Cybersecurity Where You Are (audio)

Episode 191: GenAI Misuse for Physical Threat Planning

31 min · 10 jun 2026
aflevering Episode 191: GenAI Misuse for Physical Threat Planning artwork

Beschrijving

In episode 191 of Cybersecurity Where You Are, Sean Atkinson sits down with Sasha Elvenaes, Sr. Multidimensional Threat Analyst at the Center for Internet Security® (CIS®), and Rian Davis, Multidimensional Threat Analyst at CIS. Together, they discuss how threat actors are misusing generative artificial intelligence (GenAI) to plan physical threats. Here are some highlights from our episode: * 00:40. Introductions to Sasha, Rian, and their research on GenAI misuse * 01:56. The impact of GenAI on lowering the barrier for operationalizing physical threat activity * 03:37. Exploitation of GenAI model design to circumvent models' guardrails * 05:58. The misuse of session persistence to streamline physical threat research * 07:57. GenAI misuse: A call for critical infrastructure operators to think about security differently * 11:52. Factors that make large-scale events a target of physical threat activity * 14:33. The use of GenAI as a strategy for organizations to see what threat actors could see * 15:37. Ongoing question: How can drones help mitigate risks while protecting public safety? * 17:13. Extrapolation as a reinforcement of GenAI session persistence * 20:15. The new reality: Look at what information AI can provide to threat actors * 25:01. Traditional methods vs. GenAI conversations for threat planning * 27:58. Continuous vulnerability assessments, communication, and other recommendations Resources * An Examination of Generative AI and Physical Threat Planning [https://www.cisecurity.org/insights/white-papers/an-examination-of-generative-ai-and-physical-threat-planning?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * An Examination of AI-Enabled Threats to Event and Stadium Security [https://www.cisecurity.org/insights/white-papers/an-examination-of-ai-enabled-threats-to-event-and-stadium-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Multidimensional Threats [https://www.cisecurity.org/topics/multidimensional-threats?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Man who exploded Cybertruck in Las Vegas used ChatGPT in planning, police say [https://www.npr.org/2025/01/07/nx-s1-5251611/cybertruck-explosion-las-vegas-chatgpt-ai] * Episode 190: Separating Mythos AI Fact from Fiction [https://www.cisecurity.org/insights/podcast/episode-190-separating-mythos-ai-fact-from-fiction?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Episode 185: AI Prompt Injection from a Risk Perspective [https://www.cisecurity.org/insights/podcast/episode-185-ai-prompt-injection-from-a-risk-perspective?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * 5 Steps to Help Secure Your City before a Large-Scale Event [https://www.cisecurity.org/insights/blog/5-steps-to-help-secure-your-city-before-a-large-scale-event?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings [https://www.cisecurity.org/insights/white-papers/uas-evolving-risks-to-large-scale-public-gatherings?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * 8 Security Essentials for Managing Your Online Presence [https://www.cisecurity.org/insights/blog/8-security-essentials-for-managing-your-online-presence?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Vulnerability Assessments [https://www.cisecurity.org/services/vulnerability-assessments?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

Reacties

0

Wees de eerste die een reactie plaatst

Meld je nu aan en word lid van de Cybersecurity Where You Are (audio) community!

Probeer gratis

Probeer 14 dagen gratis

€ 9,99 / maand na proefperiode. · Elk moment opzegbaar.

  • Podcasts die je alleen op Podimo hoort
  • 20 uur luisterboeken / maand
  • Gratis podcasts

Alle afleveringen

194 afleveringen

aflevering Episode 194: 2026 Cybersecurity Predictions Mid-Year Review artwork

Episode 194: 2026 Cybersecurity Predictions Mid-Year Review

In episode 194 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Ed Skoudis [https://www.linkedin.com/in/edskoudis], President of SANS Technology Institute. Together, they conduct a mid-year review of 2026 cybersecurity predictions from seven Center for Internet Security® (CIS®) experts, as shared on the CIS website [https://www.cisecurity.org/insights/blog/7-cis-experts-2026-cybersecurity-predictions?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast]. Here are some highlights from our episode: * 01:50. Ongoing conversations about improving defense with artificial intelligence (AI) * 05:19. A trap to avoid: Automating things with AI because we can regardless of utility * 06:54. Ed's prediction about a near-term transition for AI-enabled vulnerability discovery * 09:27. How AI agents change the economics around conducting a penetration test * 11:26. Adversary emulation: A blurry proposition when threat actors use AI to look like anybody * 14:02. Ed's prediction about threat actors shifting APT profiles within a single attack campaign * 17:00. The need to systematically rethink cyber defense to support state and local cybersecurity * 23:34. How adversaries are pivoting to the "authorization sprawl" in light of zero trust efforts * 29:20. Industry-specific threat intelligence as a way to keep organizations informed * 32:10. Why a policy isn't the same as security control for operational technology (OT) * 33:55. Social expectations and public policy objectives around holistic OT security * 39:52. Compliance as a floor, not a ceiling, that results as a byproduct of continuous security * 43:43. The need for oversight and confidence in technology as distinct from the "Fog of More" Resources * Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1 [https://www.cisecurity.org/insights/podcast/episode-169-2026-cybersecurity-predictions-from-cis-pt-1?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Episode 174: 2026 Cybersecurity Predictions from CIS — Pt 2 [https://www.cisecurity.org/insights/podcast/episode-174-2026-cybersecurity-predictions-from-cis-pt-2?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Episode 179: 2026 Cybersecurity Predictions from CIS — Pt 3 [https://www.cisecurity.org/insights/podcast/episode-179-2026-cybersecurity-predictions-from-cis-pt-3?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * The Myth of Mythos: What It Means For Information Security [https://www.cisecurity.org/insights/webinar/the-myth-of-mythos-what-it-means-for-information-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Episode 189: The Present and Future of AI-enabled Pentesting [https://www.cisecurity.org/insights/podcast/episode-189-the-present-and-future-of-ai-enabled-pentesting?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Authorization Sprawl: The Vulnerability Reshaping Modern Attacks [https://www.rsaconference.com/library/report/authorization-sprawl] * Episode 188: DBIR 2026 Insights and Collaboration with CIS [https://www.cisecurity.org/insights/podcast/episode-188-dbir-2026-insights-and-collaboration-with-cis?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Mapping and Compliance with the CIS Controls [https://www.cisecurity.org/cybersecurity-tools/mapping-compliance/mapping-and-compliance-with-the-cis-controls?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] * Mapping and Compliance with the CIS Benchmarks [https://www.cisecurity.org/cybersecurity-tools/mapping-compliance/mapping-and-compliance-with-the-cis-benchmarks?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_194-0701_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

1 jul 202651 min
aflevering Episode 193: AI Security and Responsibility in EO 14409 artwork

Episode 193: AI Security and Responsibility in EO 14409

In episode 193 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Rob T. Lee [https://www.linkedin.com/in/leerob], Chief of Research & Chief AI Officer at the SANS Institute, and Brian Calkin [https://www.linkedin.com/in/brian-calkin], Chief Technology and Innovation Officer at the Center for Internet Security® (CIS®). Together, they discuss AI security and the responsibility of the U.S. government in creating confidence around it, as represented in Executive Order (EO) 14409, "Promoting Advanced Artificial Intelligence Innovation and Security." Here are some highlights from our episode: * 00:50. Introductions to Rob and Brian * 02:32. How to conceptualize confidence around something as complex as AI security * 04:32. The U.S. government's responsibility to set AI security guardrails as clear expectations * 08:12. The use of "voluntary" participation to create confidence in the context of EO 14409 * 14:38. How Mythos AI and similar developments affect assessment of frontier AI models * 17:11. Airport security as an analogy for understanding AI security and privacy concerns * 18:41. Why cybersecurity is a hard sell until an incident occurs * 20:50. How AI is quickly becoming critical infrastructure * 22:53. Furbies as reference for a flexible, iterative benchmarking process for AI security * 25:50. The need for technical folks to translate AI risks into something understandable * 28:21. Balancing encouragement of AI innovation with mindfulness of risk * 31:24. The basics as a foundation for building shared responsibility around AI security Resources * Promoting Advanced Artificial Intelligence Innovation and Security [https://www.whitehouse.gov/presidential-actions/2026/06/promoting-advanced-artificial-intelligence-innovation-and-security/] * The Myth of Mythos: What It Means For Information Security [https://www.cisecurity.org/insights/webinar/the-myth-of-mythos-what-it-means-for-information-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] * Episode 190: Separating Mythos AI Fact from Fiction [https://www.cisecurity.org/insights/podcast/episode-190-separating-mythos-ai-fact-from-fiction?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] * The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program [https://labs.cloudsecurityalliance.org/mythos-ciso/] * Anthropic says it has taken its latest AI models offline to comply with new export controls [https://apnews.com/article/anthropic-artificial-intelligence-trump-fable-mythos-d9cc7df5c02e93837d0f0bfb24d5cfd2] * Establishing Essential Cyber Hygiene [https://www.cisecurity.org/insights/white-papers/establishing-essential-cyber-hygiene?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] * Episode 187: The Role of a CISO as a Strategic Storyteller [https://www.cisecurity.org/insights/podcast/episode-187-the-role-of-a-ciso-as-a-strategic-storyteller?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_193-0624_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

24 jun 202639 min
aflevering Episode 192: How Leaders Balance Expertise and Communication artwork

Episode 192: How Leaders Balance Expertise and Communication

In episode 192 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Marcus Sachs [https://www.linkedin.com/in/marcsachs], Senior Vice President and Chief Engineer at the Center for Internet Security® (CIS®). Together, they discuss how leaders, including those in cybersecurity, balance their technical expertise with mastery of communication strategies. Here are some highlights from our episode: * 00:51. Introductions to Marcus * 02:04. How Marcus found value in using analogies to communicate complex topics * 08:40. Coordination with non-technical folks as a sign of leadership maturity * 14:03. The wisdom in knowing what to say and what not to say when managing up * 17:31. The need to balance technical skills with team resourcing in a way that's imitable * 21:07. The challenge of leaders learning by proximity in hybrid and remote environments * 24:16. "Classic" engineering vs. "new" engineering * 25:13. Lessons from Boards in applying discipline, rigor, and order to software engineering * 28:23. The value in leaders continuously learning how businesses work Resources * Episode 183: The Role of CISO in Supporting Risk Translation [https://www.cisecurity.org/insights/podcast/episode-183-the-role-of-ciso-in-supporting-risk-translation?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] * Episode 187: The Role of a CISO as a Strategic Storyteller [https://www.cisecurity.org/insights/podcast/episode-187-the-role-of-a-ciso-as-a-strategic-storyteller?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] * Episode 99: How Cyber-Informed Engineering Builds Resilience [https://www.cisecurity.org/insights/podcast/episode-99-how-cyber-informed-engineering-builds-resilience?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] * 7 CIS Experts' 2026 Cybersecurity Predictions [https://www.cisecurity.org/insights/blog/7-cis-experts-2026-cybersecurity-predictions?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_192-0617_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

17 jun 202631 min
aflevering Episode 191: GenAI Misuse for Physical Threat Planning artwork

Episode 191: GenAI Misuse for Physical Threat Planning

In episode 191 of Cybersecurity Where You Are, Sean Atkinson sits down with Sasha Elvenaes, Sr. Multidimensional Threat Analyst at the Center for Internet Security® (CIS®), and Rian Davis, Multidimensional Threat Analyst at CIS. Together, they discuss how threat actors are misusing generative artificial intelligence (GenAI) to plan physical threats. Here are some highlights from our episode: * 00:40. Introductions to Sasha, Rian, and their research on GenAI misuse * 01:56. The impact of GenAI on lowering the barrier for operationalizing physical threat activity * 03:37. Exploitation of GenAI model design to circumvent models' guardrails * 05:58. The misuse of session persistence to streamline physical threat research * 07:57. GenAI misuse: A call for critical infrastructure operators to think about security differently * 11:52. Factors that make large-scale events a target of physical threat activity * 14:33. The use of GenAI as a strategy for organizations to see what threat actors could see * 15:37. Ongoing question: How can drones help mitigate risks while protecting public safety? * 17:13. Extrapolation as a reinforcement of GenAI session persistence * 20:15. The new reality: Look at what information AI can provide to threat actors * 25:01. Traditional methods vs. GenAI conversations for threat planning * 27:58. Continuous vulnerability assessments, communication, and other recommendations Resources * An Examination of Generative AI and Physical Threat Planning [https://www.cisecurity.org/insights/white-papers/an-examination-of-generative-ai-and-physical-threat-planning?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * An Examination of AI-Enabled Threats to Event and Stadium Security [https://www.cisecurity.org/insights/white-papers/an-examination-of-ai-enabled-threats-to-event-and-stadium-security?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Multidimensional Threats [https://www.cisecurity.org/topics/multidimensional-threats?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Man who exploded Cybertruck in Las Vegas used ChatGPT in planning, police say [https://www.npr.org/2025/01/07/nx-s1-5251611/cybertruck-explosion-las-vegas-chatgpt-ai] * Episode 190: Separating Mythos AI Fact from Fiction [https://www.cisecurity.org/insights/podcast/episode-190-separating-mythos-ai-fact-from-fiction?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Episode 185: AI Prompt Injection from a Risk Perspective [https://www.cisecurity.org/insights/podcast/episode-185-ai-prompt-injection-from-a-risk-perspective?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * 5 Steps to Help Secure Your City before a Large-Scale Event [https://www.cisecurity.org/insights/blog/5-steps-to-help-secure-your-city-before-a-large-scale-event?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings [https://www.cisecurity.org/insights/white-papers/uas-evolving-risks-to-large-scale-public-gatherings?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * 8 Security Essentials for Managing Your Online Presence [https://www.cisecurity.org/insights/blog/8-security-essentials-for-managing-your-online-presence?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] * Vulnerability Assessments [https://www.cisecurity.org/services/vulnerability-assessments?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_191-0610_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

10 jun 202631 min
aflevering Episode 190: Separating Mythos AI Fact from Fiction artwork

Episode 190: Separating Mythos AI Fact from Fiction

In episode 190 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Brian Calkin [https://www.linkedin.com/in/brian-calkin], Chief Technology and Innovation Officer at the Center for Internet Security® (CIS®). Together, they separate fact from fiction around artificial intelligence (AI) capabilities like Mythos AI and other AI-driven vulnerability discovery tools. Here are some highlights from our episode: * 00:50. Greetings to Brian and setting the stage for questions from a CIS webinar * 03:05. The lack of a unified formula or standard for vulnerability prioritization * 03:55. The opportunity for defenders to interrupt vulnerabilities chained together * 05:47. An invitation to better understand your enterprise amid the "slopdemic" * 06:33. How AI guardrails tie back into security best practices * 10:15. How a fundamental practice we can refine is the best counter to chained attacks * 12:25. The value of the CIS Community Defense Model and a teaser for Version 3 * 14:50. Mythos AI vs. Static Application Security Testing (SAST) in terms of practice and time * 19:08. Visibility, governance, and prioritization: Three elements of a "prepared" environment * 24:32. "One to one" cyber defense as a losing battle * 27:25. The importance of knowing your dependencies with open-source software * 33:15. Threat actor economics and the ongoing debate around responsibility in cybersecurity Resources * Mythos AI: What Actually Matters for Cybersecurity Leaders [https://www.cisecurity.org/insights/blog/mythos-ai-what-actually-matters-for-cybersecurity-leaders?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * Secure by Design [https://www.cisecurity.org/topics/secure-by-design?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * CIS Critical Security Controls® [https://www.cisecurity.org/controls?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * CIS Community Defense Model 2.0 [https://www.cisecurity.org/insights/white-papers/cis-community-defense-model-2-0?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * Episode 185: AI Prompt Injection from a Risk Perspective [https://www.cisecurity.org/insights/podcast/episode-185-ai-prompt-injection-from-a-risk-perspective?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * Living off the Land: Threats Looming From Within [https://www.cisecurity.org/insights/blog/living-off-the-land-threats-looming-from-within?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * Turn Intel Into Action: CIS Controls and the 2026 Verizon DBIR [https://www.cisecurity.org/insights/webinar/turn-intel-into-action-cis-controls-and-the-2026-verizon-dbir?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * Implementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1 [https://www.cisecurity.org/insights/white-papers/implementation-guide-for-small-and-medium-sized-enterprises-cis-controls-ig1?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] * Information Technology and Information Security Governance [https://www.cisecurity.org/insights/white-papers/information-technology-and-information-security-governance?utm_source=cwya&utm_medium=audio&utm_campaign=cis&utm_content=26-cis-episode_190-0603_podcast] If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org [podcast@cisecurity.org].

3 jun 202638 min