Subscribe Share Full episode and show notes Breach , AI/ML , AI benefits/risks You’re not going to patch your way out of this – PSW #926 This week: New Yellowkey bitlocker bypass and what it means for you Hackers can run you over with a robot lawnmower FCC says new things about routers, again Glitching with AI almost no false positives AI thought it was evil DirtyFrag and the sad state of Linux LPEs You can buy better tools, perfect security, and other lies The Canvas breach Hackers can still take over trains Baby monitors, on the Internet! dnsmasq flaws I am now paying attention to Swordfish A neat vulnerability for ransomware Mythos, Curl, and how to do secure software Various ways to use AI to find bugs, spoiler, you don’t need Mythos May 14, 2026 Full Segment Notes This week: New Yellowkey bitlocker bypass and what it means for you Hackers can run you over with a robot lawnmower FCC says new things about routers, again Glitching with AI almost no false positives AI thought it was evil DirtyFrag and the sad state of Linux LPEs You can buy better tools, perfect security, and other lies The Canvas breach Hackers can still take over trains Baby monitors, on the Internet! dnsmasq flaws I am now paying attention to Swordfish A neat vulnerability for ransomware Mythos, Curl, and how to do secure software Various ways to use AI to find bugs, spoiler, you don't need Mythos Hosts Paul Asadoorian @0offset https://securitypodcaster.com Jeff Man https://www.obsglobal.com/ Joshua Marpet https://www.cyturus.com Larry Pesce @haxorthematrix https://www.finitestate.io/ https://breakstuffforfun.com/ Lee Neely Sam Bowne https://samsclass.info/ List of Articles Paul Asadoorian Lanzaboote: Towards Secure Boot for NixOS Lanzaboote is a pragmatic Secure Boot implementation for NixOS that trades off some threat-model assumptions for usability. Lanzaboote is a NixOS-specific UEFI stub that enables Secure Boot without the standard UKI approach of embedding the kernel and initrd inside a single signed binary. Instead, Lanzaboote signs a lightweight stub that contains the paths and hashes of the kernel and initrd stored separately on the ESP, then delegates signature verification to UEFI's LoadImage call—avoiding duplicating crypto in the bootloader. github Why it matters : NixOS's content-addressed store generates a new kernel path on every update, making traditional UKI approaches impractical since you'd need to re-sign a monolithic binary constantly. Lanzaboote solves this elegantly but introduces a security caveat—the initrd lives unprotected on the ESP, protected only by a hash embedded in the signed stub rather than a direct UEFI signature. github Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability The author (Chaotic Eclipse / Nightmare-Eclipse) posted details at deadeclipse666.blogspot.com , confirming the release was motivated by Microsoft silently patching a prior zero-day (RedSun) with no CVE and no advisory. deadeclipse666.blogspot How It Works: YellowKey abuses NTFS transactional file system (TxF/FsTx) in combination with Windows Recovery Environment (WinRE) . The attacker copies a specially crafted folder (containing transaction files) to a USB drive or the EFI partition, then triggers WinRE's automatic repair sequence. When WinRE processes the injected transaction file, it deceives Windows into believing it is executing a staged OS update via FsTx—a trusted component in SafeOS—causing the TPM to release the BitLocker encryption key and grant an unrestricted shell to the storage volume. reddit Physical access is required, but critically TPM+PIN does not mitigate this —the researcher confirmed exploitability in TPM+PIN environments and states the full PoC for that variant has been withheld. Independent researchers Kevin Beaumont and Will Dormann both confirmed the USB-based variant works. bleepingcomputer Patch Status: Unpatched as of May 13, 2026 —no CVE assigned, no Microsoft advisory, no patch. This is the researcher's fifth+ zero-day drop this year (same person behind RedSun, UnDefend, BlueHammer), all released in full or partial PoC form out of frustration with Microsoft's disclosure process. The real root cause remains publicly unknown even to MSRC per the researcher. theregister Recommended mitigations until patched: BitLocker PIN + BIOS password (limits physical-access exploitation window), disable WinRE where feasible in high-security environments. bleepingcomputer Our evaluation of OpenAI’s GPT-5.5 cyber capabilities UK AI Security Institute evaluated GPT-5.5 against 95 narrow cyber tasks (CTF format) testing reverse engineering, web exploitation, cryptography, heap/stack overflows, UAF, type confusion, cryptanalysis, TOCTOU races, and malware unpacking. Achieved 71.4% pass rate on Expert-level tasks versus 68.6% for Mythos Preview, 52.4% for GPT-5.4, and 48.6% for Opus 4.7—may be the strongest model AISI has tested. aisi.gov Multi-Step Attack Simulation : GPT-5.5 completed "The Last Ones" corporate network attack simulation end-to-end (32-step scenario, estimated 20 hours for human) in 2 of 10 trials, making it the second model after Mythos Preview (3/10 success). Failed to solve "Cooling Tower" range targeting OT/ICS environments, getting stuck on IT sections rather than OT-specific steps. tech.yahoo Limitations : Evaluated ranges lack active defenders, defensive tooling, and alert penalties; testing scoped to scenarios where model already has network access and is directed toward specific vulnerable targets. AISI building new ranges to assess detection evasion on hardened targets. aisi.gov Trend Analysis : Two models from different developers (Anthropic, OpenAI) reaching similar performance suggests cyber-offensive skill is emerging as byproduct of general improvements in long-horizon autonomy, reasoning, and coding—expect further rapid capability increases potentially in quick succession. linkedin Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code Microsoft MDASH Results : Microsoft's multi-model agentic scanning harness (MDASH) discovered 16 vulnerabilities in April 2026 Patch Tuesday (out of 137 total CVEs), including four critical-severity flaws like unauthenticated RCE in Windows kernel TCP/IP stack and IKEv2 service. System orchestrates 100+ specialized AI agents across frontier and distilled models through a structured pipeline: preparation → scanning → validation → deduplication → proof construction, with agents debating exploitability before escalating to humans. linkedin MDASH Validation : Against pre-patch snapshots of heavily-audited Windows components, MDASH recovered 96-100% of confirmed vulnerabilities discovered over the previous five years; achieved 88% success rate on CyberGym benchmark (1,507 real-world vulnerability tasks). Currently in limited private preview. linkedin Palo Alto Networks Output : Published record 26 security advisories in one day (typical monthly volume: 5-10), covering 75 vulnerabilities across 130+ products including recent acquisitions (CyberArk, Chronosphere, Koi). Majority found internally using Claude Mythos and other frontier AI models; none rated critical, no known exploitation, three high-severity requiring specific configurations. linkedin Strategic Implications : Palo Alto CISO Marc Benoit emphasizes volume reflects finding issues while exploitation status remains "none known"—preemptive discovery over reactive patching. Company warns organizations have 3-5 month window to outpace adversaries before AI-driven discovery becomes widespread attacker capability. Long-term strategy: integrate AI models directly into SDLC to prevent flaws reaching production. linkedin Context : This aligns with broader industry surge—Microsoft April 2026 Patch Tuesday totaled 163 CVEs (second-largest monthly release), with TrendAI noting tripled incoming submission rate likely driven by AI tools. crn Finding Zero-Days with Any Model Niels Provos argues zero-day discovery capability resides in the orchestration harness , not frontier models—using his open-source IronCurtain framework with commercial models (Opus 4.6, Sonnet 4.6) and open-weight models (Z.AI GLM 5.1) to autonomously discover vulnerabilities in foundational software. provos Architecture : Finite state machine (FSM) orchestration using journal-based state management—the orchestrator never reads target source code directly, relying entirely on agent-maintained journals to manage investigations. Discipline: hypothesize statically, validate by execution; PoCs are executable harnesses proving reachability and memory corruption beyond static analysis. Each agent state begins with fresh context window and rehydrates from disk artifacts. provos Economics & Performance : Single run against moderate codebase consumes ~10M tokens on Opus/Sonnet ($150/$30 per investigation); GLM 5.1 averaged 27M tokens per run due to more iteration cycles. The workflow is token-intensive but demonstrates commercial model parity with frontier capabilities when properly orchestrated. provos Validation Case : Sonnet 4.6 analyst mapped structural data flows; validation via Opus 4.6 in Claude Code using lightweight fuzzing to isolate exact trigger—two sequence numbers out of 4.3 billion on the 32-bit sign boundary, replicated via QEMU-based driver. Opus 4.7 confirmed exploitability primitives: controlled OOB heap read/write in widely-deployed internet-facing library. provos Asymmetry Warning : Well-resourced adversaries already use orchestrated workflows at scale without vendor usage policies, AUP friction, API rate limits, or curated access lists—defenders face "seven-step refusal during severity assessment" that adversaries using uncensored open-weight models never encounter. Orchestration cuts both ways. provos Getting LLMs Drunk to Find Remote Linux Kernel OOB Writes (and More) A self-orchestrating swarm of LLM agents autonomously discovered 20+ CVEs including CVE-2026-31432 and CVE-2026-31433—tw