Casey Ellis, on the record.

Podcasts

Sponsored: The smouldering trashfire of AI and open source

Host (sponsor interview)

Podcasts

Sponsored: Filtering the KEV was really hard ... Until now!

Host (sponsor interview)

Podcasts

Sponsored: AI is critical to the future of cyber defence

Host (sponsor interview)

Podcasts

Analyzing Security Research - A Conversation With Casey Ellis

Guest

Video

ChatGPT's 2026 predictions with Casey Ellis

Guest

Podcasts

Sponsored: ConsentFix and Push Security's browser attack taxonomy

Host (sponsor interview)

Video

Bugcrowd Security Flash: CVE-2025-55182 (React2Shell) UPDATE

Co-host

Podcasts

Beg Bounty: The New Wave of Unrequested Bug Claims

Guest

Podcasts

Sponsored: Prowler uses AI how AI works best

Host (sponsor interview)

Podcasts

Sponsored: Sublime can save a s**t tonne of time

Host (sponsor interview)

Video

BOLD TALKS: Casey John Ellis on Hacking Trust, AI, and the Future of Cybersecurity

Keynote speaker

Podcasts

Bugcrowd Founder Casey Ellis: AI Slop, and the Future of Hacking

Guest

Podcasts

The State of Vulnerability Management

Guest

Podcasts

ConversingLabs: Casey Ellis Talks AI & Vulnerability Management

Guest

Podcasts

Sponsored: The challenge of managing browser extensions

Host (sponsor interview)

Podcasts

BarCode Podcast Episode #125: Revelation

Guest

Podcasts

Sponsored: Why prompt injection is an intractable problem

Host (sponsor interview)

Podcasts

Sponsored: Push Security on the evolution of phishing techniques

Host (sponsor interview)

Podcasts

Casey Ellis, Founder of BugCrowd: When Known Vulnerabilities are Life or Death

Guest

Podcasts

Sponsored: Tines shines at solving interesting problems

Host (sponsor interview)

Podcasts

Unicorn Dispatch LIVE: Bug Bounties with Casey Ellis

Guest

Podcasts

Sponsored: Nucleus Security on the evolution of vulnerability management

Host (sponsor interview)

Podcasts

Sponsored: Haroon Meer's secret to business success is... love

Host (sponsor interview)

Video

Towards Robust Third-Party Evaluation and Flaw Disclosure for General-Purpose AI

Panelist

Podcasts

Ep 21: The role of AI in security measures with Casey Ellis

Guest

Podcasts

Sponsored: Should we ever trust AI?

Guest

Podcasts

The Boring AppSec Podcast Ep. 21 with Casey Ellis

Guest

Video

Bugcrowd Security Flash: CVE-2025-0133

Co-host

Podcasts

Sponsored: Phishing crews have gotten really good at evasion

Host (sponsor interview)

Podcasts

Sponsored: HD Moore on why vuln scanners are awful and broken

Host (sponsor interview)

Press & Media

Lawsuit alleges Roblox tracks children's data without parental consent

Casey Ellis comments on a lawsuit against Roblox, framing it as a reminder of the "trust tax" companies pay when handling user data, particularly that of children. He notes the complexity of consent in digital environments and the potential for such lawsuits to set new precedents.

Press & Media

CISA adds the notorious Telemessage flaw to KEV list

In response to CISA adding a Telemessage flaw to its KEV list, Casey Ellis analyzes the incident as a "classic case of supply chain risk." He emphasizes that trust in a vendor's security is paramount and that this breach demonstrates the cascading impact of a single vulnerability.

Podcasts

Bug Bounties, The Wanted Poster For Ethical Hackers - Future Secured Episode 35

Guest

Press & Media

What the Netflix ‘Zero Day’ series got right about incident response

Casey Ellis provides commentary on the Netflix series 'Zero Day,' noting that it accurately portrays the intense, high-pressure environment of a major incident response and the complex coordination required between technical teams, leadership, and government agencies.

Press & Media

Why Vulnerability Exploitation Is Shifting in 2024-25

In an article about shifting vulnerability exploitation trends, Casey Ellis argues that the advantage has recently swung back towards defenders, attributing this shift to the rise of bug bounty programs, improved vulnerability disclosure, and more proactive security postures from vendors.

Press & Media

Bipartisan bill would renew cyber threat info sharing law

Commenting on the proposed renewal of the Cybersecurity Information Sharing Act (CISA), Casey Ellis emphasizes that the legislation is crucial for reinforcing the framework of public-private trust essential for national cybersecurity.

Press & Media

What is Slopsquatting: A New Threat to AI-Generated Code Security

Casey Ellis explains the concept of "slopsquatting," an attack that exploits the "fuzzy" and sometimes incorrect nature of AI-generated code. He notes that this emerging threat targets the trust developers place in AI tools and highlights the need for rigorous verification.

Press & Media

Cybersecurity World On Edge As CVE Program Prepares To Go Dark

In an article about the potential disruption of the Common Vulnerabilities and Exposures (CVE) program, Casey Ellis expresses his concern, describing the program as a "common language" for vulnerabilities that prevents chaos and enables coordinated defense.

Podcasts

DtSR Episode 649 - Casey Ellis Other People's Software Bugs

Guest

Press & Media

Malicious AI tool Xanthorox claims advanced capabilities for criminals, no jailbreaks required

Casey Ellis discusses the emergence of Xanthorox, a malicious AI tool, highlighting the dual-use nature of AI. He explains that while AI democratizes technology, it also lowers the barrier for creating sophisticated cyberattacks.

Podcasts

Founder of BugCrowd - Casey Ellis | Coffee & Pizza Podcast #023

Guest

Press & Media

NSA: Fast-flux DNS evasion technique now a national security threat

In response to an NSA advisory on "fast flux" DNS techniques, Casey Ellis explains that the method acts like a "shell game" to hide malicious servers and highlights the industrialization of cybercrime.

Press & Media

Hack OpenAI And Win $100,000? What You Need To Know

Casey Ellis comments on OpenAI's bug bounty program, framing it as a positive step that signals a commitment to security and transparency, which helps build trust with users and the security research community.

Press & Media

Massive Surge In Ransomware Attacks, AI And 2FA Bypass To Blame

Casey Ellis analyzes the surge in ransomware attacks, attributing it to threat actors using AI for more convincing phishing attacks and developing methods to bypass multi-factor authentication, urging for more robust defense strategies.

Video

Bugcrowd Security Flash: Breaking Down H.R. 872

Co-host

Papers

In-House Evaluation Is Not Enough: Towards Robust Third-Party Flaw Disclosure for General-Purpose AI

Video

Hacking apps with AI - Casey Ellis interview

Guest

Podcasts

Casey Ellis: Pioneering The Bug Bounty Platform

Guest

Video

Security Flash: Salt Typhoon

Co-host

Podcasts

Crowdsourced Security & Vulnerability Disclosure with Casey Ellis

Guest

Podcasts

Security Breach: Casey Ellis

Guest

Speaking Engagements

(Not specified)

Video

Strengthening AI Accountability Through Better Third Party Evaluations

Panelist

Video

SAINTCON 2024 - Casey Ellis - Release The Hounds, Part 3 - History Repeating

Keynote speaker

Speaking Engagements

Release The Hounds, Part 3 – History Repeating

Speaking Engagements

Release The Hounds, Part 3 - History Repeating

Video

Hacker Showdown 2024: Carnival of ChAIos

Host (sponsor interview)

Podcasts

Replay: Human vs. Super Suit: Exploring The AI-Human Relationship

This podcast episode features Casey Ellis sharing insights on AI technology and cybersecurity, including the risks and rewards of AI, its role in the workplace, cyber defense, ethical considerations, and the disclose.io project.

Video

Series Insight - Bugcrowd's future plans for growth and expansion in APAC

Guest

Podcasts

Deciphering Heat

Panelist

Podcasts

Outsmarting Adversaries: Using AI for Security

Guest

Speaking Engagements

Builders and Breakers: Partnering for Secure Elections

Speaking Engagements

Builders and Breakers: Partnering for Secure Elections

Speaking Engagements

Bugs on a Plane: Implementing a Bug Bounty in an Airline IT/OT Environment

Video

San Francisco Moscone Center sees 40,000 people for RSA Conference

Guest

Video

Dave Gerry And Casey Ellis On Tackling AI Bias

Guest

Podcasts

5G Hackathons - Casey Ellis - BTS #28

Guest

Video

Bugcrowd to accelerate global growth following capital raise

Guest

Podcasts

Memory Safe: Casey Ellis

Guest

Video

Hacker Heroes - Casey Ellis - PSW Vault - YouTube

This interview explores the continuous evolution of maintaining and growing trust, educating those running bug bounty programs to set expectations, reward appropriately, and treat hackers with respect.

Podcasts

The Adversarial Podcast - Casey Ellis appearance

Guest

Press & Media

Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available

Details a critical authentication bypass vulnerability in Cisco small-to-medium business routers, for which proof-of-concept exploit code is publicly available.

Video

Dave Gerry and Casey Ellis - TechSpective Podcast 119 - YouTube

In this podcast, Dave Gerry and Casey Ellis discuss the impact of AI on the cost of attack, how it broadens the pool of potential experts, and how it can be used to script or automate reconnaissance and lateral movement in cybersecurity.

Speaking Engagements

All Your Vulns Are Belong to Terms and Conditions

Speaking Engagements

Hungry, Hungry Hackers: A Hacker's Eye-view of the Food Supply

Press & Media

A Breach at LastPass Has Password Lessons for Us All

An article advising that despite recent breaches like the one at LastPass, using a password manager remains one of the best defenses against hackers.

Video

RSAC Interview w/ Casey Ellis & Dave Gerry, Bugcrowd

This interview highlights Bugcrowd's business model, which allows individuals without traditional access to roles and opportunities to earn meaningful income, emphasizing the rapid growth of the market and the ease with which customers can adopt their valuable solutions.

Press & Media

Five Guys Data Breach Puts HR Data Under a Heat Lamp

Reports on a data breach at the restaurant chain Five Guys, which may have exposed sensitive human resources data.

Press & Media

The U.S. Still Needs Cybersecurity Pros Despite All the Tech Layoffs

Argues that despite widespread layoffs in the tech sector, the demand for cybersecurity professionals in the U.S. remains high.

Press & Media

How AI and DAST can mitigate security risks

2023-01-27

Patents

Automated Prediction Of Cybersecurity Vulnerabilities

Techniques are disclosed for predicting cybersecurity vulnerabilities automatically in IT assets/targets based on known vulnerabilities of various available technologies/products. This is accomplished by loading and linking one or more ontologies in a graph database containing vulnerability information about the technologies. The assets/targets preferably belong to a bug-bounty program. An optional discovery tool maps the attack surface of each target. A profiler collects the various technologies or traits used by the target and links them to the target. Then the graph database is queried to predict the cybersecurity vulnerabilities associated with the traits and consequently with the targets. The system is preferably implemented with a service-oriented architecture (SOA) so feedback/predictions can be provided to the user in near/real-time.

Press & Media

Cisco: No Fixes for Small Business Router Vulnerabilities

Reports that Cisco will not be patching critical vulnerabilities in several end-of-life small business routers, advising customers to migrate to newer hardware.

Press & Media

Cisco warns of two critical vulnerabilities in end-of-life routers

Covers Cisco's warning about two critical vulnerabilities in some of its end-of-life routers, for which no patches will be issued.

Projects

Office of National Cyber Director (ONCD) Advisory Delegation

Advised on cybersecurity trends & secure by design

Video

An Illuminating Interview with Bugcrowd Founder and CTO, Casey Ellis

This YouTube interview focuses on how Bugcrowd handles and processes feedback, with customers and researchers collaborating, contributing to successful bug bashes where people are intrigued and willing to get involved.

Press & Media

Bugcrowd Recognized as Security Numbering Authority for Common Vulnerabilities and Exposures

A press release announcing that Bugcrowd has been designated as a CVE Numbering Authority (CNA) by the CVE Program.

Press & Media

Bugcrowd Recognized as Security Numbering Authority for Common Vulnerabilities and Exposures

Announces that Bugcrowd has been authorized as a CVE Numbering Authority (CNA), allowing it to assign CVE IDs to newly discovered vulnerabilities.

Press & Media

15 Recent Consumer-Facing Tech Developments That Truly Excite Experts

A piece where 15 technology experts, including Casey Ellis, share their excitement about recent consumer tech developments that they find truly innovative.

Press & Media

SolarWinds data breach lawsuit takeaways for CISOs

Analyzes a shareholder lawsuit against SolarWinds following its major data breach, offering key lessons for CISOs on disclosure, liability, and supply chain security.

Press & Media

Microsoft Takes Down Russia’s Strontium Allies Attacking Ukraine

Details Microsoft's actions to disrupt the Russian state-sponsored hacking group STRONTIUM (APT28) by taking control of domains used in attacks targeting Ukraine.

Press & Media

The ‘Text4Shell’ vulnerability is not a sequel to Log4Shell

An analysis piece clarifying that the "Text4Shell" vulnerability, while serious, does not have the same widespread impact or severity as the Log4Shell flaw.

Podcasts

Season 01 Episode 07 - Bug Bounties with guest Casey Ellis

Guest

Press & Media

Experts downplay reach of Apache bug ‘Text4Shell’

Reports on security experts downplaying the potential impact of the "Text4Shell" vulnerability in an Apache Commons library, noting its limited real-world exploitability.

Press & Media

CRITICAL-SEVERITY FLAW IN APACHE COMMONS TEXT LIBRARY FIXED

Details the patching of a critical severity remote code execution flaw, dubbed "Text4Shell," in the Apache Commons Text library.

Press & Media

Former Uber Security Chief Convicted of Covering up Two Data Breaches

Details the conviction of former Uber CSO Joe Sullivan on charges of obstructing justice and concealing data breaches from federal authorities.

Press & Media

It’s 2022 and netizens are only now getting serious about cybersecurity

Argues that users often choose security and privacy tools based on hype and marketing rather than on their actual technical merits.

Press & Media

Twisted Cyber Case Finds Former Uber Security Chief Guilty of Data Breach Coverup

Reports on the guilty verdict for former Uber security chief Joe Sullivan, who was convicted of covering up a 2016 data breach.

Press & Media

How Marico’s cybersec chief secured the board’s buy-in to amp up its security capabilities

A case study on how the cybersecurity chief at the company Marico successfully gained board approval and investment to enhance their security capabilities.

Press & Media

PSW #757 – EV KONTSEVOY, CASEY ELLIS

An episode of the Paul's Security Weekly podcast featuring interviews with Ev Kontsevoy and Casey Ellis.

Press & Media

FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports

Reports that the FBI is assisting Australian authorities in the investigation of a massive data breach at the telecommunications company Optus.

Video

Responsible Vulnerability Disclosure with Casey Ellis The Cybrary Podcast Ep. 93

This podcast discusses the need for a scalable community to help with vulnerability disclosure, encouraging people to sign up, introduce themselves, and seek advice or connections for disclosing issues, emphasizing the progress of the disclose.io project.

Speaking Engagements

SANS 2022 Top New Attacks and Threat Report

Press & Media

NSW Gov picks CyRise to operate cyber accelerator

Reports that the New South Wales government has selected the accelerator CyRise to operate its new cybersecurity accelerator program.

Press & Media

Researchers warn of ‘rosy’ security reports in wake of Twitter whistleblower case

Discusses how the Twitter whistleblower case has led researchers to warn about the unreliability of overly positive internal security reports.

Press & Media

Twitter lacks cybersecurity & data privacy best practices, says ex-security chief

Covers the explosive whistleblower complaint from former Twitter security chief Peiter "Mudge" Zatko, alleging severe cybersecurity and privacy deficiencies.

Press & Media

Security Industry Rallies Behind Twitter Whistleblower

Reports on the cybersecurity industry's widespread support for Peiter "Mudge" Zatko, the Twitter whistleblower who alleged serious security failings at the company.

Press & Media

Security Flash - Apple Vulnerability (CVE 2022-32893)

A webinar hosted by Bugcrowd discussing a zero-day vulnerability that was affecting multiple Apple products.

Press & Media

Mudge Blows Whistle on Alleged Twitter Security Nightmare

Details the whistleblower complaint from Peiter "Mudge" Zatko, who described Twitter's security posture as a "nightmare" of mismanagement and negligence.

Press & Media

Twitter has a security problem

An article analyzing the security and business implications of the whistleblower complaint filed by Twitter's former head of security.

Press & Media

ZERO DAY INITIATIVE CHANGES DISCLOSURE POLICY FOR FAULTY PATCHES

Reports on the Zero Day Initiative's change in policy regarding how it handles and discloses vulnerabilities for which vendors have issued faulty or incomplete patches.

Press & Media

U.S. Doubles Reward for Information on North Korea Cyberattackers

Reports that the U.S. government has doubled the reward, up to $10 million, for information on North Korean state-sponsored cyberattackers.

Press & Media

Builders and Breakers

An opinion piece discussing the relationship between software developers ("builders") and security researchers ("breakers") and the need for better collaboration.

Press & Media

Crypto Firms Make Thieving Hackers an Offer: Keep a Little, Give Back the Rest

Reports on the growing trend of cryptocurrency firms negotiating with hackers after a theft, offering them a "bounty" to return the majority of the stolen funds.

Press & Media

Latest Atlassian Confluence vulnerability raises concerns

Discusses the security concerns raised by the discovery of the latest critical vulnerability in Atlassian's Confluence software.

Press & Media

T-Mobile to Pay $350 Million Settlement in Data Breach Class-Action Lawsuit

Reports that T-Mobile has agreed to pay $350 million to settle a class-action lawsuit related to a major data breach.

Press & Media

Messaging Apps That Are Secure: Signal vs.  WhatsApp

An article comparing the security and privacy features of different messaging apps, such as Signal and WhatsApp.