The AI Zero-Day Engine, China’s Cyber Rise, and CI/CD Poisoning

This week on Dragon News Bytes, Eli Woodward, Will Baxter, and Will Thomas return from RISE Dublin to cut through the AI hype and discuss the realities of automated threat hunting. From the zero-day discovery capabilities of the Claude "Mythos" model to China’s emerging equivalent, the team explores how AI is acting as a massive force multiplier for adversaries.

We also break down a critical CI/CD pipeline poisoning incident impacting developers, and discuss why the traditional CTI analyst role is rapidly evolving into a CTI engineering function.
‍

Topics & References
‍

Part 1: The AI Zero-Day Engine (Mythos) vs. The Basics

• Automated Exploitation: AI models like "Mythos" aren't changing the MITRE ATT&CK framework; they are simply a faster engine for finding zero-days and running automated penetration testing.
• The Defense Reality: The rise of AI-driven zero-days means defense must double down on the basics. The critical questions remain: How good is your asset inventory? Are you detecting scans? Can you spot weird outbound VPN traffic?.

Part 2: China’s Cyber Superpower Status & The Tianfu Cup

• A Peer Adversary: Dutch intelligence recently stated publicly that China’s cyber power is now on par with the US. China is developing its own "stable model" equivalent to Mythos.
• Industrialized Intelligence: By feeding data from domestic zero-day competitions like the Tianfu Cup into large language models, China is positioning itself to industrialize vulnerability discovery.

Part 3: CI/CD Poisoning & The Developer Target

• Bitwarden & Checkmarks Compromise: A significant supply chain incident occurred when a threat actor, "Team PCP", poisoned a CI/CD pipeline.
• The "Naive Coder" Risk: Attackers are moving away from average users and targeting the admins and developers who hold "the keys to the kingdom," maximizing the downstream blast radius.

Part 4: Blue Team Engineering & Guardrails

• The Rise of the CTI Engineer: The industry is pivoting from analysts to CTI engineers. To effectively leverage AI, teams must build and maintain automated pipelines using tools like GitHub Actions.
• Product Requirements Documents (PRDs): Defenders must institute strong PRDs and guardrails before spending a single token on new AI apps to ensure sustainable, secure infrastructure.

Events & Community:
‍

• RISEx Sydney: May 6 in Sydney, Australia‍
  
  • 🔗 to register: https://www.team-cymru.com/events/rise-sydney-2026

• RISEx Frankfurt: May 28th in Frankfurt, Germany‍
  
  • 🔗 to register: https://www.team-cymru.com/events/rise-frankfurt-2026

• RISEx Chicago: June 3rd in Chicago, IL‍
  
  • 🔗 to register: https://www.team-cymru.com/events/rise-chicago-2026
    ‍
• RISEx New York: June 16 in New York City, US‍
  
  • 🔗 to register: https://www.team-cymru.com/events/rise-new-york-city-2026

• RISEx DC: June 11 in Washington DC, US

• Underground Economy: September 7th -9th in Strasbourg, France‍
  
  • 🔗 to register: https://www.team-cymru.com/events/underground-economy-2026

Connect with Us:

‍

• Follow us on LinkedIn: https://www.linkedin.com/company/team-cymru
• Subscribe to the Dragon News Bytes feed: https://www.team-cymru.com/dnb

Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.