Crestvale Newsroom
Crestvale Newsroom is a short-form podcast breaking down what’s happening across business, finance, and technology, and why it actually matters. Each episode focuses on signal over noise, helping operators, founders, and decision-makers stay informed without chasing headlines.
Crestvale Newsroom
How Cisco is redesigning security for AI threats
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
AI attackers are moving faster than most firms can even see, and the old rhythm of patching once a month is now a built-in weakness. The biggest shift is that exposure is no longer dictated by vulnerability scores. It is dictated by your slowest internal process. This is the Crestvale Newsroom Daily Podcast. Cisco just signaled the end of the old patch cycle. The company is shifting to continuous exposure management because attackers using AI are probing, exploiting, and pivoting in hours. Cisco admits its own past cadence could not keep up. That tells you everything you need to know. The core shift is simple. Static security programs cannot survive machine speed threats. The firm is moving to real-time visibility, live validation, and containment that operates while systems run. This is not about polishing a dashboard. It is about rebuilding security around continuous proof of what is actually exposed in the moment, not what a score says on paper. Cisco also said Quiet Parts out loud. Severity scores have lost their value as a compass. Attackers do not read the same lists you do. They chase whatever path gives them the quickest way in. So Cisco is simulating real attack flows, validating which paths are exploitable right now, and retiring or isolating systems that cannot be patched in time. That last point matters. Runtime shielding only buys you hours or days. It is not a solution. Cisco is stripping out end-of-life assets because there is no safe way to leave them inside the blast radius anymore. Now here is why this matters for you. If Cisco cannot run periodic patching and stay ahead, your firm cannot either. The scale is different, but the math is the same. Exposure now grows at the speed of your slowest approval chain. Every quarter you wait widens the gap. Continuous exposure management is not a luxury. It is the new floor. Firms that treat this shift as optional are accepting preventable risk. Now, another change worth your attention. Byron is pulling agentic AI into business tax prep, but doing it in a way that keeps license judgment at the center. This is not a lab tool. It automates the slog. It pulls data, drafts work papers, organizes documents, and applies last year's treatment to current year logic. CPAs still drive the decisions. The gain is capacity, not replacement. If your team is buried in business returns, this is the first credible path to reclaiming hours without ripping out core workflows. Firms that move early will get the efficiency boost while keeping review authority exactly where regulators expect it to be. Meanwhile, Okta is warning that Shadow AI is already wired into your firm's SaaS stack. Employees are granting personal tools, access to Google Workspace, and Microsoft 360 Eve. Many leaders believe their rules are clear. The data shows the opposite. Staff do not understand the policies. They are connecting whatever AI tool feels helpful in the moment. More than half of firms reported an AI incident or near miss last year. If you cannot name every AI tool connected to your core systems, you are not in control of your data. Treat shadow AI as an active breach vector and move people toward approved, governed options. And there is one more shift. CERTIN released a 60-day AI threat blueprint. The message is blunt. Attack prep is automated now. Recon, exploitation, and lateral movement are faster. Static controls will not hold. The blueprint pushes three urgent tracks. Shrink the blast radius with real asset discovery and identity cleanup. Light up telemetry so you can see what is actually happening. Then assume compromise and validate continuously. For small and mid-sized firms, this is not an enterprise mandate. It is a survival guide. Attackers are getting faster. Your operating rhythm has to move up with them. Here is what else is worth knowing today. C2 Isaac is bringing major telecom and cloud providers into a shared threat intelligence and coordination hub. This raises the bar for how critical infrastructure players work together during nation-state level attacks, and it will likely influence how private firms handle their own escalation paths. GitHub is under pressure after researchers showed how thousands of repositories could be backdoored through workflow injection. This puts CI and CD pipelines back in the spotlight as a prime supply chain target. If your firm ships internal tools, treat pipeline security as a first-order risk. CapChase is expanding its non-dilutive financing platform to serve vendors selling into long enterprise cycles. This gives SaaS and infrastructure firms more breathing room in deals that take quarters to close. Remote reported strong gains in revenue per employee as it leaned into AI-driven automation for HR and payroll operations. It is an early sign that agentic workflows can materially move productivity at scale. Before we close out, here is a quick look at where markets landed. Markets closed higher in the previous session, with the S and P moving up again. The NASDAQ also closed higher, showing steady appetite for tech. The 10-year yield drifted lower by the close, adding a slightly easier backdrop for financing. Bitcoin closed down, showing a softer tone in the riskier corners of the market. Here is the takeaway Treat continuous exposure management as your new operating rhythm, not a future project. Tomorrow we are watching how major SaaS vendors plan to surface and block unapproved AI connections inside customer environments. If this was useful, follow the Crestvale Newsroom daily podcast so you don't miss it. Thanks for listening.