AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

AI Security in the Age of Project Glasswing & GPT-5.4 Cyber

AI is shrinking the gap between vulnerability discovery and exploitation. As pressure mounts, most security programs aren’t built to keep up. Watch Bishop Fox experts to learn what actually matters and how to stay focused in an increasingly noisy, fast-moving threat landscape.

AI isn’t just moving fast. It’s compressing the time between vulnerability discovery and exploitation, fundamentally changing how security teams need to operate.  

New AI-driven offensive capabilities are accelerating how quickly vulnerabilities can be identified and acted on. The challenge isn’t just more findings; it’s less time to determine what’s real, what matters, and what to do next. 

Project Glasswing and GPT-5.4-Cyber are just the latest examples—and they won’t be the last. They’re signals of a broader shift: the window between discovery and real-world impact is shrinking, and most security programs aren’t built to operate under that kind of pressure.

At the same time, that pressure is being amplified by constant change with new models, new threats, and nonstop headlines pulling teams in every direction. But not all of it matters.

In this virtual session, Bishop Fox practitioners break down what this shift means in practice and how security leaders can stay focused on what actually reduces risk, including conversations around:

  • How to identify and prioritize the systems, data, and workflows that represent true business risk
  • How AI is changing the path to exploitation, not just the speed of discovery
  • Why validation and prioritization are becoming the primary bottlenecks
  • How to stay grounded and avoid chasing every new AI-driven capability or threat
  • What continuous offensive testing actually looks like in an AI-driven threat landscape
  • Which controls and investments are worth prioritizing right now
  • How to communicate both urgency and focus to executive stakeholders and boards

This session is grounded in real-world testing experience and designed for security leaders who need to operate effectively in a faster, more pressured (and increasingly noisy) risk environment.

Session Summary

This session explores how AI is reshaping vulnerability discovery, exploitation, and defensive security operations. It examines recent shifts in both attacker and defender capabilities, highlighting how AI lowers the barrier to entry while increasing scale and speed. The session focuses on what is actually changing versus what is hype, including the rise of agent-based workflows, shadow IT, and continuous testing models. Through practitioner insights, it emphasizes that the core challenge is no longer finding vulnerabilities, but prioritizing, validating, and responding to them effectively. The discussion reinforces the need for better orchestration, visibility, and process maturity as security teams adapt to a faster and more complex threat landscape.

Key Takeaways

  • AI is lowering the barrier to entry, enabling less experienced attackers to find vulnerabilities at scale
  • The primary bottleneck is shifting from discovery to validation, prioritization, and remediation
  • Offensive capabilities are advancing faster than defensive processes, creating a growing imbalance
  • Shadow IT is expanding as users build AI-powered tools outside traditional controls
  • Continuous testing is evolving into autonomous, agent-driven security workflows
  • Effective security programs focus on orchestration, context, and actionable insights, not just more tools
  • Teams that succeed will prioritize visibility, inventory, and rapid decision-making over chasing every threat
Dan Petro Headshot

About the speaker, Dan Petro

Principal Security Engineer

As a Principal Security Engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan Petro
Shad Malloy Headshot

About the speaker, Shad Malloy

Managing Sr. Consultant

Shad Malloy is a Managing Senior Consultant at Bishop Fox focused on network penetration testing, vulnerability risk management, and application security. He has advised multiple industries including health care, financial services, energy, and technology. In addition to time working and managing security for education, health care, and national government agencies. Shad holds a Bachelor of Science in Computer Information Systems as well as industry certifications like the CISSP.

More by Shad Malloy
Michael Cheng Bio

About the speaker, Michael Cheng

Senior Security Consultant I

Michael Cheng is a Senior Security Consultant I at Bishop Fox, where he focuses on AI red teaming and AI penetration testing, helping organizations identify and mitigate emerging risks in AI-driven systems. He brings a blend of offensive security expertise and cross-functional program experience to complex security challenges. He previously served as a Security Consultant III at Bishop Fox, where he contributed to advancing AI-focused offensive security capabilities.

Michael holds a Master’s degree in Computer Science from Hofstra University, where his thesis focused on reverse engineering and binary analysis of Linux ELF executables. He is fluent in both Mandarin Chinese and English.

More by Michael Cheng
Allen Foust Headshot

About the speaker, Allen Foust

Security Consultant III

Allen Foust is a Security Consultant III at Bishop Fox, where he specializes in penetration testing with a focus on cloud environments, including Amazon Web Services (AWS). Since joining the firm in 2020, he has progressed through multiple consulting roles, demonstrating deep technical expertise and a consistent ability to deliver high-impact security assessments for clients. His work is grounded in real-world adversarial techniques, helping organizations identify and remediate critical vulnerabilities across modern infrastructure.

Allen holds a Bachelor’s degree in Computer Science (Cybersecurity) from Arizona State University’s Ira A. Fulton Schools of Engineering. While at ASU, he founded DevilSec, a student organization dedicated to advancing practical, industry-relevant cybersecurity training.

More by Allen Foust
Sean McMillan Headshot

About the speaker, Sean McMillan

Community Manager

Sean McMillan is Community Manager at Bishop Fox, focused on making complex security topics easier to understand and more interesting to follow. He holds a bachelor’s degree in Mass Communication and Media Studies from Arizona State University and brings over a decade of experience in podcasting, live hosting, and audience engagement. As host of Initial Access, he works with practitioners to explore how real-world attacks actually happen.

More by Sean McMillan

Extend Your Knowledge

Check out these related resources.

Datasheet ai powered apt
Datasheet

AI-Powered Application Penetration Testing Datasheet

Most enterprises are managing dozens — sometimes hundreds — of applications with the same constrained budgets and headcount. Bishop Fox AI-Powered Application Penetration Testing delivers validated, expert-reviewed findings across your entire portfolio without the noise or overhead.

Learn More
Bishop Fox guide: 15 guardrails for shipping AI-generated code safely.
Guide

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Learn More
GigaOm Radar Report 2026 Attack Surface Management with security risk radar graphic and Bishop Fox branding.
Report

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.