Monday, July 27th • 6:00 PM
From Pegasus to PromptSpy: How AI Is Reshaping the Mobile Threat Landscape
Join ISC2 Northern Virginia Chapter for a fast-moving look at how artificial intelligence is rewriting the mobile threat landscape, and what defenders need to do about it right now.
This is not a theoretical overview. Drawing on Lookout's analysis of more than 400 million mobile apps, our speaker will trace the compounding waves of mobile risk reshaping enterprise and federal security today, and show where the curve is bending as AI accelerates on both the attacker and defender sides.
Event Agenda
Location: Capital One, Building C1, Maplewood Hall (Floor 7), 1600 Capital One Drive, McLean, VA 22102 (see venue note below; this is not our usual building)
- 6:00 to 6:30 PM: Check-in and Networking (Food provided, first come, first served)
- 6:30 to 8:00 PM: Chapter Meeting & Presentation
- 8:00 PM onward: Cyber Social Hour at The Perch, Capital One's rooftop venue, sponsored by Lookout
Venue & Directions
New location: we are NOT in our usual building
We are usually in the Capital One building called "C2." For this event we are in a different building called "C1," the large glass building above Ometeo and Stellina Pizzeria. Our room is Maplewood Hall on Floor 7.
Address:
Capital One
1600 Capital One Drive
McLean, VA 22102
Bldg C1 | Maplewood Hall (Floor 7)
C1 Parking: There is a surface parking lot adjacent to C1 for guest parking. If that lot is full, use the usual C2 Garage (1680 Capital One Drive) and walk over, or the Wegmans parking garage beneath The Perch.
Directions to Maplewood Hall: Enter the C1 lobby and proceed past the welcome desk to the elevators. Take an elevator to Floor 7. On Floor 7, head left until you reach the security desk. Maplewood Hall is directly opposite it. If you get lost, just ask security for "C1 Maplewood Hall."
On the map below, the C1 building is the red circle and the surface parking lot is the green square.
Session Abstract
AI is fundamentally reshaping the mobile threat landscape. This session traces four compounding waves of mobile risk: the evolution of mobile malware from SMS trojans to nation-state spyware like Pegasus, Coruna, and DarkSword; a social engineering surge in which smishing and vishing now dwarf email-based phishing; AI-powered attack chains that compress OSINT gathering, deepfake voicemails, and Signal-based impersonation into minutes; and the rise of unrestricted mobile AI usage and on-device agentic malware like PromptSpy.
The session also looks at how AI-driven vulnerability discovery, including Anthropic's Mythos model, is finding exploitable bugs at scale in mature codebases and collapsing vulnerability-to-exploit timelines from months to hours. Mobile feels this acutely. Every app is built from a stack of third-party components, and when a component zero-day is patched upstream, each app that bundles it must ship a new release before the fix reaches your phone. Many apps go stale or never get patched, so a vulnerability disclosed years ago can still be live on devices today, and surveillanceware vendors are already exploiting exactly these gaps.
The threat curve is bending. Mobile defenders need to bend with it.
Key Discussion Points
- Four Compounding Waves of Mobile Risk: How mobile malware evolved from SMS trojans to nation-state spyware like Pegasus, Coruna, and DarkSword.
- The Social Engineering Surge: Why smishing and vishing now dwarf email-based phishing, and how AI supercharges both.
- AI-Powered Attack Chains: How OSINT gathering, deepfake voicemails, and Signal-based impersonation now compress into minutes.
- On-Device Agentic Threats: The rise of unrestricted mobile AI usage and on-device agentic malware like PromptSpy.
- The Vulnerability-Discovery Shock: How AI collapses vulnerability-to-exploit timelines and why stale, unpatched third-party components leave devices exposed.
Featured Speaker
Featured Speaker
David Richardson
Chief Technology Officer @ Lookout
David Richardson is Chief Technology Officer at Lookout, where he oversees the company's future product direction. A founding engineer, David has spent more than 15 years building software to secure mobile endpoints for enterprises and government agencies. His expertise spans threat hunting and leveraging artificial intelligence to detect and respond to emerging mobile threats. He holds over 60 patents in mobile security and has presented at Black Hat and DEF CON on iOS and Android security.
Don't miss this opportunity to gain insights from an industry leader on one of the most pressing challenges in mobile security.
We look forward to seeing you there!