Summary7 min read

CyberWire Daily — “A wake-up call on frontier AI.”

Date: April 29, 2026
Host: Dave Bittner, N2K Networks
Featured Guest: Chris Beam, Zero Network's Field Chief Technology Officer

Episode Overview

This episode of CyberWire Daily explores growing tensions and urgent developments at the intersection of artificial intelligence (AI) and cybersecurity, with a special emphasis on "frontier AI" — the most advanced and potentially risky AI models. The team covers congressional briefings by OpenAI and Anthropic, major policy moves affecting AI use in government, and a host of critical new cybersecurity threats and industry studies. The episode’s second half features a rich interview with Chris Beam on minimizing a company's “blast radius,” the impact of AI on both attackers and defenders, and the future of zero trust.

Key News & Discussion Points

1. Congressional Briefings on Cyber Capable AI

[02:40–03:43]

OpenAI and Anthropic gave classified briefings to House Homeland Security Committee staff, outlining the security risks of new AI systems and the threat they pose to critical infrastructure.
Models discussed included Anthropic's unreleased Mythos preview and OpenAI's rollout of GPT 5.4.
Demonstrations of misuse scenarios were described as "alarming."
Briefings underscored urgent needs for regulation, infrastructure protection, and giving government agencies access to defensive AI tools, especially as international AI competition (notably from China) increases.

“Lawmakers described demonstrations of misuse scenarios as alarming. Early congressional exposure to offensive cyber capabilities in AI models signals growing urgency around regulation, infrastructure protection, and government access to defensive AI tools as adversary competition intensifies.”
— [Co-Host, 03:10]

2. Potential Executive Action on Anthropic’s Mythos

[03:43–04:27]

The White House is considering executive orders to relax restrictions on Anthropic’s Mythos model, potentially allowing greater government and military use.
Ongoing legal disputes linger over Anthropic’s limits on military usage, and agencies, including the NSA, are already deploying Mythos for defensive purposes.

3. Government Accountability Office: Improper Access to Sensitive Payment Systems

[04:27–05:30]

GAO found a Treasury staffer improperly accessed and even had the ability to modify or delete sensitive payment records, highlighting monitoring and procedural failures.
These gaps cast doubt on broader federal safeguards for sensitive data sets.

4. Greece Proposes Mandatory Identity Verification for Social Media

[05:30–06:30]

Greece is advancing a proposal to require all social media users to verify their identity, aiming to curb harassment and election misinformation. Pseudonyms would still be allowed, but platforms must confirm real identities.
Raises significant privacy and compliance questions, possibly requiring coordination across the EU.

5. Critical Windows Zero-Day — CISA’s Immediate Patch Mandate

[06:30–07:00]

The Cybersecurity and Infrastructure Security Agency (CISA) mandated all federal systems patch a newly exploited Windows vulnerability that allows credential theft through shortcut files (.lnk).
Deadline: May 12. The flaw is actively exploited; urgent action required.

6. “Destructive Ransomware”: VECT 2.0 Permanently Destroys Data

[07:00–07:58]

New ransomware variant VECT 2.0 inadvertently destroys large files during its supposed encryption process, making recovery impossible—even for the attackers.
Affects Windows, Linux, and ESXI systems.
Increases operational risk and reduces leverage (and value) in ransom negotiations.

7. Declining Confidence Among State CISOs

[07:58–08:45]

The biennial study from NACIO and Deloitte finds only 26% of state chief information security officers (CISOs) are “highly confident” in their ability to defend public sector assets (down from 48% in 2022).
Shared infrastructure and AI-enabled attacks are driving urgency for coordinated, “whole-of-state” cybersecurity strategies.

8. Neurodiversity and Inclusion Gaps in Cybersecurity

[08:59–09:48]

New ISC2 study notes 12% of cyber professionals identify as neurodivergent.
Neurodivergent pros report lower satisfaction and higher fatigue but remain engaged.
Flexible work, recognition, and career clarity help retention.

9. Major Arrest: Alleged Scattered Spider Member Taken Into Custody

[10:00–10:50]

Peter Stokes, a 19-year-old US-Estonian national, was arrested in Finland for helping orchestrate social engineering attacks and major corporate breaches, including an $8M ransom plot.

Feature Interview: Chris Beam (Zero Network) on Minimizing Blast Radius & AI’s Impact

[12:53–24:17]

Why “Minimizing Blast Radius” Is Critical

[13:02–14:03]

Cyber attackers now move at “insane” speed—average attack speed reportedly under a minute.
Fears center on attackers gaining legitimate user access and then freely moving laterally through the environment.
Organizations in every industry must worry about business resilience and data sensitivity.

“The fear is full control and then how long they’re there... How do we prevent attackers from moving around?... there’s multiple new technologies out there for hackers to leverage, including AI, to move a lot faster.”
— Chris Beam, [13:02]

Modern Attacker Techniques: Living Off the Land

[14:03–15:12]

Attackers are increasingly blending malicious activity with legitimate user behaviors, gaining access using real credentials—often through phishing or social engineering rather than technical exploits.
This makes detection and prevention much harder.

“The real thing…is people are gaining access through your legitimate users... What happens if I used, Dave, your user account and you have access to everything in your environment, you’re an administrator—then all of a sudden I have access to everything as a hacker.”
— Chris Beam, [14:16]

Zero Trust & Least Privilege as Defense

[15:16–16:18]

Chris recommends a zero trust approach: verify user identity and limit privileges.
Organizations must consider what an attacker could do with an over-privileged account.
Isolation and microsegmentation (“bubbles”) should extend across the environment—not just to endpoints.

Balancing Security with Usability

[16:18–17:52]

The challenge is making strong security “frictionless.”
Zero Networks targets administrative actions for hardening, while minimizing disruptions for ordinary users.
Accounts and privileges must be learned and restricted based on business needs—the solution adapts as requirements change.

The Problem of Over-Privileged Accounts

[17:52–19:46]

Over-privileging is nearly universal unless organizations have extremely strict identity security.
Developers and technical staff often seek and receive excessive rights for convenience, contributing to risk:

“I just need full God mode… it’s easier. They had their own deadlines, they have their own commitments.”
Cultural and business pressures often override restrictive best practices.

How AI Affects Defensive and Offensive Tactics

[19:46–21:16]

Zero Networks doesn’t directly build AI into its core product, due to concerns about reliability and risk.
AI is used more for log searching and insight—and observed in customers’ environments (e.g., unknown connections to AI services like Gemini through “normal” applications such as Spotify can introduce new risk vectors).
Customers often don’t realize how deeply generative AI is baked into business and IT workflows.

Regulatory Shifts & The Future of Zero Trust

[21:16–23:00]

Regulation is catching up with technology:
- New requirements for audit, visibility, and control (e.g., new, pending rules for healthcare HIPAA, and AI regulations).
- Compliance and cyber insurance increasingly mandate proven identity, segmentation, and access control (PCI, etc.).
- Zero trust is shifting from a “goal” to a compliance and market necessity.

“If you want to be PCI-compliant in the new modern age, you need…more levels of enforcement, validation, and control... Regulators and even cyber insurance…want to limit that risk.”
— Chris Beam, [22:31]

Going Beyond Checkbox Compliance

[23:00–24:17]

Leading organizations now pursue full segmentation and zero trust not just to “check the box,” but as core board-level initiatives, even compressing projects that used to take years into a single year with modern tooling.

Notable Quotes

“The real thing that’s happening...is people gaining access through your legitimate users. Most people aren’t prepared for that.”
— Chris Beam, [14:16]

“The average attack speed is under a minute now. It’s insane how fast things are moving after they get in the environment.”
— Chris Beam, [13:02]

“You have these powerhorses...working on new technology and they’re like, it doesn’t matter [about security]. I just need to get this running…”
— Chris Beam, [18:43]

Timestamps for Critical Segments

[02:40] OpenAI and Anthropic brief Congress
[04:27] GAO: Improper Treasury payment access
[05:30] Greece's social media identity proposal
[06:32] CISA orders emergency Windows patch
[07:00] Destructive ransomware: VECT 2.0
[07:58] State CISOs report falling confidence
[08:59] Neurodivergent inclusion gaps in cybersecurity
[10:00] Arrest of alleged Scattered Spider group member

Interview with Chris Beam:

[13:02] — The challenge of lateral movement and AI-driven attacker speed
[14:16] — Attackers using legitimate user credentials
[15:16] — Why zero trust is critical
[16:18] — Balancing usability and security
[17:52] — Over-privileged accounts and business pressures
[19:46] — How AI is affecting security on both sides
[21:16] — Regulatory trends and future of zero trust
[23:00] — Beyond compliance: achieving true segmentation

Closing Insight: AI and the Legal System

[25:39–26:59]

The episode wraps with an analysis of how AI is lowering the barrier for people to file lawsuits pro se (without an attorney), causing an influx of legal actions and requiring judges to process a wave of new, AI-assisted filings. While this can increase access to justice, it also strains court resources.

Summary

“A wake-up call on frontier AI” offers a nuanced, urgent overview of the accelerating risks and regulatory responses to advanced AI in cybersecurity. It highlights the necessity for organizations to rethink privilege, segmentation, and the adoption of zero trust—from compliance “checkboxes” to operational reality—amid attackers who move ever faster, often with AI-enhanced capabilities. The conversation with Chris Beam is especially valuable for its practical, candid insight into the real challenges of defending modern digital environments.

Loading summary

Transcript106 lines

[00:02]
Podcast Host/Announcer
You're listening to the Cyberwire Network powered by N2K.
[00:13]
Dave Bittner
No, it's not your imagination.
[00:15]
Co-Host or Cyberwire Reporter
Risk and regulation are ramping up and customers expect proof of security just to do business. That's where Vanta comes in.
[00:23]
Dave Bittner
Vanta automates your compliance process and brings compliance, risk and customer trust together along
[00:29]
Co-Host or Cyberwire Reporter
with on one AI powered platform. Whether you're preparing for a SoC2 or
[00:34]
Dave Bittner
managing an enterprise GRC program, Vanta helps
[00:38]
Co-Host or Cyberwire Reporter
keep you secure and your deals moving.
[00:41]
Dave Bittner
Companies like Ramp and RYTR report spending 82% less time on audits.
[00:46]
Co-Host or Cyberwire Reporter
That's not just faster compliance, that's more time to focus on growth. When I look around the industry, I see over 10,000 companies, from startups to big enterprises trusting Vanta get started at Vanta.com, cyber.
[01:22]
Dave Bittner
OpenAI and Anthropic brief Congress on cyber capable AI the GAO flags improper DOGE access to treasury payment systems, Greece moves to end online and CISA orders agencies to patch an exploited Windows Zero day. Researchers uncover ransomware that destroys data instead of encrypting it. State CISOS report falling confidence Neurodivergent cyber pros cite inclusion gaps police arrest a 19 year old alleged scattered spider member. Our guest is Chris Bain, Zero Network's Field Chief Technology Officer. On Minimizing your blast radius and AI lowers the bar and lengthens the line in the courtroom. It's Wednesday, april 29th, 2026.
[02:21]
Co-Host or Cyberwire Reporter
I'm dave bittner and this is your cyberwire intel briefing.
[02:39]
Dave Bittner
Thanks for joining us here today.
[02:40]
Co-Host or Cyberwire Reporter
It's great as always to have you with us. OpenAI and Anthropic delivered classified briefings to House Homeland Security Committee staff on cyber capable frontier AI models and risks to critical infrastructure sectors. According to Axios, the company's outlined security implications of new Systems and including Anthropic's unreleased Mythos preview model and OpenAI's tiered rollout of GPT 5.4. Cyber officials also discussed China's alleged industrial scale efforts to copy US models and risks from jailbroken systems that bypass safeguards. Lawmakers described demonstrations of misuse scenarios as alarming. Early congressional exposure to offensive cyber capabilities in AI models signals growing urgency around regulation, infrastructure protection and government access to defensive AI tools as adversary competition intensifies.
[03:44]
Dave Bittner
Meanwhile, the White House is considering executive action that could ease tensions with Anthropic
[03:50]
Co-Host or Cyberwire Reporter
and expand government access to its cyber capable Mythos model. Officials are consulting industry on guidance that could soften restrictions tied to a Pentagon supply chain risk designation. Agencies including the NSA are already using Mythos as legal disputes continue over anthropic limits on military applications. Resolving the dispute could shape federal access to advanced defensive AI tools as agencies weigh operational needs against restrictions on surveillance and autonomous weapons use,
[04:27]
Dave Bittner
a Government Accountability Office report finds.
[04:31]
Co-Host or Cyberwire Reporter
Treasury granted a DOGE employee improper access to sensitive federal payment systems, including data tied to tax refunds and benefits, according to Federal News Network and gao. The staffer could view, copy and print Bureau of Fiscal Service payment Data in early 2025 and was briefly able to modify or delete records before access was revoked. GAO also found the employee shared an unencrypted file containing USAID payment details. Without approval. Treasury's monitoring tools failed to stop the transmission, and required security procedures were not followed.
[05:13]
Dave Bittner
The findings highlight gaps in safeguards protecting
[05:17]
Co-Host or Cyberwire Reporter
large federal payment data sets and suggest broader oversight risks as DOGE seeks access across agencies with watchdogs warning current reporting may represent only preliminary findings.
[05:31]
Dave Bittner
Greece is advancing a proposal to require
[05:34]
Co-Host or Cyberwire Reporter
identity verification for social media users, aiming to reduce anonymous harassment, misinformation and coordinated
[05:42]
Dave Bittner
online abuse, digital Governance Minister Dimitri Papaseo told your Active. The plan is under review within the
[05:51]
Co-Host or Cyberwire Reporter
Prime Minister's Office ahead of the 2027 national elections. Officials say anonymity enables threats, hate speech and fake accounts promoting political figures. The proposal would not eliminate pseudonyms but but would require platforms to confirm each account corresponds to a real person. Implementation details remain unclear.
[06:14]
Dave Bittner
Mandatory identity verification could reshape platform accountability
[06:18]
Co-Host or Cyberwire Reporter
requirements and online speech enforcement while raising technical and legal questions about privacy, platform compliance and potential EU level coordination.
[06:30]
Dave Bittner
CISA has ordered federal agencies to patch
[06:33]
Co-Host or Cyberwire Reporter
a Windows vulnerability after evidence of active exploitation and zero day attacks. According to Akamai. The flaw stems from an incomplete fix
[06:43]
Dave Bittner
to a prior remote code execution issue
[06:45]
Co-Host or Cyberwire Reporter
and enables credential theft through auto parsed, shortcut or LNK files. CISA added the bug to its known exploited vulnerabilities catalog and set a May 12 remediation deadline, researchers warn.
[07:00]
Dave Bittner
The VECT 2.0 ransomware contains a flaw that permanently destroys large files instead of
[07:07]
Co-Host or Cyberwire Reporter
encrypting them for recovery after payment, according to Check Point. The malware mishandles encrypted nonces used during encryption by overwriting them during chunk processing. Only the final portion of affected files remains recoverable, while earlier sections cannot be decrypted even by attackers. The issue affects Windows, Linux and ESXI variants. VECT operators also promoted partnerships targeting victims of recent supply chain compromises linked to Team PCP activity. Organizations hit by VECT 2.0 may face irreversible data loss rather than recoverable ransomware encryption, increasing operational risk and reducing the value of ransom negotiations,
[07:59]
Dave Bittner
a new survey from the national association of Chief Information
[08:02]
Co-Host or Cyberwire Reporter
Officers and Deloitte finds.
[08:05]
Dave Bittner
State chief information security officers report sharply lower confidence in protecting public sector systems
[08:11]
Co-Host or Cyberwire Reporter
from cyber threats, according to the 2026 biennial study. Only 26% of state CISOs said they're highly confident in safeguarding information assets, down from 48% in 2022. Confidence in local governments and public universities dropped further. While 94% of CISOs now help shape generative AI security policies and 16% report budget cuts, nearly half identified cybersecurity effectiveness metrics as their top initiative.
[08:45]
Dave Bittner
Shared infrastructure across state and local agencies
[08:48]
Co-Host or Cyberwire Reporter
increases cascade risk from a single compromise, while AI enabled attack techniques are raising pressure for coordinated whole of state defenses,
[08:59]
Dave Bittner
an ISC2 workforce study finds neurodivergent cybersecurity professionals remain engaged in the field but report lower workplace support and higher fatigue than their peers, according to the ISC2 Cybersecurity Workforce Study.
[09:16]
Co-Host or Cyberwire Reporter
Of more than 16,000 respondents, 12% identified as neurodivergent, 67% reported job satisfaction slightly below non neurodivergent peers and only 64% said they feel valued at work. Respondents were less likely to hold management roles and more likely to report exhaustion from keeping pace with evolving threats and technologies.
[09:42]
Dave Bittner
Inclusion gaps and workload pressures may affect retention across an already constrained cyber workforce,
[09:49]
Co-Host or Cyberwire Reporter
while flexible work arrangements, recognition and clearer career pathways appear linked to stronger engagement and long term participation in the profession.
[10:01]
Dave Bittner
Authorities have arrested a 19 year old
[10:03]
Co-Host or Cyberwire Reporter
dual US and Estonian national accused of participating in scattered spider intrusions targeting major corporations for ransom, according to court records obtained by the Chicago Tribune. Peter Stokes, known online as Bouquet, was detained in Finland while attempting to board a flight to Japan. Prosecutors allege he helped infiltrate corporate networks through help desk, social engineering and credential resets, including a 2025 breach of a luxury retailer where attackers claimed to steal 100 gigabytes of data and demanded $8 million. Officials say he participated in multiple attacks dating back to age 16.
[10:47]
Dave Bittner
The case underscores the continued operational impact
[10:50]
Co-Host or Cyberwire Reporter
of loosely organized youth driven intrusion groups targeting enterprise authentication workflows.
[11:06]
Dave Bittner
Coming up after the break, my conversation with Chris Beam, Zero Network's field chief technology officer. We're discussing minimizing your blast radius and AI lowers the bar and lengthens the
[11:20]
Co-Host or Cyberwire Reporter
line in the courtroom. Stay with us. And now a word from our sponsor, the center for Cyber Health and Hazard Strategies, also known as chhs.
[11:42]
Dave Bittner
Looking for a graduate degree that will give you an edge on your professional career?
[11:46]
Co-Host or Cyberwire Reporter
Earn a Master of Science in Law
[11:48]
Dave Bittner
at University of Maryland Carey School of Law.
[11:52]
Co-Host or Cyberwire Reporter
This part time two year online graduate
[11:54]
Dave Bittner
degree program is designed for experienced professionals to understand laws and policies that impact your industry.
[12:01]
Co-Host or Cyberwire Reporter
Learn from CHHS faculty who are experts in their field. No GRE required. Learn how you can master the law
[12:10]
Dave Bittner
without a JD at Law Umarland Eduardo
[12:18]
Advertisement Voice
Study and play Come together on a Windows 11 PC and for a limited time college students get the best of both worlds. Get the Unreal college deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka Ms. CollegePC.
[12:54]
Dave Bittner
Chris Beam is Zero Network's field Chief Technology Officer. I recently caught up with him to
[13:00]
Co-Host or Cyberwire Reporter
learn how to minimize your blast radius
[13:03]
Chris Beam
when it comes to cybercriminals adjusting to how they're working on gain a foothold and then blasting out. It's being done slightly differently. This is not new like they've they've done living off the land. That's why the terminology is there. The fear is, is full control and then how long they're there. I can talk with multiple different industries and each one has its own fear. One is the business resilience, making sure we're still running. The other one is I have very sensitive information. I don't want that to be shared out. So there's different levels of scarcity, but it's all the same challenge. How do we prevent attackers from moving around? And that's really the fear. And how that's being elevated is there's multiple new technologies out there for hackers to leverage, including AI to move a lot faster. And even I think, I think it was crowdstrike. It was a couple weeks ago. They said the average attack speed is under a minute now. It's insane. It's insane how fast things are moving after they get in the environment.
[14:04]
Dave Bittner
Yeah, I know you've pointed out that some of these threat actors are blending
[14:08]
Co-Host or Cyberwire Reporter
their activities making them look more like legit behavior.
[14:12]
Dave Bittner
Can you dig into that for us a little bit?
[14:14]
Co-Host or Cyberwire Reporter
What's going on there?
[14:16]
Chris Beam
Yeah, the main shift there is a lot of people have the fear of zero day vulnerabilities or someone downloading a malicious payload and then gaining access. The real thing is that's happening that we're seeing is people are gaining access through your legitimate users. And this is. You can think. I can think of a few Public size news articles that have happened on big companies recently, it's not because they went in and they just hacked through a backdoor. They actually gain access using your credentials and then gaining access to your environment. And most people aren't prepared for that. Because what happens if I used Dave, your user account and you have access to everything in your environment, you're an administrator, then all of a sudden I have access to everything as a hacker. And that's where the fear happens and that's where the, the problem is really occurring right now, because the tools out there are pretty good to prevent. But what happens if it's not a prevention and it's legitimate? That's the real challenge.
[15:12]
Dave Bittner
So what are your recommendations then for
[15:14]
Co-Host or Cyberwire Reporter
folks to deal with this?
[15:16]
Chris Beam
The way it's being focused in the market today is leveraging the zero trust mindset. You know, least privilege access, reevaluating and making sure you're hitting the proper roadmap of understanding do you belong here and are you say you are who you say you are as someone that's looking into this market and they're not on that journey just yet. Consider yourself in the position, like I just mentioned, could someone who had access to your system administrative account, how far could they go and what did they do and how do you prevent that from happening? The conversations I hear typically shift in, oh, I have bubbles and I have security measures in place. Again, they're acting as if they are you. So the security measures just in place to get you to the, you know, the machine itself or is it across your whole entire environment and usually it's preventing and isolating that machine access initially, you know, going through your identity credentials, gain access appropriately and then you're like, okay, you're good to go. You can do what you need to do. We don't want to hurt business. But that's where attackers are taking advantage of that today.
[16:18]
Dave Bittner
How do you go about balancing the need to protect the organization against the desire to not slow down your users?
[16:26]
Chris Beam
I think there is a fine balance there. The challenge you run into is how do you make it frictionless while providing the most enforcement. Just like you mentioned. And our approach at Zero Networks is we took it as a let's harden in on those administrative actions, things that actually make a difference. But your normal standard users won't even notice what we're doing in the back end. So it feels frictionless as a business. The challenge it starts getting into is what about service accounts and over privileged accounts, There's AI accounts, there's other Things that are happening that you're like, well now we need to harden, learn that and that's the approach we're taking on how can we identify a service account, harden it to what it needs to do based on learning and don't hurt business. So we have to take a second day approach. Let's just say we know what that account's doing, we have an idea, we lock it down and then we learn naturally right afterwards, hey, you've made a change or developer or whoever, now they're trying to access this and we try to make that as fluid as possible to make the business move as fast as possible while staying secure. So there is a fine balance and that's why it's so hard in this space. Micro segmentation is not new technology. It's been around for 20 years or well, I think 20 years this year actually. So the fact that you're able to fully automate all the hard work of knowing what's going on in your environment, that's why we had to learn and provide an automated tool versus something that's, hey, here's a tool that you can do micro segmentation. And that's how it's been in this industry for the past 20 years.
[17:52]
Co-Host or Cyberwire Reporter
You mentioned a user being over privileged
[17:56]
Dave Bittner
and I hear about that pretty often.
[17:58]
Co-Host or Cyberwire Reporter
Where it seems like people just through the natural course of business, they build up privileges along the way, but those never get revoked. How do you make that automatic and
[18:09]
Dave Bittner
again not get in the way of them accessing the things they need to access.
[18:14]
Chris Beam
Yeah, I don't know of any industry that doesn't have a little bit of over privilege unless they have a very stickler of an identity security team. Team. What I mean by that is you're right, it's very common. That's why certain tools like identity security posture management has been spinning up. If you're familiar with that tool line, they're encouraging, hey, this is bad behavior. You should go toward this. It's kind of like the cloud posture management security solutions as well. This machine is too open to the web, so on and so forth. So the approach is now we can educate our users. Well, it doesn't matter because we might need this account the way it is. And the other problem is not everyone even knows what they need. When I was working at one of my former companies, if you look at my tenure I worked at Microsoft, it was not uncommon for a developer to say, I just need full God mode. And you challenge them back and you're like, wait, wait, wait, why do you Need God mode. Why do you need access to everything in this tenant? Well, it's just, it's easier. That's the answer. They had their own deadlines, they have their own commitments. So you have these power horses that make pretty good money that's working on new technology and they're like, it doesn't matter. I just need to get this running and working and I don't want to figure out all the controls in place. So they take it as a business operation. Speed versus hey, this is what you really need. And this is the limit of access. I think that's why it's such a problem and it's not going very, very easily because by default we almost encourage you to just have admin God mode vs you only need this unless your business practices that mindset.
[19:47]
Co-Host or Cyberwire Reporter
So how has AI affected the types of things that you all do?
[19:52]
Chris Beam
Yeah, it's been drastic. So AI hasn't influenced our product. We actually have taken more of a hands off AI approach. We want to know real facts. If we started doing AI in our business then we would have the fear of taking down businesses. So instead we've done, we know what's happened, we know what's communicating and we can provide hardening through your environment. That's the approach we have done at Zero Networks. AI is more of a guiding tool like searching logs. That's the approach we've taken here. Now, have we seen AI being used by our customers? That's a different conversation. For example, they don't know fully what's happening in their environment. They don't know what service accounts and privileged accounts are communicating with AI if it's an internal LLM for example, or the other approach is I don't know what is using AI and they want to have AI hardening for another instance. I'm not hitting on anybody, but let's just say Spotify is right on your machine. If you're familiar with Spotify, since that's a pretty public and common use application, it uses Gemini in the backend. Well, maybe I don't want to have any Gemini access into any of my assets. There's other tools that are leveraging AI and that's another concern. Like I don't even know what is being spread around. I'm just improving a tool because I want a business to keep running. So there's a different level approach that we're seeing AI used by customers and we can see the insights of this communication based on our tool for hardening purposes.
[21:16]
Co-Host or Cyberwire Reporter
Where do you suppose we're headed here?
[21:18]
Dave Bittner
As you look toward the future, what
[21:21]
Co-Host or Cyberwire Reporter
sorts of things do you imagine we'll have in place?
[21:24]
Chris Beam
To be clear, like on AI, on Zero Networks itself? Zero trust.
[21:29]
Dave Bittner
Yeah, I'd say more on Zero Networks and Zero Trust.
[21:32]
Co-Host or Cyberwire Reporter
Yeah.
[21:35]
Chris Beam
Right now it's been mostly around the fact that as a company I have had this pain and I'm solving this pain by going in this direction. That is how it's mostly been in the industry when it comes to why I might look at micro segmentation and then isolation. Now what's interesting is multiple regulations are now just now starting to enforce audit, visibility and control. Proving who you are, who you say you are in regulations. HIPAA has a new one coming out right now. They want more audit and visibility control. It's in the pending phase. We have new AI regulations coming out. They want to know accountability of what's actions and how it's being managed. We have law enforcements that are pushing toward that zero trust mindset versus it's a goal and a mission like hey, I as a CISO want to push my company into a zero trust. So I think as a future, not just for Zero Networks but as an industry, we're almost enforcing and pushing people. If you want to be PCI compliance with this in the new modern age, then you need to have more levels of enforcement, validation and control. And it's not just the regulators that are pushing this, it's actually even cyber insurance and other parts of the business because they're seeing too much risk here so they want to limit that risk. So I would say that's probably where things are going to be shifting in the next few years. AI is a big part of it as well.
[23:00]
Dave Bittner
And I suppose, I mean, is it fair to say that part of the journey that people take with folks like you who are in that business is to be not just doing your checkbox regulatory compliance, but really seeing it all
[23:15]
Co-Host or Cyberwire Reporter
the way through to its full potential.
[23:18]
Chris Beam
Yeah, yeah. Specifically with us, I would agree that's very true. There's always those checkbox companies that they're moving too fast or they can't keep up with the momentum of the market. I get that. But when I'm working with customers, it's a board level one year initiative. Like they're like we can hit fully segmentation within the year and that's huge. I can prove it. I have full control and visibility and I'm talking fortune, let's just say 2000 companies. These are big companies that are hitting these one year goal lines. That's something that most companies could have ever dreamed of in the past, they would had a multi year journey. They would have said, hey, we're working toward this. We're pushing through this dream of having least privileged access and control within our environment and while we're moving into cloud and we're learning and leveraging LLMs in our environment. So it's just, it's just a very different approach and that's where we're getting a lot of success, I should say within the market is because we can deliver in a very short period of time while actually delivering fully what we're saying we're trying to do.
[24:17]
Dave Bittner
That's Chris Beam, Zero Network's Field Chief Technology Officer.
[24:34]
Podcast Host/Announcer
When you need to build up your team to handle the growing chaos at work, use Indeed Sponsored Jobs. It gives your job post the boost it needs to be seen and helps reach people with the right skills, certifications and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit@ Indeed.com podcast. That's Indeed.com podcast. Terms and conditions apply. Need a hiring hero? This is a job for Indeed Sponsored
[25:02]
Advertisement Voice
Jobs it's time to refresh your yard during Spring Backyard Days at the Home Depot. Get low prices guaranteed on propane grills starting at $179 like the next grill 3 burner gas grill. Or get $50 off a select Weber Spirit Grill and bring big flavor to your backyard. Then set the scene with Hampton Bay String Lights that bring it all together. Shop Spring backyard days for seven days at the Home Depot, now through May 6. Exclusions apply. Seehomedepot.com Pricematch for details.
[25:39]
Co-Host or Cyberwire Reporter
And finally, Abraham Lincoln is often credited with the observation that he who represents himself in court has a fool for a client. In 2026, he might have added, and possibly a chatbot for co counsel, a new study finds. Self represented federal court filings have risen sharply since generative AI tools made it easier to draft complaints, motions and other legal paperwork, shifting both who shows up in court and how much work they bring with them, according to researchers Anand Shah and Joshua Levy.
[26:17]
Dave Bittner
Pro se filings held steady at about
[26:19]
Co-Host or Cyberwire Reporter
11% of civil cases until 2022, then climbed to 16.8% by 2025. The study reviewed 4.5 million cases and found these filings now include 158% more motions and docket activity. Researchers say plaintiffs, not defendants, are driving the increase, suggesting AI is helping people initiate complaints rather than respond to them.
[26:46]
Dave Bittner
Lower barriers to filing may expand access
[26:49]
Co-Host or Cyberwire Reporter
to justice but also risk slowing already strained courts as judges process more AI
[26:56]
Dave Bittner
assisted paperwork, some of it enthusiastic, some
[27:00]
Co-Host or Cyberwire Reporter
of it templated, and all of it still requiring human review.
[27:18]
Dave Bittner
And that's the Cyber Wire.
[27:20]
Co-Host or Cyberwire Reporter
For links to all of today's stories,
[27:21]
Dave Bittner
check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast.
[27:27]
Co-Host or Cyberwire Reporter
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
[27:34]
Dave Bittner
If you like our show, please share
[27:36]
Co-Host or Cyberwire Reporter
a rating and review in your favorite podcast app.
[27:39]
Dave Bittner
Please also fill out the survey in the show notes or send an email
[27:42]
Co-Host or Cyberwire Reporter
to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our contributing host is Maria Vermazes.
[27:55]
Dave Bittner
Our executive producer is Jennifer Ivan.
[27:58]
Co-Host or Cyberwire Reporter
Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[28:10]
Sam
Sam.