Security Intelligence

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Are enterprises moving too fast with AI—and breaking security in the process?

In this episode of Security Intelligence, host Matt Kosinski is joined by Sridhar Muppidi, Nick Bradley and Jeff Crume to unpack a pivotal moment in cybersecurity.

The panel dives into the rapid rise of AI agents and the growing risks of shadow AI in the enterprise, comparing open-source agent platforms like OpenClaw with proprietary models such as Claude Opus 4.6 and its new agent teams. We explore how speed-first AI adoption, unsecured agent implementations and weak separation of duties are creating new attack surfaces—and why executives may be unintentionally fueling the problem.

The conversation also examines the recent Notepad++ supply chain breach as a warning sign of broader software inventory and supplier risk failures, and analyzes DragonForce’s attempt to reinvent ransomware as a scalable cartel business.

Along the way, we keep returning to a key theme: Have we optimized for velocity at the expense of security?

00:00 -- Intro
01:18 -- OpenClaw vs. Claude Opus 4.6
15:05 -- Move fast. Break security?
27:29 -- Notepad++ breach
38:55 -- DragonForce ransomware cartel


The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

#OpenClaw #ClaudeOpus #shadowAI #AIagentsecurity

OpenClaw and Moltbook are extremely cool. They're also extremely dangerous. And they tell us just how far AI agent security has to go.

In this episode of Security Intelligence, Dave McGinnis, Seth Glasgow and Evelyn Anderson unpack how locally run AI agents are becoming a brand-new attack surface, and why defenders may be underestimating the risks. From misconfigured agent databases leaking API keys, to malicious “skills” that can quietly hijack trusted systems, we explore what happens when powerful AI tools are treated like just another app.

We also dig into a growing signal problem across cybersecurity:

Why AI-generated “slop” is overwhelming bug bounty programs.
Why NIST may stop enriching vulnerabilities in the National Vulnerability Database.

Along the way, our panel debates a deeper question: Is AI a gift or a curse for security pros?

All that and more on Security Intelligence

00:00 - Intro
01:03 - OpenClaw and the AI agent attack surface
16:49 - Will AI slop end bug bounties?
26:49 - Big changes to NIST’s NVD
35:27 - The problem with vibe coded malware

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Subscribe for more AI and cybersecurity news → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120
Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Do you think you could get scammed by a chatbot?

Neither did IBM Chief People Hacker Stephanie Carruthers—until she went toe to toe with one.

In this episode of Security Intelligence, we take you inside the John Henry Competition at DEF CON 2024, where Carruthers competed with an AI-powered vishing bot to see who was the better con artist.

The results just might surprise you.

Along the way, we explore how generative AI is transforming social engineering, why vishing and voice cloning attacks are surging and what it all means for defenders who’ve spent years training people to spot phishing emails—but not phone calls that sound exactly like their boss.

All that and more—on Security Intelligence.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

AI-generated malware has officially arrived. But does it matter all that much?

This week on Security Intelligence, Suja Viswesan, Dave Bales and Dustin Heywood join us to discuss VoidLink, which might just be the first thoroughly documented case of a malware framework generated with significant AI help. The question is: What really changes when malware is no longer the handiwork of human hackers?

We also explore the World Economic Forum’s Global Cybersecurity Outlook 2026, where CEOs and CISOs are split on what they fear most: cyber fraud or ransomware? Then we cover the debate over data protection vs. service resilience, and we dig into the takedown of RedVDS, a major player in the cybercrime-as-a-service supply chain.

Finally, we reflect on the 40th anniversary of “The Hacker Manifesto,” asking what’s changed—and what hasn’t—in hacker culture.

All that and more on Security Intelligence

00:00 -- Introduction
01:40 -- CEOs vs. CISOs: 2026 cyberthreats
11:10 -- VoidLink: Documented AI malware
19:28 -- Are we too worried about our data?
27:28 -- Cybercrime supply chains
34:05 -- 40 years of hacking culture


The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence
Learn more about cybersecurity → https://www.ibm.com/think/podcasts/techsplainers#tabs-fw-44e285b2cc-item-df35f5fbab-tab

AI has changed the speed of cyberattacks. But it hasn’t changed the most important variable: people.

In this episode of Security Intelligence, panelists Jake Paulson, Stephanie Carruthers and Matt Cerny dig into how AI-driven threats—phishing, deepfakes and disinformation—are reshaping the cyberthreat landscape. Organizations, too, are adopting AI tools to help detect these attacks.

But even in the era of AI, people are ultimately our first and last lines of defense. And all too often, we don’t give them what they need to succeed. How do we help human beings adapt to the increased speed, scale and impact of AI threats?

The answer, our panel argues, isn’t more checkbox training or prettier slides. It’s realistic, immersive training that builds muscle memory, confidence under stress and decision-making skills for moments when things don’t go according to plan.

We talk about:

00:00 -- Introduction
01:48 -- AI phishing, deepfakes and modern social engineering tactics
09:19 -- Why humans are still the primary attack surface—and the strongest defense
17:03 -- The difference between tabletop exercises and cyber range training
22:00 -- How immersive simulations prepare teams for real incident response pressure
42:00 -- Why preparedness matters more than awareness in the age of AI attacks

Because when AI accelerates attacks, training determines the outcome.

All that and more on Security Intelligence.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

#cybersecuritytraining #AIcyberthreats #AIphishing #AIcyberattacks

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence
Learn more about the cyber range → https://www.ibm.com/think/topics/cyber-range
Discover how AI training can support your business → https://www.ibm.com/services/xforce-cyber-range