NB573: Cisco Open-Sources OpenClaw Protection; T-Mobile Taps Starlink for Broadband Redundancy
Network Break episode NB573 covers Cisco open-sourcing DefenseClaw for OpenClaw AI agent security, T-Mobile's new Super Broadband service combining 5G and Starlink, and multiple AI security announcements from Aviatrix, BlueCat, and Palo Alto/Google. The hosts also discuss quarterly results from Extreme Networks, F5, and Checkpoint, and debate the sustainability of AI subsidies as GitHub moves to usage-based pricing.
Summary
The episode opens with follow-up from listeners, including a discussion about Anthropic's Project Glasswing and whether it could be a Trojan horse for stealing proprietary code. Listeners and hosts largely dismiss this concern, noting that Microsoft, Google, and Amazon already own stakes in Anthropic. Additional follow-up covers Fortinet extending end-of-engineering support dates for versions 7.4 and 7.6, a listener's supply chain graphic on router manufacturing, and a substantive discussion about the 40-minute exploit window for new patches. The hosts agree with listener Paul that patching automation doesn't fully solve the problem since many organizations intentionally delay production patches for testing, and they predict a 'painful year or three' of serious data breaches ahead.
The red alert segment highlights 1,255 new CVEs in the week ending April 30th, with 13 critical Linux kernel vulnerabilities all scoring 9.8, covering memory corruption, TLS functionality flaws, use-after-free bugs, double-free issues in SMB handling, and IP-over-USB memory overflow problems.
On the news front, Cisco announced DefenseClaw, an open-source security project for OpenClaw AI agent frameworks. DefenseClaw scans skills, tools, and plugins against allow/deny lists, detects malicious behaviors at runtime, and streams output to Cisco Splunk. The hosts raise the question of whether OpenClaw supports default-deny configuration, arguing that anything less undermines zero-trust principles. Aviatrix announced two new AI security features: Zero Trust for AI Workloads with default-deny enforcement, and Agent Guard, which discovers AI agents across VMs, Kubernetes clusters, and serverless functions, with prompt injection blocking and DLP scanning coming in Q3. BlueCat announced MCP server tech preview to broker access between AI agents and its DDI (DNS, DHCP, IPAM) data platform.
AT&T is expanding its Dynamic Defense security service to mid-sized businesses, offering block-and-tackle security features like IP block lists, geofencing, DNS protection, stateful firewall, and inline malware detection. GitHub/Microsoft announced a shift to usage-based, token-consumption pricing for GitHub Copilot starting June 1st, ending the subsidy model. The hosts argue this is a positive development that will force organizations to honestly assess AI's return on investment, citing Stanford research showing AI delivers ~20% productivity gains for first-level help desks but weak-to-negative correlation at higher support tiers. Microsoft also expanded Azure Local into a sovereign private cloud solution supporting thousands of nodes, fiber channel SANs, disaggregated compute/storage scaling, and local cryptographic key management.
Palo Alto and Google announced integrations at Google Cloud Next, including native Prisma AIRS integration into Gemini's agent platform, IaC templates for AIRS in Google Cloud's Application Design Center, and Advanced WildFire inline sandboxing integrated into Google Cloud's next-gen firewall. The hosts debate who benefits more, landing on Palo Alto extending its platform reach.
Quarterly results covered Extreme Networks (Q3 FY2026: $316.9M revenue, +11% YoY), F5 (Q2 FY2026: $812M revenue, +11% YoY, net income essentially flat suggesting heavy reinvestment), and Checkpoint (Q1 FY2026: $668M revenue, +5% YoY, 83% from subscriptions and maintenance).
The space networking segment covers three stories: T-Mobile's Super Broadband combining fixed 5G and Starlink via Ericsson CradlePoint load balancers with SD-WAN capabilities and a 99.99% uptime guarantee; the FCC approving AST SpaceMobile's 248-satellite LEO constellation for direct-to-device 5G (despite a recent failed launch leaving Bluebird 7 in a useless elliptical orbit); and Meta's partnership with Overview Energy to test beaming solar energy from orbit as near-infrared light to ground-based solar panels, with satellite testing expected in 2028.
About this episode
Take a Network Break! It’s a busy show this week. We start with follow-up on Anthropic’s Project Glasswing, router bans, and end-of-engineering/end-of-support date changes for Fortinet’s FortiOSv7.4. Our Red Alert warns of 13 critical CVEs in the Linux kernel (all of which can be addressed by updating to version 7). On the news front, Cisco<a class="excerpt-read-more" href="https://packetpushers.net/podcasts/network-break/nb573-cisco-open-sources-openclaw-protection-t-mobile-taps-starlink-for-broadband-redundancy/" title="ReadNB573: Cisco Open-Sources OpenClaw Protection; T-Mobile Taps Starlink for Broadband Redundancy">... Read more »</a>
Key Insights
- The hosts argue that the 40-minute exploit window for new patches cannot be solved by automation alone, since many organizations intentionally delay production patches by days or weeks for testing, meaning the real problem is structural to how security organizations operate.
- Drew and John contend that GitHub ending its AI subsidy model is a net positive, arguing it will force organizations to honestly calculate AI ROI rather than adopt it because it feels free.
- John cites Stanford research showing AI delivers roughly 20% productivity gains for first-level help desks but shows 'weak to negative correlation' at second and third support tiers, suggesting AI's productivity benefits are narrower than commonly claimed.
- The hosts argue that Palo Alto benefits more than Google from their announced integrations, framing it as Palo Alto 'extending its tentacles everywhere' by embedding into Google Cloud's platform rather than Google gaining a unique security edge.
- Drew characterizes the entire AI vulnerability landscape as 'pouring gasoline on a fire that has been burning for a long time,' arguing that while LLM-accelerated exploitation is not entirely new, the global awareness and acceleration of the capability represents a meaningful escalation.
- John argues that Aviatrix's default-deny enforcement for AI workloads is the correct approach, stating that any security posture short of default deny is fundamentally incompatible with zero-trust principles.
- The hosts frame AST SpaceMobile's FCC approval and AT&T/Verizon partnerships as the mechanism by which those carriers plan to compete with T-Mobile and Starlink in the direct-to-device satellite space.
- John expresses skepticism about broad AI platform claims, but argues Extreme Networks is an exception because it 'labored quietly for months to years' before making marketing noise, suggesting their AI story has substance behind the presentation.
Topics
Transcript
Take a network break. I'm Drew Connery-Murray. I'm John A. Johnson. Grab a virtual donut and a beverage of your choice. I am partial to homemade chai these days. Ah, nice. As we race through this week's news, we've got news from Cisco on AI safety, announcements from Aviatrix, Blowcat, Microsoft, Google, AT&T, and Palo Alto, and quarterly results and a full quiver of space networking news. Yeah, it's a full show today. Today, we are sponsored by Nokia and their event-driven automation, or IDA. IDA is Nokia's cloud-native infrastructure automation platform. It's built on Kubernetes. For data center networks, IDA supports multiple vendors and integrates both generative and agentic AI, including the new Ask IDA. You can find out…
Full transcript available for MurmurCast members
Sign Up to AccessMore from The Everything Feed - All Packet Pushers Pods
IPB202: How to Get Hands-On IPv6 Deployment Experience
Ed Horley interviews John, an experienced network engineer, about practical ways to gain hands-on IPv6 experience at home. They discuss consumer-grade IPv6 setups, multi-homing challenges, ULA addressing, NAT/masquerading trade-offs, and how working with multiple historical protocols informs modern IPv6 design thinking.
N4N057: The Art of Troubleshooting
Ethan Banks and Holly Podbilak discuss a structured methodology for network troubleshooting on the NS for Networking podcast. They cover steps from gathering information and recreating problems to using tools like AI, logs, and packet captures, while emphasizing the human elements of staying calm, working as a team, and documenting root causes.
D2DO304: Observability in the Age of AI
Kyler Middleton and Ned Belovance interview Anuj Tyagi about AI observability, covering the unique challenges of monitoring AI stacks versus traditional applications, the importance of tracking token costs, implementing guardrails, and how tools like Agent Gateways and MCP servers add new layers of complexity to observability.
PP113: Patch Gaps, Pretexting, and AI Use for Crimes and Crimefighting: 2026 Verizon DBIR Highlights
Hosts Jennifer Jabush and Drew Connery-Murray discuss highlights from the 2026 Verizon Data Breach Investigations Report, covering shifts in attack vectors, ransomware trends, third-party risk, and AI's role in both cybercrime and enterprise security. The report is based on 31,000 incidents and over 22,000 confirmed breaches across 145 countries from November 2024 to October 2025. Key findings include vulnerability exploitation surpassing credential abuse as the top initial access vector, and 60% of breaches now involving third-party relationships.
HW081: What to Do About the 6GHz Upper Band Split
Keith Parsons discusses how the 6 GHz Wi-Fi band is splitting along regional lines, with the lower half settled for Wi-Fi globally but the upper half contested between Wi-Fi and mobile carriers. The US has the full 1200 MHz for Wi-Fi, the UK is pursuing a sharing model, and the EU is leaning toward reserving most of the upper band for future mobile use. This has significant implications for network designers working across multiple regions.