Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland... - SWN #586

Security Weekly News (Audio)34mJune 2, 2026
AI-Generated Summary

AI is no longer just a tool—it's becoming an execution surface in its own right, turning trusted summaries into attack vectors. A groundbreaking vulnerability in AI assistants like ChatGPT allows malicious webpages to inject phishing links, QR codes, and fake alerts directly into AI-generated responses, exploiting user trust without requiring a click. This isn't a code exploit—it's a psychological one, where the AI’s rendering of untrusted content becomes a delivery mechanism. Meanwhile, companies are hemorrhaging millions on unbounded AI usage, not from tokens, but from the massive cost of validating AI’s hallucinated findings. As LLMs solve century-old math problems and evolve like Heraclitus’ ever-changing river, the real danger isn’t AI’s intelligence—it’s the blind trust we place in it. The episode warns: treat every AI summary as hostile until proven otherwise, and remember that zero trust must extend beyond systems to human workflows. The episode also dives into the alarming speed of modern cyber threats, with exploit-to-attack windows shrinking to days, and critical vulnerabilities like NetLogon and PanOS being actively exploited. Patching isn’t just technical—it’s logistical, human, and often impossible when teams are furloughed or keys don’t work. The core message? Automation and AI don’t fix broken processes—they amplify them.

Key Takeaways
1

AI summaries are now execution surfaces—treat every untrusted AI response as hostile until proven otherwise.

2

The 'markdown exfiltration' bug lets attackers inject phishing links and QR codes into AI summaries via untrusted web content.

3

AI’s biggest cost isn’t tokens—it’s the human labor to validate its hallucinated findings and false positives.

4

CVSS scores alone are insufficient for prioritization; context like exposure, access, and impact matter more than a number.

5

Time to exploit (TTE) is now measured in days, not weeks—patching must be automated or physically executable.

…and 3 more takeaways available in PodZeus

Chapters
0:00
2 min

Welcome to Security Weekly News #586

Doug White kicks off the episode, introducing the week’s topics: AI, SSO, NetLogon, PanOS, AI costs, and the breakthrough LLM solution to a decades-old math problem.

2:00
2 min

The Hidden Danger of Single Sign-On (SSO)

If I log into Ralph's account, what can I do? And when, you know, this was stuff we were testing long, long ago, trying to figure out who has access to what.

Highlight
4:20
3 min

The Patching Nightmare: From Microcode to Physical Access

I had to drive all the way over there, ended up having to climb a ladder, open the case and reset a jumper. So the whole thing took 24 hours because when I got over there, my key didn't work.

Highlight
7:30
4 min

The Shrinking Time to Exploit (TTE)

Time to exploit TTE has been plummeting like a politician's popularity rating after the Wall Street Journal found that they put pineapple on pizza...

Highlight
11:10
4 min

The AI Cost Crisis: Beyond Tokens

The biggest cost of AI wasn't even the usage tokens. It was triaging and validating the thousands and thousands of findings AI was producing for them.

Highlight
High-Impact Quotes
The summary stops being a read of the page it becomes communication from the attacker that looks like it came from open AI.
Aaron Leland27:39
They found that the biggest cost of AI wasn't even the usage tokens. It was triaging and validating the thousands and thousands of findings AI was producing for them.
Doug White17:04
I mean, it didn't come up with an original new idea, so it didn't... you know, form the very first opinion of this. But it solved a problem that no one had ever been able to solve with a proof.
Doug White33:17
Speakers

Host

Doug White

Guest

Aaron Leland
Topics Discussed
ai security95%single sign-on risk90%time to exploit88%llm evolution85%ai cost management85%ai hallucination80%vulnerability management75%zero trust70%
People & Brands

ChatGPT

product

15xNeutral

Doug White

person

12xNeutral

Claude

product

10xNeutral

Aaron Leland

person

8xPositive

Heraclitus

person

6xPositive

Microsoft Copilot

product

5xNeutral

NetLogon

other

5xNegative

PanOS

product

4xNegative

CISA

organization

4xNeutral

CCB

organization

3xNeutral

Start discovering podcast insights today

Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.

No credit card required • 7-day trial • Cancel anytime