Opinion

Annual penetration testing doesn't just fail to keep pace with your attack surface. It operates on a calendar your adversaries can read. CovertSwarm COO Luke Potter on the reconnaissance signals that make your testing rhythm visible, and the logic that keeps security leaders locked into a model they know is broken.

attacker doesn't follow your calendar

Your attacker knows when your last pen test was 

Annual penetration testing doesn't just fail to keep pace with your attack surface. It operates on a calendar your adversaries…

Swarm Intelligence banner with redacted text

Claude Fable 5: what we know so far

Fable is the first publicly accessible version of Anthropic's Mythos-class model, the tier they initially decided was too capable to…

Frontier AI models and offensive security - Luke Potter CovertSwarm

Frontier AI models are exciting.

CovertSwarm COO Luke Potter on why frontier AI is genuinely exciting, why most of the conversation is asking the wrong…

A lone figure walks away down a dark, empty street at night, unseen and undetected.

AI Sharpens the Question. It Doesn’t Change the Answer.

The cyber security industry has spent decades selling findings instead of answers. AI tools like Mythos make the problem faster…

unlocked door - people- constant cyber attack

Constant Cyber Attack: What People Keep Getting Wrong

There are a lot of terms floating around offensive security right now. COST. CTEM. Exposure validation. Some of it is…

Mythos ai zero day discovery

Mythos found a $20,000 bug. It won’t tell you who’s already inside. 

Anthropic's Mythos has dominated the security conversation this week. But the debate about whether it's overhyped is the wrong argument.…

Preview first 90 days new CISO whitepaper

What kills new CISOs in their first 90 days – it’s not attackers. 

The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of…

fallback image

CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story

Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…

Proof of human social engineering

Proof of Human solves the bot problem. It doesn’t solve the people problem.

World ID can prove a real human is behind an account. It can't prove that human hasn't already been phished,…