The WhatsApp impostor. - CyberWire Daily

Summary7 min read

CyberWire Daily – April 2, 2026

Episode Title: The WhatsApp Impostor
Host: Dave Bittner (N2K Networks)
Featured Guest: Sumed Thakar (President & CEO, Qualys)
Main Theme: Cybersecurity’s Evolving Focus—Managing True Business Risk Amid Dynamic Threats

Episode Overview

On this episode, CyberWire delivers a roundup of the day’s significant cybersecurity news, with leading stories on high-profile cyber threats, state department disinformation efforts, notable vulnerabilities, and evolving attack methods. The featured interview, with Qualys CEO Sumed Thakar, dives deep into how cybersecurity is shifting from traditional prevention and detection toward actively managing tangible business risks—with a special focus on the operationalization of risk, the rise of agentic AI, and the real concerns CISOs face today.

Key News Highlights & Analysis

1. WhatsApp Impostor App Spreads Spyware

[00:02–02:00]

WhatsApp revealed that about 200 users, mainly in Italy, were targeted by a fake iPhone version of the messaging app distributing spyware.
The attack was traced to Italian spyware vendor Sio. WhatsApp responded by logging out impacted users and advising deletion and reinstallation of the official app.
Discussion: Government surveillance exploits fake mobile clients; persistent risk for targeted regions; legal action planned by WhatsApp.

2. US State Department Steps Up Global Influence Countermeasures

[02:00–03:20]

Orders to embassies to push back against foreign information campaigns, prompted by adversary narratives from Russia, China, and Iran.
Revived broadcasts of Voice of America and other US-backed media to counter disinformation.
Coordination urged with Pentagon info operations; weakened counter-disinfo infrastructure cited as vulnerability.

3. Critical Cisco Vulnerabilities Patched

[03:20–04:15]

Cisco released fixes for 2 critical and 6 high-severity flaws in its enterprise network/management products (notably Smart Software Manager and programmable network manager).
Risks include root-level command execution and unauthorized admin password changes.
No evidence of active exploitation yet.

4. Emergence of Crystal Rat Malware-as-a-Service

[04:15–05:00]

Promoted via Telegram, this Go-based malware offers remote access, data theft, and surveillance, including keylogging and crypto wallet hijack.
Subscription model lowers entry barriers for attackers, expanding availability of surveillance-grade tools.
Features anti-analysis and encrypted C2 comms.

5. Texas Hospital Breach Impacts 250,000+ Individuals

[05:00–06:00]

Nacogdoches Memorial Hospital confirmed a January breach exposing personal and health info (SSNs, records, contacts).
Potential for long-term fraud and identity risk; no misuses reported yet.

6. HHS Reverses Technology Authority Changes

[06:00–07:00]

Cybersecurity and enterprise IT oversight shift back to HHS CIO, away from ONC.
Centralized oversight expected to improve internal cybersecurity posture, though experts note impact on broader sector remains uncertain.

7. China-linked Espionage Campaign Targets Europe

[07:00–08:00]

TA416/Mustang Panda renewed campaigns against EU, NATO diplomatic orgs; resurgence tied to geopolitical tensions.
Techniques include credential harvesting and PlugX backdoor delivery.

8. Evil Tokens: Phishing Toolkit Targets Microsoft Accounts

[08:00–09:00]

Sold on Telegram, kit uses device code phishing to hijack accounts, bypassing traditional defenses.
Affects business email, files, and single sign-on—reported in the US and France.

9. Ransomware Hits North Dakota Water Plant

[09:00–10:00]

Brief manual operation after attack; no reported ransom demand or disruption of water safety.
FBI investigation underway; water utilities remain high-profile targets.

Featured Interview: Sumed Thakar (Qualys) on the Shift to Business Risk Management in Cybersecurity

[13:56–26:28]

Introduction & Context

Host Dave Bittner catches up with Sumed Thakar at RSAC 2026 to discuss how cybersecurity priorities are changing, how organizations are responding, and the growing focus on managing real, measurable business risk.

Major Discussion Points & Insights

The Constant Pace of Change in Cybersecurity

"All we have seen in the last many years is just a continuous change in the industry. The rate of change has just accelerated in the last few years." —Sumed Thakar [15:17]
Each tech shift (virtualization, cloud, now AI) introduces new risks; cybersecurity’s core is risk management, not tracking every “hot” tech.

Risk Management Over Dashboard Tourism

"Cybersecurity is essentially a risk management exercise for a company to not have financial loss from a cyber attack."
Key Point: True value is not number of detections or dashboards, but reduction in real risk of loss. The "risk operations center" (ROC) is likened to the transformation from reactive security to proactive risk reduction. [16:00]

“The most important dollar you can spend in cyber is actually getting things fixed. Otherwise, you’re just doing dashboard tourism… and we’re not getting anything fixed.” —Sumed Thakar [16:55]

The CISO’s Real Pain Points

CISOs’ top priorities are often different from their pain points:
- Priorities: evaluating new tech, compliance, detection.
- Pain points: Justifying budgets, demonstrating value to the board, overcoming detection/remediation fatigue.
“The pain point is going to my CFO and asking for more budget. And the CFO asks, well, so what do I get in return?” —Sumed Thakar [18:57]
- Difficulty translating cyber actions (patches, alerts) into meaningful business outcomes.

Alert Fatigue, Detection Fatigue, and the Need for Prioritization

There are more alerts than teams can remediate; not everything can be fixed.
The future: prioritize efforts that yield maximum reduction in risk, rather than chasing every vulnerability.

"You don’t have enough budget to fix everything that is detected, which means prioritization is not an option… what causes the most risk of loss?" —Sumed Thakar [17:35]

Agentic AI: Augmenting Security Teams

Agentic AI is a potential game-changer, addressing both talent shortages and operational fatigue.

“We have Agent Sarah, who is a Patch Tuesday agent… Now I’m augmenting my team with six AI agents… my team now is spending less of their time doing these kind of tasks, and they are leveraging Agent Sarah.” —Sumed Thakar [21:40]
Attacker adoption of AI is parallel; defenders must automate and scale with AI, but often lack budget/resources to hire AI devs.
Vendor solutions will play a central role, allowing organizations to scale up agentic AI without building internal teams from scratch.

Guardrails, Adoption & Trust in AI

Thakar acknowledges valid concerns about AI guardrails but sees them as part of cyclic tech adoption (cf. early cloud skepticism).
- Questions about data location, training, guardrails, and jailbreaking are important—but will not halt AI’s progress.
“Even within the last few months, the conversation has shifted from, ‘oh my God, I’m concerned my users…are using AI’… now you’re saying, ‘well, I’m concerned about the employees that are not using AI.’” —Sumed Thakar [24:42 & 25:57]
- Developers and vendors must ensure comprehensive safeguards and maintain customer comfort as adoption accelerates.

Notable Quotes & Memorable Moments

On dashboard fatigue:

“Otherwise you’re just doing dashboard tourism by building more dashboards. And we’re not getting anything fixed.” —Sumed Thakar [16:55]
On CISOs’ biggest reporting challenge:

“The pain point is going to my CFO and asking for more budget…should I give it to you and you are saying you cannot even tell me if you’re going to reduce the risk by five times, one time, three times.” —Sumed Thakar [18:57]
On agentic AI augmentation:

“I’m augmenting [my team] with six AI agents…they are leveraging Agent Sarah to do a lot of the tasks that needed to be done.” —Sumed Thakar [21:40]
On the shifting corporate AI discussion:

“Now you are saying, well, I’m concerned the employees that are not using AI. So it’s like, can I get a report of everybody who’s not using AI now?” —Sumed Thakar [24:42; 25:57]

Final (Lighthearted) Segment: Jonathan the Tortoise’s “Demise” Debunked

[27:00+ (approx.)]

Viral fake reports claiming the death of Jonathan, the world’s oldest known land animal, were traced to a fraudulent social media post soliciting cryptocurrency.
Jonathan is alive and well; lesson: always verify sources before reacting online.

Timestamps for Key Segments

Fake WhatsApp Surveillance App – [00:02–02:00]
State Department Disinformation Push – [02:00–03:20]
Cisco Critical Vulnerabilities – [03:20–04:15]
Crystal Rat Malware-as-a-Service – [04:15–05:00]
Nacogdoches Memorial Hospital Breach – [05:00–06:00]
HHS Technology Oversight Shift – [06:00–07:00]
China-linked Espionage in EU – [07:00–08:00]
Evil Tokens Phishing Kit – [08:00–09:00]
ND Water Plant Ransomware – [09:00–10:00]
Interview Intro (Thakar, Qualys) – [13:56]
Thakar on Risk Management Shift – [15:17–18:43]
CISO Pain Points & Remediation Challenges – [18:43–21:29]
Agentic AI in Security Operations – [21:29–24:42]
AI Guardrails & Shifting Adoption Fears – [24:42–26:22]
Jonathan the Tortoise Fake News – [27:00+]

Summary Takeaway

CyberWire’s April 2, 2026 episode emphasizes the need for the cybersecurity industry to refocus from chasing trends and individual “hot” threats toward real, measurable management of business risk. The episode’s news review shows attackers continually innovating, but the interview with Sumed Thakar shows how, by prioritizing what matters, operationalizing risk, and adopting new approaches like agentic AI, defenders can move from reactive fatigue to proactive value—if they can communicate that value to business stakeholders and boards.

Loading summary

Transcript25 lines

[00:02]
A
You're listening to the CyberWire network, powered by N2K. And now a word from our sponsor, arcova. Formerly Morgan Franklin Cyber, arcova is a global cybersecurity and AI consulting firm built by practitioners who've been in the seat. They work directly with enterprise teams to solve complex security challenges, building secure by design programs that hold up as technology and threats evolve. From focused engagements to long term partnership, arcova delivers outcomes that endure because no one should navigate complexity alone. Learn why leading Global Enterprises Trust arcova@www.arcova.com that's a R C O V A.com. A fake WhatsApp spreads spyware the State Department pushes embassies to counter influence ops Cisco patches critical bugs Crystal rat hits telegram A Texas hospital breach affects a quarter million HHS reshuffles IT oversight Chinalink spies target Europe Evil tokens hijack Microsoft accounts Ransomware hits a North Dakota water plant Our guest is Sumed Thakur, President and CEO of Qualys, discussing how cybersecurity is shifting toward managing real business risk and tales of a tortoise's termination have been greatly exaggerated. Thursday, April 2, 2026 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. WhatsApp says roughly 200 users, mostly in Italy, were targeted with spyware through a fake iPhone version of its messaging app. According to a statement shared with TechCrunch. The company linked the malicious unofficial client to Italian spyware maker Sio and logged affected users out after detection. WhatsApp urged users to delete the app and reinstall the official version, spokesperson Margarita Franklin said. User roles remain unclear. Fake mobile clients remain an effective delivery method for government surveillance spyware and signal continued targeting activity in Italy. WhatsApp also said it plans legal action to halt the alleged campaign and protect affected users in the region. The State Department has ordered US Embassies worldwide to counter foreign influence campaigns and, as officials warn, anti American narratives are gaining ground internationally, according to current and former officials cited by the New York Times. The directive followed concerns about messaging from adversaries including Russia, China and Iran, especially after US Military actions involving Venezuela and Iran. The administration is also restoring limited broadcasts from Voice of America, Radio Free Asia and Radio Free Europe Radio Liberty after earlier shutdowns tied to legal and political disputes over alleged censorship claims weakened counter disinformation infrastructure can create openings for adversaries to shape global perceptions of US Policy and alliances, officials say. Diplomats are now being encouraged to coordinate with Pentagon information operations and challenge false claims online. As part of renewed messaging efforts, Cisco has released patches for two critical and six high severity vulnerabilities affecting enterprise networking and management products. The most serious issues include a vulnerability in Smart Software Manager on prem, which allows root level command execution through an exposed internal device, and another vulnerability which enables attackers to change administrator passwords via crafted requests. Additional flaws affect evolved Programmable Network Manager and Integrated management controller deployments across multiple server platforms. Successful exploitation could allow attackers to gain administrative control or access sensitive data across widely deployed infrastructure. Cisco says it has no evidence of active exploitation. Researchers report a new malware as a service platform called Crystal Rat, which is being promoted on Telegram with tools for remote access, data theft and device surveillance. According to Kaspersky, the malware appeared in January with tiered subscriptions and marketing on Telegram and YouTube. Crystal Rat shares similarities with Webrat, including Go based code and panel design. Its features include command execution, file transfers, browser data theft, key logging, microphone and video capture, and clipboard hijacking of cryptocurrency wallet addresses. The platform also supports anti analysis protections and encrypted communications with command and control infrastructure. Subscription based malware lowers barriers for entry level threat actors and expands access to surveillance grade tooling. Researchers say prank style disruption features may also distract victims while data theft occurs. Nacogdoche's Memorial Hospital says a January network breach exposed personal and health information belonging to more than a quarter million individuals. The Texas hospital reported that attackers accessed Internal Systems on January 31 and may have obtained sensitive data, including Social Security numbers, medical record numbers and contact information. Officials say there's no evidence of misuse so far. The organization secured its network and notified law enforcement but did not identify a responsible threat actor. Healthcare breaches expose high value identity and medical data that can enable fraud and long term identity risks for victims. The Department of Health and Human Services is restructuring its technology leadership, shifting cybersecurity and enterprise IT authority back to its Office of the Chief Information Officer. HHS reversed a 2024 change that expanded the Office of the National Coordinator for Health Information Technology, or onc, into a department wide technology policy role under the name Assistant Secretary for technology policy, ONC. The agency restored ONC's narrower focus on health IT standards and interoperability while returning cybersecurity, AI, cloud and data operations oversight to the CIO office. Officials said the move reinforces statutory enterprise IT responsibilities across the department. Centralized oversight could strengthen internal cybersecurity coordination and governance across HHS systems, though experts say the change is unlikely to immediately affect broader healthcare sector's cybersecurity risks, researchers report. A China linked cyber espionage group has resumed targeting European diplomatic and government organizations after shifting focus elsewhere in recent years, according to Proofpoint. The group, known as TA416, also tracked as Twil, Typhoon and Mustang Panda, began renewed activity in mid-2025 targeting individuals and mailboxes tied to NATO and European Union delegations. The campaign coincided with rising eu, China tensions over trade, rare earth exports and the Russia Ukraine war. Researchers also observed new targeting of Middle Eastern diplomatic entities following the start of the Iran conflict, shifting geographic targeting by state aligned actors, signals evolving intelligence priorities and continued credential harvesting and malware delivery risks for diplomatic networks. Researchers observed repeated use of PlugX backdoor delivery techniques. Researchers at Sequoia report a phishing as a service kit called Evil Tokens, which is enabling attackers to hijack Microsoft accounts using device code phishing techniques. The toolkit is sold via Telegram and targets employees with lures disguised as financial documents, meeting requests or shared files from services like DocuSign or SharePoint. Victims are redirected to legitimate Microsoft device login pages after entering attacker supplied verification codes, allowing threat actors to obtain access and refresh tokens. These tokens enable persistent access to email files, teams data and single sign on across Microsoft services. Device code Phishing bypasses traditional credential theft defenses and supports automated business email compromise activity at scale across multiple countries, including the United States and France, officials in Manoeu, N.D. say a ransomware attack struck a city water treatment plant but did not disrupt water safety or system operations, according to city officials. The intrusion was discovered March 14 and affected a server that was quickly disconnected. Staff operated systems manually for about 16 hours while monitoring pressure and safety conditions, officials said. Attackers left only a message on a screen with no ransom demand or direct contact reported. The FBI is reviewing the message as part of an investigation. Water utilities remain frequent cyberattack targets, with recent campaigns linked to criminal groups and nation state actors highlighting ongoing risks to critical infrastructure resilience. Coming up after the break, my conversation with Sumed Thakur from Qualys. We're discussing how cybersecurity is shifting toward managing real business risk, and tales of a tortoise's termination have been greatly exaggerated. Stay with us. Foreign maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation as attackers use AI to make their tactics more sophisticated. Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel Outpacing what's next in Social engineering? Learn more@doppel.com that's D O P E L dot com. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. Sumed Thakur is President and CEO of Qualys. I caught up with him at the RSAC 2026 conference for this sponsored Industry Voices conversation about how cybersecurity is shifting toward managing real business risk.
[13:57]
B
Even within the last few months the conversation has shifted from oh my God, I'm concerned my users, my employees are using AI. I want to find out who's using these AI tools in six months. Now you are saying, well I'm concerned the employees that are not using AI. So it's like, can I get a report of everybody who's not using AI now? Right? And so I think that's very valid. Those are valid questions. And just like with any technology, the security aspect, the cyber aspect, the privacy aspect need to be looked at. And I think the developers of these technologies and the vendors have to put those guardrails answer the questions. And they do have to make sure that they put, you know, that level of comfort with the customers.
[14:41]
A
Well, welcome. We are here at RSAC 2026 and it is my pleasure to welcome Sumed Thakar, who is President and CEO of Qualys. Welcome.
[14:51]
B
Thank you for having me.
[14:53]
A
I want to start off just sort of getting a level setting reality check from you. We're seeing a lot of change in the industry. I don't have to tell you what the hot topic is this year. Everybody knows what it is. But how as an organization do you Adjust to those changes with the products that you're presenting, how they evolve, and how you make sure that you're responding to what customers are asking for.
[15:18]
B
Yeah, that's a great question. And not to age myself, but I've been at Qualys for 23 years and I started 23 years ago working on vulnerability management. And so all we have seen in the last many years is just a continuous change in the industry. And I think the rate of change has just accelerated in the last few years. But you know, having done this for a long time, when I take a step back, I feel like there's always going to be some new hot thing that people are going to run after. But if you take a step back and you look at what is cybersecurity. Cybersecurity is essentially a risk management exercise for a company to not have financial loss from a cyber attack. And I think what happens is that many times we don't articulate what is at risk. And the point is that if you don't know how much loss you could have, how could you figure out how much you should spend on reducing that loss? So technology will change, new technology will come. Virtualization was pretty hot 10 years ago. Then five years ago, cloud became a hot thing. And now AI security is going to be hard and two years from now Quantum will be hot. But the question to ask is how does this new technology bring additional risks to my business and how much loss could I have and how much should I spend on that is really the key point. And that's where we have seen the evolution. It's less about the individual hot technology coming out and is more about creating a framework and a platform that is allowing our customers to do overall risk management and operationalizing that risk with the concept of a risk operation center. A rock. Just the way we have done for a SoC, which is a post breach. How do we proactively create, help our customers create a risk operations center that actually gets things fixed? The most important dollar you can spend in cyber is actually getting things fixed. Otherwise you're just doing dashboard tourism by building more dashboards. And we're not getting anything fixed.
[17:16]
A
Right, Right. Well, I mean, it strikes me that that's really part of the relationship aspect that you as a trusted partner to help your customers, your clients understand what their risk exposure is. Is that a fair way to describe it?
[17:35]
B
I think ultimately if you say that cybersecurity is a risk management exercise, then the real metric is not how many findings you had and how many findings you fixed. Is how much risk of loss did you reduce by spending that money in cyber? And so as we have been talking to customers, we're hearing more and more of that is like, there is a detection fatigue where too many detections are coming out, not enough remediation. And the report we put out about the broken physics of remediation is you have the detection fatigue. Not enough things are being fixed, not enough things are being fast enough. And the attackers are leveraging newer technologies to just attack you faster. And so you kind of are under this pile. And so when we start to look at it, which means by definition, you don't have enough budget to fix everything that is detected, which means prioritization is not an option. And now when you start to talk about prioritization really comes down to what is the most important thing that you should look at? Well, the most important thing is what causes the most risk of loss. So really listening to our customers is all about, I don't have enough resources, tell me, what is the thing I should fix that is going to reduce the maximum loss?
[18:43]
A
When you're talking to your customers and your partners, when you're walking the show floor here at the RSA conference, what are you hearing in terms of the pain points from the CISOs out there, the decision makers? What are they telling you?
[18:57]
B
It's interesting because if you, and you know, in the industry, there's a lot of like, well, all these studies come out in what are the CISO priorities? But then the CISO priorities are not necessarily the CISO pain point. So that's interesting because the priority will be, I need to look at AI security, I need to look at cloud security, I need to look at. But they're always looking for something new that they have to look at because some new IT technology has come around. But if you ask a CISO what is your personal pain point in your job, they say, okay, I have to pick a cloud technology. I'm going to have my team look at three vendors, they're going to do an analysis and they'll pick something and then we'll negotiate the price. That's not necessarily a pain point. That's a priority. That's not a pain point. Pain point. The pain point is going to my CFO and asking for more budget. And the CFO asks, well, so what do I get in return? Because the AI team is asking for that money, Should I give it to the AI team who's saying that we will increase the top line by 3%, or should I give it to you and you are saying you cannot even tell me if you're going to reduce the risk by five times, one time, three times. So their challenge is how do I report to the board? They go to the board, they cannot explain the value of what they're doing. They're talking about alerts and detection. How many detections? That doesn't mean anything to the board. Even if you tell the board that we fixed, we applied 75,000 patches, what does that mean to the business?
[20:23]
A
Once again this year we spent all this money and good news, nothing happened.
[20:27]
B
Right. But that's not necessarily the way to look at it.
[20:30]
A
Right.
[20:31]
B
So that's their pain point. When you Talk about the CISO's job is one part is like I want to make sure that I am putting the right solutions for the company. But the teams are taking care of that. That's your priority. But then they personally, they're really just trying to figure out how do I balance this detection fatigue with not enough remediation and articulating the value and really becoming a business partner. Otherwise the CISO ends up becoming the person that's always saying no and not giving good explanation why it's a no. Right. So how do they evolve from that to be a business friendly ciso? How can you go and say, look, we're gonna operationalize our risk management with that we are reducing the number of things we are fixing and by that I'm giving four hours back to the IT team every week, which amounts to $10 million being given back by not fixing things that don't matter. Right. Those are the conversations that really what they would like to have. They get personally excited about that, of course, picking a new technology, they are gonna pass that off to their team.
[21:29]
A
Well, we're here at RSAC 2026 and of course the hot topic is agentic AI. What are your insights? Where do you think we are and where do you think we're headed?
[21:41]
B
I think it's very exciting the opportunities that agentic AI is bringing because if you look at every report in the history of cybersecurity, last 10 years has always talked about a lack of talent or lack of trained resources in cybersecurity. And so we are already coming in where we had a big gap of the number of people that were available in cyber that were trained to actually achieve the goals that the businesses were looking for. And so agentic AI has brought out the ability to leverage this new technology and simplify and significantly reduce the number of resources that were required to achieve those goals. Right. A Lot of time. And this alert fatigue and detection fatigue has been there because it's not that the volume was the problem is the amount of stuff that was wasted in that volume makes people fatigue. Right? Like, it's like, okay, I spent three days triaging all this, and I found nothing that's more fatiguing than, hey, we were actually able to do a lot of this stuff. And so I think the ability to have agentic AI, and this is something that we have done a little bit differently, where we talk about kind of having agentic AI named Cyber Risk Agent on the platform, where, like, there are six agents available. Each agent has a name and a Persona, and they have a skill set in cyber. So today, talk to any ciso. Patch Tuesday is still there. People have to take care of Patch Tuesdays. We have Agent Sarah, who is a Patch Tuesday agent. So the way the CISOs look at that is I have a team of 10, and now I'm augmenting them with six AI agents so that my team now is spending less of their time doing these kind of tasks, and they are leveraging Agent Sarah to do a lot of the tasks that needed to be done. And so in that sense, it's actually, we're able to get better outcomes quicker with agentic AI. And so I think that this is going to be a real game changer for us to stay ahead of the attackers. Now, attackers are not sitting back. They're also using AI, and they're also automating and using agentic AI for the attack. So it's almost like we don't really have a choice at this point but to also leverage AgentIC AI to be able to work with the. With the attackers and empower the defenders. The reality, though, is that it's easy to say how many CISOs are getting the budget to build out their own AI team. And even if they get the budget are the resources available in AI. And I think that is where the vendor community here is very important, that the vendors are partnering with the CISOs to provide them this agentic capability as part of the platform so that the adoption of agentic AI does not need these CISOs, all of them, to start to build out their own teams. They can actually leverage the capabilities that are out there to achieve those goals quicker and faster.
[24:30]
A
Are you sympathetic to the folks who are expressing concerns that, you know, how are we going to put proper guardrails on this? How do we make sure it doesn't spin out of control and take the company with it?
[24:43]
B
Yeah, I think those are fair questions to ask. Right? Like with any technology, I mean, if you look at how much resistance we had for the cloud, the big people were like, oh, no, never. I'm never going to put my data out in somebody else's data center. What are the guardrails? What if this happens? What if that happens? And then a few years later, once those questions were answered and people started to feel comfortable, now cloud has become fashion statement. Right? It's not an optional thing anymore. Everybody has to be in the cloud. And so I think, like with any technology, any new technology, I think the concerns are valid, the questions are valid, and getting insights into where is the data coming from, where is my data going, how is it training, how accurate are the answers? Putting guardrails, making sure that there is no jailbreak, there's no exploitation of that. I think those are all important questions, but I don't think that any of those questions are going to really stop the progress of AI. I think there will be regulations, there will be some guidelines, et cetera. But even within the last few months, the conversation has shifted from, oh, my God, I'm concerned my users, my employees are using AI. I want to find out who's using these AI tools in six months. Now you are saying, well, I'm concerned the employees that are not using AI.
[25:56]
A
Right, right.
[25:58]
B
So it's like, can I get a report of everybody who's not using AI now?
[26:01]
A
Right.
[26:02]
B
And so I think that's very valid. Those are valid questions. And just like with any technology, the security aspect, the cyber aspect, the privacy aspect need to be looked at. And I think the developers of these technologies and the vendors have to put those guardrails, answer the questions. And they do have to make sure that they put that level of comfort with the customers.
[26:23]
A
Samed Thacker is president and CEO of Qualys. Thank you so much for joining us. It's a real pleasure.
[26:29]
B
Thank you very much. Great conversation. I appreciate that.
[26:36]
A
There's a lot more to this conversation than we have time to share here, so please check out the full unedited interview. You can find a link to that in our show. Notes. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source and regain control over their environments. Schedule your demo@threatlocker.com n2k today foreign. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps and without compromising performance time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. And Finally Yesterday, for a brief and sorrowful moment, I believed Jonathan the giant tortoise, aged 194 and still fond of bananas, had passed away. Multiple outlets reported his death after an X account posing as his longtime veterinarian claimed the world's oldest known land animal had died. According to reporting later confirmed by the Guardian, the real veterinarian does not use X and the impersonator was soliciting, wait for it, cryptocurrency donations. Officials on The island of St. Helena verified Jonathan was in fact asleep under a tree and very much alive. The governor reports Jonathan is still grazing, still fond of bananas, and still ignoring global drama with admirable discipline. If there's a lesson here, it may be to verify sources and then take a nap. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.