CyberCompare Marktkommentar#41: What now?

Hello everyone,

in case anyone missed the last issues of the Market Commentary: Of course, this could be due to the fact that we are guided by Anthropic‘s best practices and no longer simply publish our extremely explosive information, but only make😉 it available to an exclusive, illustrious circle of professionals for the time being. But maybe it’s also a factor that I switched from the Bosch to the CyberCompare domain at the turn of the year. For some of you, my emails are therefore now maturing in the quarantine area until the reputation score is back in the yellow-green range.

By the way, what I don’t quite understand about Glasswing is why so few security manufacturers were invited – and relevant players such as Fortinet, Tenable or Qualys were not. Apart from the fact that European companies seem to be fundamentally suspicious, incompetent and/or unimportant , otherwise you would at least have a fig leaf company from the UK or the EU with you. OpenAI with the Trusted Access for GPT 5.4 cyber seems more sympathetic to me, at least at this point.

“A Mythos-ready security program should achieve minimum viable resilience”, meint die Cloud Security Alliance.

Technical skills are currently no longer a bottleneck – if the attackers want, they can switch from the command-line crowbar to digital dynamite for 200 EUR/month. What concrete implications can be derived from this, what can one do at all apart from amazement and resignation? A few thoughts on this – neither with a claim to completeness nor to perfect structure:

• More of the same in prevention + detection:

• Hardening measures and vulnerability fixing now require more than just prioritization over user-friendliness (extreme example: 2-person MFA for admin access). But also simply more resources, at least temporarily. => In my view, this is a huge opportunity for all those who want to take on responsibility in this area. And a huge problem for all those who have to pay for it.
• The sensory side (esp. EDR, NDR, CNAPP, SIEM, SOC) must also be able to detect AI-specific telemetry and anomalies – examples such as MCP server abuse, direct prompt injection or cross-app data movements can be found e.g. from Monad for Claude Code or in detection engineering forums. => Consider the requirements for new tenders, check with existing manufacturers + MSSPs and, ideally, test the capabilities

• But that only helps to a limited extent. Assume Breach will become, at least temporarily, not just a mantra, but a fact for each of us. The probability of occurrence in the risk analyses must realistically be set upwards, at least until a steady state is found again
• This means that at the same time work must be done on the consequences side:

• Just-in-time access to sensitive data with old-school tools. Revival of air gaps, paper-based processes or the USB stick in the safe. Inefficient, but no AI agent can yet crack a mechanical lock. Example: One of our customers owns IP that surprisingly has not yet been stolen by competitors (recipes + process parameters for chemical products). A significant part of the business is based on this. Storing this information in the network would be negligent from now on at the latest
• Delete more and store less, even if that requires process changes . Yes, time-consuming, because it involves detailed reviews of the data concepts and discussions about departmental boundaries. But in my opinion, the bottom line is often more economical than bearing the higher risk. Example: Last week, we changed our diagnostic app so that customer data is deleted 2 weeks after the assessment. Why hadn’t we done this before? Because customers may want to adjust the report later. Because the retention period was set at a flat rate of 6 years, with reference to the HGB. And we’ve always done it that way. For whatever reason: Now, at least in this way, even in the event of a complete compromise, no one can grab a bulk download of several hundred assessments anymore, because the data no longer exists (I hope)
• In general, DSPM products are likely to pay for themselves much faster than before
• More emergency drills, more redundancy, more practical BCM just in case. What does it mean, for example, if the firewall or VPN server has become permeable due to a ~zero day, but this was only detected after a week? What happens in the event of a crash of the SAP system?
• The cyber insurers will probably adjust the premiums upwards asap => As a customer, I would currently use existing extension options at existing conditions . Ditto for incident response retainers, here too I estimate a high increase in demand until supply catches up.

Conclusion: The costs of achieving or maintaining the same level of security as a CISO (expressed as average damage / year in a long-term view) have risen sharply. We will see this in higher sales of security providers and lower profit margins of customers.

For the next few months, the balance of power between budget holders and providers of capacity in the market will change. Because even those who secretly dismiss the topic as scaremongering and a marketing gag by the AI giants: No CISO can afford the career risk of remaining inactive in the face of a generally known increased risk situation. The security-induced fixed cost block and thus the pressure to consolidate smaller companies will continue to increase. If you see it differently or the same way and possibly have practicable approaches: Always feel free to contact us.

In the meantime, there also seems to be a consensus that even the generally available language models are already better at detecting and exploiting CVEs than 99% of the experts (= cheaper + faster + higher hit rates). How can this actually be if the LLM has never been specifically trained for this task? A reviewer from HackerOne has succinctly shared his experiences with it. Core thesis: *The space of ‘LLM-inaccessible’ vulnerabilities is smaller than the security community assumes, and it shrinks with every model generation” :

• In reality, the models are already very specialized (“mix of experts“). Typically, code analysis uses less than ~5% of the parameters – namely the part of the model that has been trained on the basis of code repositories and typical vulnerability classes
• Simultaneous parallel processing on different levels (“attention heads“) creates different perspectives on syntax, meaning of variables, function logic, memory states, etc. So although only the next token is actually guessed, the Transformer uses a weighing process that calculates the probabilities not only on the basis of simple frequencies in the training material
• The model can detect when input from untrusted sources (e.g. free text from User) is processed without sufficient filter functions . Due to the ever-increasing context windows , this tracking of data flows works with steadily increasing probability across modules and libraries
• In reasoning mode, the model iteratively tests different branches in the program flow and assumptions, e.g. different variable values (also via pointers) and if-then conditions, before reaching a conclusion, which is then also cross-checked again (“correctness based reward” in the quality function)
• All this is only statistically approximate (and not exhaustively complete), but due to the machine speed (= many attempts) more than “quite OK”. We also know this from fuzzers as part of DAST or Rainbow Tables, which accelerate brute force attacks – not deterministically, but with a high degree of probability.

What else can pen testers contribute without worsening the result? At the moment, adapted harnesses, consisting of additional information on trust boundaries, typical problems in the system architecture and threat models, are helping. But it seems that the added value of human jockeys will continue to decrease.

M&A section:

• Zurich acquires the specialist insurer Beazley, which is also strong in the cyber business
• Cisco kauft 2 Startups rund um AI Gents Security: Galileo (Agent Observability, Debugging, Reliability) und Astrix (Agent / NHI Identity Lifecycle)
• Artemis receives USD 70 million in funding for the development of an overarching detection platform to detect AI attacks. To this end, a baselining of the entire infrastructure is to be carried out. Sounds a bit like Kai. Or to all XDR/SIEM providers.

Notes from vendor briefings:

Clover:

• Israeli AppSec startup with an innovative approach: Instead of SAST or DAST, the design and threat model (TARA) is used before coding
• Design review documentation (technical architecture diagrams with data flows, user journeys, functional requirements in Confluence or similar) and tickets (e.g. feature requests) serve as input
• Very cool: Can not only import and analyze graphics, but also create graphical schemes of system architecture and communication diagrams from text descriptions
• Intermediate results are then threats with to-dos and code examples (e.g. server side authentication)
• The implementation can also be done directly via integrations with the common coding agents in order to directly adopt the security guardrails and check the implementation
• Demand for Secury by Design Tools should increase significantly with the CRA

SoSafe (Update):

• It’s hard to imagine that someone here doesn’t know SoSafe. If you do: Awareness, phishing sim + e-learning (34 languages), one of the few real German success stories in the security environment
• Approx. 4200 B2B customers (including Rossmann, Schmitz Cargobull, Real), 500 employees
• Focus on compliance with EU legislation (GDPR, accessibility), gamification + easy customization of learning plans and content (e.g. the specific contact persons or processes in the organization). Compete with Microsoft et al. also because of the lower operating costs
• Refresher trainings can be shortened by MA, in which you can jump directly to the quiz
• Phishing (incl. SMS) based on ~1000 templates or completely freely configurable (of course with AI assistance, also based on screenshots of other emails). Vishing / Deep Fake Module for Individual MA is on the Roadmap
• Direct Message Injection for M365 / Google possible
• Licensing model is essentially based on the number of users and training modules, not on the basis of the number of training sessions played

NU7:

• Startup for automated gap assessments (i.e. part of GRC) and cyber risk quantification from Switzerland
• Assessment along ISO 27001, NIST CSF, or individual questionnaires
• However, not according to conformity/deviation, but on the basis of CMMC in 5 maturity levels (“Risk first, compliance second”). Typical use case: Regular internal assessments and e.g. benchmarking of locations
• Users upload e.g. policies, risk analyses, org charts, screenshots of firewall rules or the like, or simply connect file repositories of the evidence
• The AI assistant (model from Mistral, is not trained on customer data, data is encrypted in Frankfurt) then suggests evaluations + recommendations for action
• Financial risks are derived from estimates of NU7 and company data => So not linked to insurance databases, but esp. interesting for SMEs as an order of magnitude
• For interested parties, currently (in my eyes) still very favorable offers with an unlimited number of assessments for a lean solution without great operational effort
• Small friendly team. But I’d worry if this won’t soon become a common feature in most of the ~70 other GRC tools

Seal Security:

• Israeli AppSec startup, previously focused on the US market
• Interesting approach: Backporting patches for new vulnerabilities to old versions of applications and libraries (instead of updating to new versions)
• Known problem yes that SW updates may result in incompatibilities
• Seal’s Secret Sauce is the fully automated tests to functionally secure the code changes and, if necessary, adapt them iteratively
• Of course, this only works if you have access to the source code, and not with all programming languages
• There are also repos for secure packages and minimal images

As always, questions, suggestions, comments, experience reports, topic requests and also opposing opinions or corrections are welcome by email. Ditto for unsubscribing from the mailing list.

For the people who have received the market commentary for the first time: Here you can register if you are interested or amuse yourself in the archive about outrageous misjudgments of the past.

Best regards,

Jannis Stemmann