Security Perspectives

Security Perspective

Accidental Engineer: Building My First Hardware Tool the Hard Way

Mar 17, 2026

I set out to build a rugged badge-cloning tool for field use, with zero hardware background. This is the story of learning electrical engineering from scratch, navigating bad assumptions, and discovering that curiosity, persistence, and hands-on testing can take you further than you think.

By Raf Marconi

Security Perspective

Winning CTFs: A Proving Ground at HackMex & Ekoparty

Mar 13, 2026

CTF competitions push offensive security skills to their limits. In 2025, the Bishop Fox Mexico team claimed first place at both HackMex Finals and EkoParty Red Team Space. Discover how the team navigated web exploitation, infrastructure compromise, and AWS attack paths to win.

By Luis De la Rosa Hernandez

Security Perspective

Introducing CloudFox GCP: Attack Path Identification for Google Cloud

Feb 26, 2026

Meet CloudFox GCP, an offensive security tool built to map identities, enumerate resources, and uncover real attack paths in Google Cloud. Designed for practitioners, it exposes privilege escalation, lateral movement, and data exfiltration risks so you can secure GCP before attackers exploit it.

By Joseph Barcia

Security Perspective

AI & Security Risks: Reviewing Governance and Guardrails

Feb 19, 2026

Moving fast with AI is easy. Governing it isn’t. In this discussion, security and AI leaders share real-world lessons on inventory, least privilege, measurable outcomes, and building guardrails before scaling adoption.

By Bishop Fox

Product

Most Security Programs Test a Fraction of Their Applications. That Changes Today.

Feb 9, 2026

Bishop Fox's Rob Ragan explores how Cosmos AI transforms application security testing from a logistical bottleneck into a scalable service—enabling organizations to test entire portfolios.

By Rob Ragan

Security Perspective

Get the Most from Testing Your Applications

Feb 4, 2026

Pen tests don’t fail because testers miss bugs. They fail when no one agrees what questions the test should answer. In today’s cloud- and AI-driven apps, scoping, execution, and follow-through determine whether results drive real decisions or just become another filed report.

By Bishop Fox Researchers

Security Perspective

Why the Board Belongs in the War Room: The Untapped Value of Crisis Readiness

Jan 22, 2026

Boards may not be on the front lines, but they’re always in the blast radius. Crisis simulations help directors experience uncertainty firsthand, strengthening governance, trust, and decision-making before headlines hit.

By Justin Greis

Security Perspective

What to Look for in a Red Team Vendor

Jan 8, 2026

Red team proposals often look the same. The outcomes rarely are. If you’re trying to avoid surprises, defend security decisions, and gain real confidence, choosing the right red team partner matters more than ever. Here’s what separates signal from noise.

By Bishop Fox

Security Perspective

Bishop Fox Wrapped: Research Worth Replaying

Dec 23, 2025

This is Bishop Fox Wrapped. A snapshot of the research, blogs, virtual sessions, and tools that security teams kept coming back to, and what that tells us about what they needed this year.

By Bishop Fox

Security Perspective

A Hacker Holiday Gift Guide: 2025 Edition

Dec 10, 2025

Shopping for a hacker? Skip the gimmicks. Here are the tools, training, and books they actually want: Flipper Zero, Proxmark3, Shodan, HTB, and must-read vuln research picks, perfect for deal-season lab upgrades.

By Bishop Fox

Security Perspective

What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams

Dec 3, 2025

2026 will hit cybersecurity like a fast-forward button: AI moves quicker than governance, attack surfaces sprawl into the physical world, and red teams get hyper-specialized. Here’s what’s coming—and how to stay ahead before “optional” becomes “too late.”

By Vincent Liu, Christie Terrill, Kelly Albrink, Trevin Edgeworth, Dan Petro

Security Perspective

A Note on AI from Christie Terrill, CISO, Bishop Fox

Nov 25, 2025

After a month of conferences and CISO conversations, one thing is clear: AI is reshaping security—fast. But the excitement comes with uncertainty, risk, and big unanswered questions. Here’s what leaders are really saying.

By Christie Terrill

Security Perspective

Ready to Hack an LLM? Our Top CTF Recommendations

Nov 5, 2025

The best way to understand LLM vulnerabilities isn’t by reading, it’s by hacking. Explore our top CTF and sandbox picks to safely test prompt injections, jailbreaks, and model exploits while sharpening your AI security skills.

By Luke Sheppard

Security Perspective

Invasion of the Face Changers: Halloween Hijinks with Bluetooth LED Masks

Oct 30, 2025

This Halloween, Bluetooth LED masks promise eerie fun — until anyone with a pocket-sized controller can change your face. I built one. Read how a common BLE flaw turns glowing costumes into prankable (and revealing) security lessons.

By Nathan Elendt

Security Perspective

Small Actions, Big Breaches: The Silent Offensive Against Your data

Oct 17, 2025

AI and SaaS have transformed how people work, but security hasn’t kept up. New data shows most data exposure now stems from human behavior—copy, paste, and upload actions inside unmanaged browsers and AI tools.

By Bishop Fox

Security Perspective

SaaS Threats are Escalating: A Follow-Up to Our Recent Analysis

Oct 14, 2025

SaaS attacks are accelerating fast. Our latest research and fireside chat with experts from AppOmni and Bishop Fox expose how threat actors are exploiting OAuth, targeting admins, and moving laterally across cloud apps—and what defenders can do to stop them.

By Christie Terrill

Security Perspective

Burp Variables: A Burp Suite Extension

Oct 10, 2025

Burp Suite has long been the industry standard for web application testing, thanks in large part to its extensibility. Bishop Fox has built on that tradition with Burp Variables, a new extension that fills a major gap in Burp’s workflow: variable handling.  

By Bishop Fox

Security Perspective

What Does “Good” Look Like in Red Teaming

Sep 22, 2025

Most red team exercises fail to deliver real value. They check compliance boxes but don't address actual business risks. Learn the difference between good and bad offensive security, plus the strategic framework that transforms red teaming from expense into ROI.

By Trevin Edgeworth

Security Perspective

State of the SaaS Security Union

Sep 16, 2025

Two threat groups are exploiting SaaS at scale: one with phishing and data theft, the other with nation-state level tactics exploiting integrations and credentials. Here’s what you need to know and how to protect against the next wave.

By Brian Soby Bio

Security Perspective

The Top Reasons Security Leaders Choose Red Teaming

Aug 27, 2025

Security leaders are turning to red teaming to test defenses against real-world adversaries. From validating investments to sharpening blue team skills, discover why this strategy is becoming a must-have for organizations serious about cyber resilience.

By Trevin Edgeworth

Security Perspective

From Talent Shortage to Cybersecurity Talent Pipeline

Aug 21, 2025

Cybersecurity faces a paradox: millions of jobs go unfilled while eager newcomers struggle to break in. This blog explores why the gap exists—and how mentorship, realistic hiring, and early-career programs can transform the shortage into a sustainable talent pipeline.

By Alethe Denis

Security Perspective

Building Security at Scale: The AppExchange Story

Aug 11, 2025

In our interview hosted by Bishop Fox CEO Vinnie Liu with guests Brendan O’Connor, CEO of AppOmni and James Dolph, CISO at Guidewire, we uncovered the fascinating origin story of Salesforce's AppExchange.

By Bishop Fox Researchers

Security Perspective

The Promise and Perils of AI: Navigating Emerging Cyber Threats - A Dark Reading Panel

Apr 16, 2025

This video showcases leading voices in cybersecurity explaining their examinations into how AI is simultaneously transforming cyber defense and supercharging attacker capabilities. Together, they explored how GenAI is reshaping the threat landscape and what security leaders must do to adapt.

By Rob Ragan

Security Perspective

From Dial Tone to Throne: IVR Testing in the Spirit of The King of NYNEX

Feb 5, 2025

Explores IVR penetration testing methodologies, common vulnerabilities, and strategies to secure these critical systems against modern threats.

By Alethe Denis