Exploited: The Cyber Truth

RunSafe Security

Exploited: The Cyber Truth is a hard-hitting, no-fluff podcast exposing the realities of today’s cyber threat landscape and risks to critical infrastructure. Through candid conversations with top cybersecurity experts, industry leaders, and frontline defenders, the show breaks down recent high-profile vulnerabilities and exploits and covers innovative strategies used to stop them. To keep critical infrastructure safe, defenders need the upper hand. Tune in and get the cyber truth.

  1. The Cyber-Physical Truth: What We Get Wrong About Attacks on Critical Infrastructure

    2d ago

    The Cyber-Physical Truth: What We Get Wrong About Attacks on Critical Infrastructure

    In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joseph M. Saunders and Danielle “DJ” Jablanski, Cybersecurity Consulting Program Lead for Operational Technology at STV and former OT Cybersecurity Strategist at CISA, to examine what defenders often get wrong about attacks on critical infrastructure. With experience across government, threat intelligence, engineering, and industrial environments, DJ explains why sectors like water, rail, energy, and manufacturing require a different way of thinking about cybersecurity. Together, they explore: How cyber-physical risk differs from traditional IT riskWhy attacks can target engineering logic, process variables, and safety systemsThe challenge of securing long-lived OT assets and heterogeneous environmentsHow visibility, asset identification, and segmentation shape OT defenseWhy secure-by-design and secure-by-demand both matterWhy patching alone cannot keep up with distributed critical infrastructure From water systems to transportation networks, this episode breaks down what security leaders, asset owners, OEMs, and operators must understand to stay ahead of cyber-physical threats.

    29 min
  2. You Can’t Patch Your Way Out of This: What Mythos Means for the Future of Cybersecurity

    May 21

    You Can’t Patch Your Way Out of This: What Mythos Means for the Future of Cybersecurity

    In this episode of Exploited: The Cyber Truth, RunSafe Security Founder and CEO Joe Saunders and EVP and CSO Doug Britton join us for a strategic discussion on what Anthropic’s “Mythos moment” means for the future of cyber defense. Joe and Doug explore why AI-driven vulnerability discovery marks a fundamental turning point for enterprises, critical infrastructure, and national security. As AI accelerates the discovery and weaponization of vulnerabilities, traditional patch-and-remediate strategies are becoming increasingly unsustainable, especially for safety-critical and mission-critical systems that cannot be patched quickly or frequently. Together, Joe and Doug examine: Why “find and fix” alone cannot scale in the AI eraHow AI is shifting the balance between attackers and defendersWhy patch timelines are widening as vulnerability discovery acceleratesThe growing need for resilience-based cybersecurityHow organizations can reduce exploitability without rewriting legacy systemsWhy mitigation technologies are becoming essential for critical infrastructure and national security Whether you secure embedded systems, manage cyber risk across critical infrastructure, or lead product security strategy, this episode makes the case for a new approach: one built not around chasing every vulnerability faster, but around ensuring systems remain resilient even when flaws exist.

    29 min
  3. The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System

    May 14

    The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System

    In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, to examine how ransomware, third-party dependencies, and interconnected healthcare infrastructure are shaping cyber risk across the healthcare sector. Drawing on experience spanning DHS, critical infrastructure protection, and healthcare cybersecurity coordination, Garcia explains how disruptions at a single vendor or service provider can cascade across hospitals, pharmacies, insurers, and patients nationwide. Together, they explore: Why healthcare cyber risk is shifting from isolated breaches to systemic disruptionHow ransomware and third-party compromises create cascading operational impactsLessons from the Change Healthcare ransomware attackThe growing challenge of securing connected healthcare systems and medical devicesWhy patching alone cannot keep pace with modern cyber threatsThe role of collaboration and resilience in protecting critical healthcare infrastructure From healthcare providers and medical device manufacturers to policymakers and critical infrastructure leaders, this episode explores what organizations must understand to prepare for the next generation of healthcare cyber threats.

    29 min
  4. Trust at Machine Speed: AI, DevSecOps, and Zero Trust in National Security Software

    Apr 30

    Trust at Machine Speed: AI, DevSecOps, and Zero Trust in National Security Software

    Artificial intelligence is moving faster than the policies, security controls, and acquisition processes designed to govern it—especially in national security environments where preventing failure is mission-critical. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by Nicolas Chaillan, the host of In the Nic of Time and Former DAF CSO, to examine a central question: how do you build trust in systems that operate, adapt, and make decisions at machine speed? Drawing on his experience deploying DevSecOps across the Department of Defense and building large-scale AI platforms, Chaillan offers a direct perspective on what’s working, what isn’t, and where organizations are falling behind. Together, they explore: Why multi-model AI strategies are critical to avoid lock-in and improve outcomesHow AI is accelerating software development, testing, and security workflowsWhere policy and governance are lagging behind technical realityThe risks of restricting access to critical AI capabilitiesWhat zero trust looks like in systems driven by automation and AI From defense systems to software pipelines, this episode examines what it takes to move fast without losing control—and what leaders need to understand as AI becomes embedded across the mission stack.

    34 min
  5. The Invisible Attack Surface: Cybersecurity for Embedded Systems

    Apr 16

    The Invisible Attack Surface: Cybersecurity for Embedded Systems

    Embedded systems power everything from critical infrastructure to defense systems, yet vulnerabilities in those systems often go unseen and unaddressed. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and special guests Mario Zuniga and Matt Janson of MITRE to discuss the “invisible attack surface” lurking within embedded and cyber-physical systems. Drawing on their frontline experience in cyber operations and resiliency engineering, Mario and Matt explain why embedded systems demand a fundamentally different approach to cybersecurity. From limited patching capabilities and long system lifecycles to unique hardware and firmware attack vectors, traditional IT security models fall short in these environments. Together, they discuss: Why embedded systems are often overlooked in cybersecurity strategiesHow attackers exploit firmware, hardware interfaces, and air-gapped environmentsThe challenges of securing systems that must remain operational for decadesThe role of MITRE’s embedded threat matrix (ESTEEM) in mapping adversary behaviorWhy resilience—not just prevention—is key to defending critical infrastructure From industrial control systems to national defense, this episode reveals what it takes to secure the technologies that quietly underpin modern society and why the time to act is now.

    33 min
  6. AI vs. Vulnerabilities: Who Really Wins?

    Mar 26

    AI vs. Vulnerabilities: Who Really Wins?

    Artificial intelligence is transforming cybersecurity but not in the way many expect. While defenders are using AI to accelerate detection, triage, and threat hunting, adversaries are leveraging the same tools to scale reconnaissance, automate exploit development, and dramatically increase the speed of attack. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Joe Slowik, Director of Cybersecurity Alerting Strategy at Dataminr, to discuss one critical question: Does AI actually reduce vulnerability risk or just accelerate the conflict? With a background including MITRE ATT&CK, Dragos, Los Alamos National Laboratory, and U.S. government offensive operations, Slowik offers a dual-lens perspective on how AI is reshaping both sides of cybersecurity. Together, they explore: How AI is increasing the velocity of vulnerability discovery and exploitationWhy attackers may benefit from “good enough” AI outputs, while defenders require precisionThe rise in CVEs and why more vulnerabilities doesn’t necessarily mean worse securityThe growing risk in OT, IoT, and unmanaged edge devicesWhy AI is a powerful tool—not a magic bullet—and what that means for defenders From enterprise security teams to critical infrastructure operators, this episode breaks down what security leaders must understand to stay ahead in an AI-accelerated threat landscape.

    34 min
  7. AI Wrote the Code—Who Owns the Risk?

    Mar 12

    AI Wrote the Code—Who Owns the Risk?

    In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and embedded systems expert Jacob Beningo to explore how AI is changing the software development lifecycle for embedded and firmware teams. Together, they unpack the risks and responsibilities that come with AI-generated code. While AI can accelerate development and automate tedious tasks, it can also introduce defects, expand the attack surface, and create a dangerous illusion of completeness. Unlike human engineers, AI cannot explain intent, reason about long-term system behavior, or take accountability when systems fail. Joe and Jacob discuss how engineering teams can safely integrate AI into development workflows without sacrificing security, reliability, or accountability, especially in systems that must operate safely for years in the field. In this episode, they explore: Why AI-generated code can introduce hidden vulnerabilities and complexityThe accountability challenge: who owns the risk when AI writes the code?How AI output should be treated as untrusted code by defaultWhy rigorous testing, validation, and security reviews still matterPractical ways engineering teams can use AI responsibly in embedded development For engineers, security leaders, and product teams navigating AI adoption in embedded systems, this episode offers practical insights into how to move faster with AI without weakening trust in the systems you build.

    32 min
  8. From NIST to Nation-State: Securing Embedded Systems through Compliance and Trust

    Feb 26

    From NIST to Nation-State: Securing Embedded Systems through Compliance and Trust

    In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Cordell Robinson, CEO of Brownstone Consulting, to explore how security frameworks like NIST 800-53 are evolving from paperwork exercises into real drivers of security maturity. From continuous monitoring and secure-by-design development to Software Bills of Materials (SBOMs) and vulnerability transparency, the conversation examines what it takes to build trust in embedded and operational technology (OT) systems, especially as regulators sharpen their focus and nation-state threats grow more sophisticated. Together, they explore: Why compliance should cover people, processes, and technology—not just policiesHow NIST frameworks are shifting from checklists to operational rigorThe growing importance of SBOMs in supply chain transparencyHow AI is reshaping both cyber defense and attacker capabilityWhat new regulatory pressure (including the EU Cyber Resilience Act) means for manufacturers Whether you build embedded systems, ship software to government agencies, or manage critical infrastructure, this episode offers practical insight into building compliance programs that strengthen security and earn trust.

    33 min
See All (47)

About

Exploited: The Cyber Truth is a hard-hitting, no-fluff podcast exposing the realities of today’s cyber threat landscape and risks to critical infrastructure. Through candid conversations with top cybersecurity experts, industry leaders, and frontline defenders, the show breaks down recent high-profile vulnerabilities and exploits and covers innovative strategies used to stop them. To keep critical infrastructure safe, defenders need the upper hand. Tune in and get the cyber truth.

Information

  • Creator
    RunSafe Security
  • Years Active
    2025 - 2026
  • Episodes
    47
  • Rating
    Clean
  • Copyright
    © 2025 Exploited: The Cyber Truth
  • Show Website
    Exploited: The Cyber Truth