Generative AI is poised to revolutionize vulnerability discovery in critical infrastructure, but will it actually fix the problem, or just shift the burden?
The recent AI Cybersecurity Challenge (AIxCC), a two-year competition sponsored by the US Defense Advanced Research Projects Agency (DARPA) and Advanced Research Projects Agency for Health (ARPA-H), crowned winners whose AI systems autonomously discovered and patched zero-day flaws in real-world code.
Now, with models potentially going open-source, the implications for defenders, attackers and policymakers are seismic.
In this episode, we sat down with Taesoo Kim, the leader of Team Atlanta, the AIxCC winning team, and Andrew Carney, program manager for the AIxCC at DARPA and ARPA-H.
In the interview (13.56), they discuss why the commercialization of GenAI-powered vulnerability scanning tools could be just around the corner and how "self-healing infrastructure" might soon become a reality.
All content for Infosecurity Magazine Podcast is the property of Infosecurity Magazine and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Generative AI is poised to revolutionize vulnerability discovery in critical infrastructure, but will it actually fix the problem, or just shift the burden?
The recent AI Cybersecurity Challenge (AIxCC), a two-year competition sponsored by the US Defense Advanced Research Projects Agency (DARPA) and Advanced Research Projects Agency for Health (ARPA-H), crowned winners whose AI systems autonomously discovered and patched zero-day flaws in real-world code.
Now, with models potentially going open-source, the implications for defenders, attackers and policymakers are seismic.
In this episode, we sat down with Taesoo Kim, the leader of Team Atlanta, the AIxCC winning team, and Andrew Carney, program manager for the AIxCC at DARPA and ARPA-H.
In the interview (13.56), they discuss why the commercialization of GenAI-powered vulnerability scanning tools could be just around the corner and how "self-healing infrastructure" might soon become a reality.
ToolShell Deep Dive: The SharePoint Exploit Crisis Uncovered
Infosecurity Magazine Podcast
41 minutes 47 seconds
3 months ago
ToolShell Deep Dive: The SharePoint Exploit Crisis Uncovered
In this special episode of the Infosecurity Magazine podcast, we dive deep into the rapidly evolving story surrounding Microsoft SharePoint On-Premises.
Recent disclosures have revealed a series of vulnerabilities now being exploited in targeted campaigns, with Chinese threat actors at the centre but other threat actors joining in the attacks.
This episode breaks down the complexities of the incident, the ongoing exploitations and the broader implications for security practitioners. Stay updated as this story unfolds and equip yourself with valuable insights to better understand and defend against emerging cyber threats.
Our discussion includes:
Timeline of events surrounding the ToolShell Microsoft SharePoint on-prem vulnerability (02.20)
Interview with Charles Carmakal, CTO at Mandiant, now part of Google Cloud (06.38). Charles details these critical vulnerabilities and steps towards patching and what some orgnaizations may be missing, leaving them vulnerable to compromise.
Interview Lorri Janssen-Anessi, Director of External Cyber Assessments at BlueVoyant. With extensive experience from her time at the NSA and the Department of Homeland Security, Lorri provides an in-depth perspective on the impact these attacks are having and what they mean for organizations today. (17.18)
Sing up to receive Infosecurity Magazine's weekly newsletter here.
Infosecurity Magazine Podcast
Generative AI is poised to revolutionize vulnerability discovery in critical infrastructure, but will it actually fix the problem, or just shift the burden?
The recent AI Cybersecurity Challenge (AIxCC), a two-year competition sponsored by the US Defense Advanced Research Projects Agency (DARPA) and Advanced Research Projects Agency for Health (ARPA-H), crowned winners whose AI systems autonomously discovered and patched zero-day flaws in real-world code.
Now, with models potentially going open-source, the implications for defenders, attackers and policymakers are seismic.
In this episode, we sat down with Taesoo Kim, the leader of Team Atlanta, the AIxCC winning team, and Andrew Carney, program manager for the AIxCC at DARPA and ARPA-H.
In the interview (13.56), they discuss why the commercialization of GenAI-powered vulnerability scanning tools could be just around the corner and how "self-healing infrastructure" might soon become a reality.
