SANS Institute

Rob T. Lee is on the byline of something Aspen Digital published today alongside former National Security Agency Cybersecurity Director Rob Joyce, ex-CISA Executive Assistant Director Jeff Greene, and Sophos CEO Joe Levy. Two weeks ago, Gadi Evron and Rich Mogull drove 60+ contributors through a weekend to build "The AI Vulnerability Storm" for practitioners. This paper is its boardroom counterpart. Same threat. Different audience. The argument isn't that everything changed, but that the skill floor dropped. Adversaries who previously lacked the expertise to reliably find and exploit vulnerabilities now have it. The bottleneck on the defender side has always been organizational, and that problem just got more expensive to ignore. The paper leads with governance for exactly that reason. Eleven questions in here for executives to put to their security teams. They sound simple. "If everything went down tomorrow, how long before we're operational, and have we actually tested that?" Most organizations find they can't answer cleanly when pressed. If your security team has already read the CSA paper, this is what you hand the board. Links in comments.

New episode out now 🎙️ James Lyne and Ciaran Martin sit down with three heavyweights — Gadi Evron, Rob T. Lee, and Ed Skoudis — to unpack the Claude Mythos paper and what AI-driven vulnerability discovery really means for the security teams on the front lines. This isn't a theoretical debate. It's a frank conversation about whether defenders are moving fast enough — and what needs to change if they're not. What's covered: → What the Mythos findings actually mean for cyber teams → How AI is reshaping the economics of vulnerability research → Why the human element in security isn't going anywhere — yet → What CISOs and security leaders should be doing right now Three of the most respected names in the industry. One conversation you need to hear. 🎧 Listen Now → https://go.sans.org/WvnJ0y #CyberLeaders #AI #VulnerabilityManagement #SANSInstitute #Mythos

This week, SANS Institute is supporting a major NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) cyber exercise, which underscores the growing need for realistic, hands-on cyber defence training. By delivering live systems and simulated environments, SANS is helping participants defend complex IT and operational technology under real-world pressure. As SANS notes, “Cyber defence can’t be learned in theory alone. High-fidelity, live-fire exercises are critical to preparing teams for the speed, scale and complexity of modern attacks.” Read more: https://bit.ly/4sFJq8R

Two episodes you do NOT want to sleep on this week. The threat landscape is moving fast. These conversations will help you keep up.

In industrial control systems, stress has real-world consequences. SANS Senior Instructor Justin Searle explains that protecting critical infrastructure means safeguarding lives, the environment, and societal stability. Under pressure, the priority is clear: do the right thing, at the right time, for the right systems. Join Justin May 11 - 16 at SANS Security West and build the skills required to defend what matters most. Register today: https://go.sans.org/omMHHC #SANSSecurityWest #SANSLiveTraining

After hundreds of conversations with global security leaders, the feedback was consistent: we need a roadmap for the AI era. It was an incredible honor to stand on the SANS AI Summit stage and finally share what I’ve been working on. On May 12th, we are officially releasing the SANS AI Security Maturity Model. This model is built on the front-line experiences of CISOs navigating this shift in real-time. If you’ve felt the pressure of securing the "AI revolution," I hope this brings the confidence and clarity you and your team deserves. A huge thank you to all of the reviewer and my fellow SANS Institute teammates that helped bring this to reality. Check the comments for a link to stay updated on the launch.

Imagine defending a power grid while it’s under attack, knowing every decision could impact millions of people. That’s the reality teams face at NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)’s #LockedShields2026. #SANSInstitute has built a live environment where defenders must keep the lights on, communications running, and systems stable — all under pressure. Because when cyber attacks hit critical infrastructure, the consequences are felt far beyond the network. Read more: https://go.sans.org/LHCmOH

New episode out now. 🎙️ As three of the world's most potent cyber actors clash militarily, the rules of engagement have fundamentally changed. In this special episode of SANS Cyber Leaders Podcast, James Lyne and Ciaran Martin are joined by Tim Conway, ICS Curriculum Lead & Fellow at SANS Institute, to unpack the cyber dimensions of the Iran conflict and what it means for defenders right now. This one is essential listening for anyone responsible for critical infrastructure, OT environments, or board-level security decisions. Listen Now → https://go.sans.org/1VWJxg #CyberLeaders #SANSInstitute #Cybersecurity #ICS #OTInfrasctructure

What does AI-enabled pen testing actually find on a codebase your team already cleared last year? Ed Skoudis and his team have been running that experiment for 15 months. On one retest, they found five critical vulnerabilities on day one in a system that had been thoroughly tested by skilled humans the year before. Authentication bypasses, broken access controls, race conditions, all hiding in obscure workflows that no standard testing path would reach. The AI grinds through edge cases across 1.7 million lines of code, including UI written entirely in Chinese, without losing focus. The human testers bring the judgment and verification that keeps the findings real. Ed Skoudis's estimate for what comes next: 20 to 40 times the current volume of new vulnerabilities within the year. Open-source flaws cascading into every commercial product built on top of them. AI-assisted analysis of closed-source binaries within 6 to 12 months. Vulnerability management programs built for a handful of CVEs per week were not designed for that world. What does your patching pipeline look like at 30x volume? Ed's team documented the full 5-step workflow, including the one step most teams skip that makes or breaks the results. Full methodology here 👇 https://go.sans.org/Gforml #Cybersecurity #PenTesting #VulnerabilityManagement

"The opposite of security isn't being not secure. It's convenience." - Chris Cochran SANS Field CISO & VP of AI Security Chris Cochran delivers an unfiltered look at why the AI security gap is widening, and what leaders need to do right now on the latest episode of the Cybersecurity Readiness Podcast with Dr. Dr. Dave Chatterjee, Ph.D. Key takeaways: → “You can't secure what you can't see,” AI asset visibility is the #1 critical gap → Existing controls don't cover AI risk. Full stop. → Agentic AI introduces governance challenges most orgs aren't ready for, but even a two-person AI governance council beats no structure at all → Security must be embedded at model selection, not after deployment Listen to the full episode 🎙️ 🔗 https://lnkd.in/eYx64Qh8 #Cybersecurity #AIRisk #CISO #AISecurity