SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation
10 snips
Feb 27, 2026 A dive into running honeypots and coping with alert overload, including using AI to triage noisy data. A discussion of how unconstrained Google API keys can now access Gemini and why that creates new risks. An explainer on AirSnitch methods that break Wi‑Fi client isolation and practical mitigations for networks.
AI Snips
Chapters
Transcript
Episode notes
Honeypot Internship Revealed Alert Overload
- Austin Bodley ran an Internet Storm Center honeypot and found alert overload even on a simple home-connected instance.
- He used ChatGPT/AI to triage alerts and discovered that looking at outbound responses was crucial to understanding attacker intent.
Outbound Traffic Reveals Attacker Intent
- Understanding attacks requires inspecting both inbound triggers and what the server sends back to reveal attacker goals.
- Austin and Johannes note outbound behavior often gives more context than raw inbound IDS alerts.
Audit And Restrict Google API Keys
- Audit Google API key constraints now and separate sensitive services into distinct projects.
- Rotate or re-create unconstrained keys and apply referrer or service restrictions to prevent leaked map keys from invoking Gemini access.