Threat Talks - Your Gateway to Cybersecurity Insights

Threat Talks

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

  1. Why Do You Trust Your AI Agent?

    3 days ago

    Why Do You Trust Your AI Agent?

    Agentic AI is powerful, and someone recently found that out the hard way when an AI tool, given free rein with a user’s own permissions, deleted her entire mailbox. That cautionary tale opens this Threat Talks Deep Dive, where host Lieuwe Jan Koning talks with Rob Maas, Field CTO of ON2IT, about what Zero Trust looks like when the thing you’re securing is an AI agent. Drawing on Rob’s recent blog post (and the Zero Trust pillars shared by CISA and Forrester’s Zero Trust eXtended framework), they work through each pillar in turn. The recurring theme is “just-in-case” privileges: the broad access we hand humans on the assumption they’ll use judgment. Agents have no such judgment. Give one an intent and it will use everything it has to reach the goal, and it can spin up parallel instances to get there faster. Across Identity, Devices, Network, Applications & Workloads, and Data, Rob makes the case for: Non-human identities with just-in-time, quickly-rotated privileges, so a leaked token can’t be reused forever.Tightly constrained execution environments (VM, container, serverless) that only touch what the agent truly needs.Identity-based network segmentation, so an agent working with CRM data can never reach the financial system.Allow-listed MCP tooling, because tool sprawl is the new shadow IT.New data controls for a world where everything (prompts, retrieval, documents) is data flowing to and from a model.He’s candid about the gaps, too: there’s no generic “AI firewall” yet, prompt injection has no guaranteed fix, and the hardest control points now live in the details of how individual developers configure their tools. The optimistic note: because agent-to-model and agent-to-agent calls can be logged, you can actually see what an agent is doing, an advantage over the opacity of the human mind. The episode closes on what’s still missing and a clear first step for any organization: get an overview of every agent and MCP server in use, and the access each one has. Threat Talks is a podcast by ON2IT cybersecurity and AMS-IX. New episode every Tuesday. Follow Threat Talks to stay up to date on the topic of cybersecurity.

    24 min
  2. Mythos is not the AI Apocalypse

    23 Jun

    Mythos is not the AI Apocalypse

    Mythos found a 23-year-old vulnerability in FreeBSD that no human team had caught. Your 30-day patch cycle assumes years before it gets weaponized. Today that window is one day. Next year it will be one hour. Lieuwe Jan Koning, Co-founder & CTO at ON2IT, sits down with Rob Maas, Field CTO at ON2IT, to break down what Anthropic's Mythos actually found, why the public release (Fable) still frustrates security professionals, and whether the FABLE framework gives defenders a realistic path forward. Rob's verdict: there is truth in what Anthropic claims. It is not as catastrophic as the marketing suggests. But if your fundamentals are not in place, the time to fix that is now. 00:00:00 Introduction00:00:46 What is Mythos? From Project Glasswing to Fable00:03:13 What Mythos actually found: FreeBSD, Palo Alto, real patches00:05:57 The zero-day clock: from years to one hour00:09:00 The FABLE framework and the CSA "Mythos Ready" paper00:15:24 Authentication, segmentation, and egress filtering00:20:51 Myth or reality: Rob's verdict Subscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques. 🔔 Follow and Support our channel! 🔔===► YOUTUBE:    / @threattalks► SPOTIFY: https://open.spotify.com/show/1SXUyUE...► APPLE: https://podcasts.apple.com/us/podcast... 👕 Receive your Threat Talks T-shirthttps://threat-talks.com/ 🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    22 min
  3. What about Iran? One Word Document, Three Backdoors

    16 Jun

    What about Iran? One Word Document, Three Backdoors

    Every big nation state has a cyber army: China, Russia, the US, Europe. But what about Iran? Meet Boggy Serpens, a group tied to Iran’s civilian intelligence service whose entire business is breaking in and staying in, then handing the keys to whoever strikes next. Their playbook, Operation OLALAMPO, needs just one booby-trapped Word document to plant three separate backdoors on your network. A Telegram-bot command channel that hides inside everyday encrypted chat traffic, a Rust “Ghost” backdoor built to defeat analysis, and a legitimate AnyDesk install quietly turned against you.The layered defense for every stage: email and file controls, behavioral EDR, egress policy, threat intel, and Zero Trust segmentation.The twist: why this operation mostly failed, plus the tells that the malware was partly written with AI.Filmed live at the ON2IT SOC, host Lieuwe Jan Koning runs a red team vs blue team session with analysts Yuri Wit, the “proxy Iranian” attacker, and Rob Maas on defense. Watch the full episode to see each move, and the exact control that stops it. 🔗 Episode resources, transcript and show notes: https://threat-talks.com 🎙️ Subscribe to the podcast on Spotify, Apple Podcasts, or your podcast app of choice. Threat Talks is a podcast by ON2IT cybersecurity and AMS-IX. We delve deep into the dynamic world of cybersecurity, one episode at a time. New episode every Tuesday. Chapters (paste into YouTube description) 00:00 Every nation state has a cyber army: what about Iran?00:21 Meet the guests: Yuri (red team) and Rob (blue team)01:17 Boggy Serpens and Operation OLALAMPO: Iran's access brokers04:20 Infection via Office macros, and the social-engineering layer07:18 You opened the document: three payloads08:06 Backdoor 1: Telegram-bot command and control12:55 Backdoor 2: the Rust "Ghost" backdoor, and why it's so hard to analyze16:03 Backdoor 3: legitimate AnyDesk, pre-loaded for the attacker17:59 Zero Trust and network segmentation18:59 Did it work? AI tells, and staying vigilant

    22 min
  4. Europe Is Losing the Sea Cable Race

    9 Jun

    Europe Is Losing the Sea Cable Race

    In 2026, 40 new submarine cables go live. Most won't land in Europe. Europe is losing the sea cable race, and most people haven't noticed yet. In this second part of our sea cables conversation, host Peter Ernst sits down with Ernst Noorman, the Netherlands' Cyber Ambassador-at-Large and a member of the ITU Advisory Body on Submarine Cable Resilience, to move from the “how” of sea cables to the “why it matters.” We compare two places that were once called the two hardest spots in the world to build digital infrastructure, Amsterdam and Singapore, and unpack how Singapore solved its crunch with 32 cable landings, five years of zero cable faults, and a green-energy-first tender process, while the Netherlands risks resting on a 30-year-old head start. Along the way: the difference between sovereignty and autonomy, why “always the cheapest option” no longer works, the EU Cyber Resilience Act and security by design, what NIS2 means for boards and CEOs personally, and why Europe needs to stop being modest about Airbus-sized wins. Chapters 00:00 — 40 new cables, most skip Europe00:30 — Meet Ernst Noorman & the ITU advisory body02:00 — The sea cable map is being redrawn04:08 — Why the Netherlands risks losing its head start06:26 — How Singapore solved it: 32 landings, zero faults08:09 — Tax cuts for digital, would Europe ever?08:59 — Sovereignty vs autonomy: it's about choice15:02 — You can't own the whole stack (ASML, Nokia, Ericsson)15:53 — Why “always the cheapest” stops working17:47 — The Cyber Resilience Act & security by design18:51 — The water-from-the-tap analogy19:51 — What boards and CEOs must actually ask25:30 — Back to Singapore: government-led, by design29:39 — The good news: Europe's real strengths36:15 — What needs to happen in the next 3–5 years Threat Talks is a podcast by ON2IT and AMS-IX. Subscribe for more on Zero Trust, cyber resilience, and the infrastructure behind the internet.

    35 min
  5. Russia Cutting Cables?

    2 Jun

    Russia Cutting Cables?

    The headlines say Russia’s shadow fleet is cutting cables. The experts say most faults come from clumsy ship anchors. Ninety-nine percent of global internet traffic runs across the ocean floor, and the conversation about what threatens it is mostly wrong. In this episode of Threat Talks, Peter van Burgel, CEO of AMS-IX, sits down with Ernst Noorman, Cyber Ambassador at Large for the Netherlands and member of the ITU Advisory Board on Submarine Cable Resilience, to separate geopolitical noise from engineering reality, and explain what actually puts global internet connectivity at risk. Timestamps 00:00:00 Introduction 00:00:55 The ITU Advisory Board on Submarine Cable Resilience 00:05:04 Shadow Fleets, Geopolitics, and the Sabotage Myth 00:10:30 Shunts, Faults, and What Actually Breaks Cables 00:15:47 Why Satellite Cannot Replace Submarine Cables 00:17:06 Digital Sovereignty and the Big Tech Cable Takeover 00:28:16 What Every CEO Should Put on the Agenda Key Topics Covered •             Why most submarine cable faults come from anchors, fishing nets, and natural events, not state actors •             How aging repair ships and bureaucratic permitting barriers make restoration slow in most of the world •             Why satellite (including Starlink) cannot replace subsea fiber at any meaningful scale •             How big tech dominance over new cable investment creates digital sovereignty risks for governments and large organizations •             What NIS2 means for CEO accountability on digital infrastructure resilience Related ON2IT Content & Referenced Resources ITU Advisory Board on Submarine Cable Resilience: https://www.itu.int/digital-resilience/submarine-cables/advisory-body/ ICPC (International Cable Protection Committee): https://www.iscpc.org Dutch Cybersecurity Council / CEO manual on NIS2: https://www.cybersecuritycouncil.nl Dutch Cybersecurity Act (NIS2 implementation): https://www.dutchncca.nl/the-cybersecurity-act Threat Talks: https://threat-talks.com/russia-cutting-cables-whos-protecting-it/ ON2IT (Zero Trust as a Service): https://on2it.net AMS-IX: https://www.ams-ix.net/ams Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques. 🔔 Follow and Support our channel! 🔔 ► YOUTUBE: / @threattalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUE… ► APPLE: https://podcasts.apple.com/us/podcast… 👕 Receive your Threat Talks T-shirt https://threat-talks.com/ 🗺️ Explore the Hack’s Route in Detail 🗺️ https://threat-talks.com 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    33 min
  6. Hero Culture and a $1 Million Mistake

    26 May

    Hero Culture and a $1 Million Mistake

    A company skips a security check two days before Black Friday and loses $1 million when transactions land in the wrong bank accounts. A machine learning team is told no on production data access, gets it via SharePoint anyway, and a year later the data is on contractor laptops nobody can account for.  Two stories, one pattern: when security blocks, the risky work doesn’t stop – it just happens without you. Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on the prevention paradox, why a “no” from the CISO is an illusion of control, and how a technical security team turns into a business partner instead of a roadblock.  Timestamps 00:00:00 Introduction 00:01:55 The $1 million Black Friday story 00:04:14 Hero culture rewards shipping, not prevention 00:06:55 The prevention paradox 00:08:00 NIS2 and executive accountability 00:09:00 Avoiding the Department of No 00:12:18 Production data on contractor laptops 00:16:13 The technical CISO as business partner Key Topics Covered Why hero culture quietly trains organizations to bypass security under deadline pressureThe prevention paradox: why the person who avoids a loss never gets the creditWhat happens after a CISO says no: shadow workflows, friendly handovers, and data on laptops nobody ownsWhat a counter-proposal in risk-based language gets you that a flat refusal does notRelated ON2IT Content & Referenced Resources Aplite GmbH: https://aplite.dePrevious Threat Talks with Sina Yazdanmehr (Security Culture part 1): https://youtu.be/1JnAsXDCKzM?si=qFlMxC617E30U1dWPrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=wBodTl_nY1wPrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=fBwdGXf-0dYThreat Talks: https://threat-talks.com/ON2IT (Zero Trust as a Service): https://on2it.net/AMS-IX: https://www.ams-ix.net/amsSubscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.  🔔 Follow and Support our channel! 🔔 === ► YOUTUBE:    / @threattalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUE... ► APPLE: https://podcasts.apple.com/us/podcast...  👕 Receive your Threat Talks T-shirt https://threat-talks.com/  🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com  🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    20 min
  7. When Compliance Replaces Security

    19 May

    When Compliance Replaces Security

    A SaaS company buys enterprise ChatGPT for 800 staff and strangely only uses 30 seats. A corporate signs annual risk exemptions for five years until the exception list itself is mistaken for a working security process. Same root cause, two symptoms. Compliance is not security. Security culture is company culture. If your employees do not trust their managers, no policy you write will save you. Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on why security policy depends on trust, why a signed risk acceptance is a legal act, and what a leadership cadence on security communication actually looks like. Timestamps 00:00:00 Introduction00:02:20 When risk exceptions become culture00:07:50 Turning a five-year exemption list around00:09:07 Working with auditors instead of around them00:13:14 The trust gap: enterprise tools and personal accounts00:19:27 Security culture is company culture00:22:21 Wrap and what is next Key Topics Covered Why employee trust in management determines whether any security policy landsHow sanctioned enterprise tools, AI included, quietly fail when context and trust are missingThe legal weight of a signed risk acceptance, and why most managers treat it as paperworkWhat a working leadership cadence on security communication actually looks likeRelated ON2IT Content & Referenced Resources Aplite GmbH: https://aplite.dePrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=wBodTl_nY1wPrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=fBwdGXf-0dYThreat Talks: https://threat-talks.com/ON2IT (Zero Trust as a Service): https://on2it.net/AMS-IX: https://www.ams-ix.net/amsSubscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.  👕 Receive your Threat Talks T-shirt https://threat-talks.com/  🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com  🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    23 min
  8. The Agent Problem

    12 May

    The Agent Problem

    Your AI agents are users now. They have your permissions. They read your email. They send messages. And they act on instructions that anyone with an internet connection can drop into your inbox. In this episode of Threat Talks, Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Jack Cable, CEO and Co-founder of Corridor and former lead of Secure by Design at CISA, to walk through the “lethal triangle” (the three conditions that turn helpful AI into a breach vector) and what CISOs should be doing right now, before the technology runs further ahead of the controls. Timestamps 00:00 – 01:36 Cold Open: The User Inside Your Software 01:36 – 04:23 What Agentic AI Actually Is 04:23 – 07:20 The Lethal Triangle: Three Conditions for a Breach 07:20 – 10:05 Why Prompt Injection Has No Fix Today 10:05 – 14:09 Sanctioning Agents Without “Allow Fatigue” 14:09 – 18:45 OpenClaw: Should Your CISO Authorize It? 18:45 – 21:17 Sandboxing, Sub-Agents, and What to Do Right Now Key Topics Covered The “lethal triangle” – sensitive access, untrusted input, and the ability to take unapproved actions – and why every basic email agent already breaks all three rulesWhy prompt injection cannot be reliably solved by another LLM, and why deterministic guardrails (sandboxing, allow-lists, human-in-the-loop) are the only durable answer todayWhy “allow, allow, allow” fatigue makes per-action approvals largely theatrical, and why routing approvals through a separate model is a real, if partial, improvementWhy Jack Cable’s CISO answer on OpenClaw and similar general-purpose agents today is short: don’t authorize (and what to deploy in its place)

    21 min

About

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

You Might Also Like