Blog

Mythos: The Ultimate Pentesting Tool?

Sonali Shah — Mon, 13 Apr 2026 17:40:52 GMT

When I first read what Mythos was capable of, it was clear we’ve reached an inflection point sooner than expected. Anthropic has demonstrated something the industry can’t ignore: vulnerability discovery has scaled beyond human constraints. It can identify and exploit vulnerabilities at a level that was previously impractical. And more impressive is the fact that Mythos was not trained to be a hacker. These offensive capabilities are a “downstream consequence” of improved reasoning and autonomy.

Cobalt Pentester Spotlight — Orhan Yildirim

Noelle Hori — Thu, 02 Apr 2026 18:14:48 GMT

The Cobalt Pentester Spotlight highlights the fascinating journey of our Core members. Through an interview style, we share their experiences, background, and insights into the world of an accomplished pentester.

Moving from Annual VAPT to CTEM (Continuous Threat Exposure Management)

Joe Brinkley — Wed, 25 Mar 2026 15:29:43 GMT

The accelerating speed of AI-powered cyberattacks has made traditional vulnerability assessment and penetration testing (VAPT) inadequate as a standalone solution. Today’s continual bombardment of cyberattacks requires VAPT to be supplemented by a continuous threat exposure management (CTEM) approach to cybersecurity. In this guide, we’ll cover why CTEM has become necessary, how it fills security gaps undefended by VAPT, and how to implement a shift from VAPT to CTEM.

How Cobalt Is Harnessing a Decade of Pentest Data for Hyper-Automation

Deepak Dalvi — Thu, 19 Mar 2026 11:00:00 GMT

If your plan for securing a 40% larger attack surface this year is "work harder," you’ve already lost. We are living through a period of hyper-acceleration. Engineering teams ship code daily, and AI-generated code introduces complexity at unprecedented speed.

The Iranian Cyber Playbook: What Security Teams Should Expect

Joe Brinkley — Tue, 17 Mar 2026 23:01:29 GMT

It’s a common misconception that geopolitical crises stay confined to the physical battlefields. If all of the action is overseas, it can’t possibly impact us over here, right? Absolutely wrong. They spill into cyberspace, where state-aligned actors test defenses, probe infrastructure, and exploit organizations that are slow to adapt.

Breaking In, Breaking Through: Q&A With Women in Offensive Security

Cobalt — Tue, 17 Mar 2026 19:46:26 GMT

Cybersecurity is built on curiosity, persistence, and a willingness to challenge how things work. Nowhere is that more evident than in offensive security, where thinking differently is essential.

Cobalt Pentester Spotlight — Krishna Sai Nuthakki

Noelle Hori — Fri, 13 Mar 2026 19:59:32 GMT

ADCS-ESC1: Misconfigured Certificate Templates Leading to Full Domain Compromise

GhostShift — Thu, 12 Mar 2026 20:56:16 GMT

Executive Summary

Active Directory Certificate Services (ADCS) ESC1 is a critical misconfiguration that allows attackers with low-privileged domain credentials to escalate to Domain Administrator. This vulnerability exists when certificate templates are improperly configured, allowing users to request certificates on behalf of any domain account, including administrators.

Where Claude’s Security Scanning Falls Short (and Why That's Okay)

willa.riggins@cobalt.io (Willa Riggins) — Tue, 10 Mar 2026 19:48:52 GMT

Across the security industry, we’re seeing the effects of advances in AI technology, and Claude Code Security's recent announcement is no exception. The market, as volatile as it is these days, seems to think this is a turning point—as we saw several major SaaS security stocks tank on the date of Anthropic’s announcement.

What to Expect from Cobalt at RSAC 2026

Lisa Matherly — Mon, 09 Mar 2026 19:43:49 GMT

It’s that time of the year again. The city, the people, the events, the discussions, and the innovative technology that’s bringing the cybersecurity community together once again for another fantastic event.