AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

Image
Episode 24  •  Jul 2, 2026  •  48 Min

Cisco Root Access, FortiBleed Credentials, Sparkplug Fuzzing, AI Arms Race

Three stories on the table this week. A Cisco flaw went from disclosure to full root-level exploitation in under twenty-four hours. An initial access broker turned a diagnostic command built into more than 430,000 FortiGate firewalls into a 110-million-credential harvesting operation. And Fable came back online on a shorter leash just as an open-weight Chinese model matched its offensive edge. We also sit down with Bishop Fox's Shad Malloy ahead of his Summercon session to talk about building the first open-source Sparkplug B fuzzer for ICS environments and where AI actually helped. Here's what stood out from the operator chair.

A pre-disclosure heads-up didn't buy defenders time. It bought attackers a scanning window. Cisco flagged a coming patch for Unified Communications Manager days before SSD Secure Disclosure published the technical write-up, but once that proof of concept landed for CVE-2026-20230 (an unauthenticated SSRF in the WebDialer service that chains to root), Defused watched live exploitation begin within 24 hours. The advance warning was a good instinct, but it mostly just told attackers where to start fingerprinting. Defenders were left to guess whether they were even exposed, since WebDialer ships on by default for click-to-call and off everywhere else.

If your org runs Unified CM with WebDialer enabled, treat "we got advance notice" and "we've already been scanned" as the same sentence.

Stale credentials are the vulnerability now, not the CVE. SC Media reported that an initial access broker has harvested more than 110 million credentials from upwards of 430,000 internet-facing FortiGate firewalls since February, using nothing but exposed management interfaces, brute force, and FortiOS's own diagnostic sniffer command. There's no CVE here and no zero-day, just tools operating exactly as documented against devices nobody rotated credentials on in months. The advice (rotate credentials, enforce MFA, pull management planes internal) isn't new. What's new is that parts of the workflow were reportedly built with an open-source, autonomous pen testing agent, which means the distance between "run the tool the vendor documented" and "operate this against half a million devices" just got a lot shorter.

What happens when you hand an AI your fuzzer code, and it tells you to start over? Ahead of his Summercon talk, we caught up with Bishop Fox's Shad Malloy about building the first open-source fuzzer for Sparkplug B, the MQTT-based protocol running smart factories and cold-chain systems. Shad and a colleague put a rough version together in a week, then handed it to Claude Code, which flagged that the original only covered a quarter of the spec and needed rebuilding. The tool that came out of it covers all nine Sparkplug message types, and AI-generated diagrams of the protocol's birth-and-death-certificate handshake made the device-discovery logic legible in a way code review alone hadn't. Shad's bringing the physical hardware lab to Summercon on July 10–11 if you want to put it through its paces yourself.

Pulling one model offline didn't slow the offense-AI arms race. It just handed the pace to someone with no export controls. Forbes reported that within weeks of the U.S. government forcing Fable and Mythos offline over jailbreak concerns, China's Zhipu released GLM-5.2, an open-weight model that reportedly rivals top U.S. frontier models on vulnerability discovery, while Fable's return came with usage caps and a shortened runway that left subscribers furious. The lesson isn't about any one vendor's guardrails. Offensive-AI capability is diffusing whether or not the country that built it agrees to sell it, and an open-weight model with no vetting layer doesn't respect an export control. Defenders now have to assume the attacker's tooling is roughly as capable as the best defensive AI they can license, not months behind it.

Security Headlines:


Sean McMillan Headshot

Sean McMillan

Community Manager

Sean McMillan is Community Manager at Bishop Fox, focused on making complex security topics easier to understand and more interesting to follow. He holds a bachelor’s degree in Mass Communication and Media Studies from Arizona State University and brings over a decade of experience in podcasting, live hosting, and audience engagement. As host of Initial Access, he works with practitioners to explore how real-world attacks actually happen.


Sergio Villegas BF Headshot

Sergio Villegas

Sr. Managing Analyst II

Sergio Villegas is a Sr. Managing Analyst II in the Attack Surface Intelligence team at Bishop Fox where he is one of the lead researchers. His main areas of focus are emerging threats, attack surface mapping, and tactical lead generation. Sergio has over 11 years of experience in cybersecurity during which he has worked as a researcher and consultant to help companies improve their procedures, technologies, and techniques around threat intelligence and threat hunting.


Bfx25 John Untz Author Bio 1

John Untz

Senior Security Engineer, Exploit Developer

John is a Senior Security Engineer, Exploit Developer, where he focuses on reverse engineering emerging threats and developing advanced capabilities to protect our customers' attack surfaces. Prior to joining Bishop Fox, John served in a number of selectively manned US Air Force teams, and is a graduate of the NSA's Computer Network Operations Development Program (CNODP).


Shad Malloy Headshot

Shad Malloy

Sr. Managing Consultant II

Shad Malloy is a Sr. Managing Consultant II at Bishop Fox focused on network penetration testing, vulnerability risk management, and application security. He has advised multiple industries including health care, financial services, energy, and technology. In addition to time working and managing security for education, health care, and national government agencies. Shad holds a Bachelor of Science in Computer Information Systems as well as industry certifications like the CISSP.


Subscribe to our PODCAST

Real talk on the threats, trends, and tactics shaping security today

Listen Anywhere