AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Inherited Access, AI Permissions, Supply Chain Attacks & Edge Exposure

In this Initial Access podcast episode, we examine how attackers are inheriting access through trusted systems, default permissions, and unpatchable infrastructure.

This week’s conversation focuses on a shift that’s getting harder to ignore: initial access is no longer a clean moment in time. It’s showing up as a side effect of systems that already belong in the environment.

Across the headlines, attackers aren’t forcing entry so much as inheriting it. AI platforms are exposing access through default permissions. Trusted open-source packages are delivering backdoors as part of normal installs. Edge devices are getting exploited before patch cycles even start, or aging into a state where they can’t be fixed at all. At the same time, session hijacking techniques are bypassing MFA entirely by operating inside legitimate logins, and malware is moving onto infrastructure that can’t be taken down.

The common thread here is control. Access is being granted, reused, and persisted through systems defenders rely on every day, which makes it harder to define where initial access actually begins.

Key Takeaways:

The FCC Just Banned All New Foreign-Made Routers. Everything You Need to Know to Keep Your Network Safe, CNET

https://www.cnet.com/home/internet/fcc-just-banned-all-new-foreign-made-routers-everything-you-need-to-know-to-keep-your-network-safe/

  • What Matters: The ban targets new devices, but the real risk is already sitting on networks today. Existing routers will age into unpatchable, internet-facing systems that continue handling traffic without a fix path. That creates a durable attack surface attackers can rely on being there. From the team’s perspective, this reinforces a model many already assume: treat edge infrastructure as untrusted. Over time, this becomes less about vulnerability management and more about managing permanent exposure.
  • What’s Overhyped: The policy itself doesn’t reduce current risk. In the short term, it may increase it through rushed replacements and misconfigurations. The bigger issue is how little visibility and control most teams have over-edge devices once deployed.

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts, The Hacker News

https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html

  • What Matters: AI agents with default permissions are exposing cloud environments through access that already exists. Attackers can extract service account credentials and move laterally without exploiting anything. This is access being inherited through trusted systems, not forced entry. Small permission gaps can quickly turn into broad environment access. The scale comes from how widely these agents are deployed with similar defaults
  • What’s Overhyped: The AI framing draws attention, but the root issue is familiar. This is a permissions and identity problem, not a new class of attack.

Google Attributes Axios NPM Supply Chain Attack to North Korean Group UNC1069, The Hacker News

https://thehackernews.com/2026/04/google-attributes-axios-npm-supply.html

  • What Matters: A trusted NPM package delivered a backdoor as part of normal install behavior. No exploit required, just routine dependency use. This is supply chain access embedded directly into developer workflows. The attacker invested time to blend in, making detection difficult. Once executed, the code runs with the same access as the developer environment.
  • What’s Overhyped: This isn’t limited to NPM or a specific ecosystem. The real risk is how much trust is placed in dependencies that aren’t fully validated.

Citrix NetScaler products confirmed to be under exploitation, Cybersecurity Dive

https://www.cybersecuritydive.com/news/citrix-netscaler-exploitation-vulnerabilities/816097/

  • What Matters: Exploitation began almost immediately after the vulnerability became public. Systems at the edge were targeted before organizations could patch. Attackers move fast, scanning and harvesting access within hours. High-value systems that prioritize uptime are especially exposed. In many cases, compromise happens before defenders even start remediation.
  • What’s Overhyped: This isn’t just a problem for large or regulated industries. If a system is visible, it’s a target. Patch speed alone doesn’t close the gap.

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion, The Hacker News

https://thehackernews.com/2026/03/aitm-phishing-targets-tiktok-business.html

  • What Matters: Attackers are capturing session tokens in real time, bypassing MFA by operating inside legitimate logins. Once the session is valid, they don’t need to authenticate again. Initial access and persistence happen almost at the same moment. From there, accounts can be reused for malware delivery or further access.
  • What’s Overhyped: MFA still has value, but it’s not a complete control. Defensive visibility drops off after login, where activity is assumed to be legitimate.

Malware Is Sleeping on the Blockchain, and It's Already Infected Dozens of Global Targets, PCMag

https://www.pcmag.com/news/malware-is-sleeping-on-the-blockchain-and-its-already-infected-dozens-of

  • What Matters: Malware hosted on blockchain infrastructure can’t be easily removed. The payload is effectively permanent once deployed. This removes the option of takedown and forces a shift to containment. Defenders have to focus on blocking interaction, not removing the source. Detection depends on identifying behavior that doesn’t match normal usage.
  • What’s Overhyped: The blockchain angle is new, but the tactic is not. Behavioral detection still applies, even when the infrastructure can’t be taken down.
Sean McMillan Headshot

About the speaker, Sean McMillan

Community Specialist

Sean McMillan serves as the Community Specialist at Bishop Fox, where he combines his expertise in digital media with a knack for community engagement. He's the creator and host of "Galactic War Report," a Star Wars gaming podcast that has accumulated over a million downloads and made its mark on-stage at Star Wars Celebration Chicago in 2019.

More by Sean McMillan
Shad Malloy Headshot

About the speaker, Shad Malloy

Managing Sr. Consultant

Shad Malloy is a Managing Senior Consultant at Bishop Fox focused on network penetration testing, vulnerability risk management, and application security. He has advised multiple industries including health care, financial services, energy, and technology. In addition to time working and managing security for education, health care, and national government agencies. Shad holds a Bachelor of Science in Computer Information Systems as well as industry certifications like the CISSP.

More by Shad Malloy
Bfx25 John Untz Author Bio 1

About the speaker, John Untz

Sr. Security Engineer

John is a security researcher on Bishop Fox's Threat Enablement and Analysis team, where he focuses on reverse engineering emerging threats and developing advanced capabilities to protect our customers' attack surfaces. Prior to joining Bishop Fox, John served in a number of selectively manned US Air Forceteams, and is a graduate of the NSA's Computer Network Operations Development Program (CNODP).

More by John Untz

Extend Your Knowledge

Check out these related resources.

Guide

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Learn More
GigaOm Radar Report 2026 Attack Surface Management with security risk radar graphic and Bishop Fox branding.
Report

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Learn More
Red Team Vendors Evaluation Matrix resource graphic by Bishop Fox featuring a red teaming vendor evaluation worksheet.
Guide

Red Team Vendor Evaluation Worksheet

The Red Team Vendor Evaluation Matrix Worksheet is designed to help security leaders evaluate red team vendors thoughtfully before engagement using a structured, question-driven approach.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.