Cybersecurity Today: Month In Review – Microsoft Patch Fails, Fortinet Issues, and AI Risks
Date: February 7, 2026
Host: Jim Love
Panelists: David Shipley (CEO, Beauceron Security), Laura Payne (CEO, Whitetuque), Mike Puglia (GM Security, Kaseya)

Overview

In this lively and reflective “Month in Review” episode, host Jim Love and returning panelists analyze the persistent—and burgeoning—issues at the intersection of software quality, major security vendor woes, and the breakneck adoption of AI-driven technologies. The conversation covers Microsoft’s recent patching failures, ongoing crises at Fortinet, risky trends in AI agents, a spate of high-profile breaches (including Canada Computers), and the broader, often frustrating, structural problems faced by the cybersecurity community. The episode is rich with metaphors, humor, and hard lessons earned from personal experience, while offering commentary on the need for a renewed focus on “quality over speed” as the industry enters a new, AI-driven era.

Key Discussion Points and Insights

1. Microsoft’s Patch Troubles & The “Impossible Dilemma”

• [02:13–04:43] Jim Love introduces Microsoft’s chaotic Patch Tuesday: repeated failed patches, operational breakages, and an “impossible dilemma” for IT leaders—risk operational delay for security or patch instantly and risk outages.
  • “The minute somebody publishes a patch, they’re putting out a sign to every hacker in the world, ‘Hey, there’s a weakness here. Check for somebody who hasn’t patched.’ So it’s an impossible dilemma.” – Jim Love [03:37]
• The panel discusses how even resource-rich giants like Microsoft are straining under modern complexity, prompting broader industry questions:
  • Modern software is too complex, too fast.
  • Are we overdue for a return to a focus on quality, even if it slows things down?

2. The Future of Software Production: Back to Quality?

• [04:43–08:53] David Shipley advocates abandoning the “ship fast” Agile mentality for a “Toyota way” focus on quality:
  • “The old way is now truly unsustainable… even if the AI skeptic guy is telling you we have to change the way we build software, this is now the reality.” – David Shipley [07:14]
  • Engineers, he argues, must take responsibility for what they build, as in other professions.
• [08:53–12:29] Mike Puglia builds on this, contrasting software’s flexibility (“we can fix it”) with the high stakes of physical goods. He favors consistency in patching over rushing, unless there’s an active exploit.

3. Vendor Lock-In and the Limits of Iterative Fixing

• [12:18–16:24] Laura Payne draws a parallel with Nintendo, noting that current software models often preclude a “do-over”:
  • “When is the opportunity to sit back and take a reset?... There are certain fundamental design decisions that are effectively irreversible once you get you built enough stuff on top of it.” – Laura Payne [11:17]
• The panel notes that Apple’s bold re-architecture (Mac OS X) is rare—and difficult for entrenched vendors like Microsoft.

4. Fortinet’s Troubles: “Fix the Point Problem, Not the Root”

• [17:32–21:44] The discussion pivots to Fortinet, which is criticized for patching surface vulnerabilities without addressing systemic flaws.
  • “They’re fixing the point problem, not the root bug… it’s like putting out a forest fire… and then the fire starts again.” – David Shipley [19:42]
• Recent attacks showed that shield providers (firewall vendors) must step back and truly address the “root cause” or risk catastrophic consequences:
  • Referenced: Polish CERT’s report on Russian attacks using Fortinet flaws that nearly caused mass power outages.
• [21:44–23:47] Laura and Mike highlight the alarming lack of business drivers for true reform, with so much talent distracted by AI hype instead of shoring up critical, (often “boring”) infrastructure.

5. The AI Risk Goldrush – “Open Claw” and Agent Madness

• [29:09–35:25] The panel unpacks the whirlwind around “Claude Bot” / “Moltbot” / “Open Claw”—open-source agent frameworks built atop Anthropic Claude and OpenAI components that quickly devolved into a security nightmare:
  • “In order to make agents work, I have to do two things. I have to remember stuff and I have to give them access to everything… what could possibly go wrong?” – Jim Love [30:38]
  • McCoy Security found 431 out of 2,900 agents in the marketplace with malicious code.
  • “This will not be victimless… If you don’t understand the command line like nobody else, don’t touch this stuff, wait for it to settle in… you’re going to get taken.” – Jim Love [32:36]

Notable Quotes – AI Section

• “One bot to pwn you all, man—this was so very foreseeable and so very hilariously bad.” – David Shipley [33:35]
• “Running widely available, untrusted software without knowing what you’re doing on any machine in an organization is a recipe for disaster.” – Mike Puglia [34:23]
• “We’re wasting it on creating a fake farm of toddlers. I don’t know what we’re doing.” – Laura Payne [36:46]

6. The Persistent Threat of “Dull” Attacks

• [39:36–43:30] Beyond the headlines, mundane attacks (e.g., Magecart skimming at Canada Computers) remain costly and reputationally damaging.
  • Businesses need to “do the dull well”—focus on bread-and-butter risks most relevant to them.
  • “When mistakes happen, how you communicate is more important than the fact that mistakes happen.” – David Shipley [41:18]

7. Systemic Deficits: Crime, Policy, and Enforcement

• [43:30–48:05] Mike Puglia offers a sobering review of cybercrime as “crime without consequence,” enabled by global disunity and opaque cryptocurrency:
  • “The number one deterrent to crime is the fear of getting caught… We don’t have a lot of that in cybercrime for two reasons: one, the actor is often in Russia, China, North Korea. And two, cryptocurrency. We took that tool [tracing the money] away.” – Mike Puglia [44:12]
  • Law enforcement knows the culprits but is powerless beyond “a strongly worded letter.”

8. Towards Hope: Can Market & Policy Drive Improvement?

• [48:05–49:56] There is tempered optimism that economic and political realignment (e.g., trade blocs prioritizing secure markets) could incentivize better practices.
  • “For as long as we allow humans to connect digitally from around the world, we are going to have these problems.” – David Shipley [48:36]
• The panel predicts 2026 may be a turning point (“when the idea that we can patch everything away dies”).

Notable Quotes & Memorable Moments

| Timestamp | Speaker | Quote / Moment | |-----------|----------------|-------------------------------------------------------------------------------------------------------------------------| | 03:37 | Jim Love | “The minute somebody publishes a patch, they’re putting out a sign to every hacker in the world…” | | 07:14 | David Shipley | “The old way is now truly unsustainable… this is now the reality.” | | 11:17 | Laura Payne | “…There are certain fundamental design decisions… that are effectively irreversible…” | | 19:42 | David Shipley | “They’re fixing the point problem, not the root bug… it’s like putting out a forest fire… and then the fire starts again.” | | 30:38 | Jim Love | “…I have to remember stuff and I have to give them access to everything… what could possibly go wrong?” | | 32:36 | Jim Love | “…This will not be victimless…wait for it to settle in… you’re going to get taken.” | | 33:35 | David Shipley | “One bot to pwn you all, man—this was so very foreseeable and so very hilariously bad.” | | 36:46 | Laura Payne | “…We’re wasting it on creating a fake farm of toddlers. I don’t know what we’re doing.” | | 44:12 | Mike Puglia | “…We don’t have a lot of that in cybercrime for two reasons: one, the actor is often in Russia, China, North Korea. And two, cryptocurrency. We took that tool [tracing the money] away.” | | 48:36 | David Shipley | “For as long as we allow humans to connect digitally from around the world, we are going to have these problems.” | | 51:13 | Laura Payne | “How do we go from wooden drum brakes to carbon ceramic disc brakes with ABS? …The only way you can go fast in the car is if you’ve got brakes that can stop you when you need to.” |

Timestamps for Major Segments

• Microsoft patching and software quality dilemma: [02:13–12:29]
• Fortinet, SonicWall, root cause vs. superficial fixes: [17:32–23:47]
• AI agents, Open Claw/Moltbot risks: [29:09–36:46]
• Magecart/Canada Computers breach, “doing the dull well”: [39:36–43:30]
• Systemic crime and policy failures: [43:30–48:05]
• Market/political solutions and outlook: [48:05–49:56]
• Closing/car analogy/metaphor: [50:51–51:23]

Tone & Style

The discussion is energetic, candid, and leavened with metaphors and pop culture references (Jurassic Park, Nintendo, rural Canadian roads, and even car brakes). The speakers blend hard-earned wisdom, occasional exasperation, and optimism for industry and societal change. Laura regularly delivers concise, reality-check insights while David and Mike bring a blend of big-picture thinking and sharp detail. Jim hosts with a wry sense of humor and storytelling.

Final Takeaways

• Quality needs to replace speed as software’s north star—across all IT, from firewalls to operating systems.
• Vendors must address root causes, not “point fix” security.
• The AI gold rush is bringing systemic, predictable, but sometimes preventable risks—organizations must prepare now.
• Mundane, persistent attacks matter; “doing the dull well” is essential, especially for SMBs.
• Cybercrime thrives on lack of consequences and global disunity; solutions remain elusive but necessary.
• Hope rests in education, collective economic pressure, and, as Laura puts it, “putting on the brakes.”

“The only way you can go fast in the car is if you’ve got brakes that can stop you when you need to.” – Laura Payne [51:13]

This episode is a wake-up call—equally for practitioners and decision-makers—not just to survive the present, but to architect a safer digital future.