<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>AI and Security on CybersecurityOS</title><link>http://www.cybersecurityos.net/categories/ai-and-security/</link><description>Recent content in AI and Security on CybersecurityOS</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Wed, 08 Jul 2026 17:19:19 -0500</lastBuildDate><atom:link href="http://www.cybersecurityos.net/categories/ai-and-security/index.xml" rel="self" type="application/rss+xml"/><item><title>AWS Security Agent: Continuous Penetration Testing and Threat Modeling for the AI Development Era</title><link>http://www.cybersecurityos.net/posts/os-weekly/aws-security-agent-overview/</link><pubDate>Thu, 25 Jun 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/aws-security-agent-overview/</guid><description>&lt;p&gt;Most security programs are still built around a calendar, not a codebase. A pen test gets scheduled once or twice a year. A design review happens at a milestone meeting. By the time either one produces a finding, the application it was testing has already shipped four more releases.&lt;/p&gt;
&lt;p&gt;That mismatch isn&amp;rsquo;t a staffing problem — it&amp;rsquo;s a structural one. AWS&amp;rsquo;s own teams have pointed out that &lt;a href="https://aws.amazon.com/blogs/aws/new-aws-security-agent-secures-applications-proactively-from-design-to-deployment-preview/"&gt;more than 60% of organizations update their web applications weekly or more often, while nearly 75% test those same applications only monthly or less&lt;/a&gt;. Manual review simply can&amp;rsquo;t move at the speed code ships. &lt;strong&gt;AWS Security Agent&lt;/strong&gt; is AWS&amp;rsquo;s answer to that gap — and it&amp;rsquo;s worth understanding regardless of which cloud you run on, because the underlying shift it represents is bigger than one vendor&amp;rsquo;s product.&lt;/p&gt;</description></item><item><title>The Frontier, Split in Two: What Claude Fable 5 and Mythos 5 Mean for Cybersecurity</title><link>http://www.cybersecurityos.net/posts/os-weekly/claude-fable-5-mythos-5-cybersecurity/</link><pubDate>Wed, 10 Jun 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/claude-fable-5-mythos-5-cybersecurity/</guid><description>&lt;p&gt;On June 9, 2026, Anthropic did something it had never done before: it shipped a &lt;strong&gt;Mythos-class model to the public&lt;/strong&gt;. &lt;a href="https://www.anthropic.com/news/claude-fable-5-mythos-5"&gt;Claude Fable 5 and Claude Mythos 5&lt;/a&gt; are the same underlying model wearing two very different sets of guardrails — and that single design decision says a lot about where frontier AI and cybersecurity are headed.&lt;/p&gt;
&lt;p&gt;For security leaders, defenders, and anyone building a career in this field, this isn&amp;rsquo;t just another model release. It&amp;rsquo;s a preview of how the most capable systems will be governed when their cyber capabilities outrun the safety norms we&amp;rsquo;ve relied on.&lt;/p&gt;</description></item><item><title>SPECTRA: AI-Powered Vulnerability Triage That Actually Works for Security Teams</title><link>http://www.cybersecurityos.net/posts/os-weekly/spectra-overview-claude-ai-security/</link><pubDate>Sun, 10 May 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/spectra-overview-claude-ai-security/</guid><description>&lt;p&gt;Security teams are not losing the fight because of bad tools. They&amp;rsquo;re losing it because of volume.&lt;/p&gt;
&lt;p&gt;In 2025, &lt;a href="https://securityboulevard.com/2026/03/46-vulnerability-statistics-2026-key-trends-in-discovery-exploitation-and-risk/"&gt;131 new CVEs were disclosed every single day&lt;/a&gt; — up from 113 per day the year prior. Meanwhile, the &lt;a href="https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study"&gt;global cybersecurity workforce gap has reached 4.8 million unfilled positions&lt;/a&gt;, and &lt;a href="https://deepstrike.io/blog/cybersecurity-skills-gap"&gt;budget cuts — not lack of talent — are now the primary driver of security team understaffing&lt;/a&gt;. The signal is buried in the noise, and analysts spend more hours normalizing scanner outputs and writing summaries than actually remediating risk.&lt;/p&gt;</description></item><item><title>Top 5 Claude AI Use Cases for Startup Cybersecurity Teams in 2026</title><link>http://www.cybersecurityos.net/posts/os-weekly/claude-ai-use-cases-startup-cybersecurity-2026/</link><pubDate>Sat, 25 Apr 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/claude-ai-use-cases-startup-cybersecurity-2026/</guid><description>&lt;p&gt;The cybersecurity landscape shifted dramatically in 2026. With the launch of &lt;a href="https://www.anthropic.com/news/claude-code-security"&gt;Claude Code Security&lt;/a&gt; in February and the subsequent release of &lt;a href="https://www.anthropic.com/glasswing"&gt;Claude Mythos Preview&lt;/a&gt; through Project Glasswing, AI-powered security is no longer a luxury reserved for enterprise teams with eight-figure budgets.&lt;/p&gt;
&lt;p&gt;For startup security teams — often a single overworked engineer or a small group managing compliance, code review, vendor risk, and incident response simultaneously — Claude has become a genuine force multiplier. But the internet is full of surface-level takes on &amp;ldquo;AI for security.&amp;rdquo; This isn&amp;rsquo;t that.&lt;/p&gt;</description></item><item><title>Cybersecurity Careers, AI in the SOC, and the Future of GRC</title><link>http://www.cybersecurityos.net/posts/os-weekly/cyber-careers-2025/</link><pubDate>Thu, 02 Oct 2025 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/cyber-careers-2025/</guid><description>&lt;p&gt;I recently had an incredibly energizing conversation with my mentee &lt;strong&gt;Gabriel A&lt;/strong&gt;, an emerging cybersecurity professional with a strong passion for AI, cloud security, and governance, risk, and compliance (GRC).&lt;/p&gt;
&lt;p&gt;What stood out most was his curiosity and willingness to question assumptions about the industry.&lt;/p&gt;
&lt;p&gt;Our discussion went far beyond just “jobs” in cybersecurity.&lt;/p&gt;
&lt;p&gt;We explored where the field is heading, how emerging technologies are reshaping security roles, and the strategies someone entering the industry can use to ride the wave instead of being left behind.&lt;/p&gt;</description></item><item><title>Cyber Resilience in Real Time: New Realities, Rapid Responses, and Next-Gen Strategies</title><link>http://www.cybersecurityos.net/posts/os-weekly/cyber-resilience-real-time/</link><pubDate>Sun, 13 Jul 2025 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/cyber-resilience-real-time/</guid><description>&lt;h2 id="the-new-landscape-of-cyber-threats"&gt;The New Landscape of Cyber Threats&lt;/h2&gt;
&lt;p&gt;Cybersecurity today is no longer confined to firewalls and antivirus software—it’s a high-speed, high-stakes chess match where defenders must anticipate every move before it happens. The latest developments, from coordinated international takedowns of ransomware gangs to the disturbing failure of legacy alarm systems, serve as a stark reminder: outdated defenses are liabilities, not safeguards.&lt;/p&gt;
&lt;p&gt;As threats grow faster and more adaptive, your strategy must evolve just as quickly. If you&amp;rsquo;re still relying on reactive playbooks, you’re already behind. In this post, we break down three critical shifts in the cyber landscape—and offer a forward-thinking framework that CISOs, analysts, and up-and-coming professionals can&amp;rsquo;t afford to ignore.&lt;/p&gt;</description></item><item><title>Turbocharge Your Container Security with NVIDIA's NIM Agent Blueprint</title><link>http://www.cybersecurityos.net/posts/ai-devsecops/nvidia-container-security/</link><pubDate>Thu, 17 Oct 2024 23:29:07 -0500</pubDate><guid>http://www.cybersecurityos.net/posts/ai-devsecops/nvidia-container-security/</guid><description>&lt;p&gt;Let’s be real—cybersecurity is getting crazier by the day. The number of vulnerabilities out there is skyrocketing, and keeping up with them is like playing whack-a-mole on expert level. By the end of 2023, the CVE database was pushing past 200K reported vulnerabilities. Now, imagine trying to sift through hundreds of data points just to assess a &lt;em&gt;single&lt;/em&gt; container for risks. Yeah, no thanks.&lt;/p&gt;
&lt;p&gt;But here’s the good news: NVIDIA’s cooking up something that’ll make your life a whole lot easier—and faster. The &lt;strong&gt;NIM Agent Blueprint&lt;/strong&gt; is an AI-driven, GPU-powered answer to container security woes, turning the days-long process of vulnerability analysis into a matter of seconds. Seconds! That’s the kind of efficiency every security team needs in their arsenal.&lt;/p&gt;</description></item><item><title>The Power of AI in DevSecOps: Building Secure Applications Faster</title><link>http://www.cybersecurityos.net/posts/ai-devsecops/ai-impact-on-devsecops/</link><pubDate>Wed, 25 Sep 2024 23:29:07 -0500</pubDate><guid>http://www.cybersecurityos.net/posts/ai-devsecops/ai-impact-on-devsecops/</guid><description>&lt;p&gt;As artificial intelligence (AI) rapidly advances, its profound implications for these practices offer unprecedented opportunities to further strengthen our security posture and streamline processes.&lt;/p&gt;
&lt;p&gt;In this post I will focus on the transformative integration of DevSecOps and how the shift-left philosophy has fundamentally enhanced how organizations approach security throughout the software development lifecycle.&lt;/p&gt;
&lt;h2 id="understanding-devsecops-and-shifting-left"&gt;Understanding DevSecOps and Shifting Left&lt;/h2&gt;
&lt;p&gt;DevSecOps integrates security practices within the DevOps process, ensuring that security is a shared responsibility throughout the software development lifecycle.&lt;/p&gt;</description></item></channel></rss>