Phoenix Cast

In this episode of Phoenix Cast, hosts John and Kyle break down a packed week in cyber: the Canvas ed-tech breach by Shiny Hunters that hit 9,000 schools and 275 million records right at testing season (both of their kids' schools are scrambling to go non-digital), Firefox's eye-opening collaboration with Anthropic's Mythos model that surfaced 271 vulnerabilities in a single release for a fraction of the cost of a traditional bug bounty, and the Dirty Frag Linux kernel zero-day that escalates to root in seconds — but whose fix breaks IPsec VPNs and file sharing. They also dig into the new MAR ADMIN making AI training mandatory for every Marine, and John collects on Kyle's gaslighting from two episodes ago about model quality degradation (Anthropic basically said "whoops"). Stick around for John's hot take that ASIs — Authorized Service Interruptions — are officially dead in a world where chained vulnerabilities and 271 patches can drop in a single release.We’d love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links - Canvas Hack:Canvas Login Portals Hacked - ShinyHunters Extortion Campaign (BleepingComputer)https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/Hackers Deface School Login Pages After Claiming Another Instructure Hack (TechCrunch)https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/2026 Canvas Security Incident (Wikipedia)https://en.wikipedia.org/wiki/2026_Canvas_security_incidentLinks - Firefox Using Mythos:Claude Mythos Has Found 271 Zero-Days in Firefox (Schneier on Security)https://www.schneier.com/blog/archives/2026/04/claude-mythos-has-found-271-zero-days-in-firefox.htmlThe Zero-Days Are Numbered (Mozilla Blog)https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/Behind the Scenes Hardening Firefox with Claude Mythos Preview (Mozilla Hacks)https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/Claude Mythos Finds 271 Firefox Flaws, Mozilla Believes It Shifts Security Toward Defenders (Help Net Security)https://www.helpnetsecurity.com/2026/04/22/claude-mythos-mozilla-vulnerabilities-scanning/Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek)https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/Mythos and Cybersecurity (Schneier on Security)https://www.schneier.com/blog/archives/2026/04/mythos-and-cybersecurity.htmlLinks - Dirty Frag:New Linux ‘Dirty Frag’ Zero-Day With PoC Exploit Gives Root Privileges (BleepingComputer)https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (The Hacker News)https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.htmlActive Attack: Dirty Frag Linux Vulnerability Expands Post-Compromise Risk (Microsoft Security Blog)https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/RHSB-2026-003 Networking Subsystem Privilege Escalation - Linux Kernel (Red Hat)https://access.redhat.com/security/vulnerabilities/RHSB-2026-003Dirty Frag PoC Exploit (V4bel/dirtyfrag GitHub)https://github.com/V4bel/dirtyfrag

In this episode of Phoenix Cast, hosts John, Rich, and Kyle welcome Katie Moussouris — founder and CEO of Luta Security, creator of Microsoft’s first bug bounty program, and architect of Hack the Pentagon — to break down Anthropic’s Project Glasswing and what it means when an AI model can find hundreds of real-world vulnerabilities at scale. Katie walks through the staggering complexity of coordinating multi-party vulnerability disclosure across 40 organizations, drawing on her own experience running similar efforts at Microsoft, and doesn’t shy away from the hard questions about whether the cybersecurity workforce is cooked or about to boom. The conversation heats up as the crew debates how much of Glasswing is marketing versus genuine emergency, whether offensive and defensive AI use can coexist responsibly, and what all of this means for critical infrastructure, supply chains, and the warfighter. Katie closes with a bold call for universal basic income funded by AI productivity — and if that doesn’t make you hit play, nothing will.We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:Project Glasswing (Anthropic):https://www.anthropic.com/glasswing Luta Security:https://www.lutasecurity.com Hack the Pentagon (USDS):https://www.usds.gov/projects/hack-the-pentagon Katie Moussouris - "Fixing a Hole: The Labor Market for Bugs" (MIT Press):https://direct.mit.edu/books/edited-volume/3582/chapter-abstract/120140/Obligatory XKCDhttps://xkcd.com/2347/

In this episode of Phoenix Cast, hosts John, Rich, and Kyle break down the recent “hack” of McKinsey’s internal AI platform Lilly — where a security startup’s automated agent gained full root access through unsecured API endpoints in under two hours — sparking a lively debate on what actually constitutes a hack and why zero trust architecture still matters more than ever. The crew covers exciting new GenAI.mil features including Agent Builder and API key access, Anthropic’s upgrade of Claude Code’s context window from 200K to a million tokens, and what context rot means for power users. Kyle then delivers a fired-up debrief from the USMC Generative AI Workshop at Quantico, where Marines from across the Corps showcased everything from AI-powered recruiting simulations to homegrown tools, and the hosts challenge listeners to start building MOS-specific prompt libraries to multiply impact across the force. If you want a masterclass in both the promise and the pitfalls of AI adoption in the military, this one’s packed from start to finish.We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:MCKINSEY HACKhttps://www.inc.com/leila-sheridan/an-ai-agent-broke-into-mckinseys-internal-chatbot-and-accessed-millions-of-records-in-just-2-hours/91314432WHAT IS AN API?http://en.wikipedia.org/wiki/APIWHAT IS BOLA?https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/12-API_Testing/02-API_Broken_Object_Level_AuthorizationOBLIGATORY XKCD: https://xkcd.com/327/

In this episode of Phoenix Cast, hosts John, Rich, and Kyle break down the rapidly evolving world of agentic artificial intelligence through the story of Clawd—also known as Molt and now OpenClaw. They explain what AI agents are, how tools like Claude Code and full-system agents are changing the way humans interact with machines, and why this shift is both powerful and potentially risky. The hosts explore real-world implications ranging from productivity and security to misinformation, open-source automation, and the viral “AI-only social network” phenomenon. They also reflect on the broader impact of human-machine teaming, discussing how leadership, communication, and creativity will shape the future of technology, cybersecurity, and modern warfighting.We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:Clawdbot: https://www.computerworld.com/article/4125939/by-whatever-name-moltbolt-clawd-openclaw-this-uber-ai-assistant-is-a-security-nightmare.htmlAnthropic Economic Indexhttps://www.anthropic.com/economic-indexPeter Steinberger Websitehttps://steipete.me/Moltbookhttps://www.moltbook.com/

In this episode of the Phoenix Cast, hosts John and Kyle kick off 2026 with a jam-packed current events roundup covering the React to Shell vulnerability (think Log4Shell but for the front end), the Marine Corps' new drone training requirements, Google's TPU announcements that might have NVIDIA sweating, and the launch of GenAI.mil. They also share some exciting podcast milestones, dish out their 2026 predictions, and Kyle reveals his holiday vendetta against PowerPoint that resulted in building his own AI-powered presentation tool.We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!LinksKyle’s “The 8 Levels of AI Learning for Modern Commanders”https://www.linkedin.com/pulse/8-levels-ai-learning-modern-commanders-kyle-kmo-moschetto-mxuycReactShell:https://securityboulevard.com/2026/01/top-cves-of-december-2025/TorchTPU:https://hyperframeresearch.com/2025/12/24/can-googles-torchtpu-eventually-bridge-nvidias-cuda-moat/ WSJ: “Why AI Will Widen the Gap Between Superstars and Everybody Else”https://www.wsj.com/lifestyle/workplace/ai-workplace-tensions-what-to-do-c45f6b51?reflink=desktopwebshare_permalink USMC drone program: https://www.marines.mil/News/Messages/Messages-Display/Article/4366306/approved-training-requirements-for-small-unmanned-aerial-systems/USMC AI WORKSHOP MARADMINhttps://www.marines.mil/News/Messages/Messages-Display/Article/4367572/united-states-marines-corps-generative-and-agentic-artificial-intelligence-work/II MEF Leadership AI:https://www.iimef.marines.mil/News/article-display/Article/4364616/ii-mef-advanced-ai-command-course/ Self-Paced AI Training (Military discount available)https://ftcg.io/self-paced-training Vibe Coding book (Gene Kim and Steve Yegge):https://itrevolution.com/product/vibe-coding-book/Gas Town:https://steve-yegge.medium.com/welcome-to-gas-town-4f25ee16dd04

In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest MajGen (ret) Ryan Heritage - the former J3 (Director of Operations) for US Cyber Command, and Commander of Marine Corps Forces Cyberspace Command. We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!

In this episode of the Phoenix Cast, hosts John, Rich, and Kyle are joined by special guests Cols Russ Belt and Kevin Stepp, the II MEF and I MEF G-6s. They continue the discussion started by Col Matt Schroer on Episode 122, and LtCols Berdela and Henderson on Episode 123 about the future of communications formations. We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!

What should leaders take from Brickstorm, a 150-year-old company felled by one password, and an easy Microsoft global-admin misstep—plus how agent-to-agent payments could evolve? In this episode of the Phoenix Cast, hosts John and Kyle connect the dots for you. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and https://www.bleepingcomputer.com/news/security/google-brickstorm-malware-used-to-steal-us-orgs-data-for-over-a-year/https://thehackernews.com/2025/09/how-one-bad-password-ended-158-year-old.html?m=1don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/https://colinmcnamara.com/blog/understanding-a2a-ap2-protocols-builder-guide

In this episode of the Phoenix Cast, hosts John and Kyle are joined by special guest Col Matt Schroer - Enterprise and Expeditionary Communications Branch Head, Deputy Commandant for Information (DC I), Information Command, Control, Communications and Computers (IC4). They discuss the future of Marine Corps communications and some of the work being done to move the Marine Corps enterprise forward. We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!

In this episode of Phoenix Cast, hosts John and Kyle discuss MCP, and MCP vulnerabilities, and GPU Hammer. Have a listen, and let us know what you think!We'd love to hear your thoughts! Tweet us at our new handle, @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links:MCP - https://aws.amazon.com/blogs/database/supercharging-aws-database-development-with-aws-mcp-servers/?sc_channel=sm&sc_campaign=DBA_AWS_for_Data&sc_publisher=LINKEDIN&sc_country=global&sc_geo=GLOBAL&sc_outcome=awareness&sc_category=Amazon%20Q&linkId=835893819Vulnerabilities - https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.htmlhttps://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html

In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Robert Teller and they talk through some of the scarier sides of AI.Share your thoughts with us on Twitter: @ThePhoenixCast (Now verified!) and join our LinkedIn group to interact with other Phoenix Casters.

In this episode of Phoenix Cast, hosts John, Rich, and Kyle talk about AI in the news, and some reflections on what it means. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.Links: Disney employee article:https://www.the-independent.com/news/world/americas/crime/disney-hack-nullbulge-ai-slack-b2705487.html Cloudflare AI against AI:https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/ Bleeping computer AI training set data article:https://www.bleepingcomputer.com/news/security/nearly-12-000-api-keys-and-passwords-found-in-ai-training-dataset/

In this episode of Phoenix Cast, hosts John, Rich, and Kyle are joined by special guest Michael Frank and Jimmy Mastrom from the Marine Innovation Unit. Listen as they discuss the relationship between the Defense Innovation Unit (DIU) and the Marine Innovation Unit, how they are supporting Marines, and about innovation in general. Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER, MCCYWG, & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: Unit X https://www.amazon.com/Unit-Pentagon-Silicon-Valley-Transforming/dp/1668031388 https://www.marforres.marines.mil/MIU/ https://www.marforres.marines.mil/MIU/Join/Application/ https://www.linkedin.com/company/marine-innovation-unit/posts/?feedView=all