Security Intelligence Podcast

What do AI agents, the stock market and behavior-based threat detection tools have in common? You’ll need to listen to this week’s episode of Security Intelligence to find out.

Join host Matt Kosinski and panelists Sridhar Muppidi and Cris Thomas for a jam-packed conversation, including new ways to build malicious AI agents, a malware strain that types like a person, a social engineering scheme that manipulates stock prices and a banner year for bug bounties.

Plus: When it comes to new tech, why does governance always lag so far behind implementation?

All that and more on Security Intelligence.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Just how big a deal is React2Shell? Depending on who you ask, it’s either a Log4Shell-level event or just another average, everyday application security vulnerability. Patch and move on.

This week, on Security Intelligence, panelists Sridhar Muppidi, Claire Nuñez and Ian Molloy weigh in on the contentious debate React2Shell has sparked. However it shakes out, one thing is for sure: The response to this vulnerability has been anything but typical.

We also dive into:

13:01 -- Whether malicious LLMs like WormGPT live up to the hype
23:40 -- How hackers can lock you out of your Gmail account by changing your age
34:09 -- What happens when two different threat actors attack you at the same time
42:37 -- Why cybersecurity pros should care about solar radiation grounding 6,000 flights

All that and more on Security Intelligence.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Why does it cost so much more to get hacked in the United States than anywhere else in the world?

In this special bonus episode of Security Intelligence, we sit down with Michelle Alvarez, Manager of Strategic Threat Analysis at IBM X-Force, for a deep dive into IBM’s 2025 Cost of a Data Breach report—and one of its most surprising findings: global breach costs are falling, but US breach costs just hit a record high.

What’s driving the gap?

In this episode, we unpack:

Why faster detection and containment are lowering breach costs globally

Why shadow AI is quietly increasing breach risk and driving up response costs

Why regulatory fines, global operations and organizational scale hit US companies especially hard

And how supply chain breaches, cloud complexity and shadow IT amplify the damage

We also explore a critical inflection point ahead: AI isn’t a major attack target yet—but once adoption crosses key market concentration thresholds, attackers will follow the ROI.

All that and more on Security Intelligence

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

What does it take to trick an AI agent?

Not a whole lot, it turns out.

This week, panelists Nick Bradley, Claire Nuñez and Jeff Crume join host Matt Kosinski to discuss a couple of new methods for hijacking AI agents and breaking their guardrails. We also talk recent evolutions in DDoS attack trends, the legacy of zero trust and some glaring security flaws in an extremely popular AI training app.

Plus: We ring in Cybersecurity Awareness Month with the traditional airing of grievances.

00:00 – Introduction
01:38 – Tricking AI agents
15:18 – The DDoS comeback
26:03 – 15 years of zero trust
36:02 – Neon exposes user calls
44:34 – Cybersecurity myths

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

When agentic browsers like Perplexity Comet share their reasoning, they give cybercriminals valuable information. Plus: 40-year-old code liabilities, the failure of shift lift, and new X-Force research.
Read more about “Slopoly” → https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks