Hello everyone,
and welcome to the CyberCompare Market Commentary. AI, Dotcom vibes included + free delivery.
Has there ever been a more exciting time than now for our industry? Handelsblatt, Financial Times and Wall Street Journal – mainstream media of management and business administration Justus, consistently reviled by hardcore IT nerds – now come up with a daily headline on cyber risks from AI. This is wide-reaching lobbying for all of us, better than any marketing team. Thank you!
Whether it’s the largest bank in the world (J.P. Morgan) or the largest book value in the world (Berkshire Hathaway), respected CEOs are drawing the attention of their shareholders to increased cyber risks. In my view, this is a huge opportunity for CISOs to stock up on newspaper snippets + quotes in order to use this momentum to increase their budgets and staff . Without scaremongering, but with a plan.
In my opinion, the most balanced reporting specifically on Mythos so far comes from the UK AI Security Institute, after extensive testing:
- Capture the Flag challenges at expert level were solved by Mythos in about 3/4 of all attempts – incrementally better than older models
- A significant improvement could be demonstrated in the chaining of 32 attack steps (task “The Last Ones”): Mythos managed to do this completely in 3/10 attempts, but at a token cost of around 1-2 thousand EUR/attempt, if I calculated correctly. The authors estimate the effort for a human expert for the solution to be about 22 hours, which would mean that price parity would be achieved. Apparently, the model was not yet in the red speed range (but the budget of the institute was, so the token consumption was curtailed)
- Of course, the attacks are noisy and there were no defensive measures in the laboratory tests. Attacks on automation technology have probably not yet worked either. So there is still room for improvement.
If you want to lull yourself into a sense of security with raised eyebrows and a skeptical connoisseur’s eye, The Boy That Cried Mythos is currently the best arguments for the fact that the whole uproar is exaggerated. Key points: Too much text fluff and trivial findings, too little substance and reproducible results.
Funnily enough, however, access to Mythos for other companies is prevented by the US government, while the DoD uses it diligently. So it doesn’t seem to be quite that bad. But even if the model doesn’t deliver as much as the marketing promises, does anyone seriously believe that we won’t see any more technical progress from now on? I’m still in the “Emergency Drill Now” camp.
Github’s illuminating description of its threat model for the use of AI agents and the implications from it fits in with the practical recommendations for action. Basically, the security architecture assumes that the agent is compromised (possibility of arbitrary code execution) because prompt injection is a previously unsolvable problem. This results in a variety of technical measures, e.g.:
- Multi-level insulation. Every operating system, FW, API proxy or MCP gateway runs in a hardened container. Above this is a configuration layer that ensures, for example, that no secrets are loaded into the agent container.
- Agents can never commit code directly. But only load 2 MCP servers into a buffer (the first of them read only). A deterministic algorithm then checks whether the output corresponds to the purpose that the workflow author (= owner of the agent) has to define in advance. Example: The AI agent is supposed to comment on code. Then he is not allowed to write a pull request. Further check loops are carried out, e.g. for secret scanning and resource load. Â Â
We all struggle (not only since Gen AI) with the prioritization of longer vulnerability lists. CTEM, Attack Path Management, RBVM, Adversarial Exposure Management, BAS, Automated Pen Test and Validation Tools etc. are intended to help us focus our limited resources on the problem areas that are challenging (“Exploitability + Blast Radius”).
Here is an exciting experiment at FIRST VulnCon, briefly summarized by Maggie Morganti (Head of Product Security at WorldPay):
- 5 teams of experts were given the same vulnerability database, with the task of prioritizing the 10 most important CVEs. The teams were able to use all the tools they wanted
- Result: Only 1 vulnerability was unanimously considered the top 10 by all teams
- This raises the question of whether a black box AI is really that much worse than the typical expert commission. Personally, I have already been able to improve the quality of decision-making (and my blood pressure readings) on some boards by proactively leaving the group. 😉
Hypothesis I’m not quite sure about yet – like to challenge: With generative AI on both sides, the benefit of deception technology (honey / canary tokens etc.) increases because it can be used to reduce false positives. So this will be an enabler for AI Assisted SOCs, where a high proportion of the analyses are carried out by AI agents. I suspect we will soon see solutions in which AI also lays out, modifies and deletes bait in near real-time – based on probable attack paths. In the research stage and tests, this probably already works.
And if someone wants to go deeper into cloud security in the Swabian way instead of leaving it to AI: TrustOnCloud now offers the recommended CSPM configuration rules for Azure, AWS and GCP free of charge in addition to threat models for > 250 cloud services. Apparently, that’s 3x the number that Wiz currently has in its luggage by default.
Interesting side note about the CNAPP market from the article: Most of TrustOnCloud’s customers use Wiz – coincides with Wiz’s own data that about 40% of the Fortune100 are customers, a real dream rate. Google has acquired each of the ~1. 600 customer companies valued at just under USD 3 million (as an intangible asset). In the German-speaking cyberspace, on the other hand, there are so far only a few MSSPs that have expertise in the Wiz / Google SecOps stack, e.g. SureSecure, Kudelski, NTT or Accenture.
M&A Headlines:
- Landis+Gyr sells Rhebo to the investor Everfield from the UK, which had already taken over Ondeso => Real synergies in marketing, sales and development possible
- Silverfort acquires Fabrix (Continuous Access Control @ Runtime)
- PE Investor Bridgepoint Acquires Carlyle’s Stake in iC Consult
- Airbus Defence & Space acquires Quarkslab (specialized services and solutions for IIoT + AppSec + IP Protection from France). Good catch from my point of view – it’s also interesting that it wasn’t bought by Airbus Protect, so apparently it’s more intended to strengthen its own product development
- Palo Alto buys Portkey (one of the leading AI gateways)
- Cyera (Data Securityity) acquires Ryft (Data Lake especially for AI agents, with e.g. access control)
- CyberCatch (Continuous Security Validation) is bought by Datavault.AI (a data exchange on the blockchain, wow!)
- Exabeam founder Nir Polak, along with other industry leaders, is investing in Spectrum Security (SIEM/EDR add-on to simplify detection engineering + maintenance)
- Cloudsmith (Secure Software Development + Distribution incl. artifact management from Northern Ireland) receives another ~70 million in funding, so I’m sure it’s a unicorn
- Bug Bounty Switzerland gets ~15 million, Quointelligence (CTI from Germany) ~7 million
Vendor briefings:
Hoxhunt:
- *ishing/awareness solution from Finland
- > 1000 corporate customers, e.g. Nokia, Airbus, Victorinox, Kärcher, EON, Swisscom
- Approach: Automated approx. 3 emails / month, each adapted to the profile of the MA. Of course, gamified with asterisks / titles that you can win, and small quizzes + micro-trainings
- Direct integration for M365 + Gmail
- Similar for Teams Deep Fake Calls, SMS, Voice in ~40 languages
- Customers can create individual emails, apparently there is also an assistant for this (e.g. to pick up on current topics in the media landscape)
Mint:
- Offensive Security and Interim ISB/CISO Boutique from Germany, approx. 5 employees, founders were previously with the Oetker Group
- Primarily web app + AD pen testing, but also red teaming of SOCs and physical security testing
- Forensics + Recovery Support
Concentric.AI:
- DSPM + DLP solution from USA. (The . AI is important, because under Concentric Security you end up with one of the 3 other possible providers with the name)
- Approx. 400 corporate customers, reference customers including Daikin
- Detection of sensitive data not based on customer-specific patterns / regex, but context-based, of course by AI. For this purpose, ~5000 document types (e.g. CV, payslip, purchase order, sick note…) are preconfigured for automatic recognition with corresponding security policies
- Scannt + filtert Prompts bei Chatbots. Discovery von Chatbots / AI Tools via Browser Extension
- No training based on customer data
Surf.AI:
- Israeli Startup for Security Automation / SecOps
- Currently still few customers, but already some big logos (e.g. Emerson, Cushman & Wakefield, Market Access). Cyberstarts is invested
- Collects all information (e.g. identities, certificates) from connected systems (ITSM, IdP, IaaS, SaaS)
- On this basis, agent workflows (e.g. for system hardening, decommissioning of users, renewal of certificates, tracking of patching processes) can then be created
As always, questions, suggestions, comments, experience reports, topic requests and also opposing opinions or corrections are welcome by email. Ditto for unsubscribing from the mailing list.
For the people who have received the market commentary for the first time: Here you can register if you are interested or do the spring cleaning in the archive.
Best regards,
Jannis Stemmann
