Architect’s Edge Live Recap: VCF 9.1, Project Glasswing, and Surviving the Frontier AI Era
Architect’s Edge Live Recap: VCF 9.1, Project Glasswing, and Surviving the Frontier AI Era
We just wrapped up one of our most highly anticipated Architect’s Edge Live sessions yet, and the response was phenomenal. With 581 attendees tuning in LIVE, the chat was on fire, the Q&A was packed, and the insights shared by our guest speakers—Gordon Barr (Field CTO, VMware by Broadcom) and Bob Plankers (Security & Compliance)—were nothing short of eye-opening.
If you missed the live event (or if you just want to rewatch and take better notes!), you can catch the full replay and review the presentation slides below.
For those looking for the quick hits, here is a breakdown of the critical takeaways from our discussion on AI threats, VCF 9.1, and how we are fundamentally changing the way you protect your infrastructure.
The Threat Landscape: Why “Low Priority” Vulnerabilities Are Dead
One of the most sobering moments of the webinar was Gordon Barr’s breakdown of how Frontier AI models, specifically Anthropic’s Mythos, have completely changed the rules of engagement for attackers and defenders alike.
Previously, security teams triaged vulnerabilities. Criticals and Highs were patched immediately; Mediums and Lows waited for the next cycle. Gordon emphasized that this mindset must be “relegated to the waste bin of history.”
Why? Because AI doesn’t sleep. It doesn’t take breaks for pizza and Red Bull. It is incredibly tenacious and wildly creative at chaining together multiple “low value” known CVEs to gain root control, execute remote code, or crash systems entirely.
“What this means to you is that all vulnerabilities are now potentially critical vulnerabilities.”
— Gordon Barr
Security Always > Security First
Bob Plankers brought a refreshing, pragmatic view to the table, challenging the age-old corporate mantra of “Security First.” Quoting Mike Rowe, Plankers reminded us that if safety (or security) were truly first, we wouldn’t do anything at all—we’d just wrap ourselves in bubble wrap.
“Any organization that says security is first is also lying… Security always, just like Mike Rowe says, safety always. We should always be thinking about security. How do we do what we need to do to move the business forward in a secure way?”
— Bob Plankers
The answer lies in adopting zero trust across everything, not just the internet-facing DMZ. The panel heavily emphasized that trusting your infrastructure identity providers inherently makes those providers admins of everything. As seen in recent real-world breaches, attackers will bypass the firewall entirely by utilizing stolen authentication tokens and phishing the help desk.
VCF 9.1: Changing the Architecture to Enable “Live” Patching
To combat these high-velocity threats, the speed at which defenders patch must fundamentally change. You can no longer rely on a 30, 60, or 90-day patch cycle.
This is exactly why the architecture was fundamentally rewritten for VCF 9.1. Plankers broke down the reality of “Zero Downtime” (or Fast Patching). By rewriting and deprivileging the virtual machine monitor, VCF 9.1 allows administrators to patch individual components of ESXi without taking down the entire system as a monolithic unit.
When asked if this live patching functionality could be backported to vSphere 8, the answer was a definitive no.
“In the past, [if you escape a VM], you’re root, you’re privileged on the box. Now, in 9.1, you get out, and you’re not privileged, you can’t do anything. Game over.”
— Bob Plankers
What the Community is Saying
We received an overwhelming amount of feedback from so many attendees who filled out the post-event survey. It’s clear that the community is eager for this level of transparency and technical depth. A few of our favorite pieces of feedback included:
- The natural, unscripted flow between the speakers made the complex topics highly engaging and insightful.
- The clear breakdown of how the VCF 9.1 architecture fundamentally differs from the 8.x series was a major highlight.
- Many requested more events in this exact format, noting it was a fantastic way to build excitement and educate the community on VCF 9.
- The panel’s ability to take incredibly deep, technical security concepts and explain them simply and understandably was highly praised.
The “Resource Seeker” Toolkit
During the event, our resource section was incredibly active. For those of you who were furiously clicking through the links, or for those who requested more information in our survey, here is the ultimate toolkit to get you up to speed on everything we discussed:
Threat Intel & AI
- Recent Agentic AI Attack (JadePuffer)
- Frontier AI Security Models (What we learned with AI)
- Glasswing by Anthropic
VCF 9.1 Security & Patching
- FAST Patching in VCF 9.1
- Zero Trust in VCF 9.1!
- VCF Security / Compliance Hub
- What’s New in VCF 9.1
- VCF 9.1 Upgrade Path for VxRail Customers
What’s Next?
If you enjoyed this session, be sure to subscribe to the Architect’s Edge YouTube Channel and follow the Architect’s Edge Newsletter on LinkedIn to ensure you don’t miss our next live event!