In Episode S8E7 of the Brilliance Security Magazine Podcast, host Steven Bowcut speaks with Phuong “Kenny” Nguyen, Chief Technology Officer at KhaiCode, about the growing challenge of understanding what is actually inside the software organizations rely on every day.
KhaiCode focuses on what it calls binary exploit intelligence: the process of analyzing compiled software, firmware, containers, drivers, and binaries to identify hidden components, correlate them with known vulnerabilities, and validate whether those vulnerabilities are actually exploitable. The company’s core premise is simple but powerful: organizations should not rely solely on vendor assurances or documentation. They need a way to independently verify the security of the software they deploy.
Kenny brings nearly three decades of offensive security experience to this conversation. He began exploring computer security as a child after his own website was defaced, an experience that sparked his fascination with hacking, software behavior, and the hidden ways attackers manipulate systems. Over the years, he discovered and authored multiple critical zero-day vulnerabilities, including remote code execution flaws in widely used software. That offensive security background now informs KhaiCode’s approach: rather than simply listing vulnerabilities, the platform seeks to determine which ones can actually be exploited in practice.
Summary
The conversation begins with Kenny’s early introduction to cybersecurity. As a young computer enthusiast, he built a personal website and discovered one day that it had been defaced. Rather than viewing the incident only as a setback, he became fascinated by how the compromise happened. That curiosity led him into the world of computer security, exploit research, and eventually a career focused on understanding how software can be manipulated by attackers.
Kenny explains that his zero-day research taught him a critical lesson: too many organizations trust software without truly knowing what is inside it. Whether the software comes from a major vendor, a third-party supplier, or an internal development process, users often rely on claims, attestations, or software bills of materials without independently validating the real risk. In Kenny’s view, software is often where the risk begins, whether the environment involves traditional IT, IoT, OT, routers, firmware, or critical infrastructure systems.
A major theme of the episode is visibility. Kenny notes that many cybersecurity vendors promise visibility into assets, networks, systems, or cloud environments, but far fewer provide meaningful visibility into compiled software. SBOMs can be helpful, but they often depend on source-code access or vendor-provided information. KhaiCode is designed to address the problem of software delivered as binaries, where customers may have little or no insight into embedded libraries, outdated components, malicious modifications, hard-coded secrets, or vulnerable dependencies.
Kenny describes KhaiCode’s approach as more than static binary inspection. The platform performs static analysis, dynamic analysis, runtime analysis, and attack-path analysis. It executes binaries in controlled environments to observe what happens during runtime, including whether the software pulls in additional libraries or components after execution. This is important because static analysis alone may not reveal the full behavior of modern software.
The episode also explores KhaiCode’s three-step process: scan, analyze, and validate. A customer uploads a binary, container, or firmware image; the platform orchestrates the appropriate execution environment; and then KhaiCode applies reverse engineering, runtime analysis, dynamic analysis, and attack-path analysis to identify what is inside the software and whether vulnerable components can actually be reached and exploited.
One of the most important distinctions discussed is the difference between theoretical vulnerability and verified exploitability. Kenny points out that when everything is labeled critical, nothing is truly critical. Security teams already face overwhelming vulnerability backlogs, and simply handing them thousands of CVEs does not solve the problem. KhaiCode’s value proposition is to help organizations focus on the vulnerabilities that matter most by validating exploitability and identifying confirmed attack paths.
Kenny identifies defense, critical infrastructure, oil and gas, power plants, and other high-risk environments as particularly strong use cases. In these sectors, organizations may operate large inventories of software but lack clarity about what components are inside those applications or whether new public exploits affect embedded libraries they did not even know they were using. He uses Log4j as an example of how difficult it can be for organizations to determine where a vulnerable component exists across a complex software estate.
The discussion closes with a forward-looking concern: AI-assisted software development may make the software supply chain problem significantly worse. Kenny argues that AI tools are enabling more people to produce software quickly, often without a deep understanding of the components, libraries, or architecture being introduced. As software becomes easier to generate and harder to fully understand, binary exploit intelligence may become even more important for organizations that need to verify what they are deploying.
About Our Guest
Phuong “Kenny” Nguyen is the Chief Technology Officer at KhaiCode. He has nearly 30 years of offensive security experience and began his journey in computer security at the age of 13. Throughout his career, he has discovered and authored multiple critical zero-day vulnerabilities, including remote code execution flaws in widely used software.
Kenny has also contributed to the broader cybersecurity profession as a Subject Matter Expert for the CompTIA Security+ certification and has held more than 20 IT certifications and six specialized security certifications. His background in exploit research, offensive security, and software analysis now informs KhaiCode’s mission to help organizations verify software integrity and prioritize vulnerabilities based on real exploitability rather than theoretical risk.
Click the image below to listen to the full episode.
About Brilliance Security Magazine and the BSM Podcast
Brilliance Security Magazine covers the ideas, people, and technologies shaping the security industry. Through articles, interviews, and the BSM Podcast, host Steven Bowcut speaks with leaders, innovators, and subject-matter experts working across cybersecurity, physical security, risk management, critical infrastructure protection, and emerging technology.
Additional Resources
Video Overview
Infographic
