I’m Quincy Castro, CISO at Chainguard — Ask Me Anything about software vulnerability discovery and remediation using frontier AI models!

Wait 5 sec.

Hi r/cybersecurity, I'm Quincy Castro, Chief Information Security Officer at Chainguard. On July 17, I'll be here to answer your questions about software vulnerability discovery and remediation using frontier AI models like Mythos, GPT-5.4, and more. A bit about me: before Chainguard, I spent four years as CISO at Redis. Earlier in my career, I worked in various roles for the U.S. government, and later led security programs as CISO of GE Transportation and Wabtec. At Chainguard, I lead our Security and Technology organization, which puts me in the middle of a shift that's changed a lot about how our industry finds and fixes vulnerabilities. Frontier AI models can now find novel vulnerabilities in open source software at a pace that traditional review and fuzzing never matched, and creatively chain together vulnerabilities into effective attack paths. Bugs that survived years of expert scrutiny are turning up in hours. That's good news for defenders in theory, since we could be finding flaws before attackers do. In practice, it’s upending traditional approaches to vulnerability handling and inverting assumptions underpinning things like coordinated disclosure (weeks to fix, a handful of likely finders). At Chainguard, we’ve been working with organizations of all sizes to solve this problem by building Athena, an industry coalition for the coordinated defense of open source software. Athena pools vulnerability findings from frontier AI programs and other sources, builds hardened fixes under embargo, and layers in network and platform protections while fixes work their way upstream to maintainers. More than two dozen organizations are participating, and the coalition has processed tens of thousands of findings so far. Some of what I'm happy to dig into: How security organizations can manage the deluge of vulnerabilities coming from the work of frontier models What it takes to remediate at the speed these models discover, and where the bottlenecks really are How the CISO role is changing in this modern security environment What being a CISO for a company like Chainguard is actually like Where I think this space is headed over the next year I'll be online starting at 1:00 p.m. ET to answer questions. Ask me anything! Proof: https://imgur.com/a/81WI9lo   submitted by   /u/chainguard_dev [link]   [comments]