [http://linkedin.com/in/quintketting]

Navigating the Future of Cybersecurity, Frontier-AI, and Society: Insights from the Security Café

SECURITYCAFE – LIESBETH HOLTERMAN, CYBERVEILIG NEDERLAND Hosts: Quint Ketting & Menno Recorded: Eindhoven Studio (our first ever in-person guest!) > We always say: Prepare. Respond. Adapt. — Quint's microphone broke mid-recording. We practiced what we preached. 🎙️💀 ---------------------------------------- ABOUT OUR GUEST Liesbeth Holterman is Managing Director of Cyberveilig Nederland [https://cyberveilignederland.nl/] — the Dutch trade association for the cybersecurity industry, focused on improving quality, transparency, and the digital resilience of the Netherlands. ---------------------------------------- WHAT WE DISCUSSED Data leaks — daily news, preventable problems Breaches are no longer weekly — they're daily. Social engineering, not sophisticated hacking, is the attacker's weapon of choice. The Odido case is a perfect example. Basic cyber hygiene remains the answer. Check your credentials: 👉 HaveIBeenPwned.com [http://HaveIBeenPwned.com] AI & Mythos — marketing or menace? Agentic AI can scan environments and find zero-days at scale. Bad actors have been using LLMs for a while already — what's new is that low-skill attackers now have access too. Bruce Schneier calls some of the fear "marketing hype" — but the underlying shift is real. The good news: in 4–5 years, defence will benefit just as much. 👉 Schneier on Security [https://www.schneier.com/] NIS2 & EU legislation Don't know where to start with cyber hygiene? Read NIS2 Article 21 — it's a solid baseline checklist. Legislation is finally getting boards to ask the right questions. 👉 NIS2 Directive [https://digital-strategy.ec.europa.eu/en/policies/nis2-directive] | Article 21 [https://www.nis-2-directive.com/NIS_2_Directive_Article_21.html] Dutch critical infrastructure The Netherlands' legendary efficiency — remote dikes, interconnected logistics, everything online — is also its biggest attack surface. The cybersecurity workforce of tomorrow AI will reshape roles like pen testing and SOC analysis. But the need for cyber professionals is still enormous. The sector isn't thinking strategically enough about what this means. Liesbeth's call: reach out, collaborate, have the conversation. 👉 cyberveilignederland.nl [http://cyberveilignederland.nl] ---------------------------------------- 🎬 RECOMMENDATIONS Quint → Hanna (Amazon Prime) A girl targeted by a CIA program for what an algorithm predicts she'll do — not what she's done. A thought-provoking lens on AI, surveillance, and pre-emptive power. 👉 IMDb [https://www.imdb.com/title/tt6932244/] Liesbeth → The Boys (Amazon Prime) Superheroes in the hands of a private corporation guided by profit, not public interest. Sound familiar? 👉 IMDb [https://www.imdb.com/title/tt1190634/] ---------------------------------------- SecurityCafe — because good security conversations deserve good coffee.

The Rise of the Agents & Modern Geopolitics

Host: Menno van der Horst Regular Guest & Chief Storyteller: Quint Ketting Special Guest: Jan Paul Oosterom (EMEA Regional Business Lead for Security, Microsoft) EPISODE SUMMARY In this episode, the trio dives into the rapidly shifting threat landscape. While geopolitical tensions remain the "elephant in the room," the real tactical shift is happening within the realm of AI Agents. Jan Paul explains why identity management is no longer just about people—it’s about governing the thousands of non-human entities now operating within corporate environments. The team discusses the "Assume Breach" mindset, the death of "badly written" phishing emails, and why protecting your Intellectual Property (IP) requires a deep understanding of who exactly is targeting you. ---------------------------------------- KEY TAKEAWAYS * The Identity of Agents: We are moving beyond managing human access. Organizations now face the challenge of managing non-human identities (AI Agents) that have their own permissions, access levels, and potential for "rogue" behavior. * Assume Breach as a Culture: Security isn't just a set of tools; it’s a mindset. "Assume Breach" means every employee and executive must operate with the default action of verifying before acting, especially regarding financial transactions or data access. * The Intellectual Property Target: Threat intelligence isn't one-size-fits-all. A camera manufacturer faces different risks (IP theft) than a national tax office (financial disruption). Knowing your "Why" helps you build the right "How." ---------------------------------------- TIMESTAMPED HIGHLIGHTS * [01:10] – Jan Paul Oosterom’s role at Microsoft and his remit across EMEA. * [03:45] – The "Elephant in the Room": Geopolitical risks and the pace of AI evolution. * [05:50] – The 10,000 Agent Problem: How one customer already has a massive fleet of autonomous agents running. * [07:20] – Deep dive into Identity Management: Protecting non-human identities. * [12:15] – The evolution of phishing: Why attackers are now "spot on" with their messaging. * [15:30] – The "Assume Breach" mindset: Moving from "Can we stop it?" to "How do we respond when it fails?" * [18:45] – Threat Intel: Identifying your specific enemies based on your business IP. * [24:10] – Closing thoughts: Why the Board needs to be challenged on security. ---------------------------------------- MEMORABLE QUOTES > "The days that we were able to easily recognize something bad are over." — Jan Paul Oosterom > "What you need to protect is probably not what you have budget for. You need to get those things in line." — Quint Ketting > "If you cannot truly verify that what you see is real or good—stop it and start asking questions." — Jan Paul Oosterom ---------------------------------------- THE RECOMMENDATION CORNER * Movie: Minority Report (Recommended by Jan Paul Oosterom) * Why: It explores the philosophical and ethical boundaries of "Predictive Systems"—how far can we go in flagging "criminal behavior" before a crime is even committed? * Quint was referring to a movie which was actually a Serie called: Hannah

Bonus Episode: The AI Shift: From Script Kiddies to Agentic Warfare

SECURITYCAFE PODCAST: BONUS EPISODE THE AI SHIFT: FROM SCRIPT KIDDIES TO AGENTIC WARFARE In this unplanned, deep-dive "after-talk," Menno Van Der Horst, Quint Ketting, and Max Heinemeyer peel back the curtain on the rapid evolution of AI in cybersecurity. Recorded just weeks after a massive shift in the landscape, the trio discusses why the "old ways" of hacking are being supercharged by AI agents and what this means for national resilience. ---------------------------------------- KEY TAKEAWAYS * The Scaling of Social Engineering: Data leaks (passports, IBANs, addresses) are no longer just static dumps; AI can now process these at scale to create hyper-personalized phishing campaigns for thousands of victims simultaneously. * The "Agentic" Shift: We are moving from static scripts to AI Agents. Unlike traditional malware, agents can make autonomous decisions, potentially making them more effective but also far more unpredictable and dangerous (the "Stuxnet with a brain" scenario). * The Defender’s Dilemma: While attackers don't care about "breaking" systems as long as they get in, defenders and penetration testers must remain deterministic and safe—a gap that AI is currently making harder to bridge. * Systemic Resilience: Cybersecurity is no longer just about protecting a single company; it’s about the "ecosystem." National security now depends on how well the entire supply chain—from big telcos to small vendors—is defended. ---------------------------------------- TIMESTAMPED HIGHLIGHTS * [00:41] The Four-Week Shift: Max explains how AI has hit the mainstream for both attackers and personal assistance (OpenCloud, NotebookLM). * [01:15] Weaponizing Data Dumps: How AI turns old-school data leaks into targeted, automated social engineering machines. * [02:45] From SQLi to Prompt Injection: Quint draws a parallel between the early days of SQL injection and the modern "hobby" of breaking LLM guardrails. * [04:48] Nation-State Guardrails: A look at how China and other actors use Western AI infrastructure and the risks of "spillover" (WannaCry style) in AI-led operations. * [08:27] The "Autonomous Stuxnet": What happens when an attack isn't run by a human, but by an agent with its own prompts? * [09:38] The Car Wash Paradox: Menno shares a hilarious (yet scary) anecdote about an AI losing the plot, illustrating why "hallucinations" in autonomous pen-testing are a major liability. * [12:39] The End of the Human Bottleneck: Max discusses how AI is removing the "human hands" requirement for vulnerability research and exploit development. * [16:40] The "Football Team" Analogy: Quint argues that cybersecurity needs to move past silos—even the best "players" (companies) lose if they don't play as a coordinated unit. * [21:17] Reason for Optimism: Why Max believes NIS2 and the rise of ML-driven SOC operations give defenders a fighting chance to regain the upper hand. ---------------------------------------- LINKS & RESOURCES MENTIONED * Backtrack / Kali Linux: The "old school" penetration testing roots. * DARPA Grand Challenge (2016): The early race for autonomous cyber defense (Shellphish & Mayhem). * NIS2 Directive: The evolving European legislation for cybersecurity. * Sven Herpig: Mentioned as a leading researcher on nation-state cyber policy.

The Year of the Data Leak: Why SaaS is the New Frontier (with Max Heinemeyer & Quint Ketting)

SHOW NOTES | EPISODE: THE YEAR OF THE DATA LEAK Welcome back to the Security Cafe, the podcast where we discuss cybersecurity with good coffee, questionable humor, and guests who—for their own good—know far too much about the cyber world. In this episode, your host Menno Van Der Horst sits down with regular guest Quint Ketting (our human equivalent of a SIEM) and special guest Max Heinemeyer, a heavyweight in cyber threat intelligence and AI-driven defense. As we kick off 2026, one thing is clear: the battlefield has shifted. We are no longer just fighting off ransomware; we are living in the "Year of the Data Leak." From massive telco breaches to compromised SaaS environments, the tactics are getting louder, faster, and more automated. In this episode, we break down: * The Pivot in Tactics: Why attackers are moving away from complex network encryption and towards "low-hanging fruit" like CRM databases and SaaS solutions. * The Identity Crisis: How AI-driven social engineering is becoming a machine, making phishing attempts nearly indistinguishable from reality. * The "Least Privilege" Paradox: Why do we still struggle with basic principles 20 years later? We discuss how a single helpdesk account can lead to 6 million compromised records. * Boardroom Liability & NIS2: Moving from "security as a risk" to personal accountability for the C-suite. * The Watchlist: Why Mr. Robot is being outpaced by reality and which "hacker" shows you should avoid at all costs. Special Guest Highlight: Stick around for a meta-moment where Max’s own security team accidentally proves that real-world controls actually work during our recording. Grab your coffee, log your accounts, and join us in the chaos.