Interview with Adriel Desautels - the pentest is broken
Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it.Segment Resources:Topic: Why Meta is destroying its engineering organization
The titular essay: https://newsletter.pragmaticengineer.com/p/why-is-meta-destroying-its-engineeringA very interesting analysis of what's going on inside big tech companies as they try to dogfood their own AI hype and tokenmaxx themselves into oblivion. There have been a LOT of stories on this, but this is the most comprehensive and enlightening. A few more are linked below.This is relevant to security, because heavier AI use appears to be linked to a much higher occurrence of availability and security issues.- ‘Tell Him He’s a Piece of Shit’: Meta’s New AI Unit Is a Total Mess
- The Newest Instagram "Exploit" is the Goofiest I've Seen
- Meta CTO Andrew Bosworth Admits the Company’s AI Reorg Was ‘Atrocious’
- Meta’s months-old AI unit is a soul-crushing gulag, say the engineers stuck inside it
The Weekly Enterprise News
Finally, in the enterprise security news,- an AI vibe check
- An AI SOC vendor shuts down
- Cybersecurity vendor layoffs
- funding & acquisitions
- cascading breaches
- digital estate management
- criminals don’t trust AI either
- some devs won’t code without AI, even if you pay them to
- Midjourney is now a healthcare company?
Adriel Desautels is a cybersecurity innovator with over 20 years of experience in security research and adversarial emulation. He founded Netragard in 2006, specializing in Red Teaming and advanced threat assessments. Adriel previously pioneered the zero-day Exploit Acquisition Program and led the influential SNOsoft Research Team, which helped establish industry standards for responsible vulnerability disclosure. His insights on advanced persistent threats, cybercrime (including the evolution of ransomware), and AI security implications have been featured in Forbes, The Economist, Bloomberg, and other major outlets. He is a sought-after speaker and has served as an expert witness in cyber security cases.
Security leaders, your vulnerability program is overloaded. Thousands of findings, limited resources, and no clear way to prioritize what actually matters to the business.
Meanwhile, regulators and boards expect measurable risk reduction, not just scan results.
Join the Vulnerability Management Virtual Cybersecurity Summit on July 29th to learn how leading organizations are shifting from volume to risk-based prioritization and turning exposure into actionable strategy.
Security Weekly listeners can register for free at https://securityweekly.com/vulnmanagement using the promo code: CSS26-SW
Adrian Sanabria
- FUNDING/M&A courtesy of the Security, Funded newsletter, issue #249 – Qubit the Bullet
VIBE CHECK
This week, the US government effectively forced Anthropic to pull Fable 5 and Mythos 5 for every customer overnight. Does "your model can vanish on a policy whim" change what you actually run?
- 50% - Staying put - Claude is my ride or die
- 25% - Building the exit
- 25% - Already moving
SHUTTING DOWN
- Salem Cyber, a United States-based security operations center (SOC) AI assistant, formally submitted the paperwork to shut down operations. Salem Cyber had previously raised $685K in funding.
LAYOFFS
- Snyk to lay off 90 employees
FUNDING
- SandboxAQ, a United States-based post-quantum cryptography (PQC) security platform, raised a $500.0M Grant from the U.S. Department of Commerce under the CHIPS and Science Act to support an AI-driven platform for discovering new semiconductor materials.
- Dream (formerly Dream Security), an Israel-based operational technology and critical infrastructure security platform, raised a $260.0M Venture Round from Bicycle Capital and Group 11. <-Unicorn Alert!
- BTQ (formerly BTQ Technologies), a Canada-based post-quantum encryption and security platform, raised a $106.1M Post-IPO Equity.
- Twenty Technologies, a United States-based offensive cyber warfare operations platform, raised a $100.0M Series B from Accel.
- NewCore raised a $66.0M Seed from Evolution Equity Partners and an additional $16.0M Pre-Seed from CyberStarts and Index Ventures.
ACQUISITIONS
- Apono, a United States-based permission management solution for DevOps teams, was acquired by 1Password for an undisclosed amount. Apono had previously raised $54.5M in funding.
- EfficientIP, a France-based DNS and network security platform, was acquired by Francisco Partners for an undisclosed amount. EfficientIP has not previously disclosed funding. (more)
- Entro, an Israel-based non-human identity access and secrets management platform, was acquired by SailPoint for an undisclosed amount. Entro had previously raised $24.0M in funding.
- WideField Security, a United States-based identity threat detection and response platform, was acquired by Cisco for an undisclosed amount. WideField Security had previously raised $11.3M in funding.
- NEW TOOLS: Introducing Package Proxy: supply-chain safety checks without client-side software
An approach to protecting against supply chain threats
- VULN MGMT: BOD 26-04: Prioritizing Security Updates Based on Risk
- CASCADING BREACHES: An Update on the Recent Klue Security Incident – Klue
- CASCADING BREACHES: Analysis of Reported Credential Compromise of FortiGate Devices
- THREAT INTEL: Captured Logs Reveal Hackers Using Claude and Codex to Breach Companies
- REPORTS: The 2026 Security Operations Report
- THREATS: The $60 Laptop
Digital estate management is another area that's going to take a while for folks to work out how to do properly. The mistakes could be painful though.
- THREATS: AI in the underground: Curiosity, claims, and concerns
- THREATS: The scourge of ClickFix – Julia Métraux (@juliametraux.bsky.social)
Still a lot of normies out there unaware of the dangers of ClickFix. We're going to keep seeing this technique for a while.
- AI DRAMA: Nvidia says AI’s water challenge is largely solved
Electricity generation isn't included in this claim, but warm water cooling has been a thing for a while now. If the components can handle warmer temps, no need for chillers (and therefore, no evaporation).
- AI CODING: We are Changing our Developer Productivity Experiment Design
The state of AI coding has changed up a bit - some interesting changes between Metr's first and second surveys.
- AI NEWS: China’s 360 Says it Has Developed Tools that Match Anthropic’s Mythos
Didn't take long.
- SQUIRREL: Midjourney, the AI image generator, is developing a full-body ultrasonic scanner – Engadget
Come again?
- SQUIRREL: welcome to void land.