{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Cyber Sentries: AI Insight to Cloud Security","title":"The Joystick Effect: How Attackers Manipulate Your Security Data with Chris Nyhuis","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/42c93512\"></iframe>","width":"100%","height":180,"duration":2105,"description":"Why AI Needs a Deterministic Pass FirstAs security teams lean harder on AI to catch threats faster, a foundational question keeps getting skipped: is the data feeding that AI actually trustworthy? On this episode of Cyber Sentries, host John Richards sits down with Chris Nyhuis, president and CEO of Vigilant, to unpack why forensic validation — not faster algorithms — may be the missing piece in modern threat detection.Why Your Detection Stack Might Be Blind to Its Own Blind SpotsJohn and Chris dig into what Chris calls the \"joystick effect\" — a technique where threat actors quietly manipulate logs and EDR training data so security tools learn to miss them entirely. It's a tactic that's existed for decades, but as more teams hand decisions to AI without questioning the data underneath, it's becoming far more dangerous.Chris also walks through why packet loss on span ports and mirror ports can silently gut visibility long before AI ever gets involved, and why physical taps and chain-of-custody collection matter more than flashy detection features. The conversation moves through Vigilant's \"deterministic pass, then AI\" model — a method for cutting hallucinations and dramatically speeding up detection — and closes with a candid look at how marketing-driven \"top vendor\" lists have diluted trust across the industry.Questions We Answer in This EpisodeHow do attackers manipulate logs and EDR data without ever being detected?Why does packet loss on span ports and mirror ports undermine AI-driven security?What does a \"deterministic pass, then AI\" detection model actually look like?How can security teams tell if a vendor's claims are backed by real, verifiable value?Key TakeawaysValidate data at the point of collection — forensic integrity has to come before analysis.Use physical taps and chain-of-custody practices to close the packet-loss gap.Pair deterministic evidence with AI pattern-matching, then bring in humans for final judgment.Question vendor rankings and...","thumbnail_url":"https://img.transistorcdn.com/Ipg5CALrzv7pPIJnV_OJHWbm0TRU-H5nEd05XgrZwY8/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9lZDg5/MzE1MjJkODgxYmJh/MzE2ZDA1ZjI5YmNj/YTM3OC5qcGc.webp","thumbnail_width":300,"thumbnail_height":300}