In this session, Tod Beardsley (runZero) and Mark Lambert (ArmorCode) discuss the escalating challenge of managing vulnerability noise in the era of AI. Lambert explains that ArmorCode acts as an aggregation and correlation layer for vulnerability data, pulling findings from hundreds of different scanners — including code, infrastructure, and software supply chain tools — to identify root causes and reduce the sheer volume of alerts. By correlating multiple findings back to a single issue, the platform helps organizations shift from a purely severity-oriented approach to a more effective risk-oriented prioritization strategy.
The conversation highlights the critical role of vulnerability intelligence and environmental context in determining what actually needs fixing. Lambert describes how ArmorCode leverages threat intelligence like CISA KEV and EPSS to identify which vulnerabilities are being exploited in the wild, while integrating with platforms like runZero to gain insight into whether an asset is externally facing or critical to business operations. This unified exposure management approach extends beyond traditional CVEs to include internally discovered vulnerabilities from penetration testing and weaknesses identified through static analysis (SAST), providing a comprehensive view of an organization's true security posture.
Watch more sessions from runZero Day
| Session Title | Guests | |
|---|---|---|
| Watch Session | A CVE quagmire: Quality versus quantity | Jerry Gamblin, RogoLabs |
| Watch Session | Predicting exploitation: A practitioner's guide | Jay Jacobs, Empirical Security |
| Watch Session | Signal vs slop: Journalists on the evolution of research-driven reporting | Bill Brenner, CYBER.SEC.Community Dennis Fisher, Decipher Steve Ragan, 1Password |
| Watch Session | On the frontlines of investigative journalism in cybersecurity: An insider's perspective | Joseph Menn, Author & Investigative Journalist |
| Watch Session | From risk to resilience: Navigating OT security in a converged world | Mary Gannon, GuidePoint Security Patrick Gillespie, GuidePoint Security |
| Watch Session | Force multiplied: Community-powered vuln detection | Rishi Sharma, ProjectDiscovery |
| Watch Session | Mute the sirens: Prioritizing vulnerability noise | Mark Lambert, ArmorCode |
| Watch Session | The network edge: EOL and exploitation | Kimber Duke, VulnCheck Patrick Garrity, VulnCheck |
| Watch Session | Bug bounties in the age of AI | Casey Ellis, Bugcrowd |
| Watch Session | Perimeters and pathways: Protecting the complete attack surface | HD Moore, runZero Jared Atkinson, SpecterOps Zakir Durumeric, Censys |
| Watch Session | The infinite eye: How AI threat intelligence gives defenders an asymmetric edge | HD Moore, runZero Jonathan Cran, Mallory |
Meet Our Speakers
todb
VP of Security Research, runZero
Get the latest news and expert insights delivered in your inbox.
