Subscribe Share Full episode and show notes Vulnerability Management , AI/ML , AI benefits/risks Helping defense’s use of AI catch up with offense, cost of the vulnpocalypse, news – Evan Powell – ESW #461 Interview with Evan Powell – Generative and agentic AI are improving cyberattacks faster than they’re improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week’s topic segment, we’ve got two very interesting data sources. The first is Anthropic’s first update on Project Glasswing, where they’re absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to valid... June 1, 2026 Full Segment Notes Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week’s topic segment, we’ve got two very interesting data sources. The first is Anthropic’s first update on Project Glasswing, where they’re absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don’t matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI’s 2025 IC3 report is out When tech billionaires make predictions, they’re actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Guest Evan Powell CEO and Co-Founder at DeepTempo Evan is a many-time entrepreneur with hands-on and academic experience in deep learning. He has served as founding CEO of companies that accelerated the transition of many industry sectors, including voice and video communications, cloud-native data, security automation, data management for machine learning, and chaos engineering and resilience engineering. In 2022 he started the OpenData Community to use data science and machine learning to counter fraud and Sybil attacks, which led to his decision to found DeepTempo in 2023 to harness collective intelligence and deep learning for cyber security. Hosts Adrian Sanabria @sawaba https://adriansanabria.com Ayman Elsawah https://coffeewithayman.com/ Katie Teitler-Santullo https://thereformedanalyst.substack.com/ List of Articles Adrian Sanabria FUNDING and M&A: Courtesy of the Security, Funded newsletter, #245 – Socket To Ya A Missy Elliott reference? VIBE CHECK Which cybersecurity category sees the biggest consolidation move before year-end? 1st - SecOps Tied for 2nd place: Identity, AppSec Tied for 3rd: Data Protection, GRC Last: Network Where's cloud security? AI pentesting? Hmmm, I might have gone with different categories, but he chose these, because they have the most funding over the last 3 years. FUNDING Socket, a United States-based supply chain software security platform, raised a $60.0M Series C from Thrive Capital. --> Unicorn Alert ???? Ocean, a United States-based email security platform, raised a $20.0M Series A from Lightspeed Venture Partners. ACQUISITIONS Jit, an Israel-based developer-focused application security platform, was acquired by Torq for $70.0M. Jit had previously raised $38.5M in funding. Genie Security, an Israel-based endpoint-based data protection, was acquired by Cyera for $50.0M. Genie Security had previously raised $3.0M in funding. Coana, a Denmark-based software composition analysis (SCA) platform, was acquired by Socket for an undisclosed amount. Coana had previously raised $2.1M in funding. Deepchecks, an Israel-based evaluation and observability platform for AI models, was acquired by Check Point Software Technologies for an undisclosed amount. Deepchecks had previously raised $14.0M in funding. Symmetry Systems, a United States-based data security posture management (DSPM) platform, was acquired by Zscaler for an undisclosed amount. Symmetry Systems had previously raised $75.7M in funding. (more) STARTUPS: Now have 16 more AI SOC startups emerge from stealth. Is AI SOC the most oversaturated market segment ever? And not a single acquisition yet? This won't be pretty. ESSAYS: Your CEO is suffering from AI psychosis I've also heard it called "software brain". AI is a hammer and everything is a nail. ESSAYS: Give the CISO Role Back to IT. No, Really. Not surprising - I can't imagine why anyone would want to be a CISO these days. Appreciated? Nope Listened to? Not likely Blamed? Inevitable Personally liable? Yes No. Thanks. Unsafe and unsatisfying at any salary. HOWTO: Detecting and removing dangerous secrets on dev workstations before Shai-Hulud does A great writeup from our very own emergency co-host, Guillaume! ANALYSIS: Supply-Chain Attacks Cluster: 230,000 Advisories, Five Patterns This apparently AI-written analysis of OSV.dev security advisories is pretty useful, finding that most of these security issues roll up to half a dozen attacker behaviors, none of which are terribly surprising. A great starting point for starting hardening/app control/EDR configurations. REPORTS: The FBI’s 2025 IC3 Report REALITY CHECK: AI might have a PR problem When Micron tells us that cars will need 600GB of RAM Or when Anthropic tells us that Mythos is too dangerous to release We'd do well to remember that these are not predictions, these are sales pitches. Micron just hit a trillion dollar valuation off speculation that AI is going to let them name their price for RAM - they need to keep this going. Anthropic benefits from creating a vicious circle: AI finds so many vulns, we need AI to fix them. AI-generated code generates vulns and we start the cycle over. Show More Stay in the Know, No Smoke and Mirrors – Join Our Newsletter Get expert insights and technical breakdowns straight to your inbox. Join Now Related Segments Vulnerability Management Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Beliefs, Josh Marpet – SWN #585 Vulnerability Management Linux Supply Chain How-To – PSW #928 Vulnerability Management Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland – SWN #584 Related Content Vulnerability Management Zapier security flaws could have exposed millions of user accounts Market News MSSP Market News: AI in the SOC is getting real for MSSPs AI/ML PwC, Palo Alto Networks target AI-driven vulnerability discovery with Frontier AI Defense You can skip this ad in 5 seconds