A Chrome 0-Day, Meta Automates Security Assessments, New Essays, My New Video on Hacking with AI, Ukraine's Asymmetrical Attack, Thoughts on My AI Skeptical Friends, The Dangers of Winning the Wrong Game, and more...

You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade

Read this episode online: https://newsletter.danielmiessler.com/p/ul-483

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Sponsored by Vanta. Vanta takes the busywork out of GRC so you can focus on what actually matters—improving your security, not chasing compliance. https://ul.live/vanta

This isn’t just another AI podcast. It’s about the deeper shift that’s happening in cybersecurity—away from individual tools and dashboards, and toward real-time, comprehensive world models of what we’re trying to protect or attack. I'll walk through how I came to this idea, what it means for security assessments, red teaming, vuln management, and beyond—and why context, not AI, is the actual revolution.

📽️Check out the full video here: https://youtu.be/UwTTcka1Wd8

Topics covered:
Why the core problem in security is organizational knowledge
Unified Entity Context (UEC) as the future architecture
Modular, AI-augmented security stacks
Why every attacker and defender will soon be running one
How this flips the AI conversation on its head

If you care about where hacking, automation, and AI are headed—this is the blueprint.

📬Subscribe for updates about trends and ideas in Cybersecurity, National Security, AI, Technology, and Society👇🏼
https://newsletter.danielmiessler.com/
👉🏻 X (Twitter): https://ul.live/x
👉🏻 Instagram: https://ul.live/ig
👉🏻 BlueSky: https://ul.live/bluesky
👉🏻 LinkedIn: https://ul.live/li

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more...

You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade

Read this episode online: https://newsletter.danielmiessler.com/p/ul-482

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

🔹 Thanks to ProjectDiscovery for sponsoring today’s video. I've been using their tools like Nuclei and Subfinder for years, and now they’ve brought that power to the cloud with a full vulnerability management platform.

➡ Try it yourself at https://ul.live/PD1

For over a decade, I've been exploring how AI and context intersect—and I believe Unified Entity Context (UEC) is the key to unlocking what comes next.

In this podcast, I walk through my journey—from security assessments and AI-powered tools to building real-world demos like Alma and Threshold. The core idea? That most hard decisions are only hard because we lack the necessary context. With rich, accurate, and fresh context, even complex decisions become simple.

If you're building in security, investing in AI, or just trying to understand where things are heading, this concept might reframe everything.

Check out the full video here: https://youtu.be/IHUqk90ch7I

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

What really happened at RSA 2024?

Daniel Miessler and Jason Haddix break it down.

Fresh off a whirlwind RSA week, Daniel sits down with Jason Haddix (Arcanum Information Security) to talk about what mattered—beyond the show floor noise. From off-site innovation summits to real-world AI implementation, this deep dive covers:

-Where the real innovation happened (hint: not on the show floor)
-Key takeaways from the OpenAI and Airbnb AI Security events
-Jason’s talk on AI pentesting methodology and the Prompt Injection Taxonomy
-The future of cybersecurity moats and the risk of AI-native disruption
-Why agents aren’t the main character—data is -DARPA's AIxCC competition and the rise of Cyber Reasoning Systems
-Challenges with evals, autonomous security workflows, and VDP backlash -Behind the scenes at RSA: puppies, parties, burnout, and brutal honesty

They also explore content creation, the future of platform-native context, and why being opinionated (with receipts) matters more than ever in security and tech.

Jason's Company https://arcanum-sec.com

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend

In this episode, I speak with Bar-El Tayouri, Head of AI Security at Mend.io, about the rapidly evolving landscape of application and AI security—especially as multi-agent systems and fuzzy interfaces redefine the attack surface.

We talk about:

• Modern AppSec Meets AI Agents
How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts—and why security now depends on mapping, monitoring, and understanding this entire stack.

• Threat Discovery, Simulation, and Mitigation
How Mend’s AI security suite identifies unknown AI usage across an org, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation.

• Why We’re Rethinking Identity, Risk, and Governance
Why securing AI systems isn’t just about new threats—it’s about re-implementing old lessons: identity access, separation of duties, and system modeling. And why every CISO needs to integrate security into the dev workflow instead of relying on blunt-force blocking.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Chapters:

00:00 - From Game Hacking to AI Security: Barel’s Tech Journey
03:51 - Why Application Security Is Still the Most Exciting Challenge
04:39 - The Real AppSec Bottleneck: Prioritization, Not Detection
06:25 - Explosive Growth of AI Components Inside Applications
12:48 - Why MCP Servers Are a Massive Blind Spot in AI Security
15:02 - Guardrails Aren’t Keeping Up With Agent Power
16:15 - Why AI Security Is Maturing Faster Than Previous Tech Waves
20:59 - Traditional AppSec Tools Can’t Handle AI Risk Detection
26:01 - How Mend Maps, Discovers, and Simulates AI Threats
34:02 - What Ideal Customers Ask For When Securing AI
38:01 - Beyond Guardrails: Mend’s Guide Rails for In-Code Mitigation
41:49 - Multi-Agent Systems Are the Next Security Nightmare
45:47 - Final Advice for CISOs: Enable, Don’t Disable Developers

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

In this episode, I break down what I believe is the emerging structure of the AI-powered world we're all building—consciously or not. I call it the “Four A’s”: Assistants, APIs, Agents, and Augmented Reality. This framework helps make sense of recent developments and where it’s all headed.

I talk about:

1. Digital Assistants That Understand and Optimize Your Life
Your DA (like “Kai”) will know your goals, preferences, health, schedule, and context—and proactively optimize your day, from filtering messages to planning meals or surfacing relevant information in real time.

2. APIs and the Real Internet of Things
Everything becomes an API—from businesses to people to physical objects. Your assistant interacts with these APIs to act on your behalf, turning the world into a navigable ecosystem of services, tools, and resources.

3. Agents and AR Bringing It All Together
Agents act autonomously to complete multi-step goals, and AR glasses will display their outputs contextually as you move through the world.

These systems will collaborate, search, and act—quietly transforming how we live, work, and perceive reality.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

Chapters:

00:00 - The AI Ecosystem We’re Building Without Realizing It
01:33 - Assistant: Your Most Powerful Digital Companion
03:08 - APIs: How DAs Interact with the World
07:54 - Agents: The Step Beyond Automation
11:00 - Augmented Reality: The Interface Layer of the AI Ecosystem
14:20 - Combining APIs, Agents, and UI for Real-Time Situational Awareness
17:17 - Summary: A Unified Ecosystem Driven by the Four A’s
23:36 - Industry Trends: How Companies Like OpenAI, Apple, and Meta Fit In
25:11 - Final Thoughts on Timelines, Winners, and Interpreting AI News

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

In this episode, I walk through a Fabric Pattern that assesses how well a given model does on a task relative to humans. This system uses your smartest AI model to evaluate the performance of other AIs—by scoring them across a range of tasks and comparing them to human intelligence levels.

I talk about:

1. Using One AI to Evaluate Another
The core idea is simple: use your most capable model (like Claude 3 Opus or GPT-4) to judge the outputs of another model (like GPT-3.5 or Haiku) against a task and input. This gives you a way to benchmark quality without manual review.

2. A Human-Centric Grading System
Models are scored on a human scale—from “uneducated” and “high school” up to “PhD” and “world-class human.” Stronger models consistently rate higher, while weaker ones rank lower—just as expected.

3. Custom Prompts That Push for Deeper Evaluation
The rating prompt includes instructions to emulate a 16,000+ dimensional scoring system, using expert-level heuristics and attention to nuance. The system also asks the evaluator to describe what would have been required to score higher, making this a meta-feedback loop for improving future performance.

Note: This episode was recorded a few months ago, so the AI models mentioned may not be the latest—but the framework and methodology still work perfectly with current models.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.