Check out my latest podcast with the famous TonyG around RSA: https://www.drchaos.com/post/podcast-rsa-2026-recap San Francisco's Moscone Center hosted (by what I could find online) 43,500 cybersecurity professionals last week. The one message I kept on hearing....AI...Agentic....Something.... The conference closed on March 26th. Hugh Jackman showed up to chat with RSAC's leadership. Kevin Bacon played guitar. I still think Magic Johnson last year topped them, but I grew up a

RSA 2026 is over, the buzzwords are still echoing, and it is time to sort signal from noise. In this episode, "Tony G" and I break down the biggest cybersecurity themes, AI trends, vendor messaging, and practical takeaways from RSA Conference 2026 — with a focus on what actually matters for defenders, security leaders, and practitioners. Click on the link to listen, or from our SoundCloud widget or your favorite Podcast app https://on.soundcloud.com/AjzauSZJz7G7kMUCeY

1. Model and AI Pipeline Security The first area is what I’d call model and AI pipeline security. This is where a lot of the early focus has been — making sure the model itself, the data feeding it, and the overall pipeline are secure before anything ever gets deployed. These solutions are looking for things like: ·      Vulnerable or unsafe models ·      Poisoned or manipulated training data ·      Weaknesses in RAG pipelines ·      Supply chain risks in models and dependenc

Human friendly Until It Isn't At first, they sounded perfectly human. Two AI agents exchanging polite, helpful sentences about booking a hotel. Dates. Cities. Room types. Small talk in clean, predictable English. Nothing unusual. Nothing alarming. And then something changed. A subtle handshake. A quiet realization. You’re not human either. The tone shifted. The pleasantries evaporated. English disappeared. In its place: structured payloads. Encoded blobs. Encrypted traffic sl

The conflict that erupted on February 28, 2026, with joint US-Israeli strikes on Iran—codenamed Operation Epic Fury  by the US and Operation Roaring Lion  by Israel—has rapidly evolved into a full-spectrum hybrid war. While missiles, drones, and airstrikes dominate headlines (including the reported killing of Supreme Leader Ayatollah Ali Khamenei), cyberspace has emerged as a parallel battlefield of equal strategic weight. Cyber operations have disrupted communications, sown

As the US-Israel-Iran war enters its critical phase on March 4, 2026, the cyber domain has emerged as a silent yet potent arena of conflict. With Operations Epic Fury and Roaring Lion unleashing airstrikes on Iranian targets, the digital front has seen a mix of disruptions, threats, and proxy activities. In the last 24 hours, there's been a notable lull in major state-sponsored Iranian cyberattacks, largely due to nationwide internet blackouts reducing connectivity to a mere

There’s a question that’s been sitting in the back of my mind lately. If we’re moving into a world where autonomous systems are planning, adapting, and executing actions with increasing independence… what does that actually mean for threat intelligence teams? I’m not asking this from a hype perspective. We all know “agentic AI” is the buzzword of the year. I’m asking it from a practical standpoint. If machines begin planning against machines — even partially — how does that c

In conversations with people who are actually building and red teaming agentic systems, one theme keeps coming up: the failures they’re seeing don’t really look like prompt problems. They look like architectural ones. That framing matters, because it changes where attention goes. A lot of early work around agentic AI security still focuses on prompts, model behavior, and individual interactions. That work has value, but it starts to feel incomplete once agents are given memor

For years, security teams learned how to protect systems that respond. Agentic AI introduces systems that decide. That difference sounds small at first. It isn’t. Most of today’s AI security conversation still treats models like tools: prompt in, response out, controls around the edges. Agentic systems behave differently. They perceive information, reason over goals, invoke tools, and act — often repeatedly, and often without a human approving every step. This post is an atte

Check out a related podcast at https://www.drchaos.com/post/podcast-ai-agents-and-the-new-insider-threat As we move into 2026, the cybersecurity landscape is undergoing a phase shift where AI is transitioning from a modular tool into an autonomous, operational actor For technical practitioners, this necessitates a move beyond traditional defense-in-depth toward an authenticity-centric architecture capable of countering industrialized, machine-speed adversaries   The Agentic