Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here.
Live from ThreatLocker’s Zero Trust World (ZTW), cybersecurity heavyweights Dave Bittner, host of CyberWire Daily and Dr. Chase Cunningham AKA Dr. Zero Trust shared their unfiltered thoughts on the state of cybersecurity, AI, and government regulations. From the shifting landscape of compliance enforcement to the role of hitting critical mass of AI in both defense and cybercrime, we can expect an extraordinary level of change in the years ahead.
The TL;DR
Don’t have time to listen to the full episode, even on 2x? Here’s a quick skim of what we cover:
Cybersecurity and Government Challenges: Panelists discuss the unpredictable nature of cybersecurity policy changes in Washington.
Regulatory and Compliance Shifts: There is growing momentum toward stricter enforcement, potentially including criminal charges for negligence in cybersecurity, similar to other regulated industries.
Threat Intelligence and Information Verification: The CyberWire team emphasizes the importance of rigorous verification before reporting cybersecurity news, avoiding rumors and speculation.
CISA’s Future and Impact: The uncertain future of CISA (Cybersecurity and Infrastructure Security Agency) could have long-term effects on standards, policies, and cybersecurity procedures.
AI and Cybersecurity: Panelists debate whether AI, particularly LLMs, has reached critical mass and how AI is being used in cybersecurity, both for defense and by threat actors.
Challenges of AI Regulation: There are concerns that AI governance, especially in the U.S. and Europe, is struggling to keep pace with technological developments.
Producer’s Note
This episode will have a bit of background noise as we were recording in the expo area, so fair warning. That said, huge shoutout to ThreatLocker for having us out to experience Zero Trust World. They absolutely put on an amazing show, and this is coming from someone who has created similar conferences from scratch. If you didn’t get a chance to attend this year, we can certainly recommend going in 2026.
Cybersecurity Chaos and Government Uncertainty
We kicked off the discussion by highlighting how political turbulence in Washington, D.C., is impacting cybersecurity policies.
“The unpredictability of things happening in ways we haven’t seen before is the biggest disruptor this year,” Dave noted, emphasizing the challenges posed by leadership changes and regulatory instability.
Chase didn’t hold back either, expressing concerns about unqualified appointments in key government cybersecurity roles.
Regulations with Real Consequences?
One of the most thought-provoking discussions revolved around compliance and enforcement. Historically, violations in cybersecurity regulations have led to fines, but Chase believes a shift is coming. “The cost of doing business might include some shiny bracelets here pretty soon,” he said, suggesting that negligent cybersecurity practices could soon result in criminal charges rather than just financial penalties.
Dave added that regulatory enforcement has often been inconsistent. “If you do the math on some of these breaches and the dollar value assigned to them, it should have bankrupted some of these companies—but it didn’t.” The implication? Some companies are getting away with lax security while others may soon face real accountability.
But in the paraphrased words of Dr. Zero Trust - When a breach hits, buy the dip (this is not financial advice and you should generally take a mountain of salt to the information we share).
The AI Debate: Game-Changer or Overhyped?
As expected, AI was a major topic of discussion. While Dave sees AI as a force multiplier, he remains cautious about its long-term impact. “We thought personalized ads would be great, and now we live in an ecosystem nobody enjoys,” he noted, drawing a parallel between AI’s potential and previous tech advancements that didn’t play out as optimistically as expected.
Chase, on the other hand, is focused on AI’s practical applications, arguing that machine learning should be used to tackle major societal challenges. “We should be using really good technology to see where there are opportunities to do things better for people everywhere,” he said. But he also warned that AI will inevitably be used for malicious purposes, just as every technological advancement has been.
One area where AI is already making a visible impact? Cybercrime. Chase pointed out that threat actors are leveraging AI to improve phishing and misinformation campaigns. “The moment ChatGPT went live, various threat actors started to take advantage of, it” Neal added, reinforcing the reality that AI isn’t just a tool for defenders—it’s also empowering attackers. However, to OpenAI’s credit, they’ve recently released a report that indicates the levels of effort they have taken in the past year to disrupt threat actors from abusing their platform.
Filtering Out the Noise
Throughout the discussion, both Dave and Chase emphasized the importance of cutting through misinformation and hype in cybersecurity. Dave’s approach at CyberWire Daily is to prioritize accuracy over speed, ensuring that only well-verified reports reach their audience. “We’re not in the breaking news business. We’re aggregators. The value we bring is saving people time.”
Meanwhile, Chase stressed the need for independent critical thinking. “I tell folks all the time—don’t listen to me. Make your own decision. The data is the data, and the truth is somewhere in the middle.”
Share this post