Risky Bulletin Podcast:

Episode: Sponsored: AI is making old school prevention cool again
Host: James Wilson (Risky Business Media)
Guest: Adam Poynton, CEO of Knock Knock
Release Date: March 29, 2026

Episode Overview

This episode explores the resurgence of "old school" preventative cybersecurity controls in the face of advanced AI-driven cyberattacks. Host James Wilson interviews Adam Poynton, CEO of Knock Knock, to discuss how attackers now use generative AI to accelerate exploitation, why traditional detection and response alone are no longer adequate, and how proactive, preventative controls—like default-deny architectures—have become essential. The discussion focuses on how solutions like Knock Knock reduce exposure, enabling organizations to regain control and “reset” the security baseline.

Key Discussion Points & Insights

1. The Need for Prevention in an AI-Driven Threat Landscape

Attackers are leveraging generative AI to automate and accelerate finding and exploiting vulnerabilities.
- Adam Poynton [04:05]: “The barrier to entry to like do vuln research, do exploit dev and then en masse apply that and auto own to the point of patch the system you broke into ... that's already here.”
The time from public vulnerability disclosure to mass exploitation has shrunk dramatically.
- Adam Poynton [06:16]: “The zero day clock thing came out which was 1.6 days average time from vulnerability being published to exploitation... I loaded that up yesterday. It's now eight hours.”

2. How Knock Knock’s Approach Works

Knock Knock is a preventative access-control solution that restricts access (e.g., to Citrix endpoints) until identities are authenticated—no exposure to the internet until after successful SSO.
- Adam Poynton [01:13]: “...before the big bad Internet can connect to the Citrix service or port, they have to go through this identity, this login process… then the firewalls ... are orchestrated to allow that user to access ... rather than the entire Internet.”
This “deny by default” approach reduces the speed and necessity of emergency patching and lets patching teams operate more methodically.
- Adam Poynton [02:14]: “...the big bad Internet can't run around and oday your Citrix edge because it's only your trusted users that could be the attack source... having the ability to do things in control rather than being in, you know, controlled and motivated by the attack surface that you expose to the entire Internet.”

3. Why Prevention, Why Now?

The economics of cyberattack have shifted: AI has made mass exploitation cheap and fast, so organizations can’t rely on “not being a target.”
- Adam Poynton [07:14]: “The economics of well and truly change where the barrier to entry or exploitation is dropped, collapsed … now offense is off the charts and defense, you're scrambling.”
Detection and response can’t keep pace with AI-driven attacks—the only sustainable strategy is to minimize exposure and proactively block attackers.
- Adam Poynton [07:14]: “We all thought the like AI versus AI approach where ... I'll just spend better AI on defense than offense ... but we sort of don't want to play that race…”

4. Resetting the Security Baseline

Knock Knock provides a new baseline: only authenticated, verified users can even reach a service—all other traffic is blocked.
- James Wilson [09:19]: “Knock knock's kind of a way to say we're not going to even run that race any more …. This is like a, you know, it's a really good solid wall that just says actually the baseline is now here.”
- Adam Poynton [10:13]: “You don't want to say changes the game, but the race is different... If you remove exposure ... your overall risk reduces.”
The podcast highlights that organizations need to “reset” assumptions of what is “good enough” security.

5. Flexible and Evolving Deployment Strategies

While Knock Knock started as an external perimeter solution, customers increasingly use it to segment internal networks that are “scarily flat.”
- Adam Poynton [12:08]: “We sort of originally started with that external and then that problem came to us. A few customers were like ... what can we do here?... you can run it on Windows and Windows servers can be self defending and you can run on Linux ... customers ... started to then just apply it on their Windows host.”
It also supports legacy systems—enabling “self-defending” hosts even where traditional segmentation isn’t possible.
Knock Knock is used for managing outbound “egress,” such as temporary connections from sensitive environments for maintenance and updates, closing those exposures automatically.
- Adam Poynton [14:53]: “...You would log in and say, you know, click a button that says allow the green network to get to the red network for two hours... and then they go in and do maintenance.”

Notable Quotes & Memorable Moments

On shrinking vulnerability exploitation window:
- Adam Poynton [06:16]: “...the zero day clock thing ... was 1.6 days average time ... I loaded that up yesterday. It's now eight hours.”
- James Wilson [06:16]: “Oh no,” (reacting to the news)
On the “AI vs AI” race in cybersecurity:
- Adam Poynton [07:14]: “We all thought the like AI versus AI approach ... but we sort of don't want to play that race... just stop everything, block everything and then only limit exposure to your authenticated verified users.”
On shifting the security baseline:
- James Wilson [09:19]: “Knock knock's kind of a way to say we're not going to even run that race any more.... this is like a ... solid wall that just says actually the baseline is now here.”
On internal segmentation and self-defending hosts:
- Adam Poynton [12:08]: “...customers ... started to then just apply it on their Windows host. So rdp, all these jump hosts internally then became just in time exposure... quite simple to actually have that impact and the effect internally.”
On evolving enterprise network strategies:
- James Wilson [11:18]: “I have worked in some enterprises that have scarily flat network and I do mean like terrifyingly flat.”
- Adam Poynton [13:03]: “That’s just the knock knock approach of self defending... every single host should be self defending and default, deny on all services is the place you want to get to...”

Timestamps for Key Segments

00:00-01:13 — Episode intro, problem framing, introduction to Adam Poynton and Knock Knock concept
01:13-03:11 — How Knock Knock works with Citrix as an example
04:05-06:16 — Why prevention matters now, rise of AI in attack tools, shrinking time to exploit
06:16-07:14 — How rapid exploitation changes defense priorities
07:14-09:19 — Economics of AI-driven attacks, reconsidering “AI vs AI” arms race
09:19-10:22 — Using prevention to “end the race” and reset security assumptions
11:18-12:08 — Knock Knock beyond the external perimeter: applying to internal “flat” networks
12:08-14:52 — Self-defending hosts, legacy/host-level defense, flexible deployment
14:53-15:59 — Managing outbound egress for updates and maintenance

Final Thoughts

This episode underscores a critical shift in cybersecurity: with AI-augmented attackers rapidly exploiting vulnerabilities, proactive prevention is not just “cool again” but necessary. Knock Knock’s approach—minimizing network exposure to only pre-authenticated users—offers a way to retake the initiative, dial down the attack surface, and rethink what “good enough” security means in the AI era. Practical deployment strategies for both perimeter and internal networks are shared, giving enterprises actionable insights to harden defenses in a fast-moving threat landscape.

Risky Bulletin Podcast:

Episode: Sponsored: AI is making old school prevention cool again
Host: James Wilson (Risky Business Media)
Guest: Adam Poynton, CEO of Knock Knock
Release Date: March 29, 2026

Episode Overview

Key Discussion Points & Insights

1. The Need for Prevention in an AI-Driven Threat Landscape

Attackers are leveraging generative AI to automate and accelerate finding and exploiting vulnerabilities.
- Adam Poynton [04:05]: “The barrier to entry to like do vuln research, do exploit dev and then en masse apply that and auto own to the point of patch the system you broke into ... that's already here.”
The time from public vulnerability disclosure to mass exploitation has shrunk dramatically.
- Adam Poynton [06:16]: “The zero day clock thing came out which was 1.6 days average time from vulnerability being published to exploitation... I loaded that up yesterday. It's now eight hours.”

2. How Knock Knock’s Approach Works

Knock Knock is a preventative access-control solution that restricts access (e.g., to Citrix endpoints) until identities are authenticated—no exposure to the internet until after successful SSO.
- Adam Poynton [01:13]: “...before the big bad Internet can connect to the Citrix service or port, they have to go through this identity, this login process… then the firewalls ... are orchestrated to allow that user to access ... rather than the entire Internet.”
This “deny by default” approach reduces the speed and necessity of emergency patching and lets patching teams operate more methodically.
- Adam Poynton [02:14]: “...the big bad Internet can't run around and oday your Citrix edge because it's only your trusted users that could be the attack source... having the ability to do things in control rather than being in, you know, controlled and motivated by the attack surface that you expose to the entire Internet.”

3. Why Prevention, Why Now?

The economics of cyberattack have shifted: AI has made mass exploitation cheap and fast, so organizations can’t rely on “not being a target.”
- Adam Poynton [07:14]: “The economics of well and truly change where the barrier to entry or exploitation is dropped, collapsed … now offense is off the charts and defense, you're scrambling.”
Detection and response can’t keep pace with AI-driven attacks—the only sustainable strategy is to minimize exposure and proactively block attackers.
- Adam Poynton [07:14]: “We all thought the like AI versus AI approach where ... I'll just spend better AI on defense than offense ... but we sort of don't want to play that race…”

4. Resetting the Security Baseline

Knock Knock provides a new baseline: only authenticated, verified users can even reach a service—all other traffic is blocked.
- James Wilson [09:19]: “Knock knock's kind of a way to say we're not going to even run that race any more …. This is like a, you know, it's a really good solid wall that just says actually the baseline is now here.”
- Adam Poynton [10:13]: “You don't want to say changes the game, but the race is different... If you remove exposure ... your overall risk reduces.”
The podcast highlights that organizations need to “reset” assumptions of what is “good enough” security.

5. Flexible and Evolving Deployment Strategies

While Knock Knock started as an external perimeter solution, customers increasingly use it to segment internal networks that are “scarily flat.”
- Adam Poynton [12:08]: “We sort of originally started with that external and then that problem came to us. A few customers were like ... what can we do here?... you can run it on Windows and Windows servers can be self defending and you can run on Linux ... customers ... started to then just apply it on their Windows host.”
It also supports legacy systems—enabling “self-defending” hosts even where traditional segmentation isn’t possible.
Knock Knock is used for managing outbound “egress,” such as temporary connections from sensitive environments for maintenance and updates, closing those exposures automatically.
- Adam Poynton [14:53]: “...You would log in and say, you know, click a button that says allow the green network to get to the red network for two hours... and then they go in and do maintenance.”

Notable Quotes & Memorable Moments

On shrinking vulnerability exploitation window:
- Adam Poynton [06:16]: “...the zero day clock thing ... was 1.6 days average time ... I loaded that up yesterday. It's now eight hours.”
- James Wilson [06:16]: “Oh no,” (reacting to the news)
On the “AI vs AI” race in cybersecurity:
- Adam Poynton [07:14]: “We all thought the like AI versus AI approach ... but we sort of don't want to play that race... just stop everything, block everything and then only limit exposure to your authenticated verified users.”
On shifting the security baseline:
- James Wilson [09:19]: “Knock knock's kind of a way to say we're not going to even run that race any more.... this is like a ... solid wall that just says actually the baseline is now here.”
On internal segmentation and self-defending hosts:
- Adam Poynton [12:08]: “...customers ... started to then just apply it on their Windows host. So rdp, all these jump hosts internally then became just in time exposure... quite simple to actually have that impact and the effect internally.”
On evolving enterprise network strategies:
- James Wilson [11:18]: “I have worked in some enterprises that have scarily flat network and I do mean like terrifyingly flat.”
- Adam Poynton [13:03]: “That’s just the knock knock approach of self defending... every single host should be self defending and default, deny on all services is the place you want to get to...”

Timestamps for Key Segments

00:00-01:13 — Episode intro, problem framing, introduction to Adam Poynton and Knock Knock concept
01:13-03:11 — How Knock Knock works with Citrix as an example
04:05-06:16 — Why prevention matters now, rise of AI in attack tools, shrinking time to exploit
06:16-07:14 — How rapid exploitation changes defense priorities
07:14-09:19 — Economics of AI-driven attacks, reconsidering “AI vs AI” arms race
09:19-10:22 — Using prevention to “end the race” and reset security assumptions
11:18-12:08 — Knock Knock beyond the external perimeter: applying to internal “flat” networks
12:08-14:52 — Self-defending hosts, legacy/host-level defense, flexible deployment
14:53-15:59 — Managing outbound egress for updates and maintenance

wavePod

Sponsored: AI is making old school prevention cool again

Summary

Risky Bulletin Podcast:

Episode Overview

Key Discussion Points & Insights

1. The Need for Prevention in an AI-Driven Threat Landscape

2. How Knock Knock’s Approach Works

3. Why Prevention, Why Now?

4. Resetting the Security Baseline

5. Flexible and Evolving Deployment Strategies

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Final Thoughts

Summary

Risky Bulletin Podcast:

Episode Overview

Key Discussion Points & Insights

1. The Need for Prevention in an AI-Driven Threat Landscape

2. How Knock Knock’s Approach Works

3. Why Prevention, Why Now?

4. Resetting the Security Baseline

5. Flexible and Evolving Deployment Strategies

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Final Thoughts