Cybersecurity Headlines Department of Know: GSA's CMMC requirements, AWS intruder AI heist, Moltbook raises the stakes
9 snips
Feb 9, 2026 Chris Ray, Field CTO at GigaOm, brings practical security architecture insight. Nick Ryan, former CISO, offers hands‑on risk and incident response experience. They discuss viral Maltbook misconfigurations and shadow AI apps. They unpack an AI-assisted AWS takeover, machine‑speed attacks, and behavioral defenses. They debate new GSA CMMC‑style contract requirements and implications for small vendors.
AI Snips
Chapters
Books
Transcript
Episode notes
Metro Dev Servers Left Exposed
- Researchers found 3,500 exposed React Native Metro servers that allow code execution and command injection.
- Nick and Chris emphasize development environments bleeding into production as the real danger.
Vibe Coding Creates Shadow IT At Scale
- Rapid AI-driven product builds ('vibe coding') are creating shadow IT at scale.
- Popular viral projects like 'Maltbook' expose how fast innovation skips basic security checks.
Don't Trust One-Click Vendor Security
- Validate vendor security claims and don't rely on one-button 'security review' guarantees.
- Require clear mappings and proofs for third-party security fixes before trusting them.
