AI agents are revolutionizing cybersecurity in contradictory ways. This episode explores how the same AI technology that enables companies like Picus Security to validate defenses against new threats in hours, instead of weeks, can also autonomously exploit vulnerabilities for profit. We examine why enterprises are hesitant to deploy AI agents at scale due to identity management challenges, the
escalating war between publishers and AI scrapers (with blocking up 336%), practical strategies for identifying truth when AI systems can be manipulated by their owners, and Anthropic's research showing AI can now find and exploit zero-day vulnerabilities in smart contracts autonomously. The bottom line: AI capabilities are advancing faster than our governance frameworks, creating both unprecedented defensive capabilities and entirely new attack vectors that security teams must navigate.

This week on AI Weekly, we delve into the surprising methods researchers are using to keep AI models honest—including teaching them to cheat—and explore the massive financial risks Oracle is undertaking to fuel the AI cloud goldrush. We also dissect the escalating security and privacy challenges posed by agentic AI, LLM-generated malware, and the booming "bossware" industry surveilling remote workers.

This week, we dive into the dangerous 'Whisper Leak' side-channel attack that infers user conversation topics even when encrypted. We also analyze the new reality of AI-powered cyber campaigns and discuss why corporate executives are breaking their own internal AI security rules.