
#280 - Mythos and the Future of Vulnerability Operations (with Gadi Evron)
From CISO Tradecraft® by G Mark Hardy & Ross Young
April 20, 2026 · 44 min · Episode 280
About this episode
G Mark Hardy interviews Gadi Evron about the implications of AI on vulnerability operations and security strategies for CISOs.
In this episode of CISO Tradecraft, host G Mark Hardy speaks with Gadi Evron about the paper “The AI Vulnerability Storm Building: A Mythos Ready Security Program,” a community-driven draft produced in days with extensive input from security leaders. Evron explains how advances in LLMs and agents are accelerating vulnerability discovery and exploitation, shrinking time-to-exploit assumptions and likely increasing the volume of real vulnerability reports and patches. They discuss separating hype from real risk, the impact of Anthropic’s Mythos and limited access via Project Glasswing, and what CISOs should do now: adopt agents to operate at machine speed, use them defensively to find issues, build “vuln ops” capabilities, secure coding agents in the enterprise, and communicate shifting risk metrics to boards. They also preview the next Unprompted conference planned for September. VulnAxis - https://vulnaxis.com/ Gadi Evron - https://www.linkedin.com/in/gadievron/ Knostic - https://www.knostic.ai/ The AI Vulnerability Storm Paper - https://labs.cloudsecurityalliance.org/mythos-ciso/ Unprompted - https://unpromptedcon.org/
People in this episode
Host: G Mark Hardy
Guest: Gadi Evron
Topics covered
- vulnerability operations
- AI in security
- risk management
- CISO strategies
- vulnerability discovery
- machine speed operations
Keywords
- vulnerability
- AI
- CISO
- risk
- security
- vuln ops
- exploitation
- machine speed
- reporting
- patches
Mentioned in this episode
Organizations: Anthropic, Project Glasswing, VulnAxis, Knostic
Books & works: The AI Vulnerability Storm Building: A Mythos Ready Security Program
More episodes of CISO Tradecraft®
- #287 - Cybersecurity Insights You'll Want to Hear (with Michael Hammer) · June 8, 2026 · 45 min
- #286 - AI-Native Security (with Nishant Doshi & Saro Subbiah) · June 1, 2026 · 46 min
- #285 - Passwordless Authentication (with Nishant Kaushik) · May 25, 2026 · 42 min
- #284 - Lessons Learned from SQL Slammer to AI Agents (with Aaron Turner) · May 18, 2026 · 46 min
- #283 - Leadership Lessons and the Art of the Performance (with Chris Brogan) · May 11, 2026 · 48 min
- #282 - Top 10 Agentic AI Attacks (with Rock Lambros) · May 4, 2026 · 45 min
Explore listener stats, chart rankings, contacts and more on the CISO Tradecraft® podcast page.