Episode 190: Separating Mythos AI Fact from Fiction

 

 

In episode 190 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Brian Calkin, Chief Technology and Innovation Officer at the Center for Internet Security^® (CIS^®). Together, they separate fact from fiction around artificial intelligence (AI) capabilities like Mythos AI and other AI-driven vulnerability discovery tools.

Here are some highlights from our episode:

• 00:50. Greetings to Brian and setting the stage for questions from a CIS webinar
• 03:05. The lack of a unified formula or standard for vulnerability prioritization
• 03:55. The opportunity for defenders to interrupt vulnerabilities chained together
• 05:47. An invitation to better understand your enterprise amid the "slopdemic"
• 06:33. How AI guardrails tie back into security best practices
• 10:15. How a fundamental practice we can refine is the best counter to chained attacks
• 12:25. The value of the CIS Community Defense Model and a teaser for Version 3
• 14:50. Mythos AI vs. Static Application Security Testing (SAST) in terms of practice and time
• 19:08. Visibility, governance, and prioritization: Three elements of a "prepared" environment
• 24:32. "One to one" cyber defense as a losing battle
• 27:25. The importance of knowing your dependencies with open-source software
• 33:15. Threat actor economics and the ongoing debate around responsibility in cybersecurity

Resources

• Mythos AI: What Actually Matters for Cybersecurity Leaders
• Secure by Design
• CIS Critical Security Controls^®
• CIS Community Defense Model 2.0
• Episode 185: AI Prompt Injection from a Risk Perspective
• Living off the Land: Threats Looming From Within
• Turn Intel Into Action: CIS Controls and the 2026 Verizon DBIR
• Implementation Guide for Small- and Medium-Sized Enterprises CIS Controls IG1
• Information Technology and Information Security Governance

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].