Resource Center

In this Initial Access podcast episode, we break down what Anthropic’s Project Glasswing actually shows about AI-driven vulnerability discovery and where human expertise still matters.

In this Initial Access podcast episode, we examine how trust, speed, and automation are reshaping initial access across software supply chains, network infrastructure, and AI systems.

A financial services organization tested Bishop Fox's Cosmos AI platform against a realistic application to answer one question: what does AI-powered penetration testing actually deliver? In 3 hours and 17 minutes, Cosmos AI surfaced 35 candidate findings — including a $1M negative transfer exploit and a race condition that multiplied funds 5× — that conventional scanners cannot test for. After expert triage, the client received 20 confirmed vulnerabilities and zero false positives.

In this Initial Access podcast episode, we examine how attackers are inheriting access through trusted systems, default permissions, and unpatchable infrastructure.

In this Initial Access podcast episode, we examine how attackers are turning normal workflows and trusted systems into reliable paths for initial access as exploitation timelines continue to shrink.

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Get a practical look at Cirro with creator Leron Gray, a new open-source tool for modeling Azure and Entra ID environments as relationship graphs to make privilege and attack paths easier to understand.

Trained people, strong controls, still getting fooled? This session breaks down how modern social engineering exploits trust and urgency, and what actually works to stop it.

In this Initial Access podcast episode, we explore how attackers are collapsing timelines and exploiting trust relationships, turning developer environments into the fastest path to full compromise, and where defenders still have room to slow them down.

In this Initial Access podcast episode, we examine how attackers are gaining initial access through social engineering, identity abuse, and vulnerable edge infrastructure.

Rebuilding in AWS gave LastPass a clean slate, but it also meant getting the architecture right. To be sure their security boundaries would hold, they partnered with Bishop Fox to test their cloud environment under realistic conditions and strengthen it where it mattered most.

In this Initial Access podcast episode, we cover AI coding agents operating inside developer environments, automated attack platforms accelerating exploitation cycles, long-lived connected devices exposing unexpected telemetry risks, and why identity systems remain the primary entry point for attackers.

A major airline technology platform turned to Bishop Fox after routine assessments kept missing the mark. What followed revealed unauthorized PCI database access, misconfigured IAM roles spanning hundreds of instances, and lateral movement across Active Directory domains — driving immediate remediation and stronger customer trust.

In this Initial Access podcast episode, we cover autonomous vulnerability discovery, AI agents that ignore instructions, and why models are becoming strategic national assets.

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Modern enterprise apps are sprawling, fast moving, and AI accelerated, yet traditional testing cannot keep up. Watch this session to learn how AI assisted, expert led testing expands security coverage at scale, improves consistency, and strengthens protection across complex enterprise application portfolios.

In this Initial Access podcast episode, we cover SSO phishing, patching failures, exposed APIs, and zombie infrastructure remind us that basic security hygiene still decides the outcome.

A Fortune 500 energy provider faces constant threats from nation-state actors targeting critical infrastructure. Partnering with Bishop Fox for Attack Surface Management and red team assessments, the company gained continuous visibility into their external perimeter...

In this Initial Access podcast episode, we cover prompt injection, a hijacked Outlook add-in, commoditized mobile spyware, AI executive deepfake scams, IT-to-OT pivoting, and nation-state use of commercial LLMs to accelerate exploitation.

Surrounded by security tools but still tempted to “just build it”? This hands-on workshop breaks down when custom tooling is worth it, when it’s not, and how to build fast, focused tools without overengineering.

The Red Team Vendor Evaluation Matrix Worksheet is designed to help security leaders evaluate red team vendors thoughtfully before engagement using a structured, question-driven approach.

In this Initial Access podcast episode, we cover the rollback of federal software security guidance, insider-driven access risks, ongoing state-sponsored espionage, and the security implications of giving AI tools deep control over infrastructure.

Download our solution brief. Learn how to secure entire application portfolios with attacker-realistic testing and expert-validated, trusted results.

Watch a fireside chat with cybersecurity and AI leaders on today’s real AI security risks. Learn where risk is emerging, how leaders set ownership, the true cost of securing AI, and practical steps teams use to protect AI systems and data.