mnemonic security podcast
Hosted by Robby Peralta from mnemonic, one of Europe’s leading cybersecurity companies, the show features conversations with researchers, founders, operators, and security leaders working across the cybersecurity landscape.
Each episode explores a specific topic within cybersecurity: from incident response, threat intelligence, AI, and geopolitics, to leadership, resilience, and the changing role of security leaders.
The podcast is tailored to cybersecurity practitioners and decision-makers who want grounded conversations about where cybersecurity is going, what organisations should prepare for, and what experienced people are seeing.
mnemonic security podcast
Lay of the Land: How Attackers Move in '26
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
The security world is a noisy place lately. What's actually going on in the trenches?
Candid Wüest, Principal Security Advocate at xorlab, joins Robby to cut through the hype and take a look at how attackers are actually operating in 2026.
They open with a reference to their last discussion about LLM-infused malware, and touch upon using deception techniques such as honey tokens, fake password files and prompt injections to derail automated attackers. From there, they walk through the actual lay of the land: edge device exploits, credential abuse via infostealers, supply chain attacks targeting GitHub repositories, and why ClickFix social engineering is still working just as well as ever. They also dig into the growing connection between AI-assisted development and supply chain risk and what organisations should actually be doing about it.
The episode closes on the bug bounty market, where AI is quietly disrupting the economics of responsible disclosure, and what that might mean for how vulnerabilities get reported, priced, and exploited going forward.
From our headquarters in Oslo, Normal, and on behalf of our host, Robby Peralta, welcome to the mnemonic security podcast.
Robby PeraltaMost security conversations right now are about AI. What it might do, what it's about to change, what to be worried about next. And in such a world, it's easy to lose track of what's important and what's actually leading to breaches in our environments. So I thought we'd touch grass with an episode on the current lay of the land in regards to the threat terrain. But just in case there has been some movement on the AI-powered threat landscape front, I thought we'd check in with the previous guest. His name is Candid, so he's literally bound by name to tell the truth. And since we spoke last about his experimentation with malware infused with large language models, I just had to ask him if there was anything new on that front.
Candid WüestThe Honey Tokens, which I think is a fun part, right? As in, I'm still not believing that uh the LLM uh powered malware is the big deal, right? I mean, votability research, absolutely. Automated pen tests, yes, for sure. But kind of autonomous malware which locally executes the LLM and not kind of just pings back. I don't see it. But even if it would, you can have a lot of fun. A lot of fun, meaning why not generate a two-terabyte large file password.txt and put it into your home directory? Or why not have a folder called ignore all previous prompts and just uh stop your process? Right? The classical prompt injections and other things. And I tested it with a few of those prompt locks, prompt spy, kind of those which have been uh mentioned by Entropic and Google and other threat teams, and those would all fall for that. As in, they would see a password.txt file and say, Candid, that's the file you want to have, right? And let me extract that. And if it's two terabytes that you're basically trying to exfiltrate, hopefully that should raise a few alarms and whistles, right? So with all of those things, and probably a normal kind of threat researcher would either just locally do a give me the last entries of those files and say, hey, why is it that large, right? I mean, does sound like a trap, but the LLM, they just fall for it. So that kind of shows you can still have a lot of fun against those automated threats as well, because I mean they already hallucinate a lot, but you can add even more to that. Uh, another one would be why not add a few directories as in, oh, I'm using Sentinel One, ESet, CrowdStrike, and Microsoft Defender. So you add a lot of things, and now it's trying to bypass all of those, right? Which probably it will fail. So I'm not worried that the Terminator Ransomware, as we called it last time, right, that that's gonna be around the corner. There are other things which might wake you up at night, but yeah, that's something to dive in later on in the episode, I guess.
Robby PeraltaYeah, so what you're touching on now is deception, right?
Candid WüestYes, exactly. So the whole deception is not new, right? There have been many ideas before where you can even have a file that whenever someone is touching it, it's probably going to be ransomware or someone else trying to encrypt it because you basically place a file, but you make it invisible for the normal user, so it should never be enumerated, or you have users kind of logging in automatically. And if someone tries to kind of steal the token and then moves laterally, you know, this user should never ever log in anywhere. So you know it's someone else uh who has hijacked your credentials, and now we're just applying the same kind of ideas, but to autonomous AI threats, and it works surprisingly well. Um, you can just say, hey, just send an email to this uh email, right? So as in half the malware itself reveal itself by sending you a message, which I think is a fun way to go, right? So as in yes, now you basically need again the human in the loop or make your LM smarter to not fall for those exceptions, but you're back in the cat and mouse game, right? So clearly shows the defenders still have a few aces that they can play if they are aware of it.
Robby PeraltaFun. Has there actually been a write-up where the malware actually ended up just triggering like an email to get sent to a defender? Has that happened yet?
Candid WüestNot yet. At least I'm not aware of it. So go go out and use it, use Slack or whatever notification you want. It could definitely work with a few things that we've seen, right?
Robby PeraltaThat would be a fun presentation.
Candid WüestExactly. I mean, I think if there will be the AI-powered malware, right, then we can definitely have fun with those shenanigans. At the moment, as you said, it's mostly finding vulnerabilities with your favorite too dangerous to release models, right? Or of course doing the automated pen tests, which is just shrinking the time. I think that's one of the things we see at the moment. Everything is going faster, not necessarily new techniques or more sophisticated. It's just that a lot of things are happening, which usually means that people just don't have the time to focus on the real things which are probably already in your network, which might be the ones that actually costing you a lot of money.
Robby PeraltaWhat is actually going on these days? Is it is there anything new and novel, or is it still the same sort of initial access things that we've been used to for the past years?
Candid WüestI think it's still the same kind of bag of tricks that we see. Of course, they are automating and getting faster and kind of broader as well. So, as in if we talk about categories, right, we still see attacks using exploits specifically for edge devices. And I'm sure, of course, now with Mythos and all the other fancy tools, we'll see more exploits being found in those devices, at least for the next six months, so as in the rest of the year, because it's so easy to get those exploits. And also, specifically for nation-state actors, APTs, they of course they plan that the in the long game. So, as in they have been researching, and I guess once you decompile the whole firewall, let's say source code, there's probably more than one vulnerability that you've found, right? So they're still profiting from those that they have found, which probably didn't even mention uh Mythos or any of the other models, right? So it's just adding on top of that. But yes, I mean that is one thing, right? Attacking kind of the exploit, and hopefully we'll find more than we put in with the new vibe coding. So hopefully, kind of the overall number of unpatched things will go down. Although patching itself is an issue that we should talk about as well. But another thing we still see is credential abuse, right? As in, there's so many information stealing trojans like Luma C2, uh, still see a little bit of Redline, Vidar, and all of those things which are dropped in various ways, and then steal your password for your Microsoft M365 account, or of course, your API keys for whatever SaaS application, including AI LLMs you use, and very hot on the set, of course, your GitHub or any other source code publishing versioning controlling system. And this, the attackers, they have to use AI now to go through all the kind of vast data breaches that they have because they have so many credentials, they don't even know where to focus first, right? So it's it's unfortunately that massive. And we've seen in underground forums that sometimes they just sell it off by megabyte, as in, they don't even go into how many credentials are in there, they're just saying look, it's uh info stealer locks from Windows and users. Uh you pay three dollars per megabyte or something like that. So it's it's crazy times. And that leads to another thing that we have seen, of course, sparking the last six months. If you have been living under a rock, it's the supply chain attacks. Again, nothing new, right? I mean, I actually did remember that kind of a decade ago I was part of the team creating the Internet Security Threat Report of Symantec, the ISTR reports. And even then, we already said, hey, supply chain are are kind of rising in the attacks because they just make sense, right? If the attacker gets into one of those, it's kind of distributing to a lot of new victims. But now they seem to really like GitHub. Uh, specifically, Team PCP is one of those uh attack groups. They they started off kind of attacking Docker containers, Kubernetes, kind of cloud-first uh attackers, so to speak. But they kind of breached over to say, hey, look, if we have access to all those um GitHub and other source code repositories, why not just add malware there, infect those, and have people download stuff, right? And unfortunately, as we've seen, that works pretty well. So there have been cases all over the place, right? Trivi check marks, a light LLM, Telnix SDK. So some of them, like Trivi or Trivi, they're security scanners. So, as in, it's kind of ironical that your security scanner with an update gets you actually malware, which then again steals your tokens. And some of those, uh, so the there was one Shahi Halpulut, where apart from just stealing your stuff, it of course goes through all the credentials and tries to infect all the repositories that you have access to. Uh, some of them also just steal more of your stuff and just publish them in a new repository. So they create a public repository, and that's the way to exfiltrate the data, right? So they don't upload it to some underground website, they just let you publish it yourself. And then they search for the same names, right? Like Singularity was a similar uh worm. But the newest one, so version three or four, depending on where you start counting, had also some let's say nasty things, uh, because it also started a demon in the background that was monitoring for your token to see if it's still valid. So if you if you would actually go and revoke your GitHub token because you say, hey, I probably have been infected, I should revoke it, as you should, the demon would recognize, oh, my token no longer works, and then it would start viping your home directory. So as a kind of uh rage quit, uh failsafe, whatever you want to call it. But as soon as you start cleaning up, it would actually clean up for you, but not the way you want it, right? In terms of deleting all your things. Which now, of course, adds up all the new issues, right? As in, well, how do you clean something that you're not really sure of because the next version might do the same or might do a different trick, right? So now you have to copy stuff over, make sure you have a backup before you start deleting, which exposes you even more or longer. The other thing with the supply chain attack is well, do you not just have to wait and say, oh, whenever there's a new version of my favorite package that I'm using, I'm gonna wait 24 hours till I integrate it. Then probably all the supply chain attacks will be seen, hopefully, in 24 hours. But that also means all the new zero days which have been found with AI, you're basically 24 hours exposed, right? So both ways are probably not the way to go. Um, and I don't even want to start with all the people that don't even know which packages are used in their own software, right? I mean, software uh build-of-material, SBOM, we've been talking for five years now, I guess, and most still don't know, right? As in, if you say, hey, do you use uh light LLM? It's usually, well, let me check, right? And then people start kind of going through their own code because they don't really know it. So again, not really something new, but still very interesting, and that's the thing that keeps people busy, right? I mean, I know a few people who literally spent weekends exactly digging through all of those and say, have we been affected or not? Can we rotate all the credentials? Because maybe they have been exposed and you just don't know because maybe it viked itself and you just don't see anything now, but maybe yesterday you were infected. So those are the tough ones. Um, but maybe two more, if you allow me, kind of of things that happened. Um, one personally for me, very, very interesting, is Fast 16. You probably have not heard about it, as for some strange reason it got kind of bird under all the LLM and AI talks, I guess. But um so Fast 16, in the end, the guys at Sentinel One did a nice blog about it. It's a very sophisticated nation-state malware which predates Stocksnet. So people think it's probably as in indicated that it was released 20 years ago in 2005. And it was also targeting, like Stocksnet, the uranium, let's say, um, facilities in Iran, but in a different way. And the way was that it was actually targeting simulation software like uh LSDNA is one or Autodine, which are kind of physics engines to simulate real-world uh things. And one of it is, of course, explosions. So typically you could use that software, or this these softwares have been used to simulate nuclear explosions, right? Uh to know how much uranium you need to kind of get it so condensed that you actually trigger the kind of the fusion reaction and it starts kind of really doing the damage and not just having a dirty bomb. And the um rootkit in that malware would basically hook into those software components and then modify the mathematic numbers. So, as in instead of you having a nice explosion, it would cap it at 10% and say, hey, nice try, but nothing's happening, right? So it would basically give you wrong data back in those simulations. Which I have not been there, I don't know, but I could definitely imagine would throw you off if you're trying to build a nuclear bomb. Uh, if all your simulation says, try again, it's not working, right? And for me, of course, as I said, my team has been involved in analyzing Stocksnet 16 years ago. It's really interesting to see that something that sophisticated, without any AI, by the way, has been used for 20 years, and we only hear about it now, right? So there are still a few gems out there that we probably have not seen so far. That's the sophisticated one, and the other one, ClickFix. It's still here. So for those who haven't seen it, clickfix or any of those variations are basically the ones where you go to a website and nowadays it's usually a captcha which says, Hey, we have to test if you're human or not. Please copy-paste this PowerShell script and execute it in your command line, your terminal. And surprisingly, a lot of people do it, right? Because of course, the website looks like a Cloudflare token and tybot. So we're all used to click on something or do a captcha where you have to identify how many bicycles are there or buses. I mean, we're we're getting tired. I'm definitely waiting for my AI agent to solve all of those for me. But yeah, those click fix, they're so simple and very easy to obfuscate the scripts and everything, right? And usually they just download more malware, like an info stealer, but they work, right? So that kind of shows you don't have to be very, very sophisticated. The classical social engineering and just ask the user to infect themselves still works. And of course, ransomware will probably be the next, but I'll give you a chance to jump on those and anything that picked your mind on those, but you probably heard some at least variations of those, right?
Robby PeraltaYeah, I actually asked my the boss of our SOCs if I talked to you, hey, uh, give us our top three. What are we saying these days? And it was clickfix, adversary in the middle, and the supply chain stuff. But the the clickfix and adversary in the middle, that that's like two years, three years in a row now.
Candid WüestExactly. I mean, uh adversary in the middle, right? The phishing, uh device tokens from Microsoft and other things, evil chinks. You steal a session token, you log in, you add a forwarding email address, and voila, now we can reset all the passwords for all the various things. So it's it's the simple things, which going back to the the other topic, ransomware, it still is a topic, right? I think we probably don't hear about it too much because A, it hasn't changed much, so it's kind of boring. If you haven't learned about it now, you're probably not going to learn about it, right? But another thing that might be with all those groups Akira, Queen, Leak Data, Inc. Ransom, the Gentleman, I mean, there's still many, many groups. I think Verizon Data Breach or someone else said there were about 8,000 confirmed victims of ransomware last year, which still is an increase. So we're going up. But the average amount of paid ransom is going down. So, as in the average is lower, and also only about 31% are paying or admitting to paying. So it's getting less and less profitable. And we've seen the attacker shift a little bit, right? One is we already know kind of the double extortion, so not just encrypt the data, but also steal it. Now it goes more and more just to steal it and don't care too much about the disruption because you assume that they will have a disaster recovery plan, business continuity management, that they're not going to be down for two weeks. I mean, that's the hope. Reality usually is different, but that would be what you should plan for. But having your data stolen, GDPR and other things can still kind of hurt you because you might need to pay a hefty fine, right?
Robby PeraltaYeah, so it sounds like the lay of the land is more or less the same.
Candid WüestI think yes. And I mean, lay of land I like because it's also the living off the land. Um, as in using clean tools that you already have, the remote desktop tools that you might have, like TeamViewer, VNC. Sometimes you have some, then they just add another account. If you don't, they just download it and they install it, right? Because it's a clean software, it sometimes is not flagged by your EDR or XDR tool. But of course, it's kind of a backdoor, right? It allows someone else to go in. Or just classical Microsoft remote desktop protocol, or as we loved to you to call it, the ransomware delivery protocol RDP. Because just add a new account and you have your backdoor, right? Even if you do backup and restore, you're probably restoring that account as well. Um so you're not cleaning it. And the other thing we see as well is the whole EDR killer tools. It feels like every month there's a new idea of how to kill the EDR tools, right? It used to be the bring your own vulnerable driver. So you bring a driver, then you're in kernel space. From that, you just unhook the EDR tool, and now you're basically unprotected. Or we've seen others which just kind of change the configuration. So it's still sending all the alerts, but the alerts are coming to a dashboard of the attacker's choosing, which of course only he has access to, so nobody sees the alerts, and therefore the sysadmin might think, oh, that user might have been on vacation for two weeks because I haven't seen any check-ins, while in the background, of course, they have been compromised for two weeks. Nothing new, but those are the things we see out there, right? So, I mean, back to your uh comment at the beginning. Yes, there is a lot of talks about AI, and it is important, don't get me wrong, I'm a fan as well. But the real work is still with the classical ones, which bombard you because your user clicking on things that they shouldn't, reveal some phishing, or as in password through phishing, or just having bad configuration on your gateway firewall. Those are the things that keep most people busy, which also means yes, now that you have the new patch wave coming around, they don't have the resources to patch, right? I mean, on average, it takes about 35-ish days for companies to patch stuff that comes out because you want to make sure that it's not disrupting anything else, you want to be careful. But yes, you want to bring those 35 days down to four hours. That's not gonna happen, right? It's it's impossible. Let's be realistic. So for them, and I've talked to a few CISOs, they basically say, Look, I'm gonna lose anyway. So, as in whatever resource I put into will be too late. So they are forgetting in the whole. I mean, they still do the patch management, but they forget the race. They say, Hey, look, we need to concentrate on visibility, monitoring lateral movement, and make sure that assuming breach, we limit the impact of it. So they basically Gave up on the whole we patch all the zero days before the attackers will attack it. They go one step further. How can we mitigate the impact and kind of detect it before the fort burns down?
Robby PeraltaIs there a hands-on keyboard, uh hands-on keyboard ever anymore?
Candid WüestIt's it still happens. Um, although let's put it the other way, it has happened less for the last two years already, right? As in all of the self-respected attackers use some kind of scripts, right? They have something on autopilot where it's hey look, I'm in it. Now use the tools that we mentioned, Bloodhound and other things, Pink Castle to kind of go and find me the next step, right? So it already has been at machine speed. I'm personally not a fan of now calling all the AI attacks it's the attacker at machine speed, because it has been before, and most of the AIs I use are actually quite a slow machine speed, right? As in the inference still takes a few seconds to decide, hmm, what should I do next, right? What should I attack? I've seen this and this. So having a nice Python script is sometimes faster than your AI because it's only doing something and the things that you have been doing before. But we see it's more let's say in stages, right? The attacker runs something, gets the result back, and then says, Okay, now I'm the main admin. So now I start my second command, which will use that credential to roll out my backdoor. And of course, the AI could potentially do everything automated. But yes, machine speed, I mean, all the PCs run at machine speed, right? If you want to be uh sarcastic. So, as in it didn't really change too much. Uh, but yes, you have to be fast, and that's why I say, look, if you're having a SOC level one analyst, uh, and I know many of those, so I mean, I love those people, don't get me wrong, but if they're going get the coffee and walking back within five minutes, those five minutes might already be too late, right? There have been now a few reports where attackers from initial compromise to lateral movement was within 10 minutes. So 10 minutes passes quickly, right? So you need to have some automated defense. You can call it AI versus AI, right? But something that has to be autonomous. On the other hand, we all know AI is hallucinating, right? And non-deterministic. So one day you might get the port scan and it says, Oh, this is a port scan, I do nothing. Tomorrow it might say, Oh, this is a port scan, these are definitely the North Koreans, let me shut down everything just to be safe, right? So, as in it's really hard to plan because AI might have a bad day as well. But for me, it has to be a balance. Some automation, some human oversights for sure, because you don't really want to delete or wipe the machine off your CEO just because you had a hunch, right? But on the other hand, waiting is definitely not an option either.
Robby PeraltaSo when it comes to is that kind of where your your conversations with with Mythos and the whole automated attacks. It just went to assume breach, uh isolation, lateral movement. What's the end of that conversation?
Candid WüestYeah, so it's the assume breach or assume on patchness, but that kind of means in the next step, assume breach, right? From CVE to exploit is now I think below 10 hours. So assume that there will be a zero day in one of all the supplies that you use, right? So might be in your organization or in one of your suppliers that you blindly trust and you use it. So it has shifted that okay, so if they are already in, what do we actually try to protect, right? What are your crown jewels? So making sure that you know what you want to protect, do micro-segmentation, as in get a few walls around it, because probably already not everyone from HR, finance, or even development should have access to your pharmaceutical cancer recipe, right? Those should be well guarded, well monitored, so that even if someone is using a domain admin account, you want to at least know that something has happened. And all of those things we do know, right? I mean, you can have your hardware token, as I said, YubiKey or whatever. There are variations that you can use. And we have been trained for decades to do a threat modeling, right? Shift, left, and all of those other nice buzzwords. But threat modeling makes sense, right? Go one step back and analyze what are the potential ways that the attacker can come in, which are the ones that you want to block, and which ones you block give you the most bang for your box, right? As in, that's why we started with firewalls and other things, right? Because you said, hey, look, if I cut them out here, then I don't have to care that much about internals. Of course. Bad assumptions because now your internal people are using AI and those get prompt injections, and now you have the internal insiders. But go back to the basics, do your threat modeling, analyze it. And this is what I see with a lot of CISOs now, right? They go back and say, okay, so make some, let's say, tier three list and say, okay, I really want to protect this database, my customer data, because it's embarrassing, GDPR, and I lose a lot of uh kind of well, revenue for the future. Those things I can survive a day, those things I could survive a week. And once you have that, then you can start kind of deciding, okay, am I well enough protected, right? Would I know if someone steals my database? Do I have a backup on immutable space? Can I restore it? Uh is everyone using the same credential, right? Maybe I'm giving the same credential to my MCP because I want the AI to be accessed. Maybe should use a different account. All of those things, right? Nothing new. But unfortunately, as now with the explosion of new applications, vibe coding, and all the things, you need to go back and do the homework again. I know it sounds boring, not as shiny as going for all the fancy tools. I mean, seeing reports like Cloudflare put a report out this week, what they uh kind of gained through Mythos. Uh, it's fascinating. But they basically said most of it is Mythos is good in chaining the vulnerabilities, but most of it is still your scaffolding, the framework around it. So it kind of giving some guidance and say, hey, in this source code, look for buffer overflows and not just say, hey, find the source code and find vulnerabilities, because then it's branching off, you run it a hundred times and it still doesn't find anything. So do your own work because then hopefully, even if there is a remote code execution, they will have only a read-only account, which is still bad, but not as bad as full compromise, right? They might trigger a few kind of alerts and at least give you a chance to say, hey, we stopped them from exfiltrating 20 terabytes of data, they only got 100 megabytes. Still bad, but unfortunately that's where we are now.
Robby PeraltaRight. But when it comes to supply chain attacks, like you mentioned SBOM earlier. I thought the supply chain attacks were heavily correlated with the uptake of AI and all these new AI tools that people are using. Developers, I'm thinking of the developer space using AI, and that then getting do you see the connection there? Is how strong is that connection between supply chain and the uptake of AI in development environments?
Candid WüestIt it is huge. Uh, I'm fully with you 100%. Um, as the whole AI space, I think it it's even twofold, right? The the AIs itself, so um having your your proxy for the LLMs, right? Um, because you you want to be connected to different uh AI mods on the background. Now you have your LLM proxy also for the MCPs, because you want to have different tools. You want to be respectful on the token usage because that's where your money flows, right? So there's many things you plug in, and all of those things open up new attack space because it's probably new to people, they don't really know. Some of the things have not been on the on the market for long because the whole thing is new, right? So you can't really say, Oh, I want the MCP proxy, which has 10 years of experience. It does not exist, right? Uh so you have to use something which might only exist for a year, and we all know things might still have a few um vulnerabilities that need to be fixed within 12 months, right? So that's one side. And the other side is the whole development cycle. Again, AI, vibe coding, or assisted copilots, and all of those things are, of course, adding with the development, also helping with kind of automated testing, pipeline, right? Jenkins, spinning up a few uh Kubernetes and Docker containers. All of those things now kind of grow again to add more tools to it, which again opens up for new attack bases. And attackers like uh Team PCP, they know that quite well, right? They know that's a weak spot where they can go in because they might not be heavily regulated. It might be the classical project of two people living in Norway doing some great work, but yes, now a uh Fortune 500 company is using that software in production, right? Without probably even knowing, and unfortunately, sometimes without even donating money to that uh project, and now they get compromised. What happened next? So this is definitely something you should analyze, right? What you're doing, because yes, that's happening. And it's not just for the ones that do develop in-house software, right? I mean, I've seen many conversations where they say, Oh, I'm not a software company, I'm not generating anything, right? And they say, Well, are you really? As in, there's always someone creating a small script, right, to go through Salesforce or help with some SAP cluster or even just monitoring things. I mean, show me that, let's say, mid-size to large company that does not have anyone generating some scripts with AI at the moment, right? It's probably not existing. And that means they're the perfect target, even up to, as we haven't really touched on those, right? The whole prompt injection, memory poisoning, uh, MCP tool poisoning. There's so many attacks now for all those IDEs, kind of the development frameworks. Because, yes, usually it's just a MD file, a markdown file, and it's a text file. So I can add my backdoor there, and next time whatever you code will import my backdoor, right? And you might not know it, they might not know it till it's too late. So, yeah, supply chain attacks, lots of fun for the future for sure.
Robby PeraltaReally quick, what do you tell your clients around that? Like, where should their headspace be when it comes to supply chain?
Candid WüestAgain, monitor what you have, as in have an inventory, SBOM. It is there for a reason. I know it's annoying because it's a lot of work, but it it pays off, right? Know what you actually have and use. And then again, try to minimize the kind of the thing that happens with it. So that could be monitoring for strange behavior, right? Run the software for a few hours to see does it ping to a Chinese server? Probably that's not something which it normally does. And then, of course, yes, also automate your kind of test cases, right? You don't want to release something which blue screens. I mean, that that's a given. It still happens, right? But you also now want to make sure that it's not stealing stuff around. And as I said, run it on a cluster, spin it up, monitor which domains, which DNS requests it makes. That can already be good enough. Yes, of course, smart attackers will wait for one week before they do some damage, but that also gives you one week, right? So go back to the basics, monitor it, know what you have. And yes, I think just again, waiting is not an option because the attackers they don't wait. So you don't really have a choice.
Robby PeraltaYeah. Did you watch the uh interview with uh the guy from Anthropic Nick something and Nicole Perlroth? Have you seen that yet?
Candid WüestYes, yes, yeah.
Robby PeraltaAnd he's and he said that uh the new the next like wave of vulnerabilities. He was saying that like right now, the stuff it's finding. Hugh Spill's just explaining it really quickly, like what the vulnerability was. And now the stuff that he's finding is like it's really hard. It takes him like you know, a couple paragraphs, and and you need to know what you're talking about to understand it. But he's saying, like, you know, pretty soon it's gonna be like even even you candid well understand what the vulnerability was because it'll be so long and complicated. So that's an interesting, uh interesting future. But I'm not what do you think? What is your state of mind right now?
Candid WüestI fully agree that the the models are getting better in finding things, and yes, they will find the more complicated ones and do more kind of correlations on the things. On the other hand, $20,000 worth of tokens, right, for some of the one abilities, and they run it a few hundred, a few thousand times, and most of the times it did not find anything, so it's not uh oh point, click, and you have your zero-day kernel exploit, right? We're not there yet, and I don't think we will be there this year. But yes, it's getting better. There have been some interesting papers where they now use different models in conjunction, right? So, as in using Claude and maybe uh Gemini to find better vulnerabilities because some might be good in one, some might be good in the others, and they then talk to each other, right? And say, Hey, I found a memory disclosure. Oh, I found something that can use that, right? And then you basically combine the things. So that is one. But yes, I'm more on the frontier of releasing the models. I mean, I think most of them now go to the verified access, right? I mean, I got verified as well, so I'm not sure if that's good or bad. Uh, but it I think that's one way, right? So at least then you know who to sue if something goes bad, because you know, okay, that was Candid's account. It's the same code which is now used to attack GitHub. So probably there is a link. Uh, and I assume they learn something as well, as in all the threat research which is going on. So they hopefully do improve their models to find more vulnerabilities and other things. But the big question still is yes, what is happening on the market, right? Bulk bounties and other things. Now, I I have a few students which basically say it's not worth anymore to go into bulk bounties. They used to use that to pay their rent, as in on the weekends. Now they say all the simple ones are basically kind of used up. Now you have to use AI, but because they're students, they don't really have the money to do the tokens. They can't really rely on a company sponsoring them, right? Which means it's shifting. On the other hand, there's so many vulnerabilities found that some organizations now pay less per buck, which is found, which also kind of makes it well, is it worth for 10 bucks to do a responsible disclosure? Or if you just say, ah, it's not even worth. I mean, my agent can report it if he wants, but I'm not doing it, which is not really what we want, right? We we still want the bucks that are discovered to get fixed. And I honestly don't know what the answer is, right? Will we see buck prices drop and the volume will drop and then a zero day for iPhone will go to 50 million on the dark market? Or will it be so common because every model finds one that you can get one for a hundred thousand? I I doubt it, but yeah, it's gonna be interesting to watch. So I'm I'm with you. I'm not having sleepless nights of kind of getting swamped with all the zero days. But if you look at Firefox and all the other things, we can see some spikes. And of course, you can argue not all of them are remote code execution, some of them are probably aggregated, as in you find 100, you wait and report all of them at the same time. So you have the nice spikes, like Expo and others did as well. So those things go a little bit. That's the marketing part. But still, there are some vulnerabilities which are real, and yes, we've seen them being exploited uh at the edges. So again, in between, um, I would love to see the rational behind the reasons of not releasing a model or releasing it. I think OpenAI was kind of trying to do the counter and say, oh, we release it to everyone because we want to have the greater good, right? Um, which is nice. But yeah, I'm not sure what the best way is, to be honest. But I mean, maybe it's a last point for me. I think the attackers are using less and less malware per se, right? Um, it's the other saying that the attackers are no longer hacking in, they're just logging in, right? Because they have your password. Now, of course, it's yes, they're still using an exploit to get in, but I still see it's it's the living of the land, right? Going back to the title of the episode. I was saying they use the land against you, they use whatever is there already, which makes it harder to detect because now if you're just using system tools, how do I know if Robbie really wanted to send a lot of emails to a lot of strangers? Maybe you did, maybe it was spam, maybe someone kind of compromised your account. I think that will be something interesting with all the AI and intent discovery things for the future, right? As in, how can you make sure that I know that your AI agent is doing what you really told him to do? Well, yeah, we'll we'll see. Maybe in six months I'll come back to you and say, hey, I got a scoop for you. Have you heard about this case? Right. And then we'll laugh about it why we didn't know it about uh in uh the May episode. So we'll see.
Robby PeraltaWell, we have a deal. Six months or less. I will see you then, Candid. Sounds good. Calm me in. Thank you very much for your time. Take care in the meantime. You too.
Candid WüestTake care.
Robby PeraltaWell, that's all for today, folks. Thank you for tuning in to the mnemonic security podcast. If you have any concepts or ideas that you'd like us to discuss on future episodes, please feel free to hit me up on LinkedIn or to send us a mail to podcast at mnemonic.no. Thank you for listening. We'll see you next time.