Over the past couple of days, I was digging into the latest Anthropic Threat Report and one section really hit me.

They wrote: ‘We’ve developed sophisticated safety and security measures to prevent misuse of our AI models. While generally effective, cybercriminals keep finding ways around them.’

And then they shared some eye-opening case studies—threat actors aren’t just asking AI for advice, they’re embedding it across their entire attack lifecycle. We’re talking reconnaissance, credential harvesting, extortion campaigns, even creating fake identities at scale. This is a whole new level of AI misuse—where a single actor can punch way above their weight class by turning AI into both consultant and operator.

That’s why I’m so excited about today’s guest: Clark Harshbarger, former Director of Incident Response at CrowdStrike. We’re going to explore both sides of this coin: how attackers are scaling their operations with AI, and how incident responders are starting to fight fire with fire—using AI to speed up detection and response when every second counts. Article: https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6c0cea8c200.pdf

In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens.

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.

Special guests:

MacKenzie Brown, VP of APG at Blackpoint

Charles Buck, Founder and CTO of SaaS Alerts

Chris Loehr, DFIR Exerpt

Phyllis Lee, VP of Content at CIS

Last week, we dug into the surge of SonicWall VPN compromises. At first, there was speculation about a possible new zero day — but as the dust settled, we learned it was far more familiar: unpatched systems, misconfigurations, stale service accounts.

One of the biggest takeaways came from breach attorney Spencer Pollack, who cautioned MSPs: don’t speculate. When cyber hits the fan, the truth comes out in the contracts.

That’s exactly where we’re going in today's session. We’re joined by two legal experts — Eric Tilds, MSP business attorney, and Spencer Pollock, breach attorney — to break down how your MSAs and SOWs can either protect you or expose you during a cyber incident.

If you’ve ever wondered whether the language in your agreements will hold up when your client is breached, this is the conversation you don’t want to miss.