Bishop Fox

Introducing CloudFox GCP

A new extension of CloudFox designed to help practitioners assess Google Cloud environments from an attacker’s perspective.

Now on GitHub: bishopfox.com/blog/introdu...

The Role of AI in Modernizing Enterprise Application Security Learn how AI assisted security testing strengthens enterprise AppSec, expands coverage at scale, and improves protection across application portfolios.

bishopfox.com/resources/th...

Enterprise application portfolios are bigger and more complex than ever.

But most testing models were built for a much smaller world.

Join our session with Zach Moreno on how AI-assisted testing can help security teams scale coverage across modern enterprise environments.

March 24 | 2 p.m. ET

Most underrated engineering principle?

YAGNI.

If you’re building for a future that doesn’t exist yet, you’re adding complexity.

From our recent tool building workshop on Discord.

* Sliver 😉 Thanks for including us!

Smart TVs are part of your attack surface.

We identified an arbitrary command injection issue in Samsung Tizen OS (through 9.0) that allows OS-level command execution in developer mode.

Details: bishopfox.com/blog/samsung...

AI & Security Risks: Governance, Guardrails, and What’s Next AI governance insights from security leaders on managing risk, supply chain exposure, and building guardrails before scaling adoption.

Full write up: bishopfox.com/blog/ai-secu...

AI risk doesn’t behave like traditional software risk in that:

It’s probabilistic.
It’s supply-chain dependent.
It’s difficult to fully enumerate.

In this clip from our AI & Security Risks panel, @kriskimmerle.bsky.social of RealPage, Inc. breaks down why governance needs a different framing.

Release 1.4: SSO Phishing, Patching Failures, Exposed APIs YouTube video by Bishop Fox

youtu.be/g_oGNFzCXK0

Bot traffic spikes on a ghost website.

It's a weird headline.

But the real defender question is:
When you see activity in one area, is that the target or the distraction?

From the latest Initial Access with Dan Petro and Justin Greis of acceligence.

The Official Cybersecurity Summit, CyberRisk Alliance 2026 Hear Bishop Fox CISO Christie Terrill at the New York Cybersecurity Summit speaking on The Power of Diversity in Cybersecurity panel.

bishopfox.com/events/the-o...

Christie Terrill (CISO, Bishop Fox) will speak at the Official Cybersecurity Summit on how diversity strengthens cybersecurity teams, improving innovation, threat detection, and long-term resilience.

Complimentary registration with code CSS26-FAIR.
Up to 8 CPE credits.

Feb. 25 | New York

Good step for RCS security!

We've got a ways to go still, but this is progress.

Most Security Programs Test a Fraction of Their Applications. That… Bishop Fox's Rob Ragan explains how Cosmos AI changes application security testing: submit a URL, get expert-validated findings, and scale portfolio…

bishopfox.com/blog/most-se...

If you’ve ever wondered why AppSec coverage never seems to catch up with reality, this is a good read.

At its core, it's an operating model problem. This post by Principal Technology Strategist Rob Ragan walks through why most apps never get tested and what actually changes that.

Initial Access - 02/13/2026 YouTube video by Bishop Fox

Full episode of this week's news: youtu.be/_1Z7Rf3ALDU

AI-powered impersonation into
Live Zoom calls into
ClickFix malware.

Senior Security Consultant Brandon Kovacs explains how deepfake tech is now being used to gain real initial access into enterprise environments.

Initial Access - 02/13/2026 YouTube video by Bishop Fox

Full episode: youtu.be/_1Z7Rf3ALDU

Trusted marketplace integrations can still be attack paths.

Senior Security Consultant Leron Gray explains why if you’re not reviewing your Azure enterprise apps and Outlook add-ins regularly, you probably should be.

Social engineering our way into your heart. 🤍🩶🖤❤️ Just kidding. We’d rather earn your trust the right way.

Happy Valentine’s Day from Bishop Fox.

Building Tools: What, When, and How Join the Building Tools workshop to learn when to build custom security tools, when to use existing ones, and how to build simply without overengineering.

bishopfox.com/resources/bu...

The security ecosystem is packed with tools.

But sometimes the right move is to sit down and build exactly what you need.

Tom Hudson (@tomnomnom.com ) is hosting a live Discord workshop on when to build, when not to, and how to approach tool-building without overengineering.

Red Team Vendor Evaluation Worksheet The Red Team Vendor Evaluation Matrix Worksheet is designed to help security leaders evaluate red team vendors thoughtfully before engagement using a…

We built a structured evaluation worksheet for CISOs who want to make defensible decisions: bishopfox.com/resources/re...

Be honest:

When you picked your last Red Team vendor, what mattered most?

Happening now

AI & Security Risks: A Cyber Leadership Panel

Real talk from security and AI leaders on where AI risk is showing up right now and what teams are doing about it.

bishopfox.com/resources/ai...

Last call 🚨

AI risk is real and ownership, cost, and security are still catching up.

Join us tomorrow for a candid leadership panel on what’s actually working (and what isn’t).

Feb 11 | 2p.m. ET / 7p.m. GMT

bishopfox.com/resources/ai...

AI is becoming a real part of security work.

Today, Bishop Fox introduces Cosmos AI: a proprietary engine that powers AI-augmented application penetration testing while keeping human judgment central to the results.

bishopfox.com/news/bishop-...

AI-powered security can't stop at automation.

Tomorrow, we’re opening a new door to human expertise...

Most disappointing pen tests fail because no one aligned on what questions needed answering.

Here’s how application testing creates clarity (especially with AI in the mix): bishopfox.com/blog/get-the...

This short-lived but massive DDoS attack is a big change from what many teams planned for even a year or two ago.