Phoenix Cast

Task Force Phoenix
  • 0.0(0)
  • 行政
  • アップデート:月2回

A podcast about cybersecurity, technology and innovation issues in the military.

  1. 11時間前

    Canvas Hack, Firefox Using Mythos & Dirty Frag

    In this episode of Phoenix Cast, hosts John and Kyle break down a packed week in cyber: the Canvas ed-tech breach by Shiny Hunters that hit 9,000 schools and 275 million records right at testing season (both of their kids' schools are scrambling to go non-digital), Firefox's eye-opening collaboration with Anthropic's Mythos model that surfaced 271 vulnerabilities in a single release for a fraction of the cost of a traditional bug bounty, and the Dirty Frag Linux kernel zero-day that escalates to root in seconds — but whose fix breaks IPsec VPNs and file sharing. They also dig into the new MAR ADMIN making AI training mandatory for every Marine, and John collects on Kyle's gaslighting from two episodes ago about model quality degradation (Anthropic basically said "whoops"). Stick around for John's hot take that ASIs — Authorized Service Interruptions — are officially dead in a world where chained vulnerabilities and 271 patches can drop in a single release. We’d love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening! Links - Canvas Hack: Canvas Login Portals Hacked - ShinyHunters Extortion Campaign (BleepingComputer) https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/ Hackers Deface School Login Pages After Claiming Another Instructure Hack (TechCrunch) https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/ 2026 Canvas Security Incident (Wikipedia) https://en.wikipedia.org/wiki/2026_Canvas_security_incident Links - Firefox Using Mythos: Claude Mythos Has Found 271 Zero-Days in Firefox (Schneier on Security) https://www.schneier.com/blog/archives/2026/04/claude-mythos-has-found-271-zero-days-in-firefox.html The Zero-Days Are Numbered (Mozilla Blog) https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/ Behind the Scenes Hardening Firefox with Claude Mythos Preview (Mozilla Hacks) https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/ Claude Mythos Finds 271 Firefox Flaws, Mozilla Believes It Shifts Security Toward Defenders (Help Net Security) https://www.helpnetsecurity.com/2026/04/22/claude-mythos-mozilla-vulnerabilities-scanning/ Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek) https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/ Mythos and Cybersecurity (Schneier on Security) https://www.schneier.com/blog/archives/2026/04/mythos-and-cybersecurity.html Links - Dirty Frag: New Linux ‘Dirty Frag’ Zero-Day With PoC Exploit Gives Root Privileges (BleepingComputer) https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/ Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (The Hacker News) https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html Active Attack: Dirty Frag Linux Vulnerability Expands Post-Compromise Risk (Microsoft Security Blog) https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/ RHSB-2026-003 Networking Subsystem Privilege Escalation - Linux Kernel (Red Hat) https://access.redhat.com/security/vulnerabilities/RHSB-2026-003 Dirty Frag PoC Exploit (V4bel/dirtyfrag GitHub) https://github.com/V4bel/dirtyfrag

    55分

  2. 4月24日

    The Warrant Officer Part 2 - CW4 Justin Helphenstine

    In this episode of Phoenix Cast, hosts John and Rich — with Kyle sidelined by what Rich suspects was an AI-orchestrated exploit — welcome CW4 Justin Helphenstine, a U.S. Army cyber warrant officer with 22+ years of service and deep offensive cyber operations experience. The conversation digs into what Army cyber warrant officers actually do versus their Marine Corps counterparts, how the talent pipeline has matured from the early days when there wasn’t even a cyber MOS, and the real tension between retaining senior technical talent and losing them to the private sector. Justin makes the case that as cyber tools become commodified on both offense and defense, the warrant officer’s true value proposition shifts from technical wizardry to creating shared understanding — and he surprises John by arguing that warrant officers should learn to speak the language of joint warfighting functions and doctrine, not just binary. The episode builds to a spirited exchange on the cyber force debate, force generation versus force employment, and whether agentic AI will fundamentally change what it means to be a cyber professional — with Justin warning that outsourcing communication skills to AI is “skipping leg day” for military professionals. We’d love to hear your thoughts! Tweet us @ThePhoenixCast, and don’t forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts.  Thanks for listening! Links:The death of expertise: https://www.amazon.com/Death-Expertise-Campaign-Established-Knowledge/dp/0190469412

    1時間24分

  3. 4月15日

    Katie Moussouris & Project Glasswing

    In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome Katie Moussouris — founder and CEO of Luta Security, creator of Microsoft’s first bug bounty program, and architect of Hack the Pentagon — to break down Anthropic’s Project Glasswing and what it means when an AI model can find hundreds of real-world vulnerabilities at scale. Katie walks through the staggering complexity of coordinating multi-party vulnerability disclosure across 40 organizations, drawing on her own experience running similar efforts at Microsoft, and doesn’t shy away from the hard questions about whether the cybersecurity workforce is cooked or about to boom. The conversation heats up as the crew debates how much of Glasswing is marketing versus genuine emergency, whether offensive and defensive AI use can coexist responsibly, and what all of this means for critical infrastructure, supply chains, and the warfighter. Katie closes with a bold call for universal basic income funded by AI productivity — and if that doesn’t make you hit play, nothing will. We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening! Links: Project Glasswing (Anthropic): https://www.anthropic.com/glasswing  Luta Security: https://www.lutasecurity.com  Hack the Pentagon (USDS): https://www.usds.gov/projects/hack-the-pentagon  Katie Moussouris - "Fixing a Hole: The Labor Market for Bugs" (MIT Press): https://direct.mit.edu/books/edited-volume/3582/chapter-abstract/120140/ Obligatory XKCD https://xkcd.com/2347/

    1時間23分

  4. 4月6日

    Kyle Kills Databases

    In this episode of Phoenix Cast, hosts John and Kyle dive into two cautionary tales from Kyle’s AI-powered workflow — one where he spent $70 proving that AI detection tools are fundamentally broken, and another where he nearly lost his entire CRM database to a vibe-coded update gone wrong. Kyle walks through his process of writing a Marine Corps Gazette article using AI as a drafting assistant, only to have two leading detection tools flag it as “100% AI” three times in a row — sparking a broader debate about whether “did AI write this?” is even the right question to ask. Then things get real when Kyle discovers his customer database has been wiped by a bad code push, blindly trusts AI’s hallucinated diagnosis, and burns three and a half hours chasing ghosts before realizing the data was there all along. It’s a masterclass in why human-in-the-loop verification matters, why the basics like backups still apply in the age of vibe coding, and why tokens are cheap but trust is expensive. Links: AI Snake Oil: What Artificial Intelligence Can Do, What It Can’t, and How to Tell the Difference https://a.co/d/09aSZxzu  Vibe Coding: Building Production-Grade Software with GenAI, Chat, Agents, and Beyondhttps://a.co/d/0j6Uj0K5

    59分

  5. 3月24日

    Gen AI Conference

    In this episode of Phoenix Cast, hosts John, Rich, and Kyle break down the recent “hack” of McKinsey’s internal AI platform Lilly — where a security startup’s automated agent gained full root access through unsecured API endpoints in under two hours — sparking a lively debate on what actually constitutes a hack and why zero trust architecture still matters more than ever. The crew covers exciting new GenAI.mil features including Agent Builder and API key access, Anthropic’s upgrade of Claude Code’s context window from 200K to a million tokens, and what context rot means for power users. Kyle then delivers a fired-up debrief from the USMC Generative AI Workshop at Quantico, where Marines from across the Corps showcased everything from AI-powered recruiting simulations to homegrown tools, and the hosts challenge listeners to start building MOS-specific prompt libraries to multiply impact across the force. If you want a masterclass in both the promise and the pitfalls of AI adoption in the military, this one’s packed from start to finish. We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening! Links: MCKINSEY HACKhttps://www.inc.com/leila-sheridan/an-ai-agent-broke-into-mckinseys-internal-chatbot-and-accessed-millions-of-records-in-just-2-hours/91314432 WHAT IS AN API?http://en.wikipedia.org/wiki/API WHAT IS BOLA?https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/12-API_Testing/02-API_Broken_Object_Level_Authorization OBLIGATORY XKCD:  https://xkcd.com/327/

    1時間9分

  6. 3月4日

    Every Marine an AI Rifleman

    In this episode of Phoenix Cast, hosts John, Rich, and Kyle dive into a passionate debate about why the military needs to stop relying on a single "AI guy" in every unit and instead adopt an "every Marine an AI rifleman" mentality — training all service members in AI fundamentals the same way every Marine learns basic marksmanship. Kyle breaks down what AI "marksmanship" actually looks like (spoiler: it's way more approachable than you think, and it doesn't require a data science degree), while Rich draws on his experience driving an AI-enabled vehicle to illustrate what real human-machine teaming feels like in practice. The crew also unpacks a recent Claude Code "vulnerability" headline that turns out to be more about prompt injection basics than a true sky-is-falling flaw, and they geek out over Claude Code's new Remote Control feature that lets developers manage coding sessions from their phone while out grabbing groceries. Whether you're a senior leader wondering how to roll out AI training or a Lance Corporal curious about where to start, this one's packed with practical takes and a few great book recommendations to get you moving. We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening! Links: Claude Remote Code: https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html Claude Remote Control: https://code.claude.com/docs/en/remote-control GenAI.mil:https://www.war.gov/News/Releases/Release/Article/4376420/war-department-launches-ai-acceleration-strategy-to-secure-american-military-ai/

    1時間2分

  7. 2月12日

    Clawd & Order: AI in the Wild

    In this episode of Phoenix Cast, hosts John, Rich, and Kyle break down the rapidly evolving world of agentic artificial intelligence through the story of Clawd—also known as Molt and now OpenClaw. They explain what AI agents are, how tools like Claude Code and full-system agents are changing the way humans interact with machines, and why this shift is both powerful and potentially risky. The hosts explore real-world implications ranging from productivity and security to misinformation, open-source automation, and the viral “AI-only social network” phenomenon. They also reflect on the broader impact of human-machine teaming, discussing how leadership, communication, and creativity will shape the future of technology, cybersecurity, and modern warfighting. We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening! Links: Clawdbot:  https://www.computerworld.com/article/4125939/by-whatever-name-moltbolt-clawd-openclaw-this-uber-ai-assistant-is-a-security-nightmare.html Anthropic Economic Index https://www.anthropic.com/economic-index Peter Steinberger Website https://steipete.me/ Moltbookhttps://www.moltbook.com/

    1時間8分

  8. 1月30日

    ADM Clapperton (ret)

    In this episode of Phoenix Cast, hosts John and Rich are joined by special guest Vice Admiral (ret) Craig Clapperton - the former Commander of Navy’s Fleet Cyber Command. They discuss how technical mastery, leadership development, and career progression differ across ranks, and why early-career officers and operators must prioritize deep warfighting competence before broadening into team leadership and enterprise impact. They also explore how to brief and influence senior leaders effectively, integrate kinetic and non-kinetic capabilities, and build trust through competency, character, and integrity in high-stakes cyber and joint operations. We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!

    1時間16分
すべて見る(138)

番組について

A podcast about cybersecurity, technology and innovation issues in the military.

情報

  • クリエイター
    Task Force Phoenix
  • 配信期間
    20年 - 26年
  • エピソード
    138
  • 制限指定
    不適切な内容を含まない
  • Copyright
    © Task Force Phoenix
  • 番組のWebサイト
    Phoenix Cast

その他のおすすめ