[00:00] Lauren Mitchell: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers. [00:06] Aaron Cole: Welcome to Prime Cyber Insights. I am Aaron Cole. [00:10] Aaron Cole: We're moving fast today with a massive shift in vulnerability management and a ransomware crisis that's hitting the healthcare sector where it hurts most. [00:19] Lauren Mitchell: I'm Lauren Mitchell. We have a lot to unpack, including an AI breakthrough from Anthropic, [00:24] Lauren Mitchell: that's finding bugs older than some of our listeners. Joining us today is Chad Thompson, [00:30] Lauren Mitchell: a director-level AI and security leader with a systems-level perspective on automation, [00:35] Lauren Mitchell: enterprise risk, and operational resilience. Chad, great to have you. [00:39] Chad Thompson: Glad to be here, Lauren. [00:41] Chad Thompson: We're seeing a fundamental shift in the speed of both offense and defense. [00:45] Chad Thompson: And the news this week really highlights that tension between automated discovery and manual recovery. [00:50] Aaron Cole: Right. Let's start there. [00:52] Aaron Cole: Anthropic just rolled out Claude Code Security using the Opus 4.6 model. [00:58] Aaron Cole: This isn't just another scanner. [01:00] Aaron Cole: It's mapping entire code bases like a human researcher. [01:04] Aaron Cole: Chad, they're claiming it found high severity vulnerabilities in open source software [01:09] Aaron Cole: that were undetected for decades. [01:11] Aaron Cole: Does this change the enterprise risk math? [01:13] Lauren Mitchell: It has to, Aaron. [01:15] Lauren Mitchell: But it's a double-edged sword. [01:17] Lauren Mitchell: While Anthropic is focused on defense, you know, the same logic applies to the adversary. [01:23] Lauren Mitchell: This tool doesn't auto-apply fixes yet. [01:26] Lauren Mitchell: Developers still have to approve changes, but the speed of detection is revolutionary. [01:32] Lauren Mitchell: Chad, how does this play into the critical flaws we're seeing exploited right now, [01:36] Lauren Mitchell: like that beyond trust vulnerability? [01:39] Chad Thompson: The problem is the window between discovery and exploitation. [01:43] Chad Thompson: We saw with CVE-2026-1731 in Beyond Trust products that exploitation began within 24 hours of the proof of concept going public on February 10th. [02:00] Chad Thompson: When AI starts finding these flaws even faster, the patching cycle we're used to becomes obsolete. [02:06] Aaron Cole: That beyond-trust flaw has a CVSS of 9.9, and it's already being used to deploy malware like SparkRat. [02:16] Aaron Cole: It's a direct line to what happened at the University of Mississippi Medical Center. [02:21] Aaron Cole: This past Thursday, a ransomware attack forced them to close all 35 of their clinics. [02:27] Aaron Cole: Doctors are back to pen and paper. [02:29] Lauren Mitchell: Mm-hmm. And it's not just healthcare, Aaron. [02:33] Lauren Mitchell: Chip testing giant Advantest was also hit by ransomware recently. [02:37] Lauren Mitchell: These aren't isolated incidents. [02:39] Lauren Mitchell: They're attacks on the critical supply chain. [02:41] Lauren Mitchell: It underscores why the technology sector is seeing a massive surge in threats. [02:46] Lauren Mitchell: Rod Ware's report this week shows DDoS attacks jumped 168% in 2025. [02:53] Chad Thompson: That's 139 attempted incidents per day per customer. [02:59] Chad Thompson: From a systems perspective, we're seeing a volume of attacks that makes manual intervention impossible. [03:05] Chad Thompson: Whether it's DDoS or the 700 ATM jackpotting attacks the FBI just warned about, [03:11] Chad Thompson: the theme is automated. [03:12] Chad Thompson: High frequency exploitation of physical and digital infrastructure. [03:16] Aaron Cole: For sure. The legal and regulatory response is trying to keep up. [03:21] Aaron Cole: CISA announced new town hall meetings for March and April to get feedback on CIRCA reporting rules. [03:29] Aaron Cole: They want to clarify that 72-hour incident reporting window. [03:33] Aaron Cole: Meanwhile, Bumble is facing a class action lawsuit over a shiny hunter's breach, [03:38] Aaron Cole: and the French government just admitted 1.2 million bank accounts were exposed. [03:42] Lauren Mitchell: It's a reminder that even government registers aren't safe. [03:46] Lauren Mitchell: As we look at the fuel tests for Artemis, one eye, it's clear we're pushing boundaries in every sector. [03:53] Lauren Mitchell: But our digital foundations are under constant pressure. [03:57] Lauren Mitchell: Chad, any final thoughts on where leaders should focus their resilience efforts as we move deeper into 2026? [04:04] Chad Thompson: Focus on the blast radius. [04:07] Chad Thompson: You can't stop every bug, especially with AI-powered discovery. [04:10] Chad Thompson: But you can control what happens once a vulnerability is found. [04:15] Chad Thompson: Resilience is about the recovery speed, not just the shield. [04:20] Chad Thompson: Thanks for having me. [04:21] Aaron Cole: Urgency is the word of the day. [04:24] Aaron Cole: Be sure to check out PCI.neuralnewscast.com for more deep dives. [04:29] Aaron Cole: Catch us next time for more insights. [04:32] Aaron Cole: I'm Aaron Cole. [04:33] Lauren Mitchell: And I'm Lauren Mitchell. [04:36] Lauren Mitchell: Stay secure, Aaron. [04:37] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed. [04:42] Lauren Mitchell: View our AI transparency policy at neuralnewscast.com. [04:47] Lauren Mitchell: This has been Prime Cyber Insights on Neural Newscast, [04:51] Lauren Mitchell: Intelligence for Defenders, Leaders, and Decision Makers. [04:54] Lauren Mitchell: Neural Newscast uses artificial intelligence in content creation [04:58] Lauren Mitchell: with human editorial review prior to publication. [05:01] Lauren Mitchell: While we strive for factual, unbiased reporting, AI-assisted content may occasionally contain [05:07] Lauren Mitchell: errors. Verify critical information with trusted sources. Learn more at neuralnewscast.com.