The Secure Disclosure

Mackenzie Jackson

Cyber, Sake, News, Research and more The Disclosure is a weekly cybersecurity podcast that brings the latest in news, research, and leaders into a 45-minute podcast. Hosted by Mackenzie Jackson, we bring new guests each week to share their research and expertise in the space.

  1. AI Slop Is Killing Bug Bounties

    2 HR AGO

    AI Slop Is Killing Bug Bounties

    AI is overwhelming bug bounty programs with convincing but useless reports — and some major projects are shutting theirs down entirely. In this week’s news brief, we break down the economics behind “AI slop,” why curl pulled the plug on its program, and what this means for ethical hackers. Then we revisit OpenClaw, where security researchers are shifting from criticism to collaboration — and even VirusTotal is stepping in. Is AI breaking security… or reshaping it?

    13 min

  2. 1 DAY AGO

    Can AI Really Fix Security Bugs? Inside Modern Autofix Systems | Frederick Ryckbosch

    AI is transforming application security, not just by finding vulnerabilities but by fixing them safely. In this episode, sit down with Frederick Ryckbosch and dive into how AI understands code flow, remediates real security issues, and builds trust through testing and feedback loops. A practical look at autofix, dependencies, and the future of secure software development.Read more about AI Autofix: https://www.aikido.dev/features/autofixVideo chapters00:00 Introduction to AI and Application Security02:00 Where AI Is Actually Useful in Security04:10 Understanding Code Flow and Real Vulnerabilities07:10 Can AI Safely Fix Security Issues?10:35 Building Trust With AI Autofix and Feedback Loops12:15 Autofixing Dependencies and Breaking Changes17:55 Trust, Risk, and Guardrails for AI Systems20:35 The Future of Coding With AI

    29 min

  3. 6 DAYS AGO

    OpenClaw & ClawHub Is a Malware Nightmare: Inside the AI Agent Supply Chain Crisis

    OpenClaw is a powerful new open-source AI agent — and a massive security risk. In this episode, security researcher Paul McCarty joins the show to break down how ClawHub, OpenClaw’s skill registry, is already flooded with malware. We explore how 386 malicious skills were discovered, why AI agents are more dangerous than traditional package managers like npm, how attackers are gaming download stats, and why basic security controls are missing. Plus, updates on the Notepad++ supply chain attack, the Coinbase breach fallout, and a shocking case where penetration testers were prosecuted for doing their jobs.Follow Paul on Social Media - https://www.linkedin.com/in/mccartypaul/Reads Pauls Article on ClawHub - https://opensourcemalware.com/00:00:00 OpenClaw and the Rise of AI Agent Security Risks00:02:14 ClawHub Skills Explained and How Malware Spreads00:03:47 386 Malicious Skills and Real-World Attack Techniques00:06:16 Why OpenClaw Could Be More Dangerous Than npm00:12:16 Gaming Downloads and Making Malware Look Legit00:14:38 How to Secure AI Agent Ecosystems and Use Them Safely

    28 min

  4. 3 FEB

    The Security Risk Hiding in AI w/ Matthias Feys

    In this episode of Cyber and Saki, Mackenzie sits down with AI expert Matthias Feys from ML6 to chat about how artificial intelligence has gone from niche machine learning projects to the generative AI explosion we see everywhere today. They dig into what’s changed over the last decade, why tools like ChatGPT have been such a game changer, and what people still get wrong when they treat AI as a magic solution for everything. The conversation also covers the security side of AI, why you shouldn’t blindly trust these models, and where Matthias is most excited about AI making a real impact, especially in the “boring work” that can finally be automated. To wrap things up, Mackenzie throws in a hilarious round of “Would You Rather” questions, including vibe coding, AI hackers, and the future of super-intelligence. A thoughtful, funny, and practical look at where AI is headed, and how we can use it responsibly along the way.

    38 min
  5. News Brief: Inside the Honey Browser Extension Scandal with The Engineer Who Broke It Open

    29 JAN

    News Brief: Inside the Honey Browser Extension Scandal with The Engineer Who Broke It Open

    In this episode of Secure Disclosure, we go behind the scenes of the infamous Honey browser extension scandal with special guest J3lte, the engineer who uncovered the data that helped expose what was really happening. From affiliate link manipulation to massive user tracking across thousands of stores, J3lte breaks down how he reverse-engineered Honey, what he discovered, and why browser extensions can be far more dangerous than most people realize. Stay tuned for the untold technical story behind one of the biggest consumer security scandals online. Follow J3lte - https://x.com/j3lte Original Videos from MegaLag 1st Video https://www.youtube.com/watch?v=vc4yL3YTwWk 2nd Video https://www.youtube.com/watch?v=wwB3FmbcC88 3rd Video https://www.youtube.com/watch?v=qCGT_CKGgFE Other videos covering the scandal (that are awesome) The PrimeTime - https://www.youtube.com/watch?v=_acTMUmdY9M Marques Brownlee - https://www.youtube.com/watch?v=EAx_RtMKPm8 News Links ClawdBot VS Extensions Malware https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware Contagious Interview Link: https://opensourcemalware.com/blog/contagious-code-fake-font Chapters 00:00 – The Honey Scandal Returns 02:11 – Users, Merchants, and Hidden Coupon Abuse 03:36 – Meet J3lte: The Engineer Behind the Investigation 05:07 – Discovering 180,000 Stores in Honey’s Data 07:11 – Affiliate Links Without Coupons: No Value Provided 09:49 – Why Browser Extensions Are So Hard to Trust 13:54 – Malware Trend: The Fake Claudebot VS Code Extension 15:57 - Contagious Interview Coverage 18:38 - SoundCloud Hack

    20 min
  6. AI is Rewriting Cybersecurity - Guardrails, regulation, and the point of no return w/ Joseph Carson

    27 JAN

    AI is Rewriting Cybersecurity - Guardrails, regulation, and the point of no return w/ Joseph Carson

    Social engineering and phishing are evolving fast, and AI is making attacks harder to spot and quicker to scale. Joseph Carson joins the show to break down the biggest risks for defenders, from deepfakes and perfect-language phishing to rapid data analysis and malware that adapts in real time. The conversation also explores guardrails, regulation, and what AI can and cannot do well, plus a quick round of security themed “Would you rather” questions.Links: Linkedin: https://www.linkedin.com/in/josephcarson/Sponsored Link: https://www.aikido.dev/Chapters00:00 Intro: AI makes phishing harder to detect00:00:28 Welcome and Joe’s background00:01:29 Biggest risks: deepfakes and phishing at scale00:03:03 AI speeds up analysis of stolen data00:04:25 Lower barrier to entry and faster attacker learning00:05:31 Malware and campaigns adapting in real time00:06:28 Why “bad grammar” is no longer a phishing tell00:08:16 Can AI be creative, or is it just probability00:12:56 Guardrails, regulation, and the EU vs US vs China approaches00:29:30 Would you rather: security tradeoffs and tool choices#podcast #thesecuredisclosure #cybersecurity

    33 min

  7. 16/12/2025

    From GitHub Actions to Job Markets: The Real State of Cybersecurity

    AI is creeping into every part of software development — including CI/CD pipelines — and attackers are already abusing it.In this episode of the Secure Disclosure Podcast, we break down:A brand-new vulnerability class called Prompt Pwn, where prompt injection inside GitHub Actions can leak secrets and compromise supply chainsA sophisticated malvertising campaign targeting developers via GitHub Pages and Docker HubAnd the reality behind the cybersecurity job market: is there a skills shortage, a hiring freeze, or both?Featuring security researcher Rein Daelman on AI-driven CI/CD risks, and recruiter Barry Prost on how AI is reshaping cybersecurity hiring, skills, and careers.If you care about AppSec, DevOps, supply chain security, or breaking into cybersecurity in 2025, this one’s for you.More information PromptPwn - https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents Guiest Linkedin - https://www.linkedin.com/in/rein-daelman/Rent a Recruiter - https://rentarecruiter.com/Guest LinkedIn Barry Prost - https://www.linkedin.com/in/barryprost/Sponsors Aikido Security - https://aikido.devChapters00:00 – Intro02:00 – AI prompt injection in CI/CD, GitHub Actions, Prompt Pwn12:09 – Sponsor Segment12:59 – Malvertising campaigns targeting devs16:39 – Cybersecurity job market with Barry Prost

    33 min

  8. 09/12/2025

    Shai Hulud The Second Coming & Malware for Hire: The Secure Disclosure Podcast

    In this episode of Secure Disclosure, we break down two major cyber-security incidents shaking the industry.First, researcher Charlie Eriksen joins us to reveal how the Shai Hulud “The Second Coming” worm compromised over 800 NPM packages and triggered 30,000+ secret-filled GitHub repos and why the worm can even wipe your machine when containment fails.Then, we sit down with Jérémy Sicon and Quentin Bourgue from sekoia.io to uncover a highly sophisticated phishing campaign abusing Booking.com accounts using PureRAT malware and a sprawling criminal ecosystem.Subscribe for weekly deep dives into the threats shaping our digital world.00:00 – Introduction01:03 – Shahalude: The Second Coming17:07 – Sponsored Segment (Aikido SafeChain)17:10 – Malware-for-Hire: Booking.com Phishing Operation

    30 min
See All (23)

About

Cyber, Sake, News, Research and more The Disclosure is a weekly cybersecurity podcast that brings the latest in news, research, and leaders into a 45-minute podcast. Hosted by Mackenzie Jackson, we bring new guests each week to share their research and expertise in the space.

Information

  • Creator
    Mackenzie Jackson
  • Years Active
    2025 - 2026
  • Episodes
    23
  • Rating
    Clean
  • Copyright
    © Mackenzie Jackson
  • Show Website
    The Secure Disclosure