Initial Access

Trusted Tools, Hijacked Sessions & Cheap Paths to Big Access

Bishop Fox — Mon, 20 Apr 2026 20:30:11 GMT

In this Initial Access episode, we look at how attackers are reusing trust that is already in place, from hijacked sessions and malicious browser extensions to overlooked industrial systems infrastructure and tightly controlled AI capabilities.

Project Glasswing: AI Vulnerability Discovery & Exploit

Bishop Fox — Mon, 13 Apr 2026 23:28:47 GMT

In this special episode, we break down Anthropic’s Project Glasswing announcement and what it signals for the future of cybersecurity. At its core, Glasswing is a defensive initiative built around a new class of AI capability: models that can identify, exploit, and help remediate software vulnerabilities.

The conversation goes beyond the announcement to unpack what this actually means in practice: where the capability holds real weight, where it remains constrained, and how security leaders should be thinking about control, oversight, and risk as AI begins to meaningfully accelerate offensive security outcomes.

Key Takeaways:

Glasswing reflects a real inflection point in offensive capability

The discussion enforces that AI systems are now capable of performing meaningful vulnerability discovery and exploitation tasks. The significance isn’t just in finding bugs, but in doing so at scale and speed that begins to outpace traditional human-led approaches.

The core shift is compression of the attack lifecycle

A major theme from the conversation is how AI reduces the time between discovery and exploitation. What historically required time, expertise, and iteration can now be accelerated, which has direct implications for how quickly defenders need to detect and respond.

This is as much about attacker enablement as defender tooling

While Glasswing is positioned as a defensive effort, the underlying capability is inherently dual-use. The experts highlight that the same advancements enabling defenders will inevitably lower the barrier for attackers, making this a race to adapt rather than a one-sided advantage.

Control—not capability—is the real constraint today

The limitation isn’t what the AI can do, but how safely it can be deployed. The discussion emphasizes that governance, access restriction, and controlled usage are currently the primary mechanisms preventing misuse—not a lack of technical capability.

Human-in-the-loop remains a necessary safeguard

While the technology is advancing quickly, the experts stress that human oversight is still critical, particularly when validating findings, making remediation decisions, and preventing unintended consequences from automated actions. This is less about slowing AI down and more about ensuring reliability and accountability.

Security programs are not designed for this speed yet

Existing security processes (patching cycles, validation workflows, detection models) are not built for a world where vulnerabilities can be discovered and operationalized at machine speed. This creates a growing gap between attacker capability and defender readiness.

Validation and testing models need to evolve

The conversation highlights the need for more realistic testing approaches that account for AI-driven discovery and exploitation. Traditional assessments may not fully capture how these systems behave or how quickly weaknesses can be identified and chained together.

The long-term impact is an expanding and accelerating attack surface

As AI continues to improve in code understanding and system analysis, the number of exploitable paths, and the speed at which they can be uncovered, will increase. This isn’t a single breakthrough moment, but the start of a compounding effect on both offense and defense.

GitHub Malware, DNS Hijacking, Ransomware Speed & AI Exploits

Bishop Fox — Mon, 13 Apr 2026 18:27:25 GMT

In this Initial Access podcast episode, we examine how trust, speed, and automation are reshaping initial access across software supply chains, network infrastructure, and AI systems.

Inherited Access, AI Permissions, Supply Chain Attacks & Edge Exposure

Bishop Fox — Tue, 07 Apr 2026 21:41:17 GMT

In this Initial Access podcast episode, we examine how attackers are inheriting access through trusted systems, default permissions, and unpatchable infrastructure.

Malvertising, Trusted Tools, Real-Time Attacks & Shrinking Windows

Bishop Fox — Tue, 31 Mar 2026 14:33:30 GMT

In this Initial Access podcast episode, we examine how attackers are turning normal workflows and trusted systems into reliable paths for initial access as exploitation timelines continue to shrink.

Speed, Trust, and the Compromised Workbench

Bishop Fox — Wed, 25 Mar 2026 18:44:18 GMT

In this Initial Access podcast episode, the team looks at several recent examples of that compression in action, from a supply chain compromise that led to AWS admin access, to malware spreading through GitHub, npm, and VS Code, to ClickFix lures that convince technical users to run malicious commands themselves.

Social Engineering, Phishing, Edge Device Exploits & AI-Assisted Attacks

Bishop Fox — Sun, 15 Mar 2026 05:00:06 GMT

In this Initial Access episode, we examine how attackers are gaining initial access through social engineering, identity abuse, and vulnerable edge infrastructure. The team also discusses the rise of phishing-as-a-service platforms, leaked mobile exploit chains entering the criminal ecosystem, and how AI is accelerating reconnaissance and offensive tooling for both attackers and defenders.

AI Coding Agents, FortiGate Attacks, Surveillance & Identity Hacks

Bishop Fox — Sun, 15 Mar 2026 04:58:03 GMT

In this Initial Access podcast episode, we cover AI coding agents operating inside developer environments, automated attack platforms accelerating exploitation cycles, long-lived connected devices exposing unexpected telemetry risks, and why identity systems remain the primary entry point for attackers.

Autonomous AI, Broken Guardrails, and Geopolitics

Bishop Fox — Sun, 15 Mar 2026 04:57:13 GMT

In this Initial Access podcast episode, we cover autonomous vulnerability discovery, AI agents that ignore instructions, and why models are becoming strategic national assets.

SSO Phishing, Patching Failures, Exposed APIs

Bishop Fox — Sun, 15 Mar 2026 04:56:15 GMT

In this Initial Access podcast episode, we cover SSO phishing, patching failures, exposed APIs, and zombie infrastructure remind us that basic security hygiene still decides the outcome.

Deepfakes, Spyware Skits & LLMs for Hire

Bishop Fox — Sun, 15 Mar 2026 04:55:10 GMT

In this Initial Access podcast episode, we cover prompt injection, a hijacked Outlook add-in, commoditized mobile spyware, AI executive deepfake scams, IT-to-OT pivoting, and nation-state use of commercial LLMs to accelerate exploitation.

Software Policy Rollbacks, Insider Access Abuse, and AI Automation Risk

Bishop Fox — Sun, 15 Mar 2026 04:53:32 GMT

In this Initial Access podcast episode, we cover the rollback of federal software security guidance, insider-driven access risks, ongoing state-sponsored espionage, and the security implications of giving AI tools deep control over infrastructure.

Prompt Injection, Session Hijacking & Why AI Isn't Writing the Attack Plans Yet

Bishop Fox — Sun, 15 Mar 2026 04:47:57 GMT

In this Initial Access podcast episode, we cover AI prompt injection risks, continued social engineering via LinkedIn and QR codes, credential theft and session hijacking, patch reliability and appliance security, and how AI is being used to accelerate malware development, distinguishing meaningful risk from overhyped claims.