Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ep. 65 - "Months, Not Years": The Five Eyes AI Warning and Your Security Program

On June 22, 2026, the heads of all six Five Eyes cyber agencies—GCHQ, CISA, the NSA, ASD, the Canadian Centre, and New Zealand's GCSB—signed a rare joint statement: AI has rewritten the cyber risk timeline, and it's months, not years. Host Tova Dvorin and offensive security expert Adrian Culley unpack why AI is collapsing the window between vulnerability and exploit, why "having controls" isn't the same as proven controls, and why legacy systems are now strategic liabilities for the board, not the IT team. A clear-eyed look at validation, assumed breach, and what CISOs should do Monday morning.

AI Just Shrank the Time Hackers Need to Weaponize Your Vulnerabilities

The Five Eyes intelligence alliance—NSA, CISA, GCHQ, Australia's ASD, Canada's Cyber Centre, and New Zealand's GCSB—just issued a joint warning: AI has compressed the window between vulnerability discovery and exploitation from years to months. Adrian breaks down what the "AI Shift in Cyber Risk" statement actually means for patching timelines and attacker sophistication—and why most organizations aren't moving fast enough to keep up.

Evaluating AI Security Posture Management Tools: 7 Key Criteria

Evaluating AI Security Posture Management (AI-SPM) tools is a critical process for organizations integrating AI, specifically Generative AI (GenAI) and Large Language Models (LLMs), into their workflows. Unlike traditional security tools, AI-SPM focuses on the unique risks of AI, including Shadow AI, prompt injection, data poisoning, model theft, and improper model configuration. When assessing AI-SPM tools, security leaders should prioritize the following capabilities.

RAG vs Fine-Tuning: When to Use Each for Enterprise GenAI Applications

Let's suppose that your business is about to implement GenAI (generative AI). In this case, the conversation inevitably boils down to a dilemma: RAG (Retrieval-Augmented Generation) or Fine-Tuning. At first glance, these appear to be two competing methods for tackling the same problem-getting a base LLM (Large Language Model) to speak your company's language.

Embracing the Benefits of Smart Glasses Safely in the Workplace

We are witnessing a massive shift in how we secure corporate networks. Security operations centers used to be dedicated to protecting static desktop stations, local servers, and company-issued mobile hardware. However, today's spatial computing and edge-based AI have delivered a new, largely unregulated hardware threat directly into the corporate space - face-worn consumer hardware.

OpenMatter Network Introduces Verifiable Trust Layer for Secure Collaboration and AI Agents

OpenMatter Network today announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don't Trust Data. Prove It. For decades, organizations have relied on trust-based assumptions to secure data, execute workloads, and govern digital systems. But as data becomes increasingly distributed and AI agents begin operating autonomously across organizations, applications, and networks, those assumptions are being tested in new ways.

Reflectiz to Host Webinar, Joined by Taboola, on Securing Third-Party Marketing in the AI Era

Reflectiz, the web exposure management platform, today announced a live webinar with Taboola, "Securing Third-Party Marketing in the AI Era," taking place July 8 at 9 AM EDT / 3 PM CEST. Every marketing vendor a company approves can silently introduce third and fourth-party scripts that no security team ever reviewed. In the AI era, that invisible layer is expanding faster than point-in-time audits can track. The gap between what an organization approves and what actually executes on its site is where data leakage, regulatory exposure, and compliance failures happen.

Proof Over Prediction: What Happens When You Actually Watch Who's Attacking AI Infrastructure

Customer telemetry shows how AI agents behave in a limited set of production environments and what risks they carry. Vulnerability research surfaces how those environments can be attacked. Both sources are valuable, but neither shows actual attacker behavior or how quickly they operationalize a new vulnerability once it's public.