Resources

/

Podcasts

/

Autonomous IT, Live!

The Math of Modern Attacks

Episode 07   Published April 28, 2026 33 minute watch

Autonomous IT Podcast

Autonomous IT, Live!

Autonomous IT, Live! is Automox's live series, hosted by a rotating cast of Automox leaders including CEO Justin Talerico, Charles Coaxum, and Landon Miles. Each live episode covers automation and endpoint management, identity and incident response, real attacker stories, and candid forecasts for the year ahead.

Jason Kikta is the CTO of Automox

Host

Jason Kikta

RECENT EPISODES

Best-In-Class Remote Control

CISA's BOD 26-04 Directive Explained

[Nothing Weaponized, Everything Exposed]

[AI Hits the Hat Trick], Ep. 32

View all episodes

Available wherever you get your podcasts

Youtube

Apple Podcasts

Spotify

Overcast

Pocket Casts

Amazon Music

Castro

Goodpods

Castbox

Podcast Addict

Player FM

Deezer

Summary

AI has collapsed the time between a patch release and a working exploit to under an hour, which breaks detection-and-response models built for human-speed attacks. Dmitri Alperovitch, co-founder and former CTO of CrowdStrike and Automox board chairman, coined the 1-10-60 benchmark at CrowdStrike: detect in one minute, investigate in ten, remediate in 60. He says it is no longer fast enough, and that defenders have to return to prevention. Automox CTO and CISO Jason Kikta says the default should flip toward patching by default and finding reasons to back off, with risk-limiting controls like parallel patch rings. The pressure comes from LLMs that auto-generate fuzzing harnesses and make intuitive leaps across similar code paths, narrowing an edge once held by a few hundred elite exploit researchers.

Takeaways

  1. Attacker breakout times average 48 minutes per recent CrowdStrike data, and roughly one third of critical vulnerabilities are exploited within 24 hours. Yet Automox research found 51% of organizations report a five-day or unknown patch timeline.

  2. The 1-10-60 standard Alperovitch coined at CrowdStrike means detect in one minute, investigate in ten, remediate in 60. That was once elite-of-the-elite speed, and even that is no longer enough against automated attacks.

  3. Kikta says the default should flip toward patching by default and then finding reasons to back off, because the risk of a breach now outweighs the risk that a given patch causes a crash or outage.

  4. Running multiple simultaneous patch rings split by software type – for example, one early on third-party apps and another early on OS updates – lets you patch fast while limiting the blast radius of a bad update.

  5. LLMs are reshaping vulnerability discovery by auto-generating fuzzing harnesses and making intuitive leaps across similar code paths, narrowing the edge once held by a few hundred elite exploit researchers.

Topics

Vulnerability Remediation

See for yourself how policy-driven IT Automation saves time and eliminates risk.

Dive deeper into this topic

CISA's BOD 26-04 Directive Explained

Podcast

CISA BOD 26-04 sets a 3-day patch deadline for federal agencies. Here's what changed, why it will reach your organization, and what to do before it does
The Three-Day Clock: What CISA's New Patching...

CISA BOD 26-04 sets a 3-day patch deadline for federal agencies....

Dirty Frag: What You Need to Know and How to...

Dirty Frag is an unpatched Linux LPE chain affecting esp4, esp6,...

Claude Mythos: AI Vulnerability Hype vs. Evidence

Podcast