Resource Center

What does exposed AI infrastructure actually look like in the wild? AIMap creator Aashiq Ramachandran is demoing it live, mapping, fingerprinting, and testing real exposed AI systems in real time. Join us to see how attackers find vulnerabilities in AI infrastructure before your team does.

This episode explores how every layer of the stack has become an attack surface — from a privilege-escalating Linux kernel flaw and a GitHub infrastructure RCE to a poisoned RubyGems supply chain, a trojanized vendor installer, and a ransomware hit on centralized education infrastructure.

Security leaders inherit complexity, not clean slates. In this session, Jessica Stinson applies attacker methodology to security leadership, helping you cut through app sprawl, IAM gaps, shadow AI, and noise to focus on what actually matters and drives meaningful risk reduction. Register to join us.

This episode explores how access is being created, scaled, and kept with less friction, from a critical cPanel authentication bypass to AI-generated vulnerable code, AI-assisted attacks, persistent footholds in trusted systems, and stealthier data exfiltration.

This episode explores how access control is breaking down across AI systems, consumer apps, and vulnerability management, from leaked AI tooling and bypassed EU verification apps to actively exploited Windows zero-days and growing strain on the NVD.

Most enterprises are managing dozens — sometimes hundreds — of applications with the same constrained budgets and headcount. Bishop Fox AI-Powered Application Penetration Testing delivers validated, expert-reviewed findings across your entire portfolio without the noise or overhead.

In this Initial Access episode, we look at how attackers are reusing trust that is already in place, from hijacked sessions and malicious browser extensions to overlooked industrial systems infrastructure and tightly controlled AI capabilities.

AI is shrinking the gap between vulnerability discovery and exploitation. As pressure mounts, most security programs aren’t built to keep up. Watch Bishop Fox experts to learn what actually matters and how to stay focused in an increasingly noisy, fast-moving threat landscape.

In this Initial Access podcast episode, we break down what Anthropic’s Project Glasswing actually shows about AI-driven vulnerability discovery and where human expertise still matters.

In this Initial Access podcast episode, we examine how trust, speed, and automation are reshaping initial access across software supply chains, network infrastructure, and AI systems.

A financial services organization tested Bishop Fox's Cosmos AI platform against a realistic application to answer one question: what does AI-powered penetration testing actually deliver? In 3 hours and 17 minutes, Cosmos AI surfaced 35 candidate findings — including a $1M negative transfer exploit and a race condition that multiplied funds 5× — that conventional scanners cannot test for. After expert triage, the client received 20 confirmed vulnerabilities and zero false positives.

In this Initial Access podcast episode, we examine how attackers are inheriting access through trusted systems, default permissions, and unpatchable infrastructure.

In this Initial Access podcast episode, we examine how attackers are turning normal workflows and trusted systems into reliable paths for initial access as exploitation timelines continue to shrink.

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Need a way to model identity risk across evolving cloud environments? This workshop breaks down how Cirro’s extensible design supports consistent analysis as new systems and data sources are added.

Struggling to understand how privilege actually spreads in Azure? This workshop shows how Cirro maps identities and roles into attack paths using graph-based analysis.

Trained people, strong controls, still getting fooled? This session breaks down how modern social engineering exploits trust and urgency, and what actually works to stop it.

In this Initial Access podcast episode, we explore how attackers are collapsing timelines and exploiting trust relationships, turning developer environments into the fastest path to full compromise, and where defenders still have room to slow them down.

In this Initial Access podcast episode, we examine how attackers are gaining initial access through social engineering, identity abuse, and vulnerable edge infrastructure.

Rebuilding in AWS gave LastPass a clean slate, but it also meant getting the architecture right. To be sure their security boundaries would hold, they partnered with Bishop Fox to test their cloud environment under realistic conditions and strengthen it where it mattered most.

In this Initial Access podcast episode, we cover AI coding agents operating inside developer environments, automated attack platforms accelerating exploitation cycles, long-lived connected devices exposing unexpected telemetry risks, and why identity systems remain the primary entry point for attackers.

A major airline technology platform turned to Bishop Fox after routine assessments kept missing the mark. What followed revealed unauthorized PCI database access, misconfigured IAM roles spanning hundreds of instances, and lateral movement across Active Directory domains — driving immediate remediation and stronger customer trust.

In this Initial Access podcast episode, we cover autonomous vulnerability discovery, AI agents that ignore instructions, and why models are becoming strategic national assets.

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.