CyberWire Daily — "AI to the Rescue"

Date: September 24, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Jason Clark (Chief Strategy Officer, Ciera)

Episode Overview

In this episode, "AI to the Rescue", CyberWire Daily dives into the rapidly evolving landscape of artificial intelligence in cybersecurity. With explosive AI adoption across industries, traditional security frameworks are being outpaced by the rise of agentic AI—autonomous software agents capable of human-like decisions. The show features the latest breach updates, phishing innovations, and a sponsored expert interview with Jason Clark, who discusses the disruptive potential and security threats posed by agentic AI.

Key Discussion Points & Insights

Industry News Highlights (00:11–11:38)

Major Incidents & Vulnerabilities

Collins Aerospace Ransomware Arrest: UK authorities arrest a suspect tied to a ransomware attack that disrupted airport systems across Europe. No group has claimed responsibility yet.
AI in Fraud Prevention: The UK government claims new AI tools helped recover nearly £500 million in fraud, including COVID-19 relief scams. Plans to license the tech globally draw both praise and criticism regarding bias and civil liberties.
US Federal Agency Breach: CISA reports a 2024 breach via an unpatched GeoServer flaw; attackers deployed web shells and brute-forced passwords for weeks before being detected.
Super Micro Motherboard Flaws: Two persistent, high-severity vulnerabilities let threat actors implant firmware via BMCs—posing lasting risk, especially to AI data center infrastructure.
Boyd Gaming Data Breach: Hackers accessed sensitive employee information. Casino operations were uninterrupted, and the company activated insurance and expert response.
Evolving Phishing Campaigns: Barracuda and Videre Labs describe sophisticated phishing-as-a-service trends using OAuth abuse, cloud platforms, Telegram bots, and even GitHub notifications to steal credentials, cryptocurrency, and data.
Librezva Emergency Patch: Quick response to active exploitation of an email gateway vulnerability, with an update deployed in 17 hours.

Expert Segment: Securing Agentic AI

Guest: Jason Clark, Ciera
(15:24–27:37)

The Paradigm Shift of Agentic AI

AI as a 'Tsunami' of Disruption:
"AI is a tsunami where the others [internet, mobile, cloud] were waves... If our business...is going to be competitive in the world, we have no choice but to adopt AI. This is happening in every single boardroom."
— Jason Clark, 15:24–16:44
Why Traditional Security Fails:
Traditional architectures rely on "segmented systems, static rules, visibility limited by kind of a role or platform...And then all of a sudden...you are empowering the system to act as a human...you have unbounded behavior."
— Jason Clark, 16:58–18:51

The explosion in autonomous agents leads to:
- Unpredictable, intent-based action beyond rule-based control.
- Massive growth in digital identities and data.
- Problems with attribution ("Are the agents me or not me? Who's responsible?").
Real-World AI Replacing Human Roles:
Enterprises already deploy agentic AI in HR, legal, and support.
- HR chatbots handle complex queries (benefits, payroll).
- Legal AI drafts/reviews contracts and answers compliance questions.

Rising Threat: Shadow AI

"Shadow AI" mirrors shadow IT—business users rapidly adopt or build AI models and agents without central oversight:

"...businesses will find they've got hundreds of people building models and using agents...AI is a consumer of data at epic proportions and a creator of data at epic proportions. [It’s] the largest security risk I think security teams have ever seen..."
— Jason Clark, 21:11–22:41

The Future of Security Controls

Visibility First:
Security teams need "a holistic view of all of our data, all of the access, all of our users...therefore all of the models, all of the agents."
— Jason Clark, 22:53–24:09
Strategy vs. Tactics:
Security fundamentals don't change, but "the tactics change." It's about quickly building guardrails, focusing on risk, and segmenting sensitive data and access for AI agents.
- "Security strategy is not changed. It's the tactics that change."
  — Jason Clark, 24:29–26:14
AI-Native Security Posture:
Leaders will succeed by:
- Treating AI agents as powerful, quasi-human users.
- Converging data security and identity access management into unified visibility and control.
- Building AI-specific security teams and governance, making "AI-native" practices the new normal.
- "Everybody will be AI-native at some point in the future."
  — Jason Clark, 26:29–27:37

Notable Quotes & Memorable Moments

On the Pace and Unavoidability of AI Adoption:
“This is having every single boardroom. That didn’t happen with the Internet in the beginning, the cloud in the beginning, and mobile in the beginning.”
— Jason Clark, 16:44
On Security’s Existential Challenge:
“AI is a consumer of data at epic proportions and a creator of data at epic proportions...the largest security risk I think security teams have ever seen.”
— Jason Clark, 22:41
On the Evolution of Security Controls:
“You just start building controls in place and guardrails and safety mechanisms and some laws about speed limits. And then you build seat belts and brakes and, and airbags. And so that’s really what we need to do.”
— Jason Clark, 24:29

Research Spotlight: Robocars Fooled by Mirrors

(29:10–end)

French and German researchers managed to trick autonomous vehicles’ lidar systems using mirrors—a traffic cone could disappear or a car could brake for phantom objects.
Raises concerns that “$100 in hardware store mirrors could send your robo taxi into an existential crisis.”
Potential mitigations like thermal imaging offer only partial defense.

Episode Structure & Timestamps

00:11–11:38: Major Cybersecurity News
15:24–27:37: Interview on agentic AI security with Jason Clark
29:10–end: Research segment on robocars and mirror-based attacks

Useful Takeaways for Security and Business Leaders

Agentic AI is inevitable—businesses must prepare for massive scale and autonomy in enterprise IT.
Convergence is key: Security teams must unify data and access controls, monitoring both human and machine agent activity.
Visibility and governance: Full inventory and oversight of all AI models and agents (“shadow AI”) will be critical for risk management.
Build for agility: Rapidly deploy new controls, segment data, and adapt governance to balance risk and reward as AI reshapes business operations.

For more details and links to all stories, visit thecyberwire.com.

CyberWire Daily — "AI to the Rescue"

Date: September 24, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Jason Clark (Chief Strategy Officer, Ciera)

Episode Overview

Key Discussion Points & Insights

Industry News Highlights (00:11–11:38)

Major Incidents & Vulnerabilities

Collins Aerospace Ransomware Arrest: UK authorities arrest a suspect tied to a ransomware attack that disrupted airport systems across Europe. No group has claimed responsibility yet.
AI in Fraud Prevention: The UK government claims new AI tools helped recover nearly £500 million in fraud, including COVID-19 relief scams. Plans to license the tech globally draw both praise and criticism regarding bias and civil liberties.
US Federal Agency Breach: CISA reports a 2024 breach via an unpatched GeoServer flaw; attackers deployed web shells and brute-forced passwords for weeks before being detected.
Super Micro Motherboard Flaws: Two persistent, high-severity vulnerabilities let threat actors implant firmware via BMCs—posing lasting risk, especially to AI data center infrastructure.
Boyd Gaming Data Breach: Hackers accessed sensitive employee information. Casino operations were uninterrupted, and the company activated insurance and expert response.
Evolving Phishing Campaigns: Barracuda and Videre Labs describe sophisticated phishing-as-a-service trends using OAuth abuse, cloud platforms, Telegram bots, and even GitHub notifications to steal credentials, cryptocurrency, and data.
Librezva Emergency Patch: Quick response to active exploitation of an email gateway vulnerability, with an update deployed in 17 hours.

Expert Segment: Securing Agentic AI

Guest: Jason Clark, Ciera
(15:24–27:37)

The Paradigm Shift of Agentic AI

AI as a 'Tsunami' of Disruption:
"AI is a tsunami where the others [internet, mobile, cloud] were waves... If our business...is going to be competitive in the world, we have no choice but to adopt AI. This is happening in every single boardroom."
— Jason Clark, 15:24–16:44
Why Traditional Security Fails:
Traditional architectures rely on "segmented systems, static rules, visibility limited by kind of a role or platform...And then all of a sudden...you are empowering the system to act as a human...you have unbounded behavior."
— Jason Clark, 16:58–18:51

The explosion in autonomous agents leads to:
- Unpredictable, intent-based action beyond rule-based control.
- Massive growth in digital identities and data.
- Problems with attribution ("Are the agents me or not me? Who's responsible?").
Real-World AI Replacing Human Roles:
Enterprises already deploy agentic AI in HR, legal, and support.
- HR chatbots handle complex queries (benefits, payroll).
- Legal AI drafts/reviews contracts and answers compliance questions.

Rising Threat: Shadow AI

"Shadow AI" mirrors shadow IT—business users rapidly adopt or build AI models and agents without central oversight:

"...businesses will find they've got hundreds of people building models and using agents...AI is a consumer of data at epic proportions and a creator of data at epic proportions. [It’s] the largest security risk I think security teams have ever seen..."
— Jason Clark, 21:11–22:41

The Future of Security Controls

Visibility First:
Security teams need "a holistic view of all of our data, all of the access, all of our users...therefore all of the models, all of the agents."
— Jason Clark, 22:53–24:09
Strategy vs. Tactics:
Security fundamentals don't change, but "the tactics change." It's about quickly building guardrails, focusing on risk, and segmenting sensitive data and access for AI agents.
- "Security strategy is not changed. It's the tactics that change."
  — Jason Clark, 24:29–26:14
AI-Native Security Posture:
Leaders will succeed by:
- Treating AI agents as powerful, quasi-human users.
- Converging data security and identity access management into unified visibility and control.
- Building AI-specific security teams and governance, making "AI-native" practices the new normal.
- "Everybody will be AI-native at some point in the future."
  — Jason Clark, 26:29–27:37

Notable Quotes & Memorable Moments

On the Pace and Unavoidability of AI Adoption:
“This is having every single boardroom. That didn’t happen with the Internet in the beginning, the cloud in the beginning, and mobile in the beginning.”
— Jason Clark, 16:44
On Security’s Existential Challenge:
“AI is a consumer of data at epic proportions and a creator of data at epic proportions...the largest security risk I think security teams have ever seen.”
— Jason Clark, 22:41
On the Evolution of Security Controls:
“You just start building controls in place and guardrails and safety mechanisms and some laws about speed limits. And then you build seat belts and brakes and, and airbags. And so that’s really what we need to do.”
— Jason Clark, 24:29

Research Spotlight: Robocars Fooled by Mirrors

(29:10–end)

French and German researchers managed to trick autonomous vehicles’ lidar systems using mirrors—a traffic cone could disappear or a car could brake for phantom objects.
Raises concerns that “$100 in hardware store mirrors could send your robo taxi into an existential crisis.”
Potential mitigations like thermal imaging offer only partial defense.

Episode Structure & Timestamps

00:11–11:38: Major Cybersecurity News
15:24–27:37: Interview on agentic AI security with Jason Clark
29:10–end: Research segment on robocars and mirror-based attacks

Useful Takeaways for Security and Business Leaders

Agentic AI is inevitable—businesses must prepare for massive scale and autonomy in enterprise IT.
Convergence is key: Security teams must unify data and access controls, monitoring both human and machine agent activity.
Visibility and governance: Full inventory and oversight of all AI models and agents (“shadow AI”) will be critical for risk management.
Build for agility: Rapidly deploy new controls, segment data, and adapt governance to balance risk and reward as AI reshapes business operations.

For more details and links to all stories, visit thecyberwire.com.

wavePod

AI to the rescue.

Powered by Wave AI

Summary

CyberWire Daily — "AI to the Rescue"

Episode Overview

Key Discussion Points & Insights

Industry News Highlights (00:11–11:38)

Major Incidents & Vulnerabilities

Expert Segment: Securing Agentic AI

The Paradigm Shift of Agentic AI

Rising Threat: Shadow AI

The Future of Security Controls

Notable Quotes & Memorable Moments

Research Spotlight: Robocars Fooled by Mirrors

Episode Structure & Timestamps

Useful Takeaways for Security and Business Leaders

Summary

CyberWire Daily — "AI to the Rescue"

Episode Overview

Key Discussion Points & Insights

Industry News Highlights (00:11–11:38)

Major Incidents & Vulnerabilities

Expert Segment: Securing Agentic AI

The Paradigm Shift of Agentic AI

Rising Threat: Shadow AI

The Future of Security Controls

Notable Quotes & Memorable Moments

Research Spotlight: Robocars Fooled by Mirrors

Episode Structure & Timestamps

Useful Takeaways for Security and Business Leaders