Dr. Ido Sivan Sevilla joins host Caleb Tolin⁠⁠⁠ to break down battlefield stories from a massive analysis of over 3,000 local government entities. Dr. Sivan Sevilla, who serves as an Assistant Professor at the UMD College of Information and holds joint positions at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, brings a multidisciplinary lens to the alarming reality of risk clusters. Their discussion moves past theory to explore how hundreds of counties share identical IP addresses and third-party service providers, creating centralized points of failure that attackers can identify using data.

The dialogue highlights the dual-use nature of modern AI models. While these tools allow adversaries to automate exploit generation for open-source software, Dr. Sivan Sevilla, leveraging his expertise as founder of UMD's Tech Policy Hub, explains how defenders can use AI operations to map their own attack surfaces for free. By utilizing honeypots and large language models, limited-resource organizations can transition from reactive patching to a proactive posture. The episode concludes with a strategic look at identity resilience, advocating for adaptive regulations that learn from compliance data rather than static, outdated legislative mandates.

Resources

• CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

• This research was conducted by Dr. Ido Sivan Sevilla, Dr. Charles Harry, and Mr. Mark McDermot, with additional support from student researcher Mr. Parthav Poudel

What You’ll Learn

• How to prioritize the 3% of vulnerabilities that actually result in real-world exploitation.

• The definition of attack surface diversity versus severity in measuring county level risk.

• The impact of LLMs on identifying flaws in open source software for attackers and defenders.

• Why risk clusters create a single point of failure for hundreds of independent county governments.

• Methods for conducting ethical passive reconnaissance to map organizational security postures from the outside.

• How adaptive regulations can improve compliance by learning from real-time security data and metrics.

• The strategic benefit of using honeypots to monitor targeted threats against limited-resource digital infrastructure.