NB573: Cisco Open-Sources OpenClaw Protection; T-Mobile Taps Starlink for Broadband Redundancy

The episode opens with follow-up from listeners, including a discussion about Anthropic's Project Glasswing and whether it could be a Trojan horse for stealing proprietary code. Listeners and hosts largely dismiss this concern, noting that Microsoft, Google, and Amazon already own stakes in Anthropic. Additional follow-up covers Fortinet extending end-of-engineering support dates for versions 7.4 and 7.6, a listener's supply chain graphic on router manufacturing, and a substantive discussion about the 40-minute exploit window for new patches. The hosts agree with listener Paul that patching automation doesn't fully solve the problem since many organizations intentionally delay production patches for testing, and they predict a 'painful year or three' of serious data breaches ahead.

The red alert segment highlights 1,255 new CVEs in the week ending April 30th, with 13 critical Linux kernel vulnerabilities all scoring 9.8, covering memory corruption, TLS functionality flaws, use-after-free bugs, double-free issues in SMB handling, and IP-over-USB memory overflow problems.

On the news front, Cisco announced DefenseClaw, an open-source security project for OpenClaw AI agent frameworks. DefenseClaw scans skills, tools, and plugins against allow/deny lists, detects malicious behaviors at runtime, and streams output to Cisco Splunk. The hosts raise the question of whether OpenClaw supports default-deny configuration, arguing that anything less undermines zero-trust principles. Aviatrix announced two new AI security features: Zero Trust for AI Workloads with default-deny enforcement, and Agent Guard, which discovers AI agents across VMs, Kubernetes clusters, and serverless functions, with prompt injection blocking and DLP scanning coming in Q3. BlueCat announced MCP server tech preview to broker access between AI agents and its DDI (DNS, DHCP, IPAM) data platform.

AT&T is expanding its Dynamic Defense security service to mid-sized businesses, offering block-and-tackle security features like IP block lists, geofencing, DNS protection, stateful firewall, and inline malware detection. GitHub/Microsoft announced a shift to usage-based, token-consumption pricing for GitHub Copilot starting June 1st, ending the subsidy model. The hosts argue this is a positive development that will force organizations to honestly assess AI's return on investment, citing Stanford research showing AI delivers ~20% productivity gains for first-level help desks but weak-to-negative correlation at higher support tiers. Microsoft also expanded Azure Local into a sovereign private cloud solution supporting thousands of nodes, fiber channel SANs, disaggregated compute/storage scaling, and local cryptographic key management.

Palo Alto and Google announced integrations at Google Cloud Next, including native Prisma AIRS integration into Gemini's agent platform, IaC templates for AIRS in Google Cloud's Application Design Center, and Advanced WildFire inline sandboxing integrated into Google Cloud's next-gen firewall. The hosts debate who benefits more, landing on Palo Alto extending its platform reach.

Quarterly results covered Extreme Networks (Q3 FY2026: $316.9M revenue, +11% YoY), F5 (Q2 FY2026: $812M revenue, +11% YoY, net income essentially flat suggesting heavy reinvestment), and Checkpoint (Q1 FY2026: $668M revenue, +5% YoY, 83% from subscriptions and maintenance).

The space networking segment covers three stories: T-Mobile's Super Broadband combining fixed 5G and Starlink via Ericsson CradlePoint load balancers with SD-WAN capabilities and a 99.99% uptime guarantee; the FCC approving AST SpaceMobile's 248-satellite LEO constellation for direct-to-device 5G (despite a recent failed launch leaving Bluebird 7 in a useless elliptical orbit); and Meta's partnership with Overview Energy to test beaming solar energy from orbit as near-infrared light to ground-based solar panels, with satellite testing expected in 2028.