IC vulnerabilities - Jarno Niemelä
Disobey 2026 · Main Stage
Jarno Niemelä, a Principal Researcher at VitScure (the former F-Secure business side), delivered a compelling talk at Disobey on a class of Windows privilege escalation vulnerabilities that often go undetected by traditional security tools and are overlooked by vendors. His presentation, titled "IC vulnerabilities," delves into the pervasive issue of incorrect Access Control List (ACL) configurations on critical system files and directories, leading to "low-hanging fruit" exploits for attackers. Niemelä posits that these vulnerabilities, while seemingly simple, represent a significant threat, especially with the rise of agentic AI capable of analyzing individual hosts for unique misconfigurations.
AI review
Niemelä brings real fleet-scale data to a class of vulnerabilities that the industry hand-waves away as 'misconfigurations' — and shows why that's a mistake. The research is grounded in production telemetry from a customer base larger than Finland's population, the technical mechanics are precise, and the framing around agentic AI accelerating exploitation of host-unique flaws is forward-looking without being hand-wavy.