Cybersecurity Headlines Department of Know: SaaS apps enable breaches, real-time cyber protection, IoT botnet takedown
18 snips
Mar 23, 2026 Chris Ray, Field CTO at GigaOm, a researcher who decodes complex threats, and Bill Harmer, CISO at Supabase, a cloud security and incident readiness expert. They dig into hidden instructions in web content, stolen OAuth tokens from SaaS apps, critical SharePoint flaws, Mirai-based IoT botnets and takedown efforts, and abuse of legitimate services like Azure Monitor for phishing.
AI Snips
Chapters
Transcript
Episode notes
AI Perception Gap Enables Steganography
- LLMs and browsers perceive the same page differently, creating a steganography gap attackers can exploit.
- LayerX demo showed HTML unreadable to LLMs but rendered with malicious instructions in a browser, exposing perception mismatch risks.
Prioritize OAuth Token Protections
- Fix OAuth and token protection fundamentals to stop SaaS-driven breach cascades.
- The report links stolen OAuth tokens to a 490% surge in attacks and the SalesLoft compromise that affected 700+ companies.
Shadow AI Hides Risk Inside Approved SaaS
- Shadow AI inside approved SaaS blurs visibility and defeats MFA by abusing OAuth flows.
- New AI features are often surfaced to users without enterprise approval, hiding risk inside legitimate apps.