Highlights from CYBR.HAK.CON. 2026
Among the topics: Cognitive warfare and medical device mayhem.
Vulnerability Management
AI Scanning's Hidden Tax: $128K in Triage Before a Fix
AI security scanners promise to reduce AppSec workload, but Contrast Labs' testing shows they systematically multiply it, turning a $315 API fee into an estimated $128,000 triage burden, before fixing a single vulnerability.
Cognitive Warfare Has Entered the SOC. What it is, How to Respond
Information overload, cognitive warfare, and nonstop digital noise are turning human attention into a vulnerable attack surface.
Pentesting Theater: When the Pentest Report Lands, and the Vulnerabilities Remain
Organizations spend real money on penetration testing and too often walk away afterwards with the same vulnerabilities they started with. The test happened. The report landed. The checkbox got checked. Nothing significant has changed.
The Vulnpocalypse Isn’t Your Problem
But it might be your company’s problem.
From Threat Intel to ‘VulnOps’: Why Level 1 SOC as We Know It Is Heading to Extinction
Traditional security operations: CTI feeds piped into a SIEM, alerts routing into a ticket queue, and analysts triaging the resulting flood is running out of road. A new operational model is emerging in its place, and it doesn’t look much like what most security teams currently have in place.
How to Build a Vulnerability Intelligence Pipeline That Doesn't Rely on NIST's NVD
With NIST's National Vulnerability Database now triaging only a fraction of incoming CVEs, security teams must diversify beyond NVD while rethinking patch SLAs and risk scoring.
NIST Declares “Inbox Zero,” Pulls Back on CVE Enrichment. Now Enterprise Security Teams Must Fill the Gap
An analysis of the National Vulnerability Database's shift to risk-based triage and what it actually means for the people patching systems (first of a two-part analysis)
Mythos and the Making of a Cybersecurity Mental Health Crisis
The AI-driven “vulnerability storm” isn’t just a technical problem—it’s a human breaking point, and the Mythos report’s authors are right to elevate burnout from a side issue to a frontline risk.
Mythos Broke the Clock, Now Defenders Are Racing the Storm
A coalition of cybersecurity heavyweights has issued an emergency playbook for surviving the AI-driven “vulnerability storm” — and it makes clear that speed, automation, and collective defense are now existential requirements.
Infographic: 7 Moves to Survive the AI Vulnerability Storm
As AI-driven threats collapse the time to exploit, this infographic distills a rapid-response playbook from leading cybersecurity experts on how defenders must adapt fast.
Epoch Theory and the Future of Vulnerability Management
Epoch Theory is Jeremiah Grossman’s framework for understanding how cybersecurity evolves in distinct phases driven by attacker behavior, not defensive intention.
AI-Powered Espionage Disclosure: Industry Questions Value of Anthropic's Postmortem
Anthropic's disclosure lacked important elements, which explains the professional criticism that erupted despite the potmortem's potential significance. And while the post is marketing for Anthropic, it also provides strategic threat context for security executives.
Reflections on the CVSS Keynote
Go talk to some VM teams, and you, too, will see what I see.
