Promoting Advanced Artificial Intelligence Innovation and Security

The White House EO pushes federal agencies toward AI-enabled cyber defense, frontier-model benchmarking, and a voluntary framework for trusted access to high-end AI systems.

Expanding Project Glasswing

Anthropic is widening Project Glasswing beyond its first cohort, giving more trusted security teams access to Claude Mythos Preview while the industry works through how to scale vulnerability discovery, disclosure, and patching. Securely testing on customer data The crew digs into the practical problem of validating AI and security tools against real customer environments without turning sensitive data into test exhaust, training material, or cross-tenant risk.

The cybersecurity workers employers want are in short supply — Axios

Axios frames the cyber labor crunch around specialized, hands-on roles that employers want most, raising the question of whether AI changes the skills gap or just moves it up the stack.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, https://www.whirlai.com/)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

Canvas hack strands university students during finals week. A Canvas cyberattack hit universities and K-12 schools during finals, locking students and teachers out of grades, assignments, lecture materials, and exams at the worst possible moment.

Building for the future. Cloudflare says it is cutting more than 1,100 employees as it restructures around internal AI-driven workflows, even as the timing alongside earnings and a sharp stock reaction raises harder questions about the story investors were told.

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog. Wiz breaks down a critical GitHub infrastructure flaw where an authenticated user could turn a normal git push into remote code execution on GitHub Enterprise Server, with GitHub.com mitigated and GHES customers urged to patch.

Dirty Frag (CVE-2026-43284, CVE-2026-43500) Patches Released. AlmaLinux shipped kernel patches for Dirty Frag, a pair of Linux kernel bugs in IPsec ESP and rxrpc paths that can give local attackers root, with public exploit code already available.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:34 - Introduction

03:33 - Enterprise Challenges

07:08 - End User and Browsers

21:55 - Vulnerability Metrics

40:37 - Approaching Leadership

42:09 - TPRM Discussion

46:40 - Sharing Findings

01:03:04 - Conclusion

Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150

Anthropic’s Mythos found 271 zero-day vulnerabilities in Firefox 150 Mozilla let Anthropic’s Mythos loose on Firefox 150’s codebase, harvesting 271 shippable fixes in one sweep and forcing the security team to reckon with AI-scale fuzzing, triage, and patch velocity. https://arstechnica.com/ai/2026/04/mozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150/

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

Project Glasswing (https://www.anthropic.com/glasswing) Anthropic is letting AWS, Apple, Google, Microsoft, JPMorgan, Cisco, NVIDIA, and friends point Claude Mythos at their shared attack surface while backing it with $100M in credits and $4M for OSS security groups so blue teams can burn down latent vulns before the offense gets equivalent AI.

Inside the TeamPCP cascading supply chain attack (https://www.reversinglabs.com/blog/teampcp-supply-chain-attack-spreads) Hijacked Trivy GitHub Actions poisoned Docker images, stole CI secrets, and daisy-chained through Checkmarx workflows, npm packages, and VS Code extensions, seeding thousands of tenants with infostealers and proving CI creds are the new crown jewels.

Delve – Fake Compliance as a Service - Part I (https://substack.com/home/post/p-191342187) A report says Delve mass-produced fake SOC 2 artifacts and funneled them through shell auditors, leaving customers—from indie apps to a Nasdaq firm—waving fraudulent attestations that crater their legal compliance.

Hosts: Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

The Adversarial Podcast brings you a special episode in collaboration with Cloudflare's Security Signal Podcast.

0:39 - 3:33 AI Governance and Autonomy

6:26 - 8:49 Human in the Loop

9:17 - 11:40 Cybersecurity and AI

15:26 - 18:19 Resilience and Anti-Fragility

28:24 - 33:05 Threat Intelligence

33:31 - 36:50 Board and CISO Dynamics

41:09 - 42:35 Future of Cybersecurity

42:35 - 44:14 Books and Resources

Security Signal Podcast: https://podcasts.apple.com/us/podcast/security-signal/id1815513800

Cloudflare; http://cloudflare.com/

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

Iran-linked hackers claim responsibility for attack on US medical device maker Stryker

Attackers tied to Iran say they hit Stryker, and investors punished the stock as the company scrambled to assess exposure.

Trump Signs Executive Order Aimed at Cybercrime Gangs

The President issued an order to tide together federal tools, international partners, and private-sector incentives for hunting down and disrupting ransomware crews.

President Trump’s Cyber Strategy for America

The new national cyber strategy leans hard on resilience, collaboration with allies, and deterring Beijing through offensive-ready posture.

The future of third-party risk is NOT better questionnaires

The author argues that automation and better data sharing—not more paperwork—are what finally move the needle on vendor risk management.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

Claude Code Security research preview Claude now reasons about code like a human researcher, re-checks its own findings for confidence, and surfaces patch suggestions in a dashboard while keeping humans in control—limited preview for Enterprise/Team customers plus expedited access for open-source maintainers.

Pentagon gives Anthropic a best-and-final offer With a deadline looming, the Pentagon demanded full lawful-use access, threatening supply-chain risk and even a Defense Production Act push, but Anthropic stood firm on guardrails around mass surveillance and autonomous weapons.

State Department and other agencies ditch Anthropic for OpenAI State, Treasury, HHS, and others are dropping Claude after Trump’s directive to cancel Anthropic contracts, swapping in OpenAI’s GPT-4.1 for tools like StateChat as the broader federal boycott takes shape.

New AirSnitch attack bypasses Wi-Fi encryption AirSnitch leverages cross-layer identity desync to nullify client isolation on routers from Netgear to Cisco, giving nearby attackers full MitM access to intercept and tamper with otherwise encrypted traffic.

Your password manager’s “zero knowledge” promise is broken ETH Zürich’s USENIX paper proves that malicious servers controlling Bitwarden/Dashlane/LastPass infrastructure can hijack everyday vault interactions and read users’ encrypted data despite the “zero knowledge” pitch.

Researchers find critical vulnerabilities in cloud-based password managers The ETH team demonstrated a dozen attacks on Bitwarden, seven on LastPass, six on Dashlane, and even a 1Password flaw, showing compromised servers—without exotic hardware—can view or rewrite entire vaults.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use Google’s threat team distills red-team learnings from sophisticated experimentation as it hardens defenses and anticipates adversarial AI backdoors.

New Trump Cyber Strategy Prompts Companies to Mull Legal Limits The administration’s aggressive cyber doctrine is forcing firms to reconsider how far they can legally follow the offensive playbook.

The Trump Administration’s Cyber Strategy Fundamentally Misunderstands China’s Threat | Council on Foreign Relations CFR analysis warns that the new strategy oversimplifies China’s capabilities and risks misaligning priorities.

CISA will shutter some missions to prioritize others. CISA’s Cybersecurity Division is reorganizing to better match a layered threat-response posture.

Google TIG disrupts “world’s largest residential proxy network” The threat-intel team dismantled a sprawling residential proxy operation that was selling access to anonymized traffic, curbing a major enabler of fraud and abuse.

Hosts: Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)