Every quarter a new three-letter acronym shows up in a vendor deck. Last year it was AEV. This year Gartner introduced COST. CTEM is everywhere. BAS has been around forever and still gets confused with red teaming. Pen test means six different things depending on who you ask. If you run a security program, the… Read More »BAS, CTEM, CART, Pen Test, VA, AEV, COST: What Each Actually Does, and When to Use What
For most of the past decade, the trajectory of large language model research followed a familiar arc: scale up the compute, widen the data, tune the alignment, ship the product. Each new generation of models arrived with modestly improved benchmark scores, better instruction-following, and marginally reduced hallucination rates. Opus replaced Sonnet. Sonnet replaced Haiku. The… Read More »Demystifying Claude Mythos Preview: The Model That Changed Cybersecurity Forever
This article is a continuation of Why LLMs Are Not Planning Machines. In that earlier post, the core claim was simple: large language models can generate plausible action sequences, but they do not plan. They lack a mechanism to reason over uncertainty across time. This follow-up post focuses on what is missing. The missing abstraction is the… Read More »Belief State: Why AI Planning Fails Without It
In the course of my work with LLMs, I’ve been examining a recurring pattern in how large language models are being used inside real systems. In many settings, I observed that LLMs are treated as planners where they are used to generate multi-step workflows, remediation strategies, operational playbooks, and even “autonomous” action sequences. These plans… Read More »Why LLMs Are Not Planning Machines (And What It Means)
A CISO’s reference for evaluating modern web app pentesting programs, what AI actually changes, and how to tell platforms apart from LLM wrappers. Quick Answer Web application penetration testing in 2026 looks structurally different from the annual consulting model most enterprises still run. The shift is driven by three mismatches: applications change daily but get… Read More »Web Application Penetration Testing in 2026: A Practical Guide for CISOs