In a digital world where AI is accelerating both innovation and new threats, how do we keep our websites and the open web, safe?
In this episode of Open Makers, host Adam Weeks is joined by seasoned web security expert Aaron Campbell from Monarx to set the stage for the rapidly changing landscape of online security. As AI shrinks the window between new vulnerabilities and real-world exploits, the stakes have never been higher for website owners and hosts.
Tune in as Adam and Aaron talk about the realities of defending against AI-powered attacks, explore the responsibilities hosts now face, and share practical, layered strategies to protect your online presence. Whether you’re a builder, a host, or just passionate about the open web, this conversation will open your eyes to what it takes to stay secure in today’s AI-driven era.
Our sponsors keep the lights on.
Take a moment to check them out.

Since 2005, Automattic has built tools for the open web including WordPress.com, WooCommerce, and Jetpack that are used by millions of people to create, sell, and publish online. They believe in ownership, flexibility, and open source and we’re grateful for their support. Learn more at automattic.com.

InMotion Hosting brings over 25 years of experience, NVMe-powered speed, and 99.99% uptime to every plan they offer. When you need help, you get a real human, not a bot, and they’ll migrate your site for free. We’re happy to have them in our corner supporting the conversations we have here at Open Channels FM. Find your plan at inmotionhosting.com

Omnisend just dropped SMS pricing to $0.007, and their migration team moves your automations, templates and contacts in five days, free. That means you could be saving up to 35% in less than a week. We’re glad to have them supporting the show and the community we’re building around it. Use the code OpenChannels and get 30% off your first 3 months of any paid plan.
Takeaways
AI Has Accelerated Security Threats: The rise of AI has drastically reduced the window between vulnerability disclosure and active exploitation, compressing what used to be weeks or days into hours or less, requiring new defensive strategies from hosts and website owners.
Layered Security is Essential: Defending against modern attacks requires a multi-layered approach, blocking threats at the network, runtime, application, and file system levels to maximize protection and manage attack volume effectively.
Responsibility Shifting Toward Hosts: Website hosts must now assume more responsibility for their customers’ security, as end users are unable to keep pace with the speed and scale of automated or AI-augmented attacks.
Open Source Remains Valuable but Requires Vigilance: Open source offers important transparency and counterbalance to closed systems, but also makes vulnerabilities widely visible, especially in the era of AI that can rapidly scan huge codebases; maintaining security in open source projects demands proactive stewardship.
Virtual and Automated Patching is Critical: Automated or virtual patching solutions are now a necessity, as manual human-driven patch cycles can’t keep up with the pace of emerging threats.
Malware Tactics are Evolving: Attackers now use AI to increase the speed, scale, and sophistication of exploits, making traditional file-matching malware detection insufficient on its own.
Dark Web Data is Still a Major Threat: Compromised data from breaches is widely traded on the dark web and, due to AI, can now be weaponized at unprecedented scale to launch attacks using known credentials across many sites.
Monitoring and Proactivity Are Key: Regularly monitoring one’s online footprint and being proactive about password hygiene and vulnerability management is more important than ever as threats increase in number and speed.
End-User Experience and Security Must Balance: Tightening security is beneficial only as long as it doesn’t overly burden or frustrate legitimate users, security should be robust yet unobtrusive to avoid users circumventing protections.
Effective Security Can Be Invisible: Ideally, strong host-level security protects users from vast numbers of attacks without disrupting their daily operations or even making them aware of the threats being stopped.
Choosing Secure Hosts Requires Specific Questions: Agencies and website owners should look for hosts that can explain their layered defenses (network, runtime, application), virtual patching strategies, and approaches to neighborhood-wide malware cleaning, especially in shared hosting environments.
Questions This Episode Answers
Q: How has AI changed the way websites are attacked and defended?
A: AI has dramatically increased the speed and volume of website attacks by enabling bad actors to rapidly identify vulnerabilities and launch exploits much faster than before, compressing the time between vulnerability disclosure and exploitation from days or weeks to just hours or less. This acceleration means humans can no longer keep up using traditional, manual defense strategies, so defenders must also leverage AI and automation to protect websites in real time.
Q: What should hosting companies do to keep websites secure in the age of AI?
A: Hosting companies now bear more responsibility for security since they can operate at the necessary pace and scale. They should implement a multi-layered approach to defense, including protections at the network, runtime, application, and file system layers, and automate patching or virtual patching processes to react quickly to emerging threats.
Q: Does using open source software make websites more vulnerable to security threats?
A: Open source software’s transparency means both good and bad actors can inspect the code, but its strength relies on a proactive community of maintainers identifying and fixing vulnerabilities quickly. The challenge is that AI can now scan massive numbers of open source projects rapidly to find and exploit new vulnerabilities, so it’s crucial for the good actors to use similar tools to stay ahead.
Q: What are some effective strategies for blocking modern malware and attacks on web servers?
A: Relying solely on traditional file fingerprinting isn’t enough anymore. Modern strategies combine runtime protection, where suspicious requests are intercepted and blocked before they can create malicious files, with ongoing file scanning and network-level defenses. This layered approach stops threats earlier and more effectively.
Q: Why is it important for web hosts to have a virtual patching strategy?
A: Virtual patching provides immediate protection against newly discovered vulnerabilities before official patches are available, bridging the gap that attackers may exploit. If a hosting provider isn’t offering virtual patching, they’re not keeping up with the speed of modern threats.
Q: How does the dark web pose an ongoing threat to website security?
A: The dark web remains a major hub for trading and distributing breached data, including login credentials and personal information. With AI, attackers can quickly cross-reference this data and automate credential stuffing on numerous sites, so monitoring your presence on the dark web and practicing good password hygiene are more important than ever.
Q: What indicators should agencies and users look for when choosing a secure web host?
A: Look for hosts that can clearly explain their multi-layered security measures, including virtual patching, protections at the network, application, and runtime layers, and comprehensive strategies for cleaning and preventing malware across shared environments. The ability to protect the “whole neighborhood,” not just individual sites, is key.
Q: How can web hosts balance strong security with a good customer experience?
A: Security measures should be effective without being so cumbersome that users are tempted to disable them. The best protections work quietly in the background, stopping attacks without disrupting normal use, so customers can work without even noticing the defenses are there.
Mentioned Links and Resource
- Aaron D. Campbell (Personal Site & Thoughts) – Aaron Campbell shares his work, thoughts, and projects on his personal website.
- 🔗 https://aarondcampbell.com/
- Monarx (Malware Protection & Runtime Security) – Monarx works with hosts to provide layered malware protection and runtime defense for servers and sites.
- 🔗 https://monarx.com/
- WordCamp US (Event Appearance) – Aaron Campbell will be present at the upcoming WordCamp US event.
- 🔗 https://us.wordcamp.org/
- Atlas Digital Summit (Event Appearance) – Aaron Campbell will also appear at the Atlas Digital Summit.
- 🔗 https://atlasdigital.group/summit/
Timestamped Overview
- 00:00 Rise of AI in Cyberattacks
- 06:20 Role of Hosts in Website Security
- 09:09 Balancing open source and security
- 14:15 Blocking threats in runtime layer
- 15:25 Layered approach to cybersecurity
- 18:54 Understanding Network and Application Layers
- 23:36 Cybersecurity challenges for hosting companies
- 28:50 Understanding the Dark Web Basics
- 31:08 Monitoring your dark web footprint
- 34:54 Balancing security and practicality
- 37:21 Monitoring blocked cyber attacks
Episode Transcript
Adam Weeks:
Hey, everybody, this is Adam Weeks at Open Channels fm, and I am super excited to talk to my good friend Aaron Campbell. Oh, man. Aaron, we go back a few years, and you are at a company called Monarx, and in this day and age of crazy AI tech exploits, you know, just, we’re worried about security and. And all that’s going on in this. This world of AI, you have some insight. So, first off, before we get into some of these scary things and things that people need to be aware of, I’d just your. Your 32nd. Who is Aaron Campbell?
Aaron Campbell:
Who is Aaron Campbell? Besides just the hat?
Adam Weeks:
Yes. Oh, and. And. And he is. He is so much more than the hat. But a hat is a significant part of who. Of your identity. I love it.
Aaron Campbell:
So I’ve been in the, you know, the web space essentially since the web started. I’ve been in the hosting space for about a decade and a half now, maybe a little bit longer. And now I’m over at Monarx. We work with hosts to help them solve their malware issues, their runtime protection issues, essentially, we help them keep their servers clean and their customers safe. And you’re right. In this new, modern AI day and age, that is a challenging prospect. It is a challenging problem to solve, but we are in the midst of it and doing good things.
Adam Weeks:
Here we go.
Adam Weeks:
Awesome. Thank you for that. Well, where I want to start is essentially setting the scene. This, everything is moving so quickly, and many of our listeners, they may not know, like, well, where are we at in this, you know, this world of security and AI, you kind of set the scene and let’s get a little scary. What is the scene? What is the current state of the threat to our websites? Paint a picture for me.
Aaron Campbell:
Paint a picture. I think that I’ll start by saying it’s not that much different at its real root, at its real core, than it’s always been. There are. There are bad actors out there that are. Are trying to get into your site or your server for any number of reasons that. That benefit them, whether it’s. In order to use that to attack a more valuable target, or whether it’s just to collect data or whether it’s to install crypto miners or, you know, ads or whatever it is. But AI has definitely changed the way all that happens and the volume and the speed at which it happens. AI has really compressed that time between Vulnerability, disclosure and real world exploitation. And it’s done so in a way that has compressed that time so much that our existing ways of dealing with it are no longer viable. There used to be enough time between that disclosure and that exploitation for humans who were doing a good job at staying on top of vulnerability disclosures and patching and that kind of stuff, to see the issue, to patch the issue and protect their customers. And things just aren’t moving at human speed anymore. That window that used to be maybe even days or weeks is hours, sometimes less now. And it means that as much as AI has changed the way we’re being attacked, we have to change the way that we’re defending against those attacks.
Adam Weeks:
Yeah, no, that makes a lot of sense. And in some ways this feels like an arms race where we’re using AI to keep us safe from AI attacks. And it, it’s just getting crazier and crazier. So. But yeah, I think like you said, it’s, it’s not new, but it’s at scale. Maybe it’s, it’s. You’re. We’re enabling bad actors to work more quickly. Is that kind of where you’re going?
Aaron Campbell:
Yeah, we’re enabling them to work more quickly. We’re enabling them to reach further. I mean, AI is also enabling them to be a little bit more powerful individually. While I do think that a lot of the malware that’s written and vulnerabilities that are discovered are still written by or discovered by humans, and then exploitation is just ramped up through use of AI in so many ways, AI is also finding some vulnerabilities and writing some malware and making people more powerful in that way as well.
Adam Weeks:
Yeah, we’ve heard some of these different models coming out of Anthropic, and I think I just got access again to fathom the Mythos version, and then they gave us back access and yeah, it’s a crazy time to understand how do we stay secure? How do we keep our clients secure? You’ve had experience at hosting companies in the past, and so that gives you some additional insight personally on what hosts need to do to keep their clients safe. How do you think about this from a hosting perspective? What do hosts need to keep in mind?
Aaron Campbell:
Yeah, from a hosting perspective, and I do think that a lot of the responsibility for this is going to fall on hosts in a way that it hasn’t always before. We used to maybe be able to hold end users, the website owners and maintainers, a little bit more responsible for keeping their own stuff up to date and clean and patched and whatnot. But they can’t move at the pace that hosts can or see the big picture that hosts. And so I think more and more of this is being dumped onto hosts by necessity because they’re the ones that can keep up with the scale and the pace and how a host can do that. Two big things. One is what we’ve always known is the best approach to, to security, which is a layered approach and blocking as much as can be at every layer. You can no longer say, well, we handle our security through a WAF, through blocking at the network layer, because that’s good, but that’s not good enough anymore. You have to block at every layer so that you can reduce the number of attacks as they’re coming in and keep them manageable. And the second thing that they need to look at is how do you take the things that have been human owned in the past and find ways to speed them up to computer speed or AI agent speed? And some of that is things like patching. You need to have a virtual patching strategy or an automated patching strategy now you need to have rules that in place that can protect against things that are maybe not even known vulnerabilities, but signals that someone is trying to break in and be able to block and deal with, or even develop patches out of those to stay up to speed with the attackers and the speed that they’re moving at.
Adam Weeks:
Got it. So many of the open channels listeners are advocates of open source. Do you feel that open source gives us advantages or disadvantages when it comes to security? How do you think about that?
Aaron Campbell:
So this is where I personally struggle with my answer here a little bit, Adam, because I am a huge open source advocate, I think that the importance of open source cannot be overstated. The way that it gives a counterbalance to the closed source options and really makes the open web a thing that we can keep open is huge. But in the same way that open source code has always been visible to the bad actors, in the same way it’s visible to the good actors and they were able to look through that code and find vulnerabilities, we’ve always addressed that. We’ve always said, well, as long as there are enough good actors that are offsetting that, that are finding those same vulnerabilities and reporting them through, through proper channels and getting them fixed, it’s still net good. And I think that that is still the case, Adam. But the fact that an AI agent can now just consume not only say like a WordPress code base, but hundreds of thousands of code bases in almost no time and monitor those for anything that could be a new vulnerability introduced. It’s difficult. Like it’s. I still personally think that, that open source is good and valuable, but I think that we need to be proactive, good stewards to keep it that way. Some of those models that you were just talking about getting access back to. Right. Like, are the bad actors going to be using them first or are we as open source maintainers and open source users going to be the ones to use them first to find those vulnerabilities and get them closed to keep people safe and secure?
Adam Weeks:
Yeah, I think it’s the. We can’t just let AI, yeah, AI make sure I’m secure and then. And it’ll magically happen.
Aaron Campbell:
Wouldn’t that be great?
Adam Weeks:
A proactivity. That’s my prompt. AI be safe.
Aaron Campbell:
Yeah, I mean, I’d have to go find a different job, but also like, that would still be awesome. That’d be great.
Adam Weeks:
Yeah. It’s not, not quite, quite there yet. I forget the adage, we know a thing or two because we’ve seen a thing or two. I’m sure at Monarx you’ve seen a thing or two. So you know, a thing or two. Yeah, one. And I love a good story time and a good story often has like a, A moral to the story, like, hey, because this happened. I’m wondering if you could share some examples. You know, you can protect the innocent or the guilty, I don’t know, however you want to. But I’d love if you could share some examples that might be helpful to the listeners of open Channels. You know, we’ve got the builders, people who are making stuff, many in WordPress and open source. Yeah. Any examples that come to mind that would be helpful.
Aaron Campbell:
Let me try to set a stage real quick for this example. In the past, malware was largely found by finding a file that was bad, fingerprinting that file, hashing it, whatever, and saying, okay, anytime we see a file with this hash that’s known to be bad, do this thing with it. Whether that’s. Replace it with a known good file or, you know, quarantine it or delete it or whatever it is. And that scaled up for quite a while, and honestly we still do matching like that. But a lot of that has grown so much that, you know, like we now process like a trillion file paths in a single month. That’s a lot. That, that’s. Yeah, right. Like that just. It only scales so far. And then you have to look for other ways of stopping the bad guys. And that’s something that Monarx is doing. But, you know, so are a number of other companies in our space. But how do you do that? And so having that, that problem in mind of like just trillions of bad files, we launched on a pretty big new host recently that had been running a different, more traditional scanning system that used that style of file matching. And yes, it was exciting to see our scanner slowly roll out to all of their servers and find more files than the previous scanner had found. But what was even better is monitoring that over the next few months and watching all of the blocked threats, millions of blocked threats just on this host. And over half of them, about, about 55, maybe 60% were blocked by our runtime layer. Not by finding files, but by interrupting requests that were coming in. Like imagine a PHP request coming in to try to create malware on the server. And we are in the PHP runtime observing what is happening and saying, that is a bad request, let’s kill it off before it even does anything bad. And so therefore that is a malware file that never came to exist. And that like 55 to 60% of those blocks are happening in that runtime layer. And things that get through there are still being found by our file scanner because another 50% are being found over there. 40 to 45%, I guess, is the way those numbers work out. And that’s exciting because that’s a level of protection, a type of protection that is meant to keep up with the modern day AI powered attacks. The volume, the scale that they’re happening at, the way that they’re hiding themselves better by the time they hit the file stage. Observing those requests as they come through is adding that extra layer and killing off more than half of them there, rather than letting them further in. And that loops back to the layered approach that I was talking about. But seeing that in action recently at host that hadn’t had that before, and seeing their, you know, huge amounts of customers that are better protected because they’re taking a more modern, more focused, layered approach to security. Something that all hosts need to do at this point.
Adam Weeks:
Yeah, yeah, no, I think it goes back to that, that being proactive and you’ve got different layers, different places that you can stop these at, and every opportunity that you have in the stack of where you can stop it, stop it there, and then you have another chance to stop it here, and making sure that you’re not just waiting until like at the very top lay like, no no, we’ve been doing this security like at every step below.
Sponsor Announcer:
Automattic has been back in the Open Web since 2005. They’re the company behind WordPress.com, wooCommerce, Jetpack and other open source tools that power millions of websites. Automattic’s co founder helped create WordPress itself and the team continues to build platforms that give creators, businesses and developers real ownership and control. We’re grateful to have a sponsor that supports the same open web principles we care about. Learn more@automattic.com Omnisend dropped their SMS pricing to 7/10 of a cent per message. Not a gimmick. They did it because when their customers win, they win. And if you’re ready to switch, their migration team moves your automations, templates and contacts in five days free. You could be up and running and saving up to 35% by next week. We’re glad to have them supporting the show and the community we’re building here. Get 30% off your first three months at omnisend.com forward/open channels. In motion Hosting has been in the game for over 25 years and they burned their reputation fast. NVMe powered hosting 99.99% uptime and when something goes wrong you get a real human on the line, not a bot. They cover everything from shared hosting all the way up to dedicated servers, and their team will migrate your site for free. Over 170,000 professionals and agencies trust them and we’re proud to count them as a partner supporting what we do here. Check out your options@inmotionhosting.com
Aaron Campbell:
and these layers, they’re valuable for different things and they have their own limitations right out at the far network layer, like you may imagine where a CloudFlare sits, for example, they have some visibility into the request, but not a ton, especially since most of the web is HTTPs now, right? The package is all encrypted, but they have an amazing picture of like distributed attacks, right? Coming from tons of places and going into the same spot. Good view out there of that, but you’re limited in how much you can see inside the actual packets. And by the time you get down to the server network interface you’re still mostly blocking based on IPs or ports or like volume of requests and some of those kinds of things. And it costs a little bit more because now it has hit your server and that next layer in is it’s getting into things like, like runtime that costs a little bit more still but gives a Bigger, broader picture, way more context. Now the, the encrypted packet has expanded out and is giving instructions. What are those instructions doing? Right, and further in still at like the application layer, now you see what the actual application is doing. What is WordPress doing with these PHP requests? And then, you know, finally on the file system layer, but again, that’s more expensive still. Now you’ve had disk rights and you’ve used CPU and memory to do that. And so you’re not only fighting the malware, the one bad attack, the vulnerability, whatever it is, you’re also in a resources issue because your customers are paying to use those resources. That’s what you’re, that’s a big part of what you’re selling them. And so you’re trying to protect the customer, you’re trying to protect your server, and you’re trying to protect those resources so that they can use them.
Adam Weeks:
Yeah, so, right, the resource element, like, you know, those resources are valuable and if you are, if the bad actors are using up your resources, that, that’s going to be obvious. Obviously a huge expense. And do you have any examples of anybody who has, like, when you’re talking to maybe potential clients and are you ever kind of surprised at like how bad they really are?
Aaron Campbell:
Well, I’ve been in Monarx for nine or ten months now, but even in the hosting industry before that, I think the surprise has worn off a little bit. I expect the extreme at this point. But even still, like, it can be really surprising how little they realize how bad it is, I guess is maybe where the surprise still lands for me when they start applying some of these principles that we’re talking about, putting some of these tools on their servers. And then they’re surprised when the file counts that are being quarantined are hitting the millions. And they’re like, that can’t be right. We’re like, no, that’s pretty normal, actually. And then when they’re seeing all these blocks at the runtime layer and they’re like, we didn’t really hit hundreds of thousands of blocks there, did we? Oh, yes, and here’s why. Let’s dig in and look at what those are coming from. And then the fun part for me is seeing their surprise at the fact that adding some of this to their server can actually reduce server load, because a lot of hosts are worried about running more software on the server because they’re already struggling with some resource, whether that’s memory or CPU or maybe even disk space or whatever. And finding out that you can spend a little Resource to catch these things and keep them clean and ultimately it frees up more server resource in the long run. It’s fun to see that. I guess it’s fun to see that.
Adam Weeks:
Yeah, those numbers get big quick. I think is the, is the takeaway is that, you know, you’ve got to pay attention and you can’t handle those manually.
Aaron Campbell:
You can’t. It’s just, it’s getting, I mean, you know, when I say that we processed, you know, a trillion file path paths in a single month, that means that we have looked at all of those files, classified them all as some form of, you know, whether it’s malicious or whether it’s a valid file, but with some malicious code in it. Yes, that goes across multiple hosts. But even an individual host processing at that level, you just can’t. I mean that becomes, you know, hosts are already 50% of every host’s workforce is support because that’s a lot of what they have to do is help their customers succeed online, which means solving their problems, getting them the right tools, et cetera. For hosts to do this and to keep up with modern attacks in the way that they’re happening at the volume they’re happening at the speed they’re happening, I think that they would end up needing security teams that are getting to double digit percentages of their total workforce. That’s just not sustainable for hosts.
Adam Weeks:
Obviously you have a particular bias with Monarx with that hat on. As people are looking for hosts and they’re wanting some type of assurance that like yes, this is a. Because it’s such a black box in so many ways. Like when you go to pick a host, like they say they’re secure, what are some different like measurements or what are some signals that we can look for to understand? Like yes, like I’m an agency, I build websites. I’m going to trust that my host is keeping my client safe. What are some signals that we might look for?
Aaron Campbell:
Yeah, I think that there are a few things that you can check to see is a host doing what they should be doing to keep me safe in 2026. Right. A simple good litmus to start with is are they doing virtual patching? If they’re not, they’re not keeping up with the realities of the modern day. Can they name several layers that they’re protecting at? Are they protecting you at the network layer and file system lay layer and runtime layer? Those are important. And then I think also what is their malware cleaning strategy? Especially if you are on a shared hosting somewhere where you’re going to be sharing a box with others. The strategy should be keeping, I guess as the metaphor might be keeping the entire neighborhood clean so that your yard is clean too.
Adam Weeks:
Yeah.
Aaron Campbell:
Is important. And so if they’re offloading that all to you or all to the site level, they’re not doing good enough for you in 2026.
Adam Weeks:
Got it.
Adam Weeks:
I was talking to gentleman at Servebolt named Jan and he was kind of going through their thing and he was like, yeah, you’ve got the, like the network layer. And like they were like Cloudflare, the application, like patch stack. And then they have you guys Monarx at like the next layer, like that runtime layer. And then they have their own infrastructure. Is something like kind of those different layers. Are they missing anything or does that.
Aaron Campbell:
No, honestly, Servebolt does a great job with that. Their layered approach is solid and they’re using, you know, best in class at their layers. I mean, obviously I’m a little biased here for the Monarx one, but, you know, Patchstack at the WordPress layer and they’re benefiting from things like virtual patching from us and from Patch Stack and so that’s great. You know, we cover some Patch Stack digs deeper on WordPress stuff. We cover patching on a number of things that are outside of the WordPress space. They’re doing a really good job and that is exactly what you’re looking for. Like, can they tell me what they’re doing at the network layer? Yes, they can tell you. Can they tell me what they’re doing at the application layer? Yes, they can. What about at the runtime layer? Yes, they can. That’s what you want.
Adam Weeks:
Excellent. Before we started hitting the record button, you were talking about the old Dark Web and it’s still, to me, I remember hearing about the Dark Web years and years ago. Is that still relevant? Like what is. Like maybe give, you know, kind of quick, quick cursor. Like, what is the Dark web? And how are you guys thinking about? Like, is that still a security threat? Like, walk me through that a little bit.
Aaron Campbell:
Yeah, that. So the Dark web is this super vague term that means different things to different people. But to kind of sum it up for our listeners, I think the, the part that applies here is that anytime that worry about this company got breached, your data got compromised, that, you know, whether it’s this. The most recent one that I got a notice on was a medical system, so that’s coming to mind immediately. But you know, there’s been forums and, you know, LinkedIn and social networks and all kinds of places have gotten breached over the years and data has been exfiltrated. And the dark web is where a lot of that data lives and is traded around or sold or downloaded to be reused. And so it may have personal data on you, your address, your phone number, credit cards, those kinds of things. And it may also have credentials, right. Email addresses and passwords or usernames. And it’s always been an issue, right. Like it’s difficult to block a nefarious login to your website if that person came to your website knowing the username and password because they found it on the dark web. Right. It looks very much like legitimate traffic.
Adam Weeks:
Right.
Aaron Campbell:
And so the dark web is still very much a big deal, maybe more so because now these LLMs, these AI agents are capable of ingesting so much data. All these breaches that have happened over the, honestly, the decades now at this point, and then saying, well, I’ve got some passwords that Aaron once used. Let’s see where Aaron is on the web and try these passwords at all those places. Where does Aaron bank? Where does Aaron work? Where do. Right. And let’s try logins at all these places. And so it’s, it’s huge now. And so protecting against that, you can’t really erase that information. It’s out there. But there are hygiene things that you can do to help protect yourself against it. And they vary depending on what data is out there, where it came from, etc. And so I think that not only is the dark web still in play, but it’s more and more important that people monitor their own footprint on the dark web and maybe their company’s footprint on the dark web so that they find out about the data at the same kind of speed that bad actors find out about the data and they can take those steps to protect themselves against it. Yeah, the dark web is actually a fascinating and key part of today’s security landscape.
Adam Weeks:
Yeah, so much stuff is there. Like, you know, just. Yeah, like I got it reminds me I should probably change some passwords because. Yeah, who knows what’s out there? And you know, I remember, you know, we used to get like it was a news story when there was a security breach, but I can’t keep track of those anymore and there’s just so many.
Aaron Campbell:
Yeah. So we have a dark web monitoring product that we offer to registrars and such and in testing it and playing with it, and often even in demoing it, I use my own domain name or like email address to show customers and It’s a little sad when you see that there’s like 50 different breached data sets associated with me out there. And yes, admittedly, I’m maybe more online than your average person, but not that much. I mean, everybody’s online so much now that it just. On the upside, I also have taken all the steps to help protect myself as much as possible, knowing that data is out there.
Adam Weeks:
Well, after our we’re done recording, I’m going to go change some passwords. Scary, scary stuff. Aaron, I appreciate the work that Monarx is doing, and what’s one thing that’s great about the work you guys do is that even if I’m not a customer of Monarx, I know that there are, like, Monarx, others that are out there patched out, you know, just different other security companies that are helping to wrangle the bad actors of the Internet. And you guys are benefiting companies and people that aren’t even that don’t even know you exist. And that’s kind of a quite an important mission that you are. That. Yeah. That you guys are fulfilling. And it’s good to know you as we wrap up. Anything last that you’d like to share, People need to know.
Aaron Campbell:
I mean, I think that I’ll just expound a little bit on what you just said. Like, the Open Web is worth defending.
Adam Weeks:
Yeah.
Aaron Campbell:
It just requires more speed than it ever used to. Right. AI changed that kind of attacker operating model, and we have to change ours. It’s worth doing. And so I’m excited to be a part of doing it and of helping hosts move into this new era and still be able to protect their customers in the way that they’ve always wanted to and always been able to.
Adam Weeks:
Well, like, security is one of those things that, along with safety, like, there’s finding that balance where, you know, I used to work at a school and, you know, we wanted to have a security gate for this school. And the question is like, all right, well, how much security do you want for a facility? A building is like, all right, we’re going to have a gate here, and you’re going to press a button and they’re going to buzz you in. It’s like, well, if you. If one gate is secure, wouldn’t two gates be more secure? Like, well, at some point you’re going to just start, like, propping open gates and then you, like, lose any sense of security. My point is that finding that balance between practicality, like, all right, it’d be. I would be way more secure online if I was just never online. Yeah. That would be a solution to all of my password issues. Just don’t go online. The same thing, you know, for this analogy with the school is that you can have all these gates and things, but if you circumvent it because it’s not useful, it takes up too much time. And yeah, I think you guys have done a pretty good job, you know, finding that balance.
Aaron Campbell:
I mean, you hit the nail on the head. It’s not just fixing the technical issue or catching the bad request or whatever. It’s doing so in a way that still makes it easy for the end user to accomplish their goals. That still lets humans surf the web in the way that they want to or buy the things that they want to at this site. And if essentially your security, that the more and more you tighten it to your example of the gates, it’s great right up until the point that someone says, well, this is too much hassle. I’m just going to disable it. And if anybody disables what we’re doing, we’ve gone just a little too far. They propped that gate open and it turns out that was one extra key turn too many to ask them to do. And so it’s, it’s beating all these bad actors without harming all the good actors out there. It’s a balancing act.
Adam Weeks:
Yeah. Yeah. Ideally, the end customer doesn’t know that they were just protected from 10,000 different, you know, malicious attacks.
Aaron Campbell:
Yes. Yeah. Our hosts should be able to look at our dashboard and see hundreds of thousands or millions of blocked attacks and their end user has no idea. Unless they happen to log into their dashboard to see the same. Right.
Adam Weeks:
Yeah. My website didn’t go down. I was able to serve that data and nothing happened.
Aaron Campbell:
Exactly.
Adam Weeks:
Yeah. That’s a good balance. Aaron, as we wrap up, if anybody wants to find out more about you and what you do, where would they find you on the great big Internet?
Aaron Campbell:
You can find me at Monarx.com m o n a r x.com or my personal@aarondcampbell.com see what I’m doing, See what I’m thinking about.
Adam Weeks:
Yeah.
Aaron Campbell:
See what I’m building.
Adam Weeks:
Are they going to be able to see your. Your hat around any, any upcoming events?
Aaron Campbell:
Yeah, my hat will be at WordCamp us coming up here next month. Is it really that?
Adam Weeks:
eah. So we’re going to do some roasting together. Fantastic.
Aaron Campbell:
Yeah, yeah. And then I’ll probably be at. At Atlas Digital Summit the month after.
Adam Weeks:
Very good. Well, if you’re at any of those events, make sure you find Aaron’s hat, It comes in different colors, but usually the same style comes in different colors,
Aaron Campbell:
but it’s always the fedora. So look for the fedora.
Adam Weeks:
Love it. All right, Aaron, thank you so much. And this is another episode in the can for Open Channels FM. We’ll see you around.







Leave a Reply