Summary6 min read

CyberWire Daily – “Think before you deploy the agent.”

Date: May 1, 2026
Host: Dave Bittner (N2K Networks)
Guest: Andrew Carr, Global Head of Threat Management at Booz Allen

Episode Overview

This episode provides a timely intel briefing on the latest cybersecurity news, highlighting new threats, regulations, and technology shifts. The central feature is an in-depth interview with Andrew Carr of Booz Allen Hamilton, focusing on the accelerating impact of AI in both cyber attacks and defense. The discussion covers risks, operational realities, and the evolving role of human defenders amid increasing automation.

News Highlights and Key Discussion Points

1. Agentic AI Guidance from Five Eyes Agencies

[02:00–04:40]

Topic: Multinational guidance on the cautious adoption of agentic AI in critical infrastructure and defense.
Risks Identified:
- Autonomy introduces new risks such as prompt injection, excessive privileges, identity spoofing, rogue agents, cascading failures, opaque decision-making, and data exposure.
Recommendations:
- Limit agentic AI to low-risk/non-sensitive tasks.
- Enforce least privilege, strong identity management, sandboxing, phased deployment, and red teaming.
- Prioritize resilience and containment over pure efficiency.
Memorable Statement:

“The central message: prioritize resilience and containment over efficiency gains.” — Dave Bittner [03:50]

2. Healthcare Data Leak

[04:45–05:40]

Incident: Social Security numbers of healthcare providers leaked from a CMS database.
Response: Safeguards being strengthened after several weeks of exposure.
Broader Issue: Accuracy concerns and criticism over ongoing modernization efforts.

3. Open Source Supply Chain Attack ("Minishai Hulud" Worm)

[05:41–06:55]

Details:
- Stealthy worm has poisoned popular open-source packages (e.g., PyTorch, npm Intercom client), stealing SSH keys and credentials.
- The attack spans multiple ecosystems (PyPI, Packagist, RubyGems, Go modules).
Impact: Weakening trust in public registries; urgent need for tighter dependency control and runtime monitoring.

4. OT Firms Left Out of AI Vulnerability Discovery Initiatives

[06:56–07:56]

Issue: Cybersecurity firms working with operational technology have been excluded from early-access AI vulnerability scanning projects (Anthropic, OpenAI).
Concerns:
- OT systems have unique security needs.
- Exclusion may undermine broader critical infrastructure defenses.

5. FBI Warns of Increase in Cyber-Enabled Cargo Theft

[07:57–08:36]

Methods: Phishing, broker account compromises, load board manipulation.
Financial Impact: Over $700 million in losses in 2025, up 60% year/year.

6. Election Interference & Security Concerns

[08:37–09:30]

Intelligence: Russian, Chinese, and Iranian threats remain; ongoing coordination among U.S. defense and cybersecurity agencies.
Resource Concerns: Proposed elimination of CISA’s election security program raises alarms.

7. Deep Door: Covert Python Backdoor Malware

[09:31–10:25]

Discovery: Enables persistent access, disables Microsoft protections, and can overwrite the master boot record for destructive capability.

8. Ubuntu DDoS Attack

[10:26–11:18]

Incident: Pro-Iranian hacktivists attacked Canonical’s web infrastructure, taking down Ubuntu’s main website and issuing an extortion threat.

9. Ransomware Sentencing of Cybersecurity Insiders

[11:19–12:16]

Case: Cyber pros sentenced for deploying ALFV/BlackCat ransomware, betraying their roles as defenders.

Featured Interview: Andrew Carr (Booz Allen)

Topic: How AI is Accelerating Cyber Attacks and Shaping Cyberdefense
[13:22–25:56]

Reconnaissance and Attack Acceleration with AI

AI-Enhanced Recon: Attackers use generative AI to amass intelligence quickly, making targeted phishing and post-compromise pivots easier.
Quote:

"These generative AI tools are allowing [attackers] to speed that up ... It really allows a single individual or a small group ... to carry out an attack that would normally take ... far longer." — Dave Bittner [13:34]
Dynamic Attacks: AI enables threat tools to recognize and adapt to defenses in real time, replacing static, predictable scripts.

Detection vs. Response

Detection Not Enough:

"Detection is just one part of it ... someone has to act on that alert for something to happen." — Dave Bittner [15:11]
Faster Response Needed:
- AI can automate nuanced responses and containment, minimizing time for attackers to escalate privileges or detonate payloads.
- “Responding more quickly is what's really necessary ... and that’s where AI can help us as defenders.” — Dave Bittner [16:15]

Evolving Role of Threat Intelligence

Active vs. Passive Use:
- Value comes when intelligence is mapped and curated to specific environments with automated action for patching and configuration changes.
- Case study: The Hafnium vulnerabilities, where slow patching allowed attackers persistent access.
  [16:24–17:48]

Adversary Emulation and Preparedness

Beyond Tabletop Exercises:

“Tabletop is a great exercise, but it’s not going to be enough ... live fire exercises are going to be far more valuable.” — Dave Bittner [18:04]
Purpose: Prepares teams for realistic attack scenarios, helps identify authority gaps, and tests both technology and procedures.

AI as a Force Multiplier for Smaller Teams

Cost and Resource Efficiency:
- AI enables organizations to emulate large red teams at lower costs.
- Managed SOC services with AI can give small organizations scalable defense.
  [19:05–20:15]

Velocity and Consequences of Mistakes

Mistakes Amplified:

“If you don’t really put [AI platforms] through their paces ... you don’t know until you know the bad guy’s at your door.” — Dave Bittner [20:23]
Testing and Tuning Critical:
- Thorough, realistic testing prevents costly errors when tools are first needed in production.

The Future SOC (Security Operations Center)

Humans Remain Essential:

“I don’t think you’d ever see it where there’s not a human in the loop.” — Dave Bittner [21:34]
- AI takes over grunt work—sifting large data sets—while analysts oversee edge cases, validate escalations, and perform nuanced analysis.
Trust in AI:
- Comfort comes with iterative testing, scenario training, and customizing models to reflect an organization’s actual workflows.
- “You teach it what is good and what isn’t ... so that you can feel confident that ... it responds how you would.” — Dave Bittner [22:50]

Safeguards for Deploying AI Tools

Access Controls:
- Carefully manage and segregate what information AI agents can access and act on.
Red Team and Insider Threats:

“Performing red teaming of the platform itself ... managing insider threat issues ... it’s just applying traditional principles in a slightly different way.” — Dave Bittner [23:52]

Final Takeaways for Security Leaders

Don't Fear AI:

“Don’t be afraid of it ... it can really act as a force multiplier for what may be quite a small security group ... it's about being thoughtful with that investment.” — Dave Bittner [24:57]
Train and Test Continuously:
- Regular exposure builds confidence; AI should complement, not replace, teams and processes.

Notable Quote Montage

“The AI is going to absorb and touch everything you give it access to. So being thoughtful with what you’re giving access to ...” — Dave Bittner [23:52]
“It should really be a way for you to speed up what you already do, rather than looking at it like a fix-all.” — Dave Bittner [25:53]

Industry News: OpenAI’s GPT 5.5 Cyber Model Rollout

[27:16–End]

Context: OpenAI is launching its advanced GPT 5.5 cyber model to a closed group of “trusted defenders,” despite earlier criticisms of restricted access by rivals.
Independent Validation: UK AI Security Institute found the model highly capable in cyber attack simulations.
Core Issue:

“As always, with tools that can both defend and break systems, the real question is not what they can do, but who gets there first.” — Andrew Carr [27:49]
Significance: Raises questions about concentrated power, responsible rollout, and the dual-use nature of cutting-edge AI in cybersecurity.

Summary – Key Takeaways

Agentic AI systems offer unprecedented speed and efficiency for both attackers and defenders, but require careful, measured deployment with robust human oversight.
Organizations must move from passive detection to active, AI-enhanced response, integrating intelligence, rigorous testing, and continuous human supervision.
Small security teams can benefit from AI as a force multiplier, but the foundations of access control, ongoing training, and scenario-based preparedness remain critical.
The race between defensive and offensive AI continues—who “gets there first” will define the next era of cybersecurity.

For more insights and links to this episode’s stories, visit thecyberwire.com.

Loading summary

Transcript32 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K.
[00:13]
Andrew Carr
No, it's not your imagination. Risk and regulation are ramping up and customers expect proof of security just to do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together along with on one AI powered platform. Whether you're preparing for a SoC2 or managing an enterprise GRC program, Vanta helps keep you secure and your deals moving. Companies like Ramp and RYTR report spending 82% less time on audits. That's not just faster compliance, that's more time to focus on growth. When I look around the industry, I see over 10,000 companies, from startups to big enterprises trusting Vanta. Get started at Vanta.com, cyber. Five eyes Agencies issue agentic AI guidance A federal database leaks Social Security numbers. A stealthy worm poisons open source packages. OT firms are sidelined from frontier cyber models. The FBI warns of a surge in cyber enabled cargo theft. Officials flag likely election interference as security programs face cuts. Researchers uncover a Covert Python backdoor. Ubuntu's site takes Iranian linked DDoS fire cyber pros are sentenced in a ransomware case Our guest is Andrew Carr, global head of Threat Management at Booz Allen, discussing how AI is accelerating cyber attacks and OpenAI joins the invitation only. Clip of. It's Friday, may 1, 2026. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. Happy Friday. It is great as always to have you with us. Agentic AI can automate useful tasks, but new multinational guidance warns it should be adopted cautiously, especially in critical infrastructure and defense. The guidance, co authored by cyber agencies from Australia, the United States, Canada, New Zealand and the United Kingdom, says agentic systems can reason, plan, use tools and act without constant human oversight. That autonomy creates risks beyond traditional generative AI, including prompt injection, excessive privileges, identity spoofing, rogue agents, cascading failures, opaque decision making and data exposure. The agencies recommend limiting agentic AI to low risk, non sensitive tasks, aligning controls with existing cybersecurity programs and avoiding broad access to sensitive systems. Key safeguards include least privilege, strong identity management, sandboxing, phased deployment, human approval for high impact actions, continuous monitoring, red teaming, logging and rollback plans. The central message prioritize resilience and containment over efficiency gains. The Centers for Medicare and Medicaid Services inadvertently exposed Social Security numbers of some healthcare providers in a database supporting a new Medicare provider directory, according to the Washington Post. The publicly accessible database, intended to improve transparency and help seniors identify participating providers contained sensitive identifiers linked to names. The exposure lasted several weeks before officials removed the data. After notification. CMS said the issue resulted from providers entering information incorrectly and stated safeguards are being strengthened. The directory is part of a broader modernization effort led in part by Amy Gleason, but it's faced accuracy concerns and criticism from Jeff Merkley and Ron Wyden. CMS Administrator Mehmet Oz said improvements will continue to support informed coverage decisions. Minishai Hulud, A sophisticated worm targeting open source supply chains, has compromised multiple ecosystems by poisoning widely used packages, including Pytorch, Lightning on Pypi and the Intercom client on npm. The malware silently executes during installation, stealing ssh keys and GitHub action tokens and expanding into Packagist, RubyGems and Go modules. Researchers at Socket, Aikido Security and Aux Security identified the malicious releases. The campaign focuses on developer machines and continuous integration pipelines, where stolen credentials enable deeper backdoor insertion into enterprise software builds polyglot development environments increase exposure because each package manager creates a separate attack surface. The incident highlights weakening trust in public registries and underscores the need for tighter dependency governance. Internal mirrors, runtime monitoring and software bills of material to limit supply chain compromise impact operational technology. Cybersecurity firms have been excluded from restricted programs granting early access to advanced vulnerability discovery models from anthropic and OpenAI, raising concerns about risks to critical infrastructure. The initiatives aim to help select defenders identify software flaws before attackers gain similar artificial intelligence capabilities. But OT vendors say they were not invited to participate. Industry representatives argue the omission reflects a cultural gap between major technology firms and smaller infrastructure operators such as utilities. Experts warn OT systems fake unique constraints, long life cycles and different vulnerability priorities, making standard disclosure processes less effective. Programs like Project glasswing and Trusted Access for Cyber include open source stakeholders and researchers. Yet critics say excluding OT weakens coordinated defense as AI driven threat capabilities continue to expand across critical infrastructure environments. The FBI warns that cyber enabled cargo theft is surging, with hackers targeting brokers and carriers through phishing, emails, fake sites, malware and remote access tools. The schemes abuse trucking load boards, compromised broker accounts and stolen carrier identities. To win high value shipments, attackers may alter federal records, double broker loads, move goods through cross docking or transloading, then sell them or hold them for ransom. Cargo theft caused more than $700 million in 2025 losses, up 60% from 2024, Army Gen. Joshua Rudd, head of U.S. cyber Command and the National Security Agency, told the Senate Armed Services Committee that foreign interference in upcoming midterm elections is likely, citing past activity by Russia, China and Iran, officials said. Adversaries continue relying on cyber intrusions and disinformation. The Election Security Group has coordinated with the FBI and CISA since 2018, including operations disrupting Russian propaganda infrastructure before the 2024 election. A proposed budget would eliminate CISA's election security program, raising defense concerns Researchers at Securonix identified a stealthy Python based backdoor called Deep Door that enables persistent remote access and surveillance on Windows systems. Delivered via a batch script that disables protections such as smart screen and defender safeguards, the malware establishes persistence through registry changes, scheduled tasks and startup folder scripts. It evades analysis with anti sandbox checks and covert command channels, then supports command execution, credential theft, key logging and webcam access. The tool can also overwrite the master boot record, indicating potential destructive capability alongside espionage use. Canonical says its web infrastructure is facing a sustained DDoS attack after the pro Iran hacktivist group Islamic Cyber Resistance in Iraq, also known as 313 Team, claimed responsibility. The disruption took down Ubuntu's main website and limited user access to downloads and accounts for hours beyond the group's stated timeline. The attackers also issued an apparent extortion message, warning the assault would continue without contact. Canonical is working to restore services while the motive for targeting the Ubuntu developer remains unclear. Ryan Goldberg and Kevin Martin were sentenced to four years in prison for deploying ALFV Black Cat ransomware against multiple US victims in 2023. Alongside Angelo Martino, all three worked in the cybersecurity industry and used their professional expertise securing networks to conduct the attack. Acting as ransomware as a service affiliates, they shared proceeds with platform administrators and extorted about $1.2 million from one victim, laundering their share, prosecutors said. The campaign targeted organizations including medical providers and engineering firms and involved leaking patient data to increase pressure, Officials from the U.S. department of justice and FBI said the case highlights continued enforcement against skilled insiders misus using defensive expertise for ransomware operations. Coming up after the break, my conversation with Andrew Carr, global head of threat management at Booz Allen. We're discussing how AI is accelerating cyber attacks and OpenAI joins the invitation only club. Stay with us. And now a word from our sponsor, the center for Cyber Health and Hazard Strategies, also known as chhs. Looking for a graduate degree that will give you an edge on your professional career? Earn a Master of Science in Law at University of Maryland Cary School of Law. This part time two year online graduate degree program is designed for experienced professionals to understand laws and policies that impact your industry. Learn from CHHS faculty who are experts in their field. No GRE required. Learn how you can master the law without a JD at Law Umarland. Edu.
[12:46]
Dave Bittner
Study and Play Come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the Unreal College Deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka mscollegepc.
[13:22]
Andrew Carr
Andrew Carr is Global Head of Threat Management at Booz Allen. We recently sat down to discuss how AI is accelerating cyber attacks and reshaping cybersecurity defenses.
[13:34]
Dave Bittner
Yeah, so it's from a number of different facets as far as reconnaissance is concerned. You know, generative AI and its ability to quickly sift through and amass a summary of information has rapidly accelerated an attacker's ability to perform reconnaissance on an organization or the executive suite and provide really insightful context related to potential partnerships that they're engaging in that might help with a phishing attack. Once they get into an organization, they may already have an understanding of the tooling that's in place there. It really allows a single individual or a small group of individuals to carry out an attack that would normally take a far longer time to carry out and far more research to be conducted. And so these generative AI tools are allowing them to kind of speed that up from a perspective of once they actually get into the system. Employing AI tooling will allow it to quickly recognize and adapt to different systems within the environment. Before we used to see threat actors would come in with a really static script that would try to turn off, you know, everything under the sun. Every tool out there for antivirus or endpoint detection response, but it was really predictable. This allows them to pivot in real time and be more thoughtful and less noisy, if you will, when they get in the environment.
[14:57]
Andrew Carr
I think a lot of the defenders out there are thinking that these AI tools are going to help them detect things faster. But I know you've made the point that detection might not be the key element here.
[15:12]
Dave Bittner
Yeah, so detection is just one part of it.
[15:14]
Andrew Carr
Right.
[15:14]
Dave Bittner
Having an alert pop up is great, but someone has to act on that alert for something to happen. Now you can put in automations and things like that, but if you put in too many, you're going to have a detrimental effect on your infrastructure. So most of the time it does require that human in the loop, but that human in the loop, if it's a tier one person, that then has to get escalated to a tier two, that really takes the time away from responding. And that threat actor might be pivoting, they might be moving throughout the infrastructure and they might already have detonated their payload. So the introduction of AI takes that automation piece that used to be really scripted out, used to be really static based on detection logic and rule sets and things like that. And it allows for a nuanced ability to change on the fly, to recognize changes in behavior, to take action through agentic AI that otherwise would have needed a human to perform. And it really speeds up that response time. So detection is great, and speeding up detection is obviously something we need to strive for, but responding more quickly is what's really necessary to try and stop the threat actor before they can get their hooks in too deeply. And that's where AI can help us as defenders.
[16:25]
Andrew Carr
What about threat intelligence feeds? I know lots of folks, it's an area where there's a lot of investment. What does that solve and where are areas where it comes up short.
[16:37]
Dave Bittner
So threat intelligence is extremely valuable, but if it's viewed as something passive, it's often not going to be very effective. There's too much information out there. You don't really know how it applies to your environment. So taking a more active role and using platforms that are based on not only providing valuable information from the outside world, but then mapping that to your actual infrastructure so that you have an understanding of do these vulnerabilities affect my systems? Do I have these particular tools within my environment? How would I react to one of these things? And then having that all curated and automated so that when that threat intelligence feed feeds in a new CVE or a new zero day or something like that, you already know what in your environment that applies to and you have agentic AI to be able to take action on it, to apply the patch or something, change the configuration. We saw this years ago with things like the hafnium vulnerabilities. Many of the organizations were trying to keep up and do their best to patch and get everything back to normal, but unfortunately that 48 hour window that it took to do that, the threat actors had already put web shells in the environment and we saw hundreds of organizations impacted by secondary attacks because of that.
[17:49]
Andrew Carr
Well, I know there are some elements here that you and your colleagues Advocate things like adversary emulation at scale and rehearsing the attacks. How do they contribute to a team's ability to defend themselves here?
[18:04]
Dave Bittner
Absolutely. So a tabletop is a great exercise, but it's not going to be enough. Taking that next step to try and demonstrate how an attacker would actually take hold of your environment, how they would get past your defenses, how they would interact with your active SOC team or your blue team. Do they know how to pivot from the playbook? Can they on the fly make changes? How quickly can they make those changes? Those kind of live fire exercises are going to be far more valuable than, you know, sitting in front of a group of people at a table talking about how you would respond, really taking that extra step to get people in there to push those defenses to their limit. See what breaks down, you know, when you're in a friendly environment to understand how can we be better, how can we move more quickly, who needs additional authority to make those decisions? That's really going to take your team to that next level and provide them with a preparedness so that you don't end up having to call us.
[19:05]
Andrew Carr
It strikes me that very few organizations out there have unlimited resources when it comes to being able to address these things. So for the folks out there who are part of a smaller security team, how do they go about adopting this mindset when they don't have those large red team resources?
[19:25]
Dave Bittner
Well, that's where it's really great with the AI piece of it. Right? Because the AI allows for a reduction in cost for offering what would essentially be maybe the equivalent of 10 people red teaming your environment. So you can do that with a smaller budget because you don't need to pay for all those different resources to come in and do this for you. Additionally, from the defense perspective, they don't need to have a whole in house SOC for a small organization. They can hire one of these firms that utilizes these technologies to essentially act as a force multiplier for their internal IT team or security team. AI is helping to kind of reduce that burden for these smaller organizations because it's more scalable and you don't need to recoup the kind of the people costs associated with all those individuals coming in and performing that for you.
[20:15]
Andrew Carr
This increase in velocity, is it fair to say that mistakes become more expensive when things are moving faster?
[20:23]
Dave Bittner
They can be. That's why building out these platforms thoughtfully, really testing them, as I mentioned before, to see how the teams and the tooling react, how to really dial it in so that it doesn't cause undue disruption to the business. Obviously, we as security practitioners are there to facilitate the business functions. We certainly don't want to get in the way of that. But if you don't test them, if you don't really put them through their paces, if you don't give them a really realistic environment to test in, you don't know until you know the bad guy's at your door. So going through those can help you truly understand what mistakes might happen, what things you didn't consider, and you can mitigate as many of those as possible so that your team and your tooling can actively and properly respond while also keeping the business up and running.
[21:14]
Andrew Carr
Yeah, I'd love to dig into some of the details about what your notion of the future SOC looks like. I mean, I think a lot of folks, when they hear terms like autonomous incident response, they're imagining removing the humans entirely. But that's not necessarily what we're talking about here.
[21:34]
Dave Bittner
No. And I don't think you'd ever see it where there's not a human in the loop. Right.
[21:39]
Andrew Carr
Yeah.
[21:39]
Dave Bittner
Of course, we try to act as a force multiplier with AI where it can help you triage things much more quickly. It can go through large data sets more quickly and identify the things that need to bubble up to the surface. But ultimately it becomes where the human analysts are supervising what's going on with the agents. They're supervising what's being brought up to the surface. And they're performing that more granular, more detailed, more experience driven review to understand how this impacts the environment. Is this truly a false positive? And they're doing less of the, I'll call it the grunt work, and they're doing more of the kind of the general on the back.
[22:19]
Andrew Carr
Right.
[22:20]
Dave Bittner
So it allows you to have all these agents out there, this tooling out there that can sift through vast amounts of data much more quickly and then bring that to the attention of those with the true experience that can sift through it.
[22:33]
Andrew Carr
In your experience, what does the trust factor look like? How long does it take the folks who are tasked with supervising these AI assistants to get on board and really understand that they can trust them?
[22:51]
Dave Bittner
You know, it depends. It can sometimes take a little while because the knee jerk reaction might be, oh, I don't know if this is accurate enough or, you know, we don't really have enough experience with this. So, you know, how are we going to develop that familiarity with it? And it's really about reps, it's about putting it through its Paces, giving it every different scenario you can think of and then fine tuning it. You know, these aren't static models. They can learn. You teach it what is good and what isn't good and that way you can customize it for your environment so that you can feel confident that when it's responding, it's responding how you would respond, it's responding according to your playbooks. It's not doing things that you would find detrimental to the overall business. So I think that familiarity and that comfort comes with really testing it out, really driving it, instead of just dropping something in the environment and hoping it's going to anticipate how you would respond.
[23:45]
Andrew Carr
Are there any particular safeguards that people need to be concerned about before they put these sorts of things into action?
[23:53]
Dave Bittner
Yeah, obviously you want to make sure. So the AI is going to absorb and touch everything you give it access to. So being thoughtful with what you're giving access to, what you're allowing it to take action on, segregating data, performing red teaming of the platform itself. Right. So this is a piece of software. It is made of code, making sure that you're testing it to ensure that it operates properly, you know, dealing with your typical insider threat issues. Right. The access to that model, the access to what it's able to do and how you're controlling that from an internal perspective. So you don't have an issue with a disgruntled employee or someone that maybe has more access to the system than they should. So it's a lot of the traditional principles of things like zero trust and insider threat preparation that we do right now. It's just applying it in a slightly different way.
[24:44]
Andrew Carr
So what are the takeaways for you, for the security leaders who are listening to us here today? What sort of things should they be doing to prepare for these AI accelerated threats? What are your recommendations?
[24:57]
Dave Bittner
So the first is don't be afraid of it. It is helpful, it is valuable and it can really act, like I said, as a force multiplier for what may be quite a small security group in your organization. I would also say that when you look into these, you know, some are better than others, some have functionality that is more aligned to your organization than others. And more investment isn't always better. It's being thoughtful with that investment. It's aligning it to your mission and it's getting your people to train, test and use this all the time. I can't stress enough how important it is for people to get the reps in with the tooling, with the AI to make it so that it complements the organization rather than acting as something that's seen as a replacement to individuals or replacement to workflows. It should really be a way for you to speed up what you already do, rather than looking at it like a fix all if you will.
[25:56]
Andrew Carr
That's Andrew Carr, global head of Threat Management at Booz Allen.
[26:12]
Dave Bittner
When you need to build up your team to handle the growing chaos at work, use Indeed Sponsored Jobs. It gives your job post the boost it needs to be seen and helps reach people with the right skills, certifications and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit@ Indeed.com podcast. That's Indeed.com podcast terms and conditions apply. Need a hiring hero? This is a job for Indeed Sponsored Jobs. Get business done with the new American Express Graphite Business Cash Unlimited card with unlimited 2% cash back on all eligible purchases, unlimited 5% cash back on flights and prepaid hotels booked through American Express Travel online and a flexible spending capacity that can grow with your business, you'll have the confidence to keep building. Apply today and earn a welcome offer of $1,500 cash back after you spend $50,000 in qualifying purchases on your new card within the first six months of card membership terms. Apply. Learn more at go MX Graphite.
[27:17]
Andrew Carr
And finally, OpenAI is preparing a limited rollout of its new GPT 5.5 cyber model to a selected group of trusted defenders, a move that arrives shortly after CEO Sam Altman criticized Anthropic for doing much the same with its Claude Mythos system. Altman said the model will help secure companies and infrastructure by finding vulnerabilities before attackers do. Though access will initially remain tightly controlled, independent testing by the UK AI Security Institute suggests the tool is unusually capable, completing complex cyber attack simulations end to end. The rollout follows Altman's recent complaints that restricting advanced cyber models concentrates power in too few hands. Now, however, OpenAI appears to be running its own velvet rope policy, checking badges at the entrance while insisting the party is for everyone's safety. As always, with tools that can both defend and break systems, the real question is not what they can do, but who gets there first. And that's the cyber wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend Research Saturday and my conversation with Justin Albrecht, principal researcher at Lookout. The research is titled Attackers Wielding Dark Sword threaten iOS users. That's research Saturday Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.