Thought-provoking post... does anyone know what a vulnerability even is anymore?
https://research.empiricalsecurity.com/research/the-vulnerability-identity-crisis
Bees figured out tool use through play. Your organisation is still debating whether employees should be allowed to experiment with security tools at all.
https://www.flyingpenguin.com/scientists-reveal-that-bees-use-tools/
Enterprises spent H1 2026 realizing that expensive AI agents deliver exactly as much value as expensive consultants who don't understand your business. Both require you to do the actual work.
Enterprise buyers are maturing quickly when it comes to AI and AI agents and looking to redesign operations, deliver outcomes, maintain governance and cost discipline. If there was a word to describe what enterprises want it's "optionality" since AI and the vendor landscape are changing to quickly to make a wrong bet.
Skipping Black Hat and DEFCON this year? Consider presenting at BSides Hanoi instead. Now in its second year, the conference takes place on August 5th, 2026, and a few more talk slots are still open - but the submission deadline is today. Apply here: https://www.bsideshanoi.net/en/call-for-paper
Thank you to everyone who has already submitted!
Finland's sand battery uses crushed soapstone from fireplace offcuts, heated to 600°C, and it achieved 100% oil reduction, 70% co2 emissions reduction and more!
https://hermez.prose.sh/finland-sand-battery-survived-winter
Eight years of a weekly security newsletter is eight years of showing up. Most people quit when engagement flattens. Zack Whittaker didn't... and I think we're all better off for it!
https://this.weekinsecurity.com/reflections-on-eight-years-of-writing-this-week-in-security/
J Wolfgang Goerlich
HD Moore
