Resources
Radical thinking and constant research inform all we do. Think ahead with shared intelligence from our Swarm of ethical hackers.
DORA is not GDPR. Stop treating it like it is.
Most firms are treating DORA like GDPR: get a consultant, document the framework, move on. That worked for data privacy.…
Frontier AI models are exciting.
CovertSwarm COO Luke Potter on why frontier AI is genuinely exciting, why most of the conversation is asking the wrong…
AI Sharpens the Question. It Doesn’t Change the Answer.
The cyber security industry has spent decades selling findings instead of answers. AI tools like Mythos make the problem faster…
Constant Cyber Attack: What People Keep Getting Wrong
There are a lot of terms floating around offensive security right now. COST. CTEM. Exposure validation. Some of it is…
When “Just Logging In” Isn’t Just Logging In: A Lookat xrdp and CVE-2026-33145
A quiet finding with real-world impact. CVE-2026-33145 shows how xrdp's AlternateShell feature, enabled by default, passes client-supplied input directly into…
Mythos found a $20,000 bug. It won’t tell you who’s already inside.
Anthropic's Mythos has dominated the security conversation this week. But the debate about whether it's overhyped is the wrong argument.…
CovertSwarm launches RAID: Our red team AI division
CovertSwarm COO Luke Potter announces RAID, our Red Team AI Division, and why real adversaries made it non-negotiable.
What kills new CISOs in their first 90 days – it’s not attackers.
The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of…
CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story
Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…