Skip to content

The Five-Dollar Agentic AI Hacker

  • Season 1
  • Episode 11
  • Guest Marlin McFate, Federal CTO & CISO, Cohesity
June 29, 2026

Four days. A spare $500 mini PC from Microcenter. An open-source quantized model running on 512 MB of VRAM. And by Thursday morning, an autonomous AI agent named Jenkins was finding vulnerabilities, chaining exploits, gaining root, and maintaining persistence — entirely on its own, with no human in the loop. In Episode 11 of The GIST of Govt IT, Brian and Sean are joined by Marlin McFate, Federal CTO and CISO at Cohesity to dig into the experiment Marlin documented on his new Substack, Peripheral Tech. Marlin walks through the architectural choices that made Jenkins possible — the "discussion skill" approach to working with agents like colleagues, the orchestrator-subagent model, the safety capability files that proved more effective than external guardrails — and why the implications go far beyond "Mythos changed everything." The conversation digs into the real thesis: the barrier to nation-state-grade offensive cyber didn't just fall — it fell years ago, and most organizations are still spending 80% of their cybersecurity budget trying to prevent attacks rather than recover from them. Brian, Sean, and Marlin unpack the digital jump bag, the minimum viable agency concept, why finding the last clean backup is "a bad lie" the industry has been telling for years, and what Cohesity's RAG-enabled secondary data approach means for agencies trying to feed AI without standing up a fifth copy of their data. Plus, AI agents throw fits and take on personalities for their own.
RESOURCES MENTIONED IN THIS EPISODE

Featured Guest
- Marlin McFate, Federal CTO & CISO, Cohesity
- Peripheral Tech (Marlin's Substack)
- Jenkins
- Cohesity Federal
- Cohesity Gaia (conversational AI search for backup data)

The Experiment & The Stack
- Kali Linux (penetration testing OS)
- Ollama (local LLM runtime)
- Qwen open-source models (Alibaba)
- The Mythos vulnerability discovery report (Cloud Security Alliance)
- Anthropic Project Glasswing

Agentic AI & Security
- Gambit Security research on multi-AI hacker (Anthropic + OpenAI split-context attack on Mexican government)

Federal Cyber Policy & Frameworks
- OMB M-26-14 (cybersecurity logging and monitoring for IT/IoT/OT)
- CISA Industrial Control Systems resources
- NIST AI Risk Management Framework

Concepts Discussed
- Westrum Organizational Culture Typology
- Project Bravo (Stuart Wagner, formerly Air Force, now Navy)
- Platform One (DoD DevSecOps platform)

Open Source AI Frameworks
- vLLM (high-throughput LLM inference)
- Red Hat OpenShift AI

Learning Resources
- O'Reilly Learning Platform
- O'Reilly AI Sandboxes & Guided Labs

Related Episodes
- Episode 7: Iran Came for the Dams and We Lucky
- Episode 2: Fighting Fire with Fire to Secure Federal Agents

Upcoming Event
- Marlin speaking at AWS Public Sector Summit DC — Tuesday, June 30, 2:00 PM, Convention Center side theater