Cybersecurity moves fast: Old vulnerabilities are patched as new exploits appear. Cybercrime gangs form and strike and fade, disappearing with millions of ransom dollars. What protected the organization yesterday might leave it hopelessly exposed today. At the same time, cybersecurity pros rely on core principles—like the CIA triad of infosec, the principle of least privilege, zero trust architectures—to help them navigate this shifting terrain. 

Security Intelligence addresses both of these angles in a single, exciting, and digestible podcast episode every week. Listeners learn both the latest news and timeless insights, all from experts they can trust. This format speaks directly to the needs and preferences of cybersecurity practitioners, who want frequent, granular and technical content that gives need-to-know information.   

Have we lost the plot when it comes to AI malware?  

This week, host Matt Kosinski and panelists Claire Nunez, Austin Zeizel and Dave Bales discuss the growing trend of cybersecurity pros pushing back on AI malware “research.” Is it all puffery? Genuine threat? Some secret third thing?  

Plus: How hackers are stealing real-world cargo, time-delayed malware, the Louvre’s weak password and why don't more people patch their OT systems?   

00:00 – Introduction

01:15 – The IT-OT gap

11:18 – Digital cargo thieves

20:12 – Time-delayed logic bombs

25:53 – AI malware vs. AI slop

33:47 – The Louvre’s password

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about AI malware → https://www.ibm.com/think/insights/defend-against-ai-malware 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

What do AI agents, the stock market and behavior-based threat detection tools have in common? You’ll need to listen to this week’s episode of Security Intelligence to find out. 

Join host Matt Kosinski and panelists Sridhar Muppidi and Cris Thomas for a jam-packed conversation, including new ways to build malicious AI agents, a malware strain that types like a person, a social engineering scheme that manipulates stock prices and a banner year for bug bounties. 

Plus: When it comes to new tech, why does governance always lag so far behind implementation? 

All that and more on Security Intelligence.  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Read more about the AI governance gap → https://www.ibm.com/think/insights/cios-ai-risk-governance-gap

Check out our new special edition episode → https://www.ibm.com/think/podcasts/security-intelligence/social-engineering-expert-talks-physical-security

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52954

Could you break into an office armed with nothing more than a coffee-stained resume and some charisma? Meet someone who can. 

Today’s bonus episode of Security Intelligence features an in-depth interview with Stephanie Carruthers, Global Head of Cyber Range and Chief People Hacker at IBM X-Force.  

Stephanie shares the harrowing tale of one of her most daring physical security assessments. Along the way, we discuss why physical security and cybersecurity are two sides of the same coin, highlight common physical security gaps and reveal why your office trash is a criminal’s treasure.  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about physical security in cybersecurity: https://www.ibm.com/think/insights/physical-cybersecurity

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120    

Is a safe AI browser even possible?  

On this week’s super spooky Halloween episode of Security Intelligence, host Matt Kosinski and panelists Suja Viswesan, J.R. Rao and Dave McGinnis discuss the terrifying security risks of ChatGPT Atlas. Plus: The ghost network spreading malware on YouTube, an invisible worm that drops a “Zombi” payload and AWS’s brush with the grave. (Notice a theme?) 

And stick around for a sneak peek of a very special episode at the end.  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence  

Is Windows 10 dead?

This week, panelists Michelle Alvarez, Sridhar Muppidi and Jeff Crume join host Bryan Clark to discuss support for Windows 10 coming to an end. We also talk AI use in SOCs, automated code repair and the battle against payroll pirates coming after your next paycheck.

00:00 – Intro

01:10 – RIP Windows 10

08:38 – The future of SOCs

19:41 – AI code repair

31:27 – Plundering payroll pirates

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

What does it take to trick an AI agent? Not a whole lot, it turns out. This week, panelists Nick Bradley, Claire Nuñez and Jeff Crume join host Matt Kosinski to discuss a couple of new methods for hijacking AI agents and breaking their guardrails. We also talk recent evolutions in DDoS attack trends, the legacy of zero trust and some glaring security flaws in an extremely popular AI training app.

Plus: We ring in Cybersecurity Awareness Month with the traditional airing of grievances.

00:00 – Introduction

01:38 – Tricking AI agents

15:18 – The DDoS comeback

26:03 – 15 years of zero trust

36:02 – Neon exposes user calls

44:34 – Cybersecurity myths

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120  

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

An AI security CEO thinks we’re six months away from an “AI vulnerability cataclysm.” Is this a legitimate threat, or just fear-mongering? On this week’s episode, host Matt Kosinski and panelists Cris Thomas, Suja Viswesan and Troy Bettencourt debate whether we're headed straight for an AI security disaster. We also react to reports on Scattered Spider’s return (surprise!), a potential new strain of the devastating Petya ransomware and a survey of common cloud misconfigurations. Plus: Hot takes on dumb cybersecurity rules. All this and more, on Security Intelligence.   

00:00 – Intro  

01:02 – The AI apocalypse 

12:53 – Scattered Spider’s back 

23:41 – Misconfiguration risks 

32:35 – What is HybridPetya? 

42:46 – Dumb cybersecurity rules 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

Has the most notorious cybercrime gang of the moment really hung up its keyboards? In this episode of Security Intelligence, host Matt Kosinski along with panelists Dave Bales, Michelle Alvarez and Sridhar Muppidi discuss Scattered Lapsus$ Hunters’ retirement announcement, the ethics of ransomware research, software supply chain security lessons from the npm hack, the state of OT security, and hiring fraud.  

Plus: Dave takes on CVSS scores. 

All this and more, on Security Intelligence.  

00:00 – Intro  

02:12 – Scattered Lapsus$ Hunters retire 

8:05 – AI ransomware is here 

15:43 – npm hijacking 

24:51 – X-Force on OT threats 

35:27 – AI hiring fraud 

41:36 – A hacker and Huntress EDR 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

Have we made cybercrime too easy? In the very first episode of Security Intelligence, panelists Jeff Crume, Suja Viswesan and Nick Bradley join host Matt Kosinski to discuss the invention of vibe hacking and HexStrike AI, an offensive security framework that threat actors are co-opting to command their own AI agent armies. We also discuss Scattered Lapsus$ Hunters’ unconventional new ransom demand and the rise of the RATs, or remote access trojans. Plus: A game of “Would You Rather?"  

00:00 – Intro 

1:40 – Introducing vibe hacking 

9:28 – HexStrike AI fuels AI agent crime 

14:42 – AI agent cyber attacks vs. Human cyber attacks 

18:16 – Scattered Lapsus$ Hunters want Google to fire employees 

26:03 – Remote Access Trojans on the rise 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

AI agents are coming to the enterprise—but can we actually control them? 

On this bonus episode of Security Intelligence, IBM Fellow and CTO IBM Security Sridhar Muppidi helps us dig into the rise of agentic AI security risks, from generative AI systems with backend access to autonomous agents that can schedule meetings, call APIs and automate workflows — often with highly privileged access. 

Traditionally, identity and access management has (IAM) focused on human beings. Then came service accounts and API credentials. Now? We’re facing an explosion of machine identities, including a brand-new class of AI identities that blend human and machine characteristics.  

How do we manage identity and access for software systems that behave like human users? 

Join us for a discussion of: 

• What makes AI identity management different from traditional IAM 

• Why valid account abuse remains one of the top attack vectors — and how AI could amplify it 

• The risks of giving generative AI systems the keys to the kingdom 

• How enterprises should think about AI access control and governance 

• Why there’s still no clear standard for securing AI and non-human identities 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Do you think you could get scammed by a chatbot? 

Neither did IBM Chief People Hacker Stephanie Carruthers—until she went toe to toe with one. 

In this episode of Security Intelligence, we take you inside the John Henry Competition at DEF CON 2024, where Carruthers competed with an AI-powered vishing bot to see who was the better con artist. 

The results just might surprise you. 

Along the way, we explore how generative AI is transforming social engineering, why vishing and voice cloning attacks are surging and what it all means for defenders who’ve spent years training people to spot phishing emails—but not phone calls that sound exactly like their boss. 

All that and more—on Security Intelligence. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Follow the Security Intelligence podcast on your preferred platform →  https://www.ibm.com/think/podcasts/security-intelligence 

Did you miss out on the [un]prompted AI security conference? So did most of us. Except our very own Dustin “Evil Mog” Heywood, who joins us today to share highlights from the event. 

And speaking of [un]prompted, we also discuss one of the biggest announcements to come out of the event: the Zero Day Clock. This coalition of experts is arguing that we need to radically rethink vulnerability management in the face of plummeting time-to-exploit values for new vulnerabilities.  

Among their demands that might prove to be quite controversial: holding software makers liable for flaws and building more disposable architecture. 

Then we talk about some notably nasty AI agent behavior, including manipulating prescriptions and writing mean blog posts about human users. 

Finally, we round out the week with a discussion of burnout among cybersecurity pros. We’re working, on average, 10 overtime hours per week. It’s exhausting—and really, really bad for security. 

All that and more on Security Intelligence. 

00:00 -- Introduction 

01:26 -- Report back from [un]prompted  

09:07 -- The zero day collapse  

21:26 -- AI agents harassing humans  

31:26 -- Burnout in cybersecurity 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

#zerodaysexploits #AIsecurity #AIagentsecurity #vulnerabilitymanagement

Can IAM handle AI? Find out → https://www.ibm.com/think/podcasts/security-intelligence 

A consumer just wanted to control his own personal robot vacuum with a PlayStation controller. He ended up controlling thousands of strangers’ vacuums, too. 

This week on Security Intelligence, we cover one of the wildest IoT security stories in recent memory: How one user accidentally built an army of 6,700 robot vacuums, and what it means for cybersecurity pros.  

Then we turn to TOAD — telephone-oriented attack delivery — a deceptively low-tech social engineering method that's quietly becoming one of attackers' favorite tools. We talk about why it works and what defenders can actually do about an attack that skips most of your defenses entirely. 

And finally: healthcare's cybersecurity problems. This season of the hit medical drama The Pitt features a hospital-debilitating ransomware attack, which is perhaps one of the most realistic things to ever happen on a show known for its verisimilitude. We explore why ransomware is so prevalent in healthcare, why patching is rare and what it would actually take to change that. 

00:00 -- Introduction 

0:58 -- Rise of the robot vacuum army 

10:02 -- Anthropic debuts Claude Code Security 

24:39 -- Thwarting distillation attacks 

34:23 -- Why hackers love TOADs 

44:14 -- Healthcare’s cybersecurity woes 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Explore the Threat Intelligence Index 2026 → https://www.ibm.com/reports/threat-intelligence#sipod 

#AIcodesecurity #vibecoding #securitydebt #IoTsecurity #vishing 

For years, stolen credentials were king—the hacker’s attack vector of choice. Until now. 

The 2026 IBM X-Force Threat Intelligence Index reveals a surge in the exploitation of public-facing applications, overtaking identity-based attacks as the top initial access vector.  

Why are threat actors changing their tactics so dramatically—and what does it mean for defenders? 

In this episode of Security Intelligence, panelists Claire Nuñez, Chris Caridi and Joe Xatruch break down the biggest findings from the latest Threat Intelligence Index, plus: 

• Infostealers that grab AI agents’ “souls” 
• Compromised packages that drop AI agents as malware 
• The AI infrastructure flaws we can’t seem to fix 
• Why threat intelligence is so siloed—and what we can do about it 

All that and more—on Security Intelligence. 

00:00 - Intro 

1:17 - Threat Intelligence Index 2026  

16:22 - Stealing AI agents’ souls  

28:03 - AI infrastructure flaws  

36:36 - Threat intelligence made human 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence 

Explore the Threat Intelligence Index 2026 → https://www.ibm.com/reports/threat-intelligence#sipod    

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

Valentine’s day might be over, but love is in the air. 

The love a scammer has for their victim’s wallet, that is. 

In this special episode of Security Intelligence, host Matt Kosinski sits down with Claire Nunez, Suja Viswesan, and Dave Bales to break down how modern romance scams actually work: from the “wrong number” text that starts an innocent chat, to long-con “pig butchering” schemes that use emotion, trust and time to extract money — often through crypto investment bait. 

The panel explains why anyone can fall for these scams, how breaches and public records can help scammers build convincing victim profiles and how AI is making the problem worse. 

Finally, the team gets practical: how to talk to a loved one who may be caught in a scam, how to remove stigma so people report faster and what organizations can do when a “personal” scam becomes a corporate risk. 

Key takeaways: Don’t respond to unknown numbers, treat online “investment opportunities” as a red flag and remember: if this happened to you, you’re not alone. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Are enterprises moving too fast with AI—and breaking security in the process? 

In this episode of Security Intelligence, host Matt Kosinski is joined by Sridhar Muppidi, Nick Bradley and Jeff Crume to unpack a pivotal moment in cybersecurity. 

The panel dives into the rapid rise of AI agents and the growing risks of shadow AI in the enterprise, comparing open-source agent platforms like OpenClaw with proprietary models such as Claude Opus 4.6 and its new agent teams. We explore how speed-first AI adoption, unsecured agent implementations and weak separation of duties are creating new attack surfaces—and why executives may be unintentionally fueling the problem. 

The conversation also examines the recent Notepad++ supply chain breach as a warning sign of broader software inventory and supplier risk failures, and analyzes DragonForce’s attempt to reinvent ransomware as a scalable cartel business. 

Along the way, we keep returning to a key theme: Have we optimized for velocity at the expense of security? 

00:00 -- Intro 

01:18 -- OpenClaw vs. Claude Opus 4.6 

15:05 -- Move fast. Break security? 

27:29 -- Notepad++ breach 

38:55 -- DragonForce ransomware cartel 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

#OpenClaw #ClaudeOpus #shadowAI #AIagentsecurity

OpenClaw and Moltbook are extremely cool. They're also extremely dangerous. And they tell us just how far AI agent security has to go. 

In this episode of Security Intelligence, Dave McGinnis, Seth Glasgow and Evelyn Anderson unpack how locally run AI agents are becoming a brand-new attack surface, and why defenders may be underestimating the risks. From misconfigured agent databases leaking API keys, to malicious “skills” that can quietly hijack trusted systems, we explore what happens when powerful AI tools are treated like just another app. 

We also dig into a growing signal problem across cybersecurity:  

• Why AI-generated “slop” is overwhelming bug bounty programs. 
• Why NIST may stop enriching vulnerabilities in the National Vulnerability Database. 

Along the way, our panel debates a deeper question: Is AI a gift or a curse for security pros?  

All that and more on Security Intelligence 

00:00 - Intro 

01:03 - OpenClaw and the AI agent attack surface 

16:49 - Will AI slop end bug bounties? 

26:49 - Big changes to NIST’s NVD 

35:27 - The problem with vibe coded malware 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe for more AI and cybersecurity news → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

AI-generated malware has officially arrived. But does it matter all that much? 

This week on Security Intelligence, Suja Viswesan, Dave Bales and Dustin Heywood join us to discuss VoidLink, which might just be the first thoroughly documented case of a malware framework generated with significant AI help. The question is: What really changes when malware is no longer the handiwork of human hackers? 

We also explore the World Economic Forum’s Global Cybersecurity Outlook 2026, where CEOs and CISOs are split on what they fear most: cyber fraud or ransomware? Then we cover the debate over data protection vs. service resilience, and we dig into the takedown of RedVDS, a major player in the cybercrime-as-a-service supply chain. 

Finally, we reflect on the 40th anniversary of “The Hacker Manifesto,” asking what’s changed—and what hasn’t—in hacker culture. 

All that and more on Security Intelligence 

00:00 -- Introduction

01:40 -- CEOs vs. CISOs: 2026 cyberthreats  

11:10 -- VoidLink: Documented AI malware  

19:28 -- Are we too worried about our data?  

27:28 -- Cybercrime supply chains  

34:05 -- 40 years of hacking culture 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity → https://www.ibm.com/think/podcasts/techsplainers#tabs-fw-44e285b2cc-item-df35f5fbab-tab  

AI has changed the speed of cyberattacks. But it hasn’t changed the most important variable: people. 

In this episode of Security Intelligence, panelists Jake Paulson, Stephanie Carruthers and Matt Cerny dig into how AI-driven threats—phishing, deepfakes and disinformation—are reshaping the cyberthreat landscape. Organizations, too, are adopting AI tools to help detect these attacks. 

But even in the era of AI, people are ultimately our first and last lines of defense. And all too often, we don’t give them what they need to succeed. How do we help human beings adapt to the increased speed, scale and impact of AI threats? 

The answer, our panel argues, isn’t more checkbox training or prettier slides. It’s realistic, immersive training that builds muscle memory, confidence under stress and decision-making skills for moments when things don’t go according to plan. 

We talk about: 

• 00:00 -- Introduction 
• 01:48 -- AI phishing, deepfakes and modern social engineering tactics 
• 09:19 -- Why humans are still the primary attack surface—and the strongest defense 
• 17:03 -- The difference between tabletop exercises and cyber range training 
• 22:00 -- How immersive simulations prepare teams for real incident response pressure 
• 42:00 -- Why preparedness matters more than awareness in the age of AI attacks 

Because when AI accelerates attacks, training determines the outcome. 

All that and more on Security Intelligence. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

#cybersecuritytraining #AIcyberthreats #AIphishing #AIcyberattacks

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Learn more about the cyber range → https://www.ibm.com/think/topics/cyber-range

Discover how AI training can support your business → https://www.ibm.com/services/xforce-cyber-range

Between LockBit, RansomHub and BlackSuit, law enforcement racked up some big wins against ransomware gangs last year. So why aren’t the attacks letting up? 

In this episode of Security Intelligence, panelists JR Rao, Jeff Crume and Michelle Alavarez unpack what the state of ransomware in 2025 really looked like, and why things haven’t slowed things down as much as we might hope.  

Then, we turn to identity security and cloud breaches as we consider the striking case of Zestix, the lone threat actor linked to breaches at 50 global enterprises. And all he needed were some passwords.  

From there, we look at what the future of hacking might hold. Palo Alto’s Wendi Whitmore issued a warning about how AI agents could become devastating insider threats, and security researchers at GEEKCon demonstrated how AI-powered robots can be hijacked using voice commands alone, turning prompt injection into a physical-world security risk.  

It’s a niche scenario today. But is it also a preview of what happens when AI, robotics and operational technology collide? 

Listen to Security Intelligence to find out. 

00:00 -- Introduction 

01:05 -- Ransomware in 2026  

09:26 -- Zestix linked to 50 hacks  

18:42 -- AI agents as insider threats  

31:20 -- Hacking humanoid robots 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Say your cloud storage service gets hacked. Say the attackers broke in by exploiting a vulnerability in an open-source library your organization used to build the service. Who owns that vulnerability?  

Microsoft is trying to clear some of the smog obscuring the software supply chain by expanding its bug bounty program to include some third-party code that affects it services. In this episode of Security Intelligence, panelists Jeff Crume, Nick Bradley and Claire Nuñez discuss what that move means for cybersecurity responsibility models going forward.  

We also analyze how a three-year-old LastPass breach is still giving cybercriminals new credentials to steal. Turns out “harvest now, decrypt later” isn’t just a quantum concern. 

Plus: OpenAI fights prompt injections with an automated, AI-powered red team, hackers have a new tool to make ClickFix attacks even easier and we share the New Year’s Resolutions we hope organizations will make in 2026. 

All that and more on Security Intelligence. 

00:00 -- Introduction 

1:11 -- Cybersecurity resolutions 

6:51 -- Microsoft’s new bug bounties 

14:00 -- The LastPass breach’s long tail 

26:07 -- Automated red teaming 

33:22 -- ClickFix-as-a-service 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Why does it cost so much more to get hacked in the United States than anywhere else in the world? 

In this special bonus episode of Security Intelligence, we sit down with Michelle Alvarez, Manager of Strategic Threat Analysis at IBM X-Force, for a deep dive into IBM’s 2025 Cost of a Data Breach report—and one of its most surprising findings: global breach costs are falling, but US breach costs just hit a record high. 

What’s driving the gap? 

In this episode, we unpack: 

• Why faster detection and containment are lowering breach costs globally 
• Why shadow AI is quietly increasing breach risk and driving up response costs 
• Why regulatory fines, global operations and organizational scale hit US companies especially hard 
• And how supply chain breaches, cloud complexity and shadow IT amplify the damage 

We also explore a critical inflection point ahead: AI isn’t a major attack target yet—but once adoption crosses key market concentration thresholds, attackers will follow the ROI. 

All that and more on Security Intelligence 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Read the Cost of a Data Breach report: https://ibm.biz/BdbkLt

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

In this special year-end episode of Security Intelligence, we reflect on 2025, a year of new attack methods (ClickFix), new vulnerabilities (vibecoding) and new worries on the horizon (shadow agents). 

From hijacked AI agents to massive supply chain breaches, 2025 forced security leaders to confront a sobering reality: trust might just be our biggest attack surface.  

Join hosts Matt Kosinski and Patrick Austin for a jam-packed look back at the biggest cybersecurity trends and cyberattacks of 2025, the lessons we can learn from them and what the road ahead looks like. Featuring: 

00:00 – Introduction

4:10 – AI and data security with Michelle Alvarez and Jeff Crume 

22:42 – Biggest cyberattacks of 2025 with Dave Bales and Nick Bradley 

38:18 – Major lessons, innovations and failures of cybersecurity in 2025 with Suja Viswesan and Sridhar Muppidi 

All that and more on Security Intelligence. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about cybersecurity → https://www.ibm.com/think/security 

AI browsers are neat—but are they more trouble than they’re worth?  

In this episode of Security Intelligence, Austin Zeizel, Evelyn Anderson and Ryan Anschutz discuss Gartner’s recent advisory warning organizations to ban AI browsers from the workplace for the time being. Is there anything we can do to make them safe enough to use? 

And that leads to a broader conversation about the relationship between AI model providers and the cybersecurity community. In the wake of some high-profile attacks using AI models—like the spy ring Anthropic busted—cybersecurity pros are split on whether AI vendors are pulling their weight in threat intel circles. This one has it all: spam bombing, social engineering and malicious virtual machines. 

All that and more on Security Intelligence.  

00:00 – Introduction 

01:14 -- Gartner: No AI browsers at work 

13:38 -- Should AI vendors share threat intel? 

23:11 -- MITRE’s top 25 most dangerous software flaws 

33:15 -- Are social logins safe? 

41:54 -- Bring-your-own-VM attacks 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about cybersecurity → https://www.ibm.com/think/security 

Just how big a deal is React2Shell? Depending on who you ask, it’s either a Log4Shell-level event or just another average, everyday application security vulnerability. Patch and move on. 

This week, on Security Intelligence, panelists Sridhar Muppidi, Claire Nuñez and Ian Molloy weigh in on the contentious debate React2Shell has sparked. However it shakes out, one thing is for sure: The response to this vulnerability has been anything but typical. 

We also dive into: 

13:01 -- Whether malicious LLMs like WormGPT live up to the hype 

23:40 -- How hackers can lock you out of your Gmail account by changing your age 

34:09 -- What happens when two different threat actors attack you at the same time 

42:37 -- Why cybersecurity pros should care about solar radiation grounding 6,000 flights 

All that and more on Security Intelligence. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Being a malware reverse engineer isn’t always glamorous work. You spend a lot of time digging through junk emails.  

But when you find something in there—well, that’s a whole different story.  

On this episode of Security Intelligence, X-Force Malware Reverse Engineer Raymond Joseph Alfonso tells us about the time he discovered a curious new malware loader in the honeypot. And that leads to a bigger conversation about how hackers hide malicious code from view—and some of the new techniques they’re cooking up to stay hidden. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about QuirkyLoader → https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader  

 Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence 

Do you think you’re too smart to fall for a Black Friday scam? Generative AI might knock you down a few pegs. On this episode of Security Intelligence, host Matt Kosinski and panelists Suja Viswesan, Dave McGinnis and Nick Bradley discuss how threat actors are using AI to turbocharge holiday scam season. Plus:

- IBM X-Force makes malware research tools public

- The dark web job market is thriving

- AI fraud schemes are getting quite elaborate

And the story of an enterprising insider threat who tried to turn his employer’s wind turbines into cryptojacking machines. Spoiler: He got caught.

00:00 – Introduction

02:45 – Holiday scam season

13:37 – X-Force malware research tools

19:47 – Dark web jobs report

24:41 – Factory finds an AI fraud ring

31:48 – Cryptojacking wind turbines

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Learn more about cybersecurity → https://www.ibm.com/think/security

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Learn more about the X-Force Malware Threat Research GitHub → https://www.ibm.com/think/x-force/introducing-x-force-malware-threat-research-public-github-repository

Anthropic says it disrupted a nearly fully autonomous espionage campaign carried out by AI agents. But some cybersecurity pros are skeptical of the framing.

On the latest episode of Security Intelligence, host Matt Kosinski is joined by Ryan Anschutz, Evelyn Anderson, Seth Glasgow and Mixture of Experts podcast fixture Chris Hay to dig into Anthropic’s report and the range of responses to it. Plus: The newest OWASP Top 10 is here, the ransomware landscape is cracking up and does cyber insurance just encourage hackers? All that and more on Security Intelligence.

00:00 -- Introduction

01:29 -- Anthropic’s AI spy ring bust

15:44 -- OWASP Top 10 2025

24:41 -- Small ransomware gangs

33:45 -- Is cyber insurance worth it?

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Earlier this week, OpenAI dropped GPT-5.4-Cyber, a “cyber-permissive” variant of GPT-5.4 .   

Basically: It's lets you do some things in the name of security research and defense that you can’t normally do with a regular GPT model.  

But you have to prove you’re a cybersecurity pro with good intentions to get access. 

On this bonus episode of Security Intelligence, Jeff Crume and Martin Keen join host Matthew Kosinski to break down what the new model means for cybersecurity and the big picture trends driving the evolution of LLMs.  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

#GPT-5.4Cyber #OpenAI #AISecurity

Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence 

Where does that leave the rest of us, who don’t get to tinker with perhaps the most advanced model yet? 

This week on Security Intelligence, Sridhar Muppidi, Michelle Alvarez, and Dustin “EvilMog” Heywood join host Matt Kosinski to discuss what Mythos and Glasswing really mean for the average security pro.  

How much is hype? How much is the real deal? And how could this limited release backfire? 

Then: The FBI’s 2025 Internet Crime Report saw scam losses jump 26%, and Accenture found a 127% increase in malicious hackers trying to recruit the employees of their targets.  

All that and more on Security Intelligence. 

00:00 – Intro 

1:22 -- Claude Mythos and Project Glasswing 

12:26 -- The 2025 Internet Crime Report 

20:19 -- Attackers recruiting more insiders 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Read more about AI raising cybersecurity stakes → https://www.ibm.com/think/news/anthropic-claude-ai-mythos-project-glasswing-raises-stakes-cybersecurity  

Follow the Security Intelligence podcast on your preferred platform →  https://www.ibm.com/think/podcasts/security-intelligence 

What happens when one of the world’s most popular AI coding tools falls into the wrong hands? 

On this episode of Security Intelligence, Nick Bradley, Dave Bales and JR Rao discuss the Claude Code source code leak. Attackers are already using the opportunity to spread malware through fake repos, but the real question is how threat actors might use their newfound knowledge of Claude Code’s internals to wreak havoc on AI agents and the CI/CD pipeline. 

Then, we follow up on our old friends TeamPCP, Shiny Hunters and Lapsus$, whose overlapping data breach claims are causing no small amount of confusion and consternation among security pros. We examine the credential rotation problem and the uneven security surface of modern supply chains that helped get us in this mess. 

Plus: Threat intelligence usually focuses on attacks that did happen. But what if we started talking about the ones that didn’t? And do cybercriminals have anything to teach us about “mature” AI adoption? Some big names seem to think so. 

All that and more on Security Intelligence. 

Segments: 

00:00 – Introduction

1:12 -- The Claude Code leak 

11:19 -- TeamPCP’s breach spree 

21:21 -- “Close-call” databases  

29:28 -- Cybercrime and AI adoption 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Visit the Security Intelligence the podcast page → https://www.ibm.com/think/podcasts/security-intelligence

Explore to securely deploy and operate agentic AI workloads at runtime → https://ibm.webcasts.com/starthere.jsp?ei=1755597&tp_key=10f0b8919a&sti=inbound

Learn more about solving agentic AI identity and access gaps → https://www.hashicorp.com/en/blog/agentic-runtime-security-solving-agentic-ai-identity-and-access-gaps

LiteLLM is a nifty little Python library that gives you access to about 100 different AI services through one API. It gets an estimated 3.4 million downloads a day. 

And last week, it was turned into a Trojan horse, distributing infostealers to hundreds of thousands of devices. (At least, that’s what TeamPCP says—the hackers behind the LiteLLM breach and a slew of other high-profile software supply chain attacks in recent weeks.) 

Quote Andrej Karpathy: This is “basically the scariest thing imaginable in modern software.” 

On this episode of Security Intelligence, Suja Viswesan, Dave McGinnis and Jeff Crume help us break down the LiteLLM breach and the broader campaign TeamPCP is waging. 

We’re also joined by HashiCorp Field CTO Jake Lundberg in the first segment for a discussion of how organizations are trying—with varying degrees of success—to tackle the agentic AI problem.  

AI agents are identities—but identities our existing frameworks weren’t built to house. Simply porting existing human and non-human identity management practices onto them won’t cut it. 

But the question remains: What do we need instead? 

All that and more on Security Intelligence. 

Segments 

00:00 -- Intro 

1:13 -- Who will fix AI agent security?  

21:17 -- RSAC 2026 Recap  

29:31 -- 2026's most dangerous cyberattacks  

40:45 -- The LiteLLM breach  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Most cybersecurity pros only run into cryptocurrency when they’re dealing with ransomware gangs demanding payouts in Bitcoin.  

But what if crypto infrastructure were more than just a means of money laundering? 

In this episode of IBM’s Security Intelligence podcast, X-Force threat intelligence consultant Austin Zeizel makes the case that blockchain — the decentralized ledger underlying many cryptocurrency systems — has powerful, largely untapped applications for cybersecurity. In fact, Austin makes a pretty convincing argument that blockchain could be the key to a genuinely zero trust architecture. 

We also get into how cybercriminals actually exploit cryptocurrency — coin mixers, non-KYC exchanges, the pseudonymous nature of Bitcoin — and why understanding those mechanics matters for defenders. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

Someone finally cracked the Xbox One after 13 years. Here’s why security pros should care.

On this episode of Security Intelligence, panelists Ian Molloy, Seth Glasgow and Kimmie Farrington discuss the Xbox One hack presented at RE//verse 2026. More than just a neat story of one hacker’s ingenuity, there are some important takeaways for practitioners here.

But before that, we get into promptware, a new model for understanding attacks on LLMs that goes beyond the basics of prompt injections. Formulated by a handful of prominent cybersecurity researchers, including Bruce Schneier, promptware urges defenders to start thinking about the full AI attack kill chain, not just the front door.

Then we dive into a new analysis of cloud attack trends from IBM X-Force's Omari Jones, which finds that cybercriminals are targeting cloud ecosystems rather than cloud infrastructure. How do we need to shift our own mindsets to counter this?

Meanwhile, Google Threat Intelligence Group and Coveware find ransomware gangs increasingly ditching their flashy external tools in favor of PowerShell and other built-in system utilities—making detection significantly harder.

And Chuck Everette's Dark Reading op-ed raises a question that doesn't get enough airtime: With everyone focused on cutting-edge AI tech, what about the downright ancient OT systems and PLCs that underpin large swaths of American critical infrastructure?

All that and more on Security Intelligence.

In this episode:

00:00 – Introduction

1:01 -- From prompt injection to promptware

11:15 -- Cloud security trends 2026

19:59 -- Ransomware attackers live off the land

28:53 -- OT security: cybersecurity’s “rusting edge”

34:41 -- The Xbox One hack

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Cloud attacks are evolving: What 2025 trends mean for defenders in 2026 → https://www.ibm.com/think/x-force/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026

Listen to our latest episode, Can IAM handle AI? →  https://www.ibm.com/think/podcasts/security-intelligence/ai-agent-access-problem-iam-handle-ai  

Does your AI agent talk too much? It’s not just an annoying habit—it’s a security concern. 

On this episode of Security Intelligence, Sridhar Muppidi, Claire Nuñez and Dave Bales join me to discuss Guardio’s research into “agentic blabbering,” and how attacks can use an agent’s reasoning process against it.  

In experiments with the agentic Perplexity Comet browser, Guardio researchers were able to design foolproof phishing websites just by listening to agent’s running monologue as it traversed the web.  

What does it mean for agentic security when sophisticated AI reasoning processes can be weaponized? 

Then, we chat about Microsoft Azure CTO Mark Russinovich’s discovery that Claude Opus can reverse engineer 40-year-old (practically ancient, by software standards) code. Did AI just expand the attack surface to include every compiled binary ever written? 

Plus: Contrast Security CISO David Lindner claims that shift left has failed. Dramatic increases in the exploitation go vulnerable code—confirmed by the IBM Threat Intelligence Index 2026, among many other reports—suggest he might be onto something. But is there more to the story? 

And, finally, we dig into two new pieces of research from IBM X-Force: One about a new piece of AI-generated malware, and another about reframing how we think about authentication.  

All that and more on Security Intelligence. 

00:00 -- Introduction 

1:19 -- Perplexity Comet’s “agentic blabbering” 

13:06 -- AI resurrects old vulnerabilities 

21:28 -- Did shift left fail? 

30:05 -- AI slop and the post-auth perimeter 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Read more about “Slopoly” → https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks