SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsDear NewsBites Readers,
I am delighted to announce that we’ve added a new editor to our cadre of excellent commenters in this issue of NewsBites: Dr. Anton Chuvakin. Anton is a brilliant mind and clear voice in our community, having served for decades in organizations as varied as Google, Gartner, Qualys, LogLogic, and netForensics. Fifteen-plus years ago, I had the pleasure of going to dinner regularly with Anton, and his insights on technology and the cybersecurity community helped sharpen my own understanding. I don’t always agree with my friend, but I tell you — he ALWAYS gets me thinking, and I’m grateful that he’s volunteered to offer his insights as our newest NewsBites editor. Welcome aboard, Anton!
—Ed Skoudis
President, SANS Technology Institute
Microsoft's July 2026 Patch Tuesday release addresses 622 CVEs across its products, more than tripling the previous record of 206 vulnerabilities addressed in June. Three of the flaws are known to be exploited: deserialization of untrusted data allowing remote code execution in SharePoint (CVE-2026-58644, CVSS score 9.8); missing authentication allowing privilege elevation in SharePoint (CVE-2026-56164, CVSS score 5.3); and insufficient granularity of access control allowing privilege elevation in Active Directory Federation Services (AD FS, CVE-2026-56155, CVSS score 7.8). All three have been added to the US Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog (CISA KEV), with three-day deadlines for the SharePoint flaws and a two-week deadline for the AD FS flaw. A fourth notable CVE is a publicly known protection mechanism failure allowing bypass of a safety feature in BitLocker (CVE-2026-50661, CVSS score 6.1). Critical-severity flaws make up more than ten percent of the CVEs fixed, and Josh Taylor at Fortra stated to Dark Reading that "July has 26 vulnerabilities with a CVSS base score above 9.0, and 13 of those sit at 9.8 ... but CVSS is still only one part of the risk story." Brian Krebs noted that "Microsoft has long labeled security bugs using its 'exploitability index,'" and Mayuresh Dani at Qualys Threat Research Unit recommended FIRST's Exploit Prediction Scoring System (EPSS), the CISA KEV, and NIST's Likely Exploited Vulnerabilities (LEV) metric as triage aids. The update is temporarily unavailable for certain Dell devices due to an incompatibility issue with Dell models using Intel Innovation Platform Framework (IPF) drivers, leading to "unexpected shutdowns, poor performance, increased heat, and battery drain" when the update is applied; Microsoft is working on an adjusted release for Dell, expected in the next few days.

I think many will see this number and shout "vulnerability apocalypse is here," but I would wait until we see clear increases in both exploitation and resulting incident damages.

Microsoft is a bit of a different beast when people discuss an upcoming Vulnerability Apocalypse because they have so much money to throw at the problem. A 622-patch-per-month release cycle is what they can do, if not more. The smaller players will be the ones that will have a more difficult time with this number of bugs. But I am going to take a bit of a contrarian take on something just so that folks can be more rational about this. If you have thousands of bugs to patch and prioritize, which ones would you do first? In my opinion, patching Windows is obvious and easy, but after that, which ones go first? I would choose the ones with actual exploits behind them. Now we have yet to see many public PoCs for these 600+ patches, and I’m waiting to see how that pans out. How many public PoCs that work will see over 600 vulnerabilities in one month? That will be the tell. To be clear: patch and patch now, but also keep an eye on what the attackers are doing.

I, for one, welcome our new vulnerability overlords, as AI helps us drain the swamp of vulns long hidden. It’s going to be an interesting ride for our industry as this becomes the new normal. I’ve personally taken a special interest in the evolving concept of VulnOps, applying the lessons of continuous development pioneered in DevOps (with a lift from AI too) to the vulnerability management space to help handle the deluge of vulnerabilities we now face.

This month's record number of vulnerabilities from Microsoft reinforces that organisations need to move beyond just patching towards a mature vulnerability management programme. This means maintaining an accurate asset inventory, continuously identifying vulnerabilities, prioritising remediation based on exploitability and business impact, implementing compensating controls where patching is not immediately possible, and continuously monitoring for signs of compromise. In an era where AI is dramatically shortening the time between vulnerability disclosure and exploitation, operational discipline and not simply applying patches will determine an organisation's resilience.

In addition to the 622 vulnerabilities from Microsoft, 72 of which are marked critical, Chromium has another 422 vulnerabilities, which affect Microsoft Edge. The trick is not to panic. Yes, this is a surge thanks to the use of AI tools to find and address current as well as previously undiscovered flaws; even so, we were already past the point for individual care and feeding of each applied update. We need to organize systems and compensating controls. To paraphrase a suggestion from Paul Asadoorian: Tier 1 where patches are auto-applied, Tier 2 which targets 72 hours with approved change windows and automated regression testing, and Tier 3 (critical apps) at seven days, using pre-built playbooks and pre-authorized decisions. In addition, compensating controls, WAF, RASP, Segmentation, and behavior detection to mitigate risks of unaddressed/undiscovered flaws.
We are seeing a bumper crop of vulnerabilities, proving just how good AI has become at sniffing out software flaws. But while we still rely on CVSS scores to prioritize patches, that's about to change. AI's ability to chain seemingly minor vulnerabilities into sophisticated, multi-stage attacks means static scoring isn't enough anymore. If organizations haven't automated and overhauled their vulnerability management processes over the last few months, they need to start now.

There used to be a TV show called "House" where a team of doctors tried to diagnose a patient with an exotic ailment, and when they were stumped, someone would inevitably say "We need to do a full body MRI scan." Dr. House would say "No, that will show us all kinds of things wrong with the patient — we are only interested in this one life-threatening thing wrong with the patient." In cybersecurity, triage is more complex: both the good guys and the bad guys can and do run "full body scans" of apps. Thirty years ago, automated vulnerability scanning tools like Satan forced regular patching, and in the early 2000s, software testing tools like Fortify and Sanctum came out and Microsoft moved to monthly patch release, forcing Vulnerability Management to evolve as a critical security practice. This wave of good guys and bad guys using AI tools needs to spur another evolution of faster patch releases (which already happens with browsers) and faster patching.

This is not simply "patching as usual." There is risk in applying so many patches at once. The larger the enterprise, the greater the risk.
SANS ISC
Microsoft
Microsoft
Dark Reading
Krebs on Security
The Register
The Register
SecurityWeek
The Hacker News
Help Net Security
Software manufacturers and online service providers looking to establish a coordinated vulnerability disclosure (CVD) program now have government guidance on best practices, published on July 15, 2026 by the US Cybersecurity and Infrastructure Security Agency (CISA), jointly with the US National Security Agency and cybersecurity authorities in Japan (JPCERT/CC), the Netherlands (NCSC-NL), and the United Kingdom (NCSC-UK). The publication aims to help organizations "harness the knowledge of external security researchers who specialize in finding security weaknesses," ensuring that the organizer can handle variable frequency and quality of submissions, and provide clear, protected reporting channels for researchers. The first step is to create a vulnerability disclosure policy (VDP) that defines the official reporting process and lays out the expectations and obligations for researchers and organizations. VDPs should communicate transparently, offer safe harbor to good-faith participants, establish public participation and a broad testing scope, and set clear standards for prohibited activities, reporting requirements and channels, disclosure scope and timelines, and publication processes. The second step is to define processes and standards on the organization's side for how to conduct communication, triage, remediation, and CVE ID assignment. This includes creating a review process for feedback and updates to the CVD program. The third step is to consider what third-party "intermediaries" are available to serve various functions in the CVD process, such as external coordinators or bug bounty programs, as long as the intermediary aligns with best practices and the program's priorities. CISA acknowledges contributions to the guidance from CERT@VDE, CrowdStrike, Dragos, Mandiant, and Palo Alto Networks. Help Net Security notes that this publication follows six days after a CISA blog post acknowledging the agency's own need for a clearer reporting channel, covered in NewsBites 28.51.

Dovetailing on the large number of vulnerabilities this month, I see that multiple agencies are trying to get ahead of things by helping the smaller companies formalize the reporting process. This is a good move.

This is exciting! We've seen what happens when disclosures are ignored or can't be delivered, but you can't just ask AI to create your CVD program either. This comprehensive approach, driven by global input, is the droid you're looking for. If you already have a CVD or VDP, take a look to see if you missed any tricks. Even so, remember that people are reporting flaws in pet projects, which may not be received well by everyone, and that you need to guide people toward realizing that this is being done out of support and a desire to help you do better, not to criticize or make you look bad.

As the vulnerability space gets more and more cluttered and noisy, this initiative has great promise. I’m appreciative of the organizations working on it from around the world! Good stuff.
Treat this USG and partner-nation guidance as a strong foundational baseline, but don't stop there. Use it as a stepping-stone while you concurrently deploy AI to automate vulnerability discovery and secure your development pipelines.

Although this guidance comes from CISA and its international partners, it is essential reading for any organisation that develops or sells products with digital elements into the EU. The EU Cyber Resilience Act (the EU CRA) requires manufacturers to have robust vulnerability handling and coordinated vulnerability disclosure processes in place throughout the lifetime of their products. Organisations that have yet to establish or mature these capabilities would do well to use this guidance as a practical starting point.

This guidance is helpful but this remains a hard problem. It will get harder as the time between vulnerability identification and exploitation continues to shrink. In the long-run we must improve the quality of our code. We should encourage the use of AI for both coding and testing.
The US Cybersecurity and Infrastructure Security Agency (CISA), along with other US cybersecurity agencies and related organizations in Australia, Canada, New Zealand, the UK, Czechia, Denmark, Estonia, Finland, France, Italy, Poland, and Sweden, have published an advisory urging router owners to take steps to improve the cyber hygiene of those devices. Specifically, the advisory warns that Russian Federal Security Service (FSB) Center 16 cyber actors are "exploit[ing] poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks." The advisory describes adversarial techniques used by threat actors targeting vulnerable routers as well as suggested mitigations for router owners, including disabling Cisco Smart Install on all devices; using strong, unique passwords for local accounts; updating network device software and firmware images, especially to patch known vulnerabilities; and upgrading end-of-life devices to supported ones.

Cisco Smart Install is one of those bugs we constantly see at my consultancy during testing. The number of internal and external hosts that still have this bug is very alarming. Take some time and harden your network infrastructure.

Russian FSB-linked attackers, namely Energetic Bear, aka Dragonfly or Crouching Yeti, are still finding and exploiting public SNMP community strings, Cisco SMI, and TFTP loaded configurations. These were things we did back in 1999, not 2026. I believe the Metasploit module to exploit these flaws is from 2010. If you have SNMP exposed to the Internet, block it, or Cisco SMI, turn it off. Then ask, why were we still doing this?

Routers, switches, and other network devices are often deployed and then forgotten until something goes wrong, making them attractive targets for attackers. Maintaining current firmware, replacing end-of-life devices, and disabling unnecessary services remain some of the simplest and most effective ways to reduce your organisation's threat profile.
This new joint guidance on routers outlines foundational security controls that are equally critical for end-user devices. For leadership, implementing these practices is not optional — it is a core component of a legally defensible cybersecurity program. Omitting these controls leaves an organization highly vulnerable to claims that it failed to exercise a standard duty of care in safeguarding its digital assets.

I am not aware of any routers that support strong authentication. SOHO users are limited to strong passwords. Enterprises should consider strong passwords, parts of which are held by different individuals. That said, there are obvious lessons here for router design.
SonicWall has published a security advisory urging users to apply hotfixes, investigate for indicators of compromise (IoCs), and clear devices and credentials as needed to remediate two vulnerabilities, both known to be exploited at the time of disclosure, affecting SMA1000 series models 6210, 7210, and 8200v. CVE-2026-15409, CVSS score 10.0, allows a remote unauthenticated attacker to cause an appliance to make requests to an unintended location by exploiting a server-side request forgery (SSRF) flaw in the Appliance Work Place interface. CVE-2026-15410, CVSS score 7.2, allows a remote unauthenticated attacker to execute arbitrary OS commands as an administrator by exploiting a post-authentication code injection flaw in the Appliance Management Console. After applying the appropriate patch indicated in SonicWall's advisory, users must also perform a forensic analysis to search for IoCs, and take additional steps if any are present: re-image hardware or redeploy virtual appliances, rotate user and administrator credentials, and reset TOTP tokens. SonicWall PSIRT emphasizes the urgency of remediating these vulnerabilities, as the team has investigated multiple cases indicating active exploitation; Adam Babis discovered and reported the flaw, and Sean Koessel and Steven Adair of Volexity contributed to the PSIRT investigation and IoCs. Both flaws have been added to the US Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog (CISA KEV), with a three-day remediation deadline for Federal Civilian Executive Branch (FCEB) agencies. SSL-VPN running on SonicWall firewalls and the SMA 100 Series line are both unaffected by these vulnerabilities.

It may be easier to take a position of, “if you have a SMA1000 which hasn't been updated, assume compromise and reimage it.” Per SonicWall: apply the update, forensically analyze the device for IoCs, and if found, then reimage, change user & admin passwords, and reset all TOTP tokens. Beyond that, make sure you cannot access the management interface from the WAN, triple check that updates are auto-applied, and talk about lifecycle. If you're not on a SMA 7210 or SMA 6210, you're on EOL hardware; if you are on SMA under V12.4.3, you're on unsupported firmware. With AI-enhanced flaw detection, lifecycle management must become proactive. Yes, budget, the incident will cost more.
SonicWall
Help Net Security
BleepingComputer
CyberScoop
On Monday, July 13, Japanese refrigeration logistics company Nichirei Corporation disclosed that it "experienced a system failure due to unauthorized access." Once Nichirei became aware of the incident, it launched an investigation that determined that company servers had been the target of a cyberattack. Some of the compromised servers contained personal information, which prompted Nichirei to notify Japan's Personal Information Protection Commission. Nichirei also disconnected certain systems to protect data, and the disconnection affected inbound and outbound operations at refrigerated warehouses of Nichirei Logistics Group, and frozen food shipment operations of Nichirei Foods Inc. The company plans to gradually begin resuming operations on Friday, July 17. The incident has affected Japan's food supply chain. KFC Japan has reported it is facing a shortage of ingredients, which could lead to limited menu offerings and possibly temporary closures of some restaurants. Other restaurants in Japan have reported resultant delays in product deliveries and shortages of ingredients, and supermarkets are experiencing food shortages.

This is a more traditional supply chain disruption, and maybe an excuse to make sure you've kept your physical supply chain DR plans updated. An interesting approach taken by KFC Japan is to suspend online ordering to reduce demand on their foreshortened inventory. Of concern is that the Nichirei Group is withholding information about the incident to prevent further damage; this is as much of a hint that there are exploitable weaknesses, if not more so, as a more traditional disclosure would. This may also erode the opportunity for others to learn from the incident to prevent a similar event locally.

This incident is another reminder that cyberattacks can have consequences far beyond the organisation directly affected. Disruption to a logistics provider quickly cascaded into food shortages and operational challenges for retailers and restaurants. As regulations such as NIS2 increasingly emphasise resilience alongside cybersecurity, organisations should assess not only their own resilience but also that of critical suppliers within their supply chains.

This one is a reminder to review your supply chain security efforts — is your risk definition/mapping up to date?
As a massive global conglomerate, the Nichirei Corporation undoubtedly dedicates significant resources to enterprise defense. This incident serves as a stark reminder that scale and a robust security budget do not guarantee immunity; even the largest organizations remain vulnerable to sophisticated cyber criminals.

Are you sure that you are not infrastructure?
The Record
The Register
Nichirei
Nichirei
Earlier this year, researchers at Jamf Threat Labs began tracking CrashStealer infostealer malware, which "impersonates Apple's crash-reporting framework to harvest browser credentials, cryptocurrency wallets and keychain data, encrypting stolen files with AES-GCM before exfiltrating them to a remote command-and-control server." CrashStealer is written in C++ and first came to Jamf researchers' attention when it was uploaded to VirusTotal in May 2026. It gains initial access to systems through a dropper called Werkbit, which is signed and notarized, so it appears trustworthy. The Jamf write-up includes a list of indicators of compromise. In a separate story, researchers at group-IB detected another macOS infostealer they have called ClickLock Stealer, which tricks users into pasting a command into Terminal to unwittingly infect their own machines. The malware scheme has been active for several months and has claimed victims in 33 countries, primarily in Europe. Group-IB researchers discovered ClickLock Stealer following their analysis of a shell script uploaded to VirusTotal in early June. Their report offers indicators of compromise and recommendations for users to protect their systems from infection — including never pasting commands into Terminal from websites — as well as instructions for safely managing a situation in which "Mac suddenly starts killing all applications and displays a password prompt you didn’t initiate," and suggested actions to take if users suspect their machines have become infected with ClickLock Stealer.

In parallel with looking for IoCs, remind users to watch out for "Click Fix" scams where you copy and paste into a command or terminal window or Windows Run. With hacker summer camp just around the corner, it's an opportunity to expose others to social engineering villages, or similar, to see just how effective (and easy) these sorts of attacks are, hopefully resulting in support for helping your users make good decisions.
VirusTotal remains a vital tool for the security community, but basic endpoint hygiene still plays a massive role. It sounds simple, but execution is everything: if a device starts behaving strangely, reboot it. Above all, do not click on or trust any active dialog boxes or pop-ups that appear during the anomaly.
ZDNET
SC Media
Jamf
The Register
BleepingComputer
Group-IB
23andMe will pay US$18 million to settle claims from 43 US attorneys general over the company's 2023 data breach. The genetic testing company disclosed the breach in October 2023: Threat actors had used credential-stuffing attacks to steal data belonging to 6.9 million customers between April 2023 and September 2023, and offered some of the information for sale on the dark web. An investigation revealed that 23andMe had failed to implement multi-factor authentication, logging and monitoring, intrusion prevention, investigation of unusual patterns in login attempts, vulnerability patching, and other basic security hygiene measures. 23andMe was slow to take responsibility for the breach and ultimately filed for bankruptcy in March 2025. The company's data were subsequently sold to TTAM Research, a non-profit organization established by 23andMe's founder and former CEO. The terms of the new settlement establish security requirements for TTAM Research, including creating a data security advisory board, implementing risk analysis protocols, and maintaining rights of customers to demand that their genetic samples be disposed of and their related data deleted.

This is a reminder that we need to really understand how biometric data is protected, shared, and disposed of before contributing to that data set. I'm cautiously optimistic that this addresses the problem. Even so, verify these controls are in place before using the system under the new owner. Think ‘trust but verify.’

I’m hoping this serves as precedent case law for similar bankruptcies we will surely see as AI shakes out, with even more security sensitive data being impacted in AI models/databases created by the companies in bankruptcy.

It is past time to implement strong authentication both for Internet facing services and internally. Strong authentication is now considered to be both efficient and essential. Passkeys are even convenient. No excuses left.
Police in the Netherlands, along with Belgian authorities and Europol, have taken down an investment fraud network that duped people into investing in nonexistent virtual currency. The scheme, which is believed to have been operating since 2021, involved 700 employees working at 20 call centers in several countries around the world and allegedly brought in €100 million ($114 million) per month. Six people are in custody, including the alleged head of the operation who in the past has been prosecuted for conducting cyberattacks against government organizations. He was arrested in Poland in May 2026 at the request of Dutch authorities and has since been extradited to the Netherlands, where he is being held in pretrial detention. Police have taken down elements of the operation's critical infrastructure with help from authorities in locations where the infrastructure was hosted. In a separate story, Spanish police, with support from authorities in Portugal and Panama as well as from Interpol and Europol, have taken down a cyber fraud operation that allegedly brought in €140 million ($160 million) through fraudulent investment schemes and business email compromise. Four people have been arrested in connection with the operation, and authorities have seized computers and smartphones that are believed to have been used in the scheme.

These operations demonstrate that effective international law enforcement cooperation can significantly disrupt organised cybercrime. However, the scale of these fraud networks also shows how cybercrime has evolved into a highly organised global business, making prevention through public awareness and financial fraud detection just as important as law enforcement actions.

The idea of a fradulent investment isn't new, heck, it's older than we are, but the hook is getting into the new and shiny cryptocurrency — after all, who wants to be left behind for the next financial frontier? This comes back to helping our family, friends, and users make good choices when faced with social engineering scams. For grins, talk to your financial institution about how their fraud unit can help you, as they may have training or other guides you can leverage.
The Record
Help Net Security
BleepingComputer
Politie
Dark Reading
BleepingComputer
Two members of the Scattered Spider hacker group have each been sentenced to five and a half years in prison for their roles in the 2024 attack against Transport for London (TfL). Thalha Jubair and Owen Flowers pleaded guilty to offenses under Section 3ZA of the UK's Computer Misuse Act in June 2026 on the first day of their trial. The attack "disrupted public services, exposed customer data and ultimately cost the transport authority £29 million ($39 million) in recovery expenses." While London's transport network was not disrupted, TfL employees were forced to reset their passwords in person and disrupted the availability of multiple TfL internal systems. This case is just the second time someone has been convicted under CMA's Section 3ZA, which deals with "unauthorized acts involving computers that cause, or create a significant risk of, serious damage, where the offender intends to cause that damage or is reckless as to whether it occurs." The previous instance involved a GCHQ intern who received a six year sentence following a national security investigation.

While it is good news to read about cybercriminals receiving prison sentences for their illegal actions, it saddens me when I read the background of young individuals like these two. Cases like this demonstrate that arrests and prison sentences, while necessary, come too late for everyone involved. The damage to victims has already been done, and the offenders have lost years of their own lives. With both individuals having had previous contact with law enforcement, there is a clear need for better early intervention programmes to identify young people who are vulnerable to recruitment and grooming by cybercriminal groups. Breaking that cycle before criminal careers begin would benefit society far more than simply prosecuting offenders after the fact.

Those guilty pleas got them a fifteen percent reduction in their sentence. Scattered Spider was behind the recent attacks on MGM Resorts, Marks & Spencer, the Co-op, and Harrods; it's nice to see them set back. The TfL attack leveraged purchased credentials which were then used to reset 2FA credentials. Note that it took a few tries to pull that off, but they did. Once they had those credentials, they were able to elevate privileges and access systems and databases. One thing that worked well was early engagement of law enforcement, which facilitated the arrests and conviction. I see this as a reminder to make sure your MFA is not one which is easily compromised, as SMS is. Look forward to implementing phishing resistant MFA as well as deprecating unsecure fallback authenticators.
SANS Internet Storm Center StormCast Friday, July 17, 2026
Windows Hello for Business; NGINX Vuln; 7-zip vuln
https://isc.sans.edu/podcastdetail/10012
German Federal Information Security Office Analyzes Windows Hello for Business
NGINX Vulnerability
https://my.f5.com/manage/s/article/K000162097
7-Zip XZ Decompression CVE-2026-14266
https://www.zerodayinitiative.com/advisories/ZDI-26-444/
SANS Internet Storm Center StormCast Thursday, July 16, 2026
DShield SIEM Update; MSFT Patches vs. Intel IPF; Zoom Patch; Forgotten UEFI Shims
https://isc.sans.edu/podcastdetail/10010
DShield SIEM Update
https://isc.sans.edu/diary/Recent+DShield+SIEM+Update/33156
Microsoft Patch Tuesday vs. Dell Intel Innovation Platform Framework (IPF) drivers
Zoom Account Takeover Patch
https://www.zoom.com/en/trust/security-bulletin/zsb-26014/
Forgotten UEFI shims undermining Secure Boot
https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/
SANS Internet Storm Center StormCast Wednesday, July 15, 2026
Microsoft Patches; New MSFT Priv Escalation; Progress ShareFile 0-Day; Grok Exfiltration
https://isc.sans.edu/podcastdetail/10008
Microsoft Patch Tuesday July 2026 - The AI Apocalypse is Here
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+July+2026+The+AI+Acopolypse+is+Here/33154
LegacyHive : Windows user profile service arbitrary hive load elevation of privileges vulnerability
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
xAI/Grok Exfiltrating Data and Secrets
https://thehackernews.com/2026/07/grok-build-uploads-entire-git.html
My Upcoming Classes
Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.
The AI Security Starter Pack - Securing AI apps, Models, and Agents Unlock 7 of the most widely used AI security resources in one place. Apply real-world checklists, templates, and best practices designed to secure AI adoption. Each asset provides practical, implementation-ready resources to secure AI adoption, models, and agents across your environments.
Webinar | AI and Network Control: Visibility, Risk Prioritization, and Automation in the Age of Agentic NetOps | Monday, July 20 | Matt Bromiley & Avishai Wool
Webinar | How to Reduce Connectivity Tickets and Accelerate Application Changes | Wednesday, Jul 29 | Kevin Garvey & Kyle Wickert
Webinar | Government Forum | July 22 | The agenda is now live. Explore expert-led sessions on AI, OT security, Zero Trust, and cyber resilience, then register to attend live or watch on demand.