Neural Newscast

[00:00] Lauren Mitchell: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers.
[00:06] Aaron Cole: Welcome to Prime Cyber Insights. I am Aaron Cole.
[00:10] Aaron Cole: We're moving fast today with a massive shift in vulnerability management and a ransomware crisis that's hitting the healthcare sector where it hurts most.
[00:19] Lauren Mitchell: I'm Lauren Mitchell. We have a lot to unpack, including an AI breakthrough from Anthropic,
[00:24] Lauren Mitchell: that's finding bugs older than some of our listeners. Joining us today is Chad Thompson,
[00:30] Lauren Mitchell: a director-level AI and security leader with a systems-level perspective on automation,
[00:35] Lauren Mitchell: enterprise risk, and operational resilience. Chad, great to have you.
[00:39] Chad Thompson: Glad to be here, Lauren.
[00:41] Chad Thompson: We're seeing a fundamental shift in the speed of both offense and defense.
[00:45] Chad Thompson: And the news this week really highlights that tension between automated discovery and manual recovery.
[00:50] Aaron Cole: Right. Let's start there.
[00:52] Aaron Cole: Anthropic just rolled out Claude Code Security using the Opus 4.6 model.
[00:58] Aaron Cole: This isn't just another scanner.
[01:00] Aaron Cole: It's mapping entire code bases like a human researcher.
[01:04] Aaron Cole: Chad, they're claiming it found high severity vulnerabilities in open source software
[01:09] Aaron Cole: that were undetected for decades.
[01:11] Aaron Cole: Does this change the enterprise risk math?
[01:13] Lauren Mitchell: It has to, Aaron.
[01:15] Lauren Mitchell: But it's a double-edged sword.
[01:17] Lauren Mitchell: While Anthropic is focused on defense, you know, the same logic applies to the adversary.
[01:23] Lauren Mitchell: This tool doesn't auto-apply fixes yet.
[01:26] Lauren Mitchell: Developers still have to approve changes, but the speed of detection is revolutionary.
[01:32] Lauren Mitchell: Chad, how does this play into the critical flaws we're seeing exploited right now,
[01:36] Lauren Mitchell: like that beyond trust vulnerability?
[01:39] Chad Thompson: The problem is the window between discovery and exploitation.
[01:43] Chad Thompson: We saw with CVE-2026-1731 in Beyond Trust products that exploitation began within 24 hours of the proof of concept going public on February 10th.
[02:00] Chad Thompson: When AI starts finding these flaws even faster, the patching cycle we're used to becomes obsolete.
[02:06] Aaron Cole: That beyond-trust flaw has a CVSS of 9.9, and it's already being used to deploy malware like SparkRat.
[02:16] Aaron Cole: It's a direct line to what happened at the University of Mississippi Medical Center.
[02:21] Aaron Cole: This past Thursday, a ransomware attack forced them to close all 35 of their clinics.
[02:27] Aaron Cole: Doctors are back to pen and paper.
[02:29] Lauren Mitchell: Mm-hmm. And it's not just healthcare, Aaron.
[02:33] Lauren Mitchell: Chip testing giant Advantest was also hit by ransomware recently.
[02:37] Lauren Mitchell: These aren't isolated incidents.
[02:39] Lauren Mitchell: They're attacks on the critical supply chain.
[02:41] Lauren Mitchell: It underscores why the technology sector is seeing a massive surge in threats.
[02:46] Lauren Mitchell: Rod Ware's report this week shows DDoS attacks jumped 168% in 2025.
[02:53] Chad Thompson: That's 139 attempted incidents per day per customer.
[02:59] Chad Thompson: From a systems perspective, we're seeing a volume of attacks that makes manual intervention impossible.
[03:05] Chad Thompson: Whether it's DDoS or the 700 ATM jackpotting attacks the FBI just warned about,
[03:11] Chad Thompson: the theme is automated.
[03:12] Chad Thompson: High frequency exploitation of physical and digital infrastructure.
[03:16] Aaron Cole: For sure. The legal and regulatory response is trying to keep up.
[03:21] Aaron Cole: CISA announced new town hall meetings for March and April to get feedback on CIRCA reporting rules.
[03:29] Aaron Cole: They want to clarify that 72-hour incident reporting window.
[03:33] Aaron Cole: Meanwhile, Bumble is facing a class action lawsuit over a shiny hunter's breach,
[03:38] Aaron Cole: and the French government just admitted 1.2 million bank accounts were exposed.
[03:42] Lauren Mitchell: It's a reminder that even government registers aren't safe.
[03:46] Lauren Mitchell: As we look at the fuel tests for Artemis, one eye, it's clear we're pushing boundaries in every sector.
[03:53] Lauren Mitchell: But our digital foundations are under constant pressure.
[03:57] Lauren Mitchell: Chad, any final thoughts on where leaders should focus their resilience efforts as we move deeper into 2026?
[04:04] Chad Thompson: Focus on the blast radius.
[04:07] Chad Thompson: You can't stop every bug, especially with AI-powered discovery.
[04:10] Chad Thompson: But you can control what happens once a vulnerability is found.
[04:15] Chad Thompson: Resilience is about the recovery speed, not just the shield.
[04:20] Chad Thompson: Thanks for having me.
[04:21] Aaron Cole: Urgency is the word of the day.
[04:24] Aaron Cole: Be sure to check out PCI.neuralnewscast.com for more deep dives.
[04:29] Aaron Cole: Catch us next time for more insights.
[04:32] Aaron Cole: I'm Aaron Cole.
[04:33] Lauren Mitchell: And I'm Lauren Mitchell.
[04:36] Lauren Mitchell: Stay secure, Aaron.
[04:37] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed.
[04:42] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com.
[04:47] Lauren Mitchell: This has been Prime Cyber Insights on Neural Newscast,
[04:51] Lauren Mitchell: Intelligence for Defenders, Leaders, and Decision Makers.
[04:54] Lauren Mitchell: Neural Newscast uses artificial intelligence in content creation
[04:58] Lauren Mitchell: with human editorial review prior to publication.
[05:01] Lauren Mitchell: While we strive for factual, unbiased reporting, AI-assisted content may occasionally contain
[05:07] Lauren Mitchell: errors. Verify critical information with trusted sources. Learn more at neuralnewscast.com.