AI Spy

Anurag Mohapatra

Join us in the world of financial crime prevention, where we delve into the powerful synergy of Artificial Intelligence and cutting-edge technology. This podcast brings expert insights, no-nonsense discussions, and deep dives into topics like Anti-Money Laundering, Payments Fraud, and more. Hosted casually and informatively, we invite A-listers from the industry to share their experience and learnings.

  1. Vulnerability Management in the Age of AI

    2d ago

    Vulnerability Management in the Age of AI

    The security community has been sounding alarms about AI infrastructure for two years. BadHost, a critical authentication bypass discovered in May 2026 inside one of the most widely used Python frameworks on the internet, is what that alarm sounds like when it goes off. Dan Fernandez returns to AI Spy to talk about what actually happened, why the official severity rating understates the real risk, and what the broader pattern of 40-plus CVEs against MCP implementations in 2026 alone tells us about how AI infrastructure is being built. This is not a technical deep-dive. It is a practitioner briefing on the vulnerability surface that every organization deploying agentic AI is now sitting on, whether they know it or not. Show Notes Dan Fernandez, cybersecurity practitioner and returning AI Spy guest. Dan has spent his career at the intersection of threat intelligence and enterprise security infrastructure. He returns to AI Spy for his second appearance having previously covered AI as an attack tool. This time the conversation flips: AI infrastructure itself is the attack surface. In this episode: Vulnerability management 101 and what fundamentally changed once AI became load-bearing infrastructure inside organisations, not just a layer on top of themWhy BadHost (CVE-2026-48710), a flaw in the Starlette Python framework used by Netflix, Uber, Microsoft and hundreds of thousands of other projects, carries a severity rating that most practitioners consider a polite fictionHow MCP servers aggregate credentials across every service an AI agent is connected to, and why that makes a single compromised server a portfolio-level exposure eventClaude Mythos found over 10,000 vulnerabilities through Project Glasswing and missed this one. What that tells us about where AI-assisted security tooling is strong and where it has genuine blind spots40-plus CVEs against MCP implementations in 2026 alone. Whether BadHost is an outlier or a pattern in how the AI infrastructure layer is being builtWhat a defensible enterprise posture actually looks like for organisations deploying AI agents, AI-generated code, and MCP-connected systems right now Links and References: BadHost - CVE-2026-48710 Starlette Host-Header Auth BypassDisclosing the BADHOST Vulnerability in Starlette – OSTIF.orgDan Fernández | LinkedIn

    30 min
  2. The Other End of the Wire

    Apr 6

    The Other End of the Wire

    Most of us in fraud prevention have never spoken to someone who has been inside a scam compound. Ling Li has. A Research Fellow at the University of Melbourne with a decade in law enforcement experience and field roles across the ICRC, UNHCR, and the University of Liverpool's Modern Slavery Research Centre, Ling co-authored SCAM: Inside Southeast Asia's Cybercrime Compounds — one of the most rigorous accounts of how these operations actually work. In this conversation, she traces the 30-year lineage of the industry from Taiwan to Fujian to militarized compounds across Cambodia and Myanmar, unpacks the victim-offender overlap that makes conventional law enforcement responses inadequate, and explains how AI has expanded the operational reach of these networks in three specific ways. She also raises an alarm that the current crackdown is generating a new crisis: thousands of survivors stranded without shelter or repatriation support, being recycled back into the same compounds. Fraud is a human problem. This episode is the evidence.In this episode: How Ling discovered the scam compound world in Cambodia in 2022 while researching bride trafficking — and why almost no international organisations were responding to Chinese victims at that timeThe 30-year arc from 1990s Taiwan phone fraud to Fujian scam towns to today's militarised, multi-continental operations — and why every crackdown relocates rather than eliminates the industryThe victim-offender overlap: four archetypes from pure criminal to fully coerced victim, why the majority fall in between, and what a proportionate law enforcement response looks likeHow AI has changed the operations: real-time multilingual translation, face-swapping that defeats video verification, and automated phishing site regeneration that outruns detectionThe post-crackdown crisis: thousands of survivors sleeping on streets across Southeast Asia, no food, no shelter, no repatriation — and being approached by traffickers offering the cycle againLinks: Ling Li on LinkedIn — LING LI | LinkedInSCAM: Inside Southeast Asia's Cybercrime Compounds, Verso Books — Amazon.com: Scam: Inside Southeast Asia's Cybercrime Compounds: 9781804296905: Franceschini, Ivan, Li, Ling, Bo, Mark: Books

    32 min
  3. Forensic Cyberpsychology: How AI is changing crime and human behavior

    Feb 11

    Forensic Cyberpsychology: How AI is changing crime and human behavior

    AI is changing more than workflows—it’s changing how we communicate, what we trust, and how criminals manipulate people. In this episode, I’m joined by James McDowell, Executive Director of the Cyber Crime Research Institute (CCRI) and an adjunct professor at American Military University, to unpack forensic cyber psychology: how human behavior shifts online, how “truth” gets distorted (deepfakes, social media personas), and why scam victimization is often about cognitive states and social engineering, not intelligence. We talk through the Eliza Effect (why people humanize chatbots), automation bias (over-trusting systems), and the duality of technology—how the same tools that increase efficiency can also amplify fraud and exploitation. We also dig into revictimization: how shame, underreporting, and social withdrawal can create a cycle that fraudsters intentionally “reload.” References: LinkedIn Profile - James McDowell, PhD | LinkedIn Amazon Link - Mind behind the screen - https://a.co/d/09Y9lYVc CRI - Cybercrime Research Institute

    23 min
  4. Investigating Modern Fraud: A Law Enforcement Perspective

    12/19/2025

    Investigating Modern Fraud: A Law Enforcement Perspective

    What does financial crime really look like from the law enforcement side? In this episode, Victoria Frosch Bowes joins us to share a frontline view of modern fraud investigations — from her time as a Detective Constable working complex fraud cases, to her current role in securities enforcement. We discuss how Victoria found her way into financial crime, what makes fraud cases uniquely challenging for law enforcement, and why collaboration between police, banks, and technology providers often breaks down in practice. The conversation covers: Why financial crime investigations are more complex than many people realize Lessons from real-world fraud cases, including SIM-swap enabled schemes The practical challenges law enforcement faces when data, timing, or context is missing What banks and technology vendors could do differently to support investigations How AI, automation, and crypto are changing fraud — for criminals and investigators alike Why fraud prevention can’t stop at detection alone This episode is a must-listen for anyone working in fraud, compliance, payments, or financial crime prevention — especially those building systems meant to support investigations downstream. Audio Credit:Music from ⁠⁠⁠⁠#Uppbeat⁠⁠⁠⁠ (free for Creators!)https://uppbeat.io/t/all-good-folks/w...License code: CWFYBYTSKHIO0WBU

    34 min
  5. The Psychology of Scams

    12/11/2025

    The Psychology of Scams

    In this episode, Anurag sits down with Whistine Chai to explore the human side of scams. Whistine brings more than 17 years of experience in clinical, forensic, and industrial-organizational psychology, along with extensive field work in Singapore focused on understanding victims and offenders. Her work blends behavioral science and practical investigation, giving her a unique lens on how scams actually unfold in real life. The conversation begins with her path into forensic and behavioral psychology and the early lessons she learned while working on scam cases in Singapore. She shares how rotations and field work shaped her perspective and why being on the ground provides insights that lab research often misses. They speak at length about the behavioral and psychological markers seen in scam victims. Some traits stay stable across time. Others appear only when someone is placed under stress, fatigue, or emotional pressure. Whistine breaks down these drivers in a simple and relatable way. The episode also examines how behavioral insights can be translated into analytics, fraud controls, and early intervention strategies. This is an area both she and Anurag are deeply invested in. The discussion covers what can be operationalized today and what still belongs in the research domain. Finally, Whistine talks about her book, the motivation behind it, and the process of bringing those ideas together for a wider audience. It is a thoughtful conversation that brings psychology, fraud operations, and human insight into one place.A great listen for anyone working in fraud prevention, investigations, cybersecurity, or behavioral science.

    23 min
  6. The Famous Fraud Guy

    11/14/2025

    The Famous Fraud Guy

    In this episode of AI SPY, Anurag sits down with the ever-busy Andrew Austin, a fraud prevention expert whose insights are shaped by years of experience tackling financial crime across institutions. The conversation kicks off with Andrew’s origin story—how he got into the fraud space and why curiosity is a career superpower. From there, they dive deep into: Why AI is both an advantage and a challenge in the fight against fraud How scammers are adapting faster than ever—sometimes faster than tech teams Lessons learned from real-world investigations How fraudsters think, and why threat modeling must evolve Advice for fraud fighters building detection strategies Why signal interpretation (not just signal collection) is the real game The episode wraps with a rapid fire round where Andrew shares what he’s reading, tools he’s obsessed with, and a few unfiltered opinions on buzzwords and the future of AI in compliance. Audio Credit: Music from ⁠⁠⁠⁠#Uppbeat⁠⁠⁠⁠ (free for Creators!): ⁠⁠⁠⁠⁠⁠⁠https://uppbeat.io/t/all-good-folks/w...⁠⁠⁠⁠License code: CWFYBYTSKHIO0WBU

    37 min
  7. The Saturday Fraud Strategist

    09/11/2025

    The Saturday Fraud Strategist

    Founder, CTO, fraud strategist and newsletter author Chen Zamir joins AI SPY to share stories and playbooks that make fraud prevention both practical and approachable. We start with his early experiences in fraud prevention, working at a startup and the surreal experience of identity theft on a dating app. During the discussion we highlight the gaps in trust & safety and how collaboration with fraud teams can reduce risk. Then we dive into highlights from his newsletter: how layered controls combine rules, AI, and human review. We close with Chen’s radar on 2025 fraud trends and a rapid-fire segment where memes meet models. Chen's Newsletter - Newsletter Signup LI — Native[risk] Chen's LinkedIn Profile - Chen Zamir | LinkedIn Audio Credit: Music from #Uppbeat (free for Creators!): https://uppbeat.io/t/all-good-folks/w... License code: CWFYBYTSKHIO0WBU

    27 min
  8. Breach Resilience: Your voice isn't yours

    08/15/2025

    Breach Resilience: Your voice isn't yours

    Voice authentication was once celebrated as the future of secure and frictionless banking. By 2023, nearly 1.9 billion people worldwide were enrolled in voice biometric systems, and banks like HSBC were touting hundreds of millions in fraud losses prevented. But advances in AI-driven deepfakes are eroding that trust fast — North America alone saw a 1,740% spike in deepfake fraud in 2023. In this episode, Anurag Mohapatra speaks with Anis Ahmed, security leader and author of BankInfoSecurity’s “Financial Enterprises Must Shift to Breach Resilience.” Together, they explore why banks were already aware of voice authentication’s vulnerabilities before recent high-profile warnings, how deepfakes are changing the fraud landscape, and why the industry must shift from breach prevention to breach resilience. The conversation covers: The rapid rise of voice authentication in financial services and why it appealed to both customers and banks. Real-world examples of AI-powered voice fraud, from high-value corporate scams to consumer-level attacks. The difference between prevention and resilience, and why “assume breach” is the right mindset. The path forward: layered authentication, AI-based detection, and cryptographic transaction signing. Whether you’re a CISO, fraud prevention leader, or banking executive, this episode will help you rethink authentication strategies in an age where your voice is no longer proof of who you are. Why Financial Enterprises Must Shift to Breach ResilienceAudio Credit:Music from #Uppbeat (free for Creators!): ...License code: CWFYBYTSKHIO0WBU

    18 min
See All (34)

About

Join us in the world of financial crime prevention, where we delve into the powerful synergy of Artificial Intelligence and cutting-edge technology. This podcast brings expert insights, no-nonsense discussions, and deep dives into topics like Anti-Money Laundering, Payments Fraud, and more. Hosted casually and informatively, we invite A-listers from the industry to share their experience and learnings.

Information

  • Creator
    Anurag Mohapatra
  • Years Active
    2023 - 2026
  • Episodes
    34
  • Rating
    Clean
  • Copyright
    © Anurag Mohapatra
  • Show Website
    AI Spy