Security Intelligence Podcast

IBM

Security Intelligence is a weekly news podcast for cybersecurity pros who need to stay ahead of fast-moving threats. Each week, we cover the latest threats, trend, and stories shaping the digital landscape, alongside expert insights that help make sense of it all. Whether you’re a builder, defender, business leader or simply curious about how to stay secure in a connected world, you’ll find timely updates and timeless principles in an accessible, engaging format. New episodes weekly on Wednesdays at 6am EST.

  1. 14 HRS AGO

    OpenAI’s Daybreak and Mistral’s Mythos competitor 

    Between OpenAI Daybreak, Microsoft MDASH and Mistral’s Mythos competitor, it’s been a big week for AI-powered vulnerability management. But are these tools all they’re cracked up to be? This week on Security Intelligence, Nick Bradley, Diego Matos Martins and Nikki Robinson discuss three bold moves in the AI vulnerability scanner space: OpenAI unveiled Daybreak, its frontier AI for cyber defense program, Microsoft revealed its multi-agent vulnerability hunting system, MDASH, and French AI startup Mistral is reportedly building its own cybersecurity-focused model to fill the gap left by the lack of access to Anthropic’s Mythos in Europe. Speaking of Mythos: curl developer Daniel Stenberg got to try it himself (sort of), and his verdict was measured, to put it kindly. But despite this—and the fact that AI slop reports drove curl to shut down bug bounties earlier this year—Stenberg is far from anti-AI. We dig into why. Finally: TeamPCP released the source code for Shai-Hulud, the notorious worm behind a surge of npm supply chain attacks. They're even running a dark web contest to crowdsource new attack variants. What’s it all mean for defenders? All that and more on Security Intelligence. Segments: 00:00 -- Intro 1:17 -- Daybreak, MDASH and Mistral 11:31 -- Curl dev tries Mythos 20:57 -- Shai-Hulud goes open source The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

    30 min
  2. LLMjacking: How hackers steal your AI API keys and stick you with the bill

    MAY 13

    LLMjacking: How hackers steal your AI API keys and stick you with the bill

    AI tools can turn a team of three developers into a fully functioning company. They can also push that company to the brink of bankruptcy. On this week’s Security Intelligence, we talk LLMjacking: Hackers steal your AI API keys and then rack up massive bills, even blowing past usage caps in some cases. One small startup saw its typical bill balloon from $180 a month to $82,000 in two days. We chat about what makes AI API keys vulnerable and how we can tighten our defenses to keep these vital credentials safe. Then we get into how AI is transforming adversary simulation and red teaming, and why the human is still the most important part of the loop. Finally, CISA is considering cutting the federal patch window from two weeks to three days. Can we actually move that fast? Segments: 00:00 – Intro 1:15 -- What is LLMjacking? 12:29 -- AI and adversary simulations 22:09 -- Can we patch faster? The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

    31 min
  3. Claude Security’s public beta, OpenAI’s five-point plan and cybersecurity’s Y2K moment

    MAY 6

    Claude Security’s public beta, OpenAI’s five-point plan and cybersecurity’s Y2K moment

    Between Mythos, GPT-5.4-Cyber, Claude Security’s public beta and OpenAI’s new five-point plan for cyber defense, it seems like cybersecurity is top of mind for the major AI players today. Why—and why now? On this week’s episode of IBM Security Intelligence, Dustin “EvilMog” Heywood, Omari Jones and Kimmie Farrington discuss what CrowdStrike has called “cybersecurity’s Y2K moment.” As the major AI players roll out security-focused solutions—and sophisticated AI tools are weaponized by threat actors—we need all-hands on deck to avert disaster. But will we? Plus: The Coalition for Secure AI’s framework for AI identities and Copy Fail, a newly discovered Linux flaw with a potentially massive blast radius. All that and more on Security Intelligence. Segments: 00:00 -- Intro 1:11 - Cybersecurity’s Y2K moment 10:52 -- Framework for AI identity 22:23 -- Copy Fail The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

    30 min
  4. Is open source safe? Featuring Mixture of Experts

    APR 29

    Is open source safe? Featuring Mixture of Experts

    Is open source good? Bad? Some secret third thing? Is this a silly question to even ask? In this special crossover episode of Security Intelligence and Mixture of Experts, we bring together AI and security experts to address one of the thorniest questions in tech right now: How do you enjoy the unique benefits of open source AI while managing its very real risks? MoE stalwarts Gabe Goodhart and Martin Keen join SI all-star Jeff Crume to dig into: Why open source is foundational to AI innovation Security concerns of both proprietary and open source AI infrastructure The difference between "secure" and “securable” And a whole lot more! Along the way, we hash out a robust, nuanced picture of the relationships between AI, security and open source. Go beyond the buzzwords to what really matters on this week’s episode of Security Intelligence. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

    25 min
  5. Web of lies: What’s real and what’s fake on the dark web

    APR 29

    Web of lies: What’s real and what’s fake on the dark web

    We’ve all heard tales of what lurks on the dark web. Black markets dealing in contraband. Roving criminal gangs. Troves and troves of private data for sale. Much, much worse. Thankfully, most of it’s fake. The real trouble is figuring out what isn’t. In this episode of Security Intelligence, Senior Threat Intelligence Analyst Robert Gates helps us untangle the web of lies that cybercriminals spin on the dark web—the lies they tell their victims, their customers, and even themselves. By walking us through a few real-world investigations—including a panicked airline that thought it had been breached and the still-unsolved case of a hacker who may or may not have stockpiled millions of sensitive records—Robert shows us how threat intelligence experts and cybersecurity pros separate fact from fiction. The dark web can be your most reliable early warning system. But only if you know how to use it. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

    11 min
  6. Should you let OpenClaw pen test your system? Plus: Cybersecurity for ephemeral software

    APR 22

    Should you let OpenClaw pen test your system? Plus: Cybersecurity for ephemeral software

    Learn more about how enterprises confront agentic attacks → https://newsroom.ibm.com/2026-04-15-ibm-announces-new-cybersecurity-measures-to-help-enterprises-confront-agentic-attacks Sophos let OpenClaw run wild on its network (sort of). It wasn’t as bad an idea as it sounds! With a few guardrails and restrictions in place, the security software firm turned OpenClaw into a serious little pen tester, surfacing “23 actionable, high-quality findings.” But is this a sustainable model for introducing AI agents to the security process? And how do we deal with the inevitable friction between a model meant to find exploits and the guardrails telling it to do no harm? This week, host Matt Kosinski and panelists Claire Nuñez, Dave McGinnis and Kimmie Farrington discuss the wisdom and folly of letting an AI agent pen test your system. Plus: We dig into Bruce Schneier’s thoughts on “security in the age of instant software” and a report from CipherCue that ransomware is growing three times faster than security spending. All that and more on Security Intelligence. Segments: 00:00 – Intro 1:07 -- OpenClaw as a pen tester 14:23 -- Cybersecurity for instant software 25:36 -- Ransomware outpaces security spending The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

    36 min
  7. GPT-5.4-Cyber: What you need to know

    APR 16

    GPT-5.4-Cyber: What you need to know

    Earlier this week, OpenAI dropped GPT-5.4-Cyber, a “cyber-permissive” variant of GPT-5.4 . Basically: It's lets you do some things in the name of security research and defense that you can’t normally do with a regular GPT model. But you have to prove you’re a cybersecurity pro with good intentions to get access. On this bonus episode of Security Intelligence, Jeff Crume and Martin Keen join host Matthew Kosinski to break down what the new model means for cybersecurity and the big picture trends driving the evolution of LLMs. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

    12 min
  8. Claude Mythos: Marketing hype or the end of cybersecurity?

    APR 15

    Claude Mythos: Marketing hype or the end of cybersecurity?

    Anthropic says its newest AI model, Claude Mythos, has found thousands of zero-day vulnerabilities across every major OS and web browser. It's so powerful, they won't release it publicly. Instead, they’re restricting access to a handful of trusted partners, who get to experiment with Mythos through a new initiative called Project Glasswing. Where does that leave the rest of us, who don’t get to tinker with perhaps the most advanced model yet? This week on Security Intelligence, Sridhar Muppidi, Michelle Alvarez, and Dustin “EvilMog” Heywood join host Matt Kosinski to discuss what Mythos and Glasswing really mean for the average security pro. How much is hype? How much is the real deal? And how could this limited release backfire? Then: The FBI’s 2025 Internet Crime Report saw scam losses jump 26%, and Accenture found a 127% increase in malicious hackers trying to recruit the employees of their targets. All that and more on Security Intelligence. Segments: 00:00 – Intro 1:22 -- Claude Mythos and Project Glasswing 12:26 -- The 2025 Internet Crime Report 20:19 -- Attackers recruiting more insiders The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Read more about AI raising cybersecurity stakes → https://www.ibm.com/think/news/anthropic-claude-ai-mythos-project-glasswing-raises-stakes-cybersecurity Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

    30 min
See All (43)

About

Security Intelligence is a weekly news podcast for cybersecurity pros who need to stay ahead of fast-moving threats. Each week, we cover the latest threats, trend, and stories shaping the digital landscape, alongside expert insights that help make sense of it all. Whether you’re a builder, defender, business leader or simply curious about how to stay secure in a connected world, you’ll find timely updates and timeless principles in an accessible, engaging format. New episodes weekly on Wednesdays at 6am EST.

Information

You Might Also Like