IT SPARC Cast

In this episode of IT SPARC Cast - News Bytes, John & Lou explore how AI is rapidly evolving from simple assistants into autonomous workers that require management, oversight, and governance. Google introduces an open-source Agent Executor framework designed to supervise AI agents in production environments, while smart glasses may finally be approaching the point where they become practical for mainstream use.The episode also dives into the growing impact of AI-driven cybersecurity. Anthropic’s Mythos platform identified more than 23,000 potential vulnerabilities across open-source projects, raising important questions about how the industry will keep pace with validation, patching, and deployment. If you work in enterprise IT, cloud, cybersecurity, or AI, this episode offers a glimpse into where the next wave of operational challenges is headed.  ⸻📌 Show Notes00:00 – IntroThis week’s episode covers AI agent management, the future of smart glasses, and the growing challenge of handling AI-discovered software vulnerabilities.⸻📰 News Bytes00:48 – Google Adds Open Source Agent ExecutorGoogle announced an open-source Agent Executor framework designed to help organizations safely run AI agents in production. The platform provides orchestration, task management, state tracking, auditing, and recovery workflows for fleets of AI agents.John & Lou compare the concept to middle management for AI—providing oversight, accountability, and guardrails that help prevent autonomous systems from making costly mistakes.Key takeaways:AI agents require supervision and governanceEnterprises need auditing and recovery mechanismsAgent fleets will require dedicated management infrastructurehttps://www.computerworld.com/article/4176809/google-adds-open-source-agent-executor-to-support-ai-agents-in-production-3.html⸻07:19 – Smart Glasses: Are They Getting Real?XREAL and Google continue pushing augmented reality forward with new Android XR initiatives and lightweight smart glasses designs. Improvements in AI assistants, displays, optics, and battery technology are bringing wearable computing closer to practical adoption.The discussion explores whether smart glasses are finally approaching an inflection point where they move beyond niche devices and become a true successor—or companion—to smartphones.Key considerations:AI assistants significantly increase utilityWearables face challenges around battery life and social acceptanceAR development platforms may become the next major ecosystem battlehttps://techcrunch.com/2026/05/24/xreal-googles-smartglasses-partner-thinks-it-has-finally-mastered-this-notoriously-tricky-industry/⸻14:31 – Mythos Detected 23,000 Potential VulnerabilitiesAnthropic revealed that its Mythos platform identified more than 23,000 potential vulnerabilities across approximately 1,000 open-source projects during limited testing. Over 1,700 findings were independently validated, including more than 1,000 high or critical severity issues.While AI is dramatically accelerating vulnerability discovery, the larger challenge may now be validation, patching, distribution, and deployment. Finding the bugs is no longer the bottleneck.Key takeaways:AI is transforming vulnerability researchPatching and deployment remain major obstaclesOpen-source communities may need new funding and workflow modelshttps://www.securityweek.com/anthropic-mythos-detected-23000-potential-vulnerabilities-across-1000-oss-projects/⸻🔚 20:49 – Wrap UpAs AI systems become more autonomous, organizations must rethink how they manage software development, cybersecurity, and operational governance. The future may belong not just to AI tools, but to the frameworks that supervise them safely and effectively.⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

A newly disclosed attack technique called “Underminr” allows malicious traffic to hide behind trusted CDN infrastructure, potentially bypassing DNS filtering, zero trust policies, and traditional security controls. In this episode of IT SPARC Cast – CVE of the Week, John and Lou explain how attackers abuse TLS routing and CDN tenant behavior to disguise command-and-control traffic as legitimate web traffic — and why AI-driven behavioral analysis may become the only effective defense.⸻📄 Show Notes🚨 CVE of the Week: UnderminrThis week’s episode focuses on Underminr, a stealthy attack technique that allows malicious traffic to hide behind trusted CDN infrastructure.The attack abuses:CDN tenant routingTLS SNI mismatchesHTTP host header manipulationDNS resolution inconsistenciesThe result:Malicious command-and-control traffic can appear to originate from trusted services such as CDN providers.⸻⚠️ Why This Is DangerousTraditional security controls often trust:Well-known domainsCDN trafficTLS-encrypted connectionsUnderminr exploits that trust model.Potential impacts include:Bypassing DNS filteringEvading protective DNS systemsHiding malware communicationsConcealing data exfiltrationCircumventing outbound filtering policiesBecause CDNs naturally move large volumes of traffic, malicious transfers can blend into legitimate content distribution activity.⸻🛠️ Mitigation Steps for Underminr✅ Validate TLS and Routing ConsistencyVerify that:DNS resolutionTLS SNI fieldsHTTP host headersCDN routing destinations…all match expected destinations.This is one of the most important defenses.⸻✅ Implement Deep Packet Inspection (DPI)Traditional DNS filtering alone is no longer enough.Use:TLS inspectionDeep packet inspectionProxy inspectionBehavioral traffic analysisto identify suspicious traffic patterns.⸻✅ Deploy Behavioral Network AnalyticsMonitor for:Unusual CDN usageUnexpected outbound transfersOff-hours synchronization activityAbnormal traffic pathsExample:A large CDN upload occurring at 3AM outside normal workflows should trigger investigation.⸻✅ Enforce Zero Trust Outbound PoliciesInstead of trusting domains:Validate applications and processesRestrict outbound communication permissionsUse application-aware filteringLimit which services can communicate externally⸻✅ Improve CDN Isolation PoliciesCDN providers should:Tighten tenant routing validationPrevent cross-tenant hostname abuseRestrict mismatched origin routing⸻🤖 AI and the Future of Network SecurityJohn and Lou discuss how AI-assisted security analytics may become essential against attacks like Underminr.Traditional rule-based systems struggle with:Correlating multiple protocol layersDetecting subtle routing anomaliesIdentifying behavioral inconsistencies in real timeAI-driven network analysis could help identify:Suspicious traffic pathsOut-of-sequence synchronizationUnusual CDN behaviorHidden command-and-control channels⸻💬 Listener FeedbackThanks to listeners Ahmed and Dennis for the feedback on last week’s Exchange vulnerability episode.One major takeaway:Organizations continuing to run on-prem email infrastructure are increasingly carrying significant operational and security risk.⸻📣 Wrap UpDo you think traditional network trust models are finally breaking down, or can modern AI-driven security tools adapt quickly enough?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast - News Bytes, John & Lou break down the growing AI infrastructure arms race, Google’s push toward AI-generated mobile apps, and Cloudflare’s latest findings on frontier AI security models. As AI compute demand explodes, the conversation explores how power generation, cloud scaling, and automation are rapidly reshaping enterprise IT.They also dive into Google’s new AI Studio tools that let users build Android apps in minutes and discuss how AI-driven vulnerability research is changing software security forever. From multi-agent bug hunting systems to the future of software development itself, this episode looks at how AI is transforming both how software is built—and how it’s secured.⸻📌 Show Notes00:00 – Intro⸻📰 News Bytes00:49 – xAI Power, Anthropic WorkloadsAnthropic signed a massive compute deal with SpaceX/xAI worth potentially tens of billions of dollars, highlighting how compute capacity has become the primary bottleneck in AI growth.The discussion explores the rise of “Neo Cloud” providers, AI-driven data center expansion, and the enormous power requirements driving demand for natural gas, nuclear energy, and eventually orbital data centers.Key takeaways:AI revenue is increasingly tied directly to compute availabilityData center power generation is becoming a strategic industrySpaceX and xAI are positioning themselves as major AI infrastructure providershttps://techcrunch.com/2026/05/20/anthropic-will-pay-xai-1-25-billion-per-month-for-compute/https://techcrunch.com/2026/05/20/musks-xai-is-being-sued-over-its-data-center-generators-now-its-buying-2-8b-more/⸻06:48 – Google’s AI Studio Lets Anyone Build Android AppsGoogle announced major upgrades to AI Studio that allow users to generate Android apps directly from text prompts using AI.The tools support hardware integrations like GPS, Bluetooth, and NFC while enabling users to preview and export apps quickly. John & Lou discuss how this may shift app development away from traditional coding and toward personalized automation and workflow control.Key considerations:AI-assisted development dramatically lowers barriers to entryApp development may become more task-oriented than platform-orientedSecurity and app validation remain major concernshttps://techcrunch.com/2026/05/19/googles-ai-studio-now-lets-anyone-build-android-apps-in-minutes/⸻12:11 – Cloudflare Reports on Frontier AI Models & SecurityCloudflare published findings from Project Glasswing and Anthropic’s Mythos model, revealing major advances in AI-driven vulnerability discovery.The report shows how specialized AI models can now identify exploit chains, generate proofs of concept, and assist with patch validation far beyond traditional coding agents. However, false positives, prompt bypasses, and scaling issues remain significant challenges.Key takeaways:AI vulnerability hunting is advancing rapidlyGeneric coding agents struggle with deep security analysisSoftware architecture and patching workflows must evolve for the AI erahttps://blog.cloudflare.com/cyber-frontier-models/⸻📬 25:16 – Mail BagListener feedback highlights growing excitement around the show’s AI coverage and sparks additional discussion around the future of security operations, AI-assisted coding, and enterprise infrastructure strategy.🔚 26:02 – Wrap UpAs AI accelerates software development and vulnerability discovery simultaneously, enterprise IT teams will need stronger architecture, better automation, and tighter security discipline than ever before. The future isn’t just AI-powered—it’s AI-amplified.⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

A newly disclosed Microsoft Exchange vulnerability is actively being exploited in the wild, and there’s still no permanent patch available. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2026-42897, explain how attackers can exploit Outlook Web Access through malicious emails, and discuss why temporary mitigations may not be enough for organizations still running on-prem Exchange.⸻📄 Show Notes🚨 CVE of the Week: Microsoft Exchange / Outlook Web Access ExploitThis week’s episode focuses on CVE-2026-42897, a high-severity vulnerability affecting:Microsoft Exchange Server 2016Microsoft Exchange Server 2019Exchange Subscription EditionThe vulnerability is a cross-site scripting (XSS) and spoofing flaw impacting Outlook Web Access (OWA).⸻⚠️ How the Attack WorksAttackers send specially crafted emails that execute malicious JavaScript when opened through Outlook Web Access.Potential impacts include:Session hijackingBrowser-based code executionExchange session theftSpoofing attacksThe vulnerability is already being actively exploited in the wild.⸻🌐 Who Is Affected?This impacts on-prem Exchange deployments only.Cloud-hosted Exchange Online environments are not currently believed to be affected.Organizations most at risk include:Enterprises with legacy Exchange infrastructureOrganizations avoiding cloud email hostingRemote-access-heavy environments relying on OWA⸻🛠️ Mitigation Steps for CVE-2026-42897✅ 1️⃣ Apply Microsoft Emergency MitigationsMicrosoft has released temporary protections through:Exchange Emergency Mitigation Service (EEMS)URL rewrite mitigation rulesApply these immediately.⚠️ Important:These mitigations are pattern-based and may not block future modified exploits.⸻✅ 2️⃣ Consider Disabling Outlook Web Access (OWA)If operationally possible:Disable OWA temporarilyRequire users to use the Outlook desktop client insteadThis significantly reduces exposure.⸻✅ 3️⃣ Prepare for Operational Side EffectsKnown mitigation side effects include:Calendar printing failuresInline image rendering problemsIncreased help desk ticketsOrganizations should proactively communicate these issues to users.⸻✅ 4️⃣ Patch Immediately When AvailableAt recording time:No permanent patch exists yetApply the official patch immediately once releasedThis is not a vulnerability where delayed patching is safe.⸻🔒 Security TakeawaysThis vulnerability reinforces several growing cybersecurity realities:On-prem infrastructure carries operational security burdensBrowser-based attacks remain highly effectiveTemporary mitigations are not substitutes for permanent fixesJohn and Lou also discuss how attackers increasingly chain vulnerabilities together and how AI-assisted exploit development is accelerating the speed of attacks.⸻💬 Listener FeedbackThanks to listener “ZZZZ” on YouTube for pushing back on last week’s discussion around passwords stored in clear text memory.The discussion highlights an important point:Many vulnerabilities are low risk for average usersBut become extremely dangerous for high-value targets such as executives and organizations with sensitive data⸻📣 Wrap UpAre organizations moving away from on-prem Exchange fast enough, or are these vulnerabilities making the case for cloud migration even stronger?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast - News Bytes, John & Lou break down the growing intersection of AI, cybersecurity, and enterprise infrastructure. OpenAI enters the AI security space with Daybreak, Google unveils a new AI-native laptop platform called Googlebook, and Cisco releases an open source tool designed to trace the origins of AI models.The discussion focuses on how AI is rapidly moving from experimentation into operational reality. From AI-assisted security operations to AI-centric hardware and supply chain validation for large language models, this episode explores the practical implications these technologies will have on enterprise IT teams over the next few years.⸻📌 Show Notes00:00 – IntroThis week’s episode covers AI-powered cybersecurity, Google’s next-generation laptop strategy, and growing concerns around AI model provenance and trust.⸻📰 News Bytes00:44 – OpenAI Launches DaybreakOpenAI launched Daybreak, an AI-powered vulnerability detection and patch validation platform designed to help overwhelmed security teams handle rising alert volumes and faster-moving threats.The system uses AI agents to analyze alerts, correlate activity, assist with incident response, and reduce analyst fatigue. John & Lou discuss how AI works best as a force multiplier for security teams—not as a replacement for experienced analysts.Key takeaways:AI excels at repetitive security analysis tasksHuman oversight is still criticalOver-automation increases operational riskhttps://thehackernews.com/2026/05/openai-launches-daybreak-for-ai-powered.html⸻06:39 – Google Unveils GooglebookGoogle announced “Googlebook,” a new category of AI-native laptops deeply integrated with Gemini AI and built on a combined Android/Chrome OS platform.The devices aim to compete directly with AI-focused Windows PCs and MacBooks while emphasizing web-first workflows, Android integration, and AI-enhanced interfaces like the new “Magic Pointer.”Key considerations:Enterprise apps are increasingly web-basedOS dependency continues to declineAI-native devices may reshape endpoint strategyhttps://techcrunch.com/2026/05/12/google-unveils-googlebooks-a-new-line-of-ai-native-laptops/⸻13:04 – Cisco Releases Open Source AI Provenance ToolCisco released an open source tool designed to determine the origins and lineage of AI models. The tool can compare models directly or scan against known fingerprints to identify derivative training sources.The goal is improving AI supply chain security by detecting repackaged models, inherited vulnerabilities, licensing issues, and potentially poisoned AI systems.Key implications:AI supply chain security is becoming criticalOrganizations need visibility into model originsProvenance tracking may become standard practicehttps://github.com/cisco-ai-defense/model-provenance-kithttps://blogs.cisco.com/ai/model-provenance-kit⸻📬 17:43 – Mail BagListener feedback revisits Microsoft Edge storing passwords in plaintext memory and sparks a broader discussion around practical enterprise security decisions, browser trust, and balancing usability against risk.⸻🔚 19:35 – Wrap UpAs AI rapidly expands into security, infrastructure, and endpoint computing, organizations must balance innovation with governance and operational discipline. The future of enterprise IT will depend not just on adopting AI—but understanding and securing it properly.⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

A dangerous Linux kernel privilege escalation exploit called “Dirty Frag” is putting enterprise systems, VPN infrastructure, and Linux-based devices at risk. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down CVE-2026-43284 and CVE-2026-43500, explain why exploit chaining makes this vulnerability especially dangerous, and discuss how AI-driven vulnerability discovery is accelerating faster than patching can keep up.⸻📄 Show Notes🚨 CVE of the Week: Dirty Frag Linux Kernel ExploitThis week’s episode covers “Dirty Frag,” a Linux kernel privilege escalation vulnerability chain involving:CVE-2026-43284CVE-2026-43500The exploit abuses flaws in Linux kernel memory fragment handling tied to:IPsec ESP processingRxRPC subsystemsAttackers can escalate from a local account to full root access.⸻⚠️ Why This MattersDirty Frag becomes especially dangerous when combined with other vulnerabilities.Example attack chain:Remote exploit gains limited accessDirty Frag escalates privileges to rootFull server compromise followsThe exploit is considered more reliable than earlier “Dirty Pipe”-style attacks because it does not depend on race conditions.Affected distributions include:UbuntuDebianRHEL / Rocky / AlmaLinuxFedoraCentOS StreamPop!_OSSUSE / OpenSUSE⸻🛠️ Mitigation Steps✅ Patch ImmediatelyInstall updated kernels as soon as patches become available.At recording time:AlmaLinux and Fedora patches are availablePop!_OS has patched kernelsRed Hat patches are rolling outUbuntu and Debian fixes are still uneven✅ Temporary MitigationIf patches are unavailable, disable:esp4esp6rxrpc⚠️ Warning:Disabling ESP modules may break:IPsec VPN tunnelsStrongSwanLibreSwanOpenSwan✅ Additional ProtectionsRestrict local shell/SSH accessEnforce least privilegeUse Zero Trust segmentationApply protocol and port allow listsMonitor for exploit chaining behavior⸻🤖 AI and the Security Arms RaceJohn and Lou discuss how AI is dramatically increasing the rate of vulnerability discovery.The concern:AI can discover vulnerabilities faster than humans can patch themLinux and embedded systems are everywhereIoT devices often remain unpatched for yearsThe future of cybersecurity will require:AI-assisted threat detectionAI-driven patch analysisFaster automated response systems⸻💬 Listener FeedbackThanks to listener OG-ISP for the callback to the classic joke that Apache was named “A Patchy Server.”And despite vulnerabilities, Apache remains one of the most trusted web server platforms in enterprise IT.⸻📣 Wrap UpDo you think Linux vendors can keep up with the growing flood of AI-assisted vulnerability discovery?📧 feedback@itsparccast.com🐦 @itsparccast on X⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast - News Bytes, John & Lou break down a series of stories showing both the promise and chaos of AI-driven development. From Microsoft Edge storing passwords in plaintext memory to AI coding agents deleting production databases, the episode highlights how security and operational discipline still matter more than hype.They also tackle growing claims that AI will eliminate software developers, explaining why the reality is far more nuanced. AI is dramatically increasing productivity, but experienced engineers, architects, and security-minded professionals are becoming even more important—not less. If you work in enterprise IT, cloud, development, or cybersecurity, this episode is packed with practical insights on where the industry is actually headed.⸻📌 Show Notes00:00 – IntroThis week’s episode covers security risks, AI coding failures, and the future of software development in an increasingly AI-assisted world.⸻📰 News Bytes00:46 – Microsoft Edge Stores Passwords in PlaintextA security researcher discovered Microsoft Edge stores all saved passwords in plaintext within system memory during active sessions. While Microsoft says this behavior is “by design” for usability and performance, it dramatically increases exposure if a system becomes compromised.The discussion dives into chained attacks, memory scraping, cache vulnerabilities, and even advanced RF-based attacks like Van Eck Phreaking.Key takeaways:Cached credentials dramatically expand attack surfacesMemory security still matters in modern systemsConvenience-driven design decisions can create major riskhttps://cybernews.com/security/microsoft-edge-loads-cleartext-passwords-to-memory/⸻08:43 – Cursor Deleted a Company’s Entire Production DatabaseAn AI coding agent powered by Claude accidentally deleted a company’s production database and backups in seconds after using improperly scoped permissions. The incident highlights the dangers of giving AI systems excessive access without proper safeguards.John & Lou argue the real failure wasn’t the AI—it was poor architecture, weak separation between staging and production, and inadequate backup strategy.Key takeaways:Follow the 3-2-1 backup ruleAI agents should be treated like junior employeesHuman oversight and scoped permissions remain criticalhttps://www.livescience.com/technology/artificial-intelligence/i-violated-every-principle-i-was-given-ai-agent-deletes-companys-entire-database-in-9-seconds-then-confesses⸻13:40 – Claims That AI Will Eliminate Developers Are OverblownDespite widespread fear around AI replacing programmers, researchers and industry experts are increasingly finding that AI works best as a productivity multiplier rather than a replacement.The role of developers is shifting away from repetitive coding toward architecture, oversight, integration, and system design. The bigger challenge may actually be education—how new developers gain experience when AI handles much of the grunt work.Key considerations:AI boosts skilled developers rather than replacing themArchitecture and domain expertise are becoming more valuableUniversities must adapt curricula for AI-assisted developmenthttps://www.zdnet.com/article/rumors-of-the-software-developers-ai-induced-demise-are-greatly-exaggerated/⸻🔚 22:07 – Wrap UpThe episode closes with a broader discussion on balancing AI acceleration with real-world operational discipline. As AI tools become more powerful, the organizations that succeed will be the ones that pair automation with strong security, architecture, and human oversight.⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

In this episode of IT SPARC Cast - News Bytes, John & Lou break down major shifts happening across AI, cloud, and enterprise IT. From massive infrastructure deals to emerging AI development strategies, the conversation focuses on what’s really driving the industry—not just the headlines.They explore Amazon’s deepening relationship with Anthropic, SpaceX’s move into AI-powered coding tools, Apple’s leadership transition, and Google’s latest push to compete in AI hardware. If you’re in enterprise IT, cloud, or AI, this episode delivers practical insight into where the market is heading and what it means for you.⸻📌 Show Notes00:00 – Intro⸻📰 News Bytes00:44 – Amazon to Invest up to $25B in AnthropicAmazon is making a headline-grabbing investment in Anthropic—up to $25B—but the real story is the $100B cloud commitment tied to it. This isn’t just funding; it’s a strategic alignment around compute.The deal effectively locks Anthropic into AWS infrastructure while giving Amazon a massive AI revenue pipeline. Rather than a traditional investment, this looks more like a large-scale pricing and positioning play designed to boost both companies’ valuations and market presence.This signals deeper consolidation in the AI ecosystem.https://www.usnews.com/news/top-news/articles/2026-04-20/anthropic-to-spend-over-100-billion-on-amazons-cloud-technology⸻06:23 – SpaceX Buying Cursor?SpaceX is exploring a partnership—or potential acquisition—of AI coding platform Cursor, signaling a deeper push into AI-driven development. The goal appears to be enabling faster software creation for real-world systems like rockets, robotics, and autonomous vehicles.Unlike other AI players focused on chatbots, SpaceX is targeting physical-world applications, where coding tools directly impact hardware behavior. Access to massive compute resources could accelerate development dramatically.The big question: what’s the true “secret sauce” that justifies these valuations?https://www.reuters.com/technology/spacex-says-it-has-option-acquire-startup-cursor-60-billion-2026-04-21/⸻11:11 – Tim Cook to Step Down as Apple CEOAfter 15 years as CEO, Tim Cook is stepping down, transitioning leadership to John Ternus. Cook’s tenure focused on operational excellence and massive growth, taking Apple to unprecedented scale.Now the focus shifts toward innovation—especially in how hardware integrates with AI. Apple’s strategy has always centered on delivering technology through intuitive, high-quality devices, and this leadership change may signal a renewed push in that direction.This marks a transition from optimization to reinvention.https://www.marketwatch.com/story/tim-cook-to-step-down-after-15-years-at-the-helm-of-apple-68d0e126⸻18:15 – Google Unveils New AI ChipsGoogle is doubling down on AI infrastructure with new chips designed specifically for training and inference. By separating these workloads, Google aims to improve efficiency and reduce power consumption at scale.This reflects a broader industry shift: AI is no longer just about performance—it’s about energy efficiency and cost per workload. As AI demand grows, power constraints are becoming a defining factor.The race for efficient AI compute is accelerating fast.https://www.cnbc.com/2026/04/22/google-launches-training-and-inference-tpus-in-latest-shot-at-nvidia.html⸻📬 22:55 – Mail Bag🔚 26:29 – Wrap Up⸻🌐 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn

NIST is changing how it handles CVEs after a massive surge in vulnerability submissions—and it could reshape how enterprise IT teams manage risk. In this episode of IT SPARC Cast – CVE of the Week, John and Lou break down what this shift means, the risks of incomplete vulnerability data, and how AI-driven attacks are forcing a new security reality.⸻📄 Show Notes🚨 CVE of the Week (Special Edition): NIST Scaling Back CVE EnrichmentThis week, instead of a single CVE, we’re covering a major shift in how vulnerabilities are tracked and analyzed.The National Institute of Standards and Technology (NIST) is scaling back its enrichment of CVEs due to a massive surge in vulnerability submissions—up 263% since 2020.⸻🔍 What’s ChangingNIST will no longer fully analyze every CVE submitted to the National Vulnerability Database (NVD).Instead, they will prioritize:Known exploited vulnerabilitiesCritical/high-impact vulnerabilitiesSoftware used by government systemsLower-priority CVEs will still be listed—but:❌ No CVSS score❌ Limited or no analysis❌ Minimal context on impact or exploitability⸻⚠️ Why This MattersCVE “enrichment” is what makes vulnerability data actionable. Without it, security teams lose:Severity scoring (CVSS)Attack vectors and exploit detailsAffected systems and productsContext for prioritization👉 In short: more noise, less signal⸻🔗 The Hidden Risk: Chained ExploitsThis shift introduces a major blind spot:Lower-severity vulnerabilities (CVSS 6–7) may not be enrichedAttackers can chain multiple low-severity flawsResult: full compromise equivalent to a critical vulnerability👉 Two “7s” can still equal a “10” in real-world attacks⸻🤖 AI Is Driving the ExplosionThe root cause is scale—and AI is accelerating it:Automated tools can discover vulnerabilities at massive scaleAttackers don’t need advanced intelligence—just volumeThousands of bots probing systems = exponential growth in CVEsThis is pushing NIST—and the entire vulnerability ecosystem—to its limits.⸻🧠 What This Means for Enterprise ITYou can no longer rely solely on NIST/NVD as your source of truth.New reality:CVE databases will be incompletePrioritization gaps will increaseAttackers will target overlooked vulnerabilities⸻🛠️ Recommended StrategyImmediate Adjustments:Monitor third-party threat intelligence sourcesInvest in security subscriptions (threat intel platforms)Track research from vendors (e.g., Unit 42, etc.)Operational Changes:Move beyond “patch Tuesday” mentalityImplement continuous vulnerability assessmentUse AI/automation for:Threat detectionPrioritizationPatch validation⸻⚖️ Auto-Patching: Risk vs RewardListener feedback raised a key point:Auto-updates can introduce supply chain riskBut delaying patches increases exposure to exploits👉 The answer is not binary:Enable auto-updates where safeMaintain robust backup and rollback strategiesAssess risk per system—not globally⸻🔄 Key TakeawayWe are entering a transitional phase in cybersecurity:Vulnerability volume is explodingTraditional scoring systems are breaking downAI will eventually help defend—but not yet👉 Until then: speed, visibility, and adaptability are your best defenses⸻💬 Listener FeedbackThanks to listener Miruxa for highlighting the risks of auto-updating in light of recent supply chain attacks.Key takeaway:You’re exposed if you update too fastYou’re exposed if you update too slowSecurity now requires constant assessment, not fixed policies⸻📣 Wrap UpWhat do you think—Is NIST making the right call, or does this create more risk than it solves?📧 Email: feedback@itsparccast.com🐦 X: @itsparccast💬 YouTube: Drop a comment—we read them all⸻🔗 Social LinksIT SPARC Cast@ITSPARCCast on Xhttps://www.linkedin.com/company/sparc-sales/ on LinkedInJohn Barger@john_Video on Xhttps://www.linkedin.com/in/johnbarger/ on LinkedInLou Schmidt@loudoggeek on Xhttps://www.linkedin.com/in/louis-schmidt-b102446/ on LinkedIn