SN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever?
Security Now (Audio)
Leo Laporte
4.6 • 2.3K Ratings
🗓️ 26 May 2026
⏱️ 164 minutes
🧾️ Download transcript
Summary
Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage.
- Cisco meets Mythos
- Can the aging CVE system survive AI
- Patch deployment latency in the AI age
- MSFT's official YellowKey BitLocker bypass mitigation
- Ubiquiti patches 5 serious vulnerabilities
- Drupal attacked by a PostgreSQL injection
- Microsoft terminates SMS as a second factor
- GitHub hacked - all of its source code exfiltrated
- Russia is using very old Western software
- Why to get a no-charge AI chatbot account
- New Sci-Fi on Netflix
- What we learn from Mozilla's use of Mythos
Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit
Sponsors:
Transcript
Click on a timestamp to play from that location
| 0:00.0 | It's time for security now. Steve Gibson is here with lots to talk about. |
| 0:04.7 | Cisco freaking out over mythos. |
| 0:08.2 | The amazing results Firefox is getting, finding vulnerabilities with AI, |
| 0:13.4 | Microsoft's mitigation for the Yellow Key Bitlocker bypass, |
| 0:17.6 | and a serious vulnerability and ubiquity routers. |
| 0:21.3 | That and a whole lot more coming up next on Security Now. |
| 0:27.1 | Podcasts you love from people you trust. |
| 0:31.5 | This is Twitter. |
| 0:36.9 | This is Security Now with Steve Gibson, episode 180, recorded Tuesday, May 26th, 2026. |
| 0:45.3 | Vulnerability debt repayment. |
| 0:48.7 | It's time for security now. |
| 0:50.7 | The show we cover the latest in security privacy computer use science fiction vitamin D and |
| 0:56.1 | more and the reason it's so eclectic is because of this guy he is he is a man a renaissance man |
| 1:04.6 | for our time mr. Steve Gibson hello yes ADD much well I don't know we pretty much stick to security for like 90% of the show. Don't worry. |
| 1:14.0 | Well, and there overwhelmingly, we're getting feedback from people who are engaged in the security implications of AI. I heard from one grumpy listener who said, I'm tired of it here and every podcast you do now is |
| 1:29.7 | about AI. |
| 1:30.4 | It's like, hey, you know, if it weren't all about changing the entire complexion of software |
| 1:38.8 | and security and privacy, then yeah, I would be, I would carve out a little piece to just talk about my |
| 1:47.3 | own interest because I haven't, I mean, I've become a user of it. And in fact, something |
| 1:52.8 | occurred to me that I'm going to share mid podcast that caused me to realize why the line I almost used last week was the only way I could imagine |
| 2:06.1 | somebody doesn't understand is if they're not using it. |
| 2:11.0 | That is to, you know, if you use it, then I don't know how you could not. |
... |
Transcript will be available on the free plan in 19 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from Leo Laporte, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Leo Laporte and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.