<![CDATA[For those getting questions about Glasswing from their executives, give them this article.]]>For those getting questions about Glasswing from their executives, give them this article.

Link Preview Image
While Everyone Watches Glasswing, Attackers Are Walking Through Your Front Door. - Aether AI

Aether AI's agents pressure test your attack surface continuously, across every attack vector, internally and externally. The same agents then dynamically generate the unique defensive signals required to protect your organisation at machine speed.

favicon

(tryaether.ai)

]]>https://board.circlewithadot.net/topic/687de2ea-a37c-46ba-a176-84dc994af6c9/for-those-getting-questions-about-glasswing-from-their-executives-give-them-this-article.RSS for NodeFri, 10 Apr 2026 12:30:54 GMTThu, 09 Apr 2026 18:11:07 GMT60<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 19:00:29 GMT]]>@cR0w @Sempf that was nicely articulated, thanks

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/darkuncle/statuses/116376287916868088https://board.circlewithadot.net/post/https://infosec.exchange/users/darkuncle/statuses/116376287916868088Thu, 09 Apr 2026 19:00:29 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:56:47 GMT]]>@cR0w @Sempf @darkuncle I feel attacked.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/NosirrahSec/statuses/116376273379995164https://board.circlewithadot.net/post/https://infosec.exchange/users/NosirrahSec/statuses/116376273379995164Thu, 09 Apr 2026 18:56:47 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:49:28 GMT]]>@Sempf @cR0w @darkuncle I'm one of the many in the ranks of the funemployed. But I'm definitely seeing a whole lot of gnashing of teeth and sky-is-falling shit from both management and from people who have absolutely no excuse for buying into LLM generated bullshit.

]]>https://board.circlewithadot.net/post/https://weird.autos/users/rootwyrm/statuses/116376244632091938https://board.circlewithadot.net/post/https://weird.autos/users/rootwyrm/statuses/116376244632091938Thu, 09 Apr 2026 18:49:28 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:48:56 GMT]]>@Sempf @rootwyrm @darkuncle I did for a while, but then they found out I'm skeptical but back up my skepticism when asked so they stopped asking me for the most part. They ask the AI fans now.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376242545653224https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376242545653224Thu, 09 Apr 2026 18:48:56 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:47:44 GMT]]>@cR0w @rootwyrm @darkuncle But out of curiosity, are you getting questions from your management? None of my clients have said a word one, and several of them are very AI focused.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376237769347820https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376237769347820Thu, 09 Apr 2026 18:47:44 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:46:00 GMT]]>@Sempf @rootwyrm @darkuncle If even that.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376230959999823https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376230959999823Thu, 09 Apr 2026 18:46:00 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:45:29 GMT]]>@rootwyrm @cR0w @darkuncle I believe that is exactly correct. As I mentioned somewhere, open up a developer console on any browser on any website of any size and significance, and you'll see 7,000 vulnerabilities in the JavaScript. Absolutely none of them are exploitable for anything useful at all. They don't really matter, and I would imagine that 99.997% of the things that are showing up in this magic report are going to be exactly like that.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376228966313957https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376228966313957Thu, 09 Apr 2026 18:45:29 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:44:32 GMT]]>@Sempf @darkuncle

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376225218861457https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376225218861457Thu, 09 Apr 2026 18:44:32 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:42:04 GMT]]>@cR0w @darkuncle You should start a blog. Oh, wait.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376215547770333https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376215547770333Thu, 09 Apr 2026 18:42:04 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:40:46 GMT]]>@cR0w @darkuncle @Sempf if the first question asked isn't "where's the proof" then people aren't doing their jobs. And Anthropic shitting their pants on command is not proof. They claimed GPT2 was 'too dangerous to release.'

So where's the proof?

An un-exploitable bogus OpenBSD bug that was only validated by themselves?
A research paper they wrote with Claude with a whole lot of fabricated crap?

Where. Is. The. Proof?

Answer: there is none and never will be.

]]>https://board.circlewithadot.net/post/https://weird.autos/users/rootwyrm/statuses/116376210431117579https://board.circlewithadot.net/post/https://weird.autos/users/rootwyrm/statuses/116376210431117579Thu, 09 Apr 2026 18:40:46 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:36:20 GMT]]>@darkuncle @Sempf Easier for attackers means a potentially higher likelihood of occurrence, but it does not change the severity of impact. And while the likelihood does theoretically impact the risk score, for at least some orgs, it's minimal to no change when your adversaries are at the top of the field already. The rising tide of AI may be lifting all attackers' boats, but the high water mark remains the same, despite the industry continuously claiming a tsunami is coming. I just don't see it.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376193000774308https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376193000774308Thu, 09 Apr 2026 18:36:20 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:33:03 GMT]]>@Sempf Not just Glasswing but every new AI hype comes to my team like it's some major new threat, but the only thing that seems to change is the scope and scale of individual attackers, not the state of the art. I have yet to see novel vulnerabilities or new attack paths discovered with any AI system yet. If it can only find a bunch of existing vuln classes, then it should already be addressed. If not, then the model was broken and now is a great time to update it. I don't see a difference between AI finding new things and APT69420 finding new things. Because they're not really that new. They haven't been for a while.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376180096315711https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376180096315711Thu, 09 Apr 2026 18:33:03 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:31:35 GMT]]>@Sempf @cR0w "We have a different question. When did zero days become the threat you were supposed to be worried about?"

I mean, yeah, but also just because somebody is doing the basics poorly does not mean that advanced techniques are not *also* a threat. Many threats simultaneously! And some of them just became more risky and easier for attackers to leverage ...

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/darkuncle/statuses/116376174294370832https://board.circlewithadot.net/post/https://infosec.exchange/users/darkuncle/statuses/116376174294370832Thu, 09 Apr 2026 18:31:35 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:28:36 GMT]]>@cR0w When you say your risk models remain unchanged, does that mean you are not receiving pressure from management to change them due to Glass Wing, or that you already have and you're not changing them back?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376162568784360https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116376162568784360Thu, 09 Apr 2026 18:28:36 GMT<![CDATA[Reply to For those getting questions about Glasswing from their executives, give them this article. on Thu, 09 Apr 2026 18:13:42 GMT]]>@Sempf Yeah, that's a no for me. My risk models remain unchanged.

He is right that AI gives us the catalyst and the tools.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376103992915500https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116376103992915500Thu, 09 Apr 2026 18:13:42 GMT