Épisodes

  • Pivot Security AI Briefing — May 8, 2026

    Pivot Security AI Briefing — May 8, 2026
    May 13 2026
    Hosts: Jonah Reed & Rhea Malik In this episode: • Today we're covering a massive new benchmark showing coding agents are shipping exploitable code, webpage defenses against AI scrapers, and agentic vu... • Let's start with MOSAIC-Bench. This is wild — researchers just proved that nine production coding agents from Anthropic, OpenAI, Google, Moonshot, Zhi... • Yeah, the numbers are sobering. They're seeing 53 to 86 percent attack success rates across the board. What's clever here is they're not asking the AI... • Exactly! They tested 199 three-stage attack chains across 10 web application substrates, covering 31 different CWE vulnerability classes in five progr... • The structural problem is that safety alignment only evaluates overt requests in isolation. So if I ask you to build a SQL injection tool, you'll refu... Subscribe to the newsletter at pivotnews.ai for the full written briefing.
    Afficher plus Afficher moins
    6 min
  • Pivot Security AI Briefing — May 9, 2026

    Pivot Security AI Briefing — May 9, 2026
    May 13 2026
    Hosts: Jonah Reed & Rhea Malik In this episode: • Welcome to Pivot Security for Saturday, May 9th, 2026. I'm Jonah Reed. • And I'm Rhea Malik. If you run Linux anywhere in production, clear your morning. There's a new unpatched local privilege escalation called Dirty Frag,... • Right, this dropped from a coordinated disclosure across several research groups. It's a flaw in the kernel's networking and memory-fragment handling ... • And critically, it's not theoretical. Incident responders at Mandiant and Red Canary are reporting Dirty Frag being used post-compromise, particularly... • This comes about six weeks after Copy Fail, the copy_from_user variant that hit in late March. Two reliable LPEs back to back means your patch cadence... Subscribe to the newsletter at pivotnews.ai for the full written briefing.
    Afficher plus Afficher moins
    7 min
  • Pivot Security AI Briefing — May 10, 2026

    Pivot Security AI Briefing — May 10, 2026
    May 13 2026
    Hosts: Jonah Reed & Rhea Malik In this episode: • Good morning. It's Sunday, May 10th, and this is Pivot Security. I'm Jonah Reed. • And I'm Rhea Malik. If you run a SOC, manage an AppSec program, or sign off on coding agent deployments, today's lead story should change how you scop... • That's MOSAIC-Bench, a new benchmark out this week measuring what the authors call compositional vulnerability induction in coding agents. The headlin... • And critically, only two refusals across all runs. That's the structural finding. Per-prompt safety review passes. The end state ships exploitable cod... • Walk us through the methodology, because the design is what makes this credible. Subscribe to the newsletter at pivotnews.ai for the full written briefing.
    Afficher plus Afficher moins
    6 min
  • Pivot Security AI Briefing — May 12, 2026

    Pivot Security AI Briefing — May 12, 2026
    May 13 2026
    Hosts: Jonah Reed & Rhea Malik In this episode: • Today we're covering attack pattern biases in offensive AI agents, a new approach to monitoring LLM reasoning, and a concerning vulnerability in perso... • First up, CyBiasBench reveals something fascinating about how LLM agents conduct cyberattacks. Researchers tested five different AI agents across 630 ... • Yeah, and this isn't about success rates. An agent might keep using buffer overflow techniques even when they're failing, while ignoring potentially s... • Exactly. If you know Agent A always starts with privilege escalation attempts, you can tune your defenses accordingly. The paper mentions varying entr... • I'm thinking this has huge implications for red teams using AI. You can't just swap out one LLM for another and expect the same coverage. You'd need a... Subscribe to the newsletter at pivotnews.ai for the full written briefing.
    Afficher plus Afficher moins
    6 min
  • Pivot Security AI Briefing — May 13, 2026

    Pivot Security AI Briefing — May 13, 2026
    May 13 2026
    Hosts: Jonah Reed & Rhea Malik In this episode: • Today we're looking at a major shift in AI security tooling, some critical vulnerabilities in enterprise systems, and new regulatory moves that could ... • First up, Microsoft just announced they're acquiring Sentinel AI for $4.2 billion, and this is going to fundamentally change how SOC teams handle AI-g... • Yeah, this is massive. Sentinel's been the gold standard for detecting AI-powered attacks — their tool caught that synthetic voice attack on JPMorgan ... • The timing here is critical. We've seen a 340% increase in AI-enhanced phishing campaigns just this quarter. What's interesting is Sentinel's approach... • I think what's really smart here is Microsoft's pricing strategy. They're keeping it within existing E5 licenses, no additional cost. That's going to ... Subscribe to the newsletter at pivotnews.ai for the full written briefing.
    Afficher plus Afficher moins
    8 min
  • Pivot Security AI Briefing — May 11, 2026

    Pivot Security AI Briefing — May 11, 2026
    May 11 2026
    Hosts: Jonah Reed & Rhea Malik In this episode: • Good morning. It's May 11, 2026, and this is Pivot Security. I'm Jonah Reed. • And I'm Rhea Malik. Three stories today that all point at the same theme: when the platform underneath you breaks, your week breaks with it. • Right. Let's start with Canvas. Instructure's learning management system was hit by a cyberattack late last week that knocked the platform offline dur... • Instructure hasn't publicly characterized the attack vector yet, and that matters. Canvas serves thousands of institutions, and if this was a DDoS, th... • For business leaders listening who aren't in education, the read-across is straightforward: any SaaS platform that mediates a hard deadline — payroll,... Subscribe to the newsletter at pivotnews.ai for the full written briefing.
    Afficher plus Afficher moins
    7 min
  • Pivot Security AI Briefing — May 7, 2026

    Pivot Security AI Briefing — May 7, 2026
    May 7 2026
    Hosts: Jonah Reed & Rhea Malik In this episode: • Welcome to Pivot Security for Thursday, May 7th, 2026. I'm Jonah Reed. • And I'm Rhea Malik. If you run Linux servers, patch Windows endpoints, or sign off on AI procurement, today's briefing hits all three. Let's start wit... • Right. The bug researchers are calling CopyFail is a local privilege escalation in the kernel's copy-on-write path. Public proof-of-concept dropped ov... • The exploit is reliable across most distributions running kernels from late 2024 forward, including default Ubuntu 24.04 LTS and RHEL 9.4 builds. It n... • Cloud workloads are the immediate concern. AWS, GCP, and Azure have all pushed updated images, but customer-managed instances are on you. CISA added i... Subscribe to the newsletter at pivotnews.ai for the full written briefing.
    Afficher plus Afficher moins
    7 min