Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

In this special year-end episode of Security Intelligence, we reflect on 2025, a year of new attack methods (ClickFix), new vulnerabilities (vibecoding) and new worries on the horizon (shadow agents). 

From hijacked AI agents to massive supply chain breaches, 2025 forced security leaders to confront a sobering reality: trust might just be our biggest attack surface.  

Join hosts Matt Kosinski and Patrick Austin for a jam-packed look back at the biggest cybersecurity trends and cyberattacks of 2025, the lessons we can learn from them and what the road ahead looks like. Featuring: 

00:00 – Introduction

4:10 – AI and data security with Michelle Alvarez and Jeff Crume 

22:42 – Biggest cyberattacks of 2025 with Dave Bales and Nick Bradley 

38:18 – Major lessons, innovations and failures of cybersecurity in 2025 with Suja Viswesan and Sridhar Muppidi 

All that and more on Security Intelligence. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about cybersecurity → https://www.ibm.com/think/security 

AI browsers are neat—but are they more trouble than they’re worth?  

In this episode of Security Intelligence, Austin Zeizel, Evelyn Anderson and Ryan Anschutz discuss Gartner’s recent advisory warning organizations to ban AI browsers from the workplace for the time being. Is there anything we can do to make them safe enough to use? 

And that leads to a broader conversation about the relationship between AI model providers and the cybersecurity community. In the wake of some high-profile attacks using AI models—like the spy ring Anthropic busted—cybersecurity pros are split on whether AI vendors are pulling their weight in threat intel circles. This one has it all: spam bombing, social engineering and malicious virtual machines. 

All that and more on Security Intelligence.  

00:00 – Introduction 

01:14 -- Gartner: No AI browsers at work 

13:38 -- Should AI vendors share threat intel? 

23:11 -- MITRE’s top 25 most dangerous software flaws 

33:15 -- Are social logins safe? 

41:54 -- Bring-your-own-VM attacks 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about cybersecurity → https://www.ibm.com/think/security 

Just how big a deal is React2Shell? Depending on who you ask, it’s either a Log4Shell-level event or just another average, everyday application security vulnerability. Patch and move on. 

This week, on Security Intelligence, panelists Sridhar Muppidi, Claire Nuñez and Ian Molloy weigh in on the contentious debate React2Shell has sparked. However it shakes out, one thing is for sure: The response to this vulnerability has been anything but typical. 

We also dive into: 

13:01 -- Whether malicious LLMs like WormGPT live up to the hype 

23:40 -- How hackers can lock you out of your Gmail account by changing your age 

34:09 -- What happens when two different threat actors attack you at the same time 

42:37 -- Why cybersecurity pros should care about solar radiation grounding 6,000 flights 

All that and more on Security Intelligence. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Being a malware reverse engineer isn’t always glamorous work. You spend a lot of time digging through junk emails.  

But when you find something in there—well, that’s a whole different story.  

On this episode of Security Intelligence, X-Force Malware Reverse Engineer Raymond Joseph Alfonso tells us about the time he discovered a curious new malware loader in the honeypot. And that leads to a bigger conversation about how hackers hide malicious code from view—and some of the new techniques they’re cooking up to stay hidden. 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about QuirkyLoader → https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader  

 Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence 

Do you think you’re too smart to fall for a Black Friday scam? Generative AI might knock you down a few pegs. On this episode of Security Intelligence, host Matt Kosinski and panelists Suja Viswesan, Dave McGinnis and Nick Bradley discuss how threat actors are using AI to turbocharge holiday scam season. Plus:

- IBM X-Force makes malware research tools public

- The dark web job market is thriving

- AI fraud schemes are getting quite elaborate

And the story of an enterprising insider threat who tried to turn his employer’s wind turbines into cryptojacking machines. Spoiler: He got caught.

00:00 – Introduction

02:45 – Holiday scam season

13:37 – X-Force malware research tools

19:47 – Dark web jobs report

24:41 – Factory finds an AI fraud ring

31:48 – Cryptojacking wind turbines

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Learn more about cybersecurity → https://www.ibm.com/think/security

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Learn more about the X-Force Malware Threat Research GitHub → https://www.ibm.com/think/x-force/introducing-x-force-malware-threat-research-public-github-repository

Anthropic says it disrupted a nearly fully autonomous espionage campaign carried out by AI agents. But some cybersecurity pros are skeptical of the framing.

On the latest episode of Security Intelligence, host Matt Kosinski is joined by Ryan Anschutz, Evelyn Anderson, Seth Glasgow and Mixture of Experts podcast fixture Chris Hay to dig into Anthropic’s report and the range of responses to it. Plus: The newest OWASP Top 10 is here, the ransomware landscape is cracking up and does cyber insurance just encourage hackers? All that and more on Security Intelligence.

00:00 -- Introduction

01:29 -- Anthropic’s AI spy ring bust

15:44 -- OWASP Top 10 2025

24:41 -- Small ransomware gangs

33:45 -- Is cyber insurance worth it?

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Have we lost the plot when it comes to AI malware?  

This week, host Matt Kosinski and panelists Claire Nunez, Austin Zeizel and Dave Bales discuss the growing trend of cybersecurity pros pushing back on AI malware “research.” Is it all puffery? Genuine threat? Some secret third thing?  

Plus: How hackers are stealing real-world cargo, time-delayed malware, the Louvre’s weak password and why don't more people patch their OT systems?   

00:00 – Introduction

01:15 – The IT-OT gap

11:18 – Digital cargo thieves

20:12 – Time-delayed logic bombs

25:53 – AI malware vs. AI slop

33:47 – The Louvre’s password

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Learn more about AI malware → https://www.ibm.com/think/insights/defend-against-ai-malware 

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence 

What do AI agents, the stock market and behavior-based threat detection tools have in common? You’ll need to listen to this week’s episode of Security Intelligence to find out. 

Join host Matt Kosinski and panelists Sridhar Muppidi and Cris Thomas for a jam-packed conversation, including new ways to build malicious AI agents, a malware strain that types like a person, a social engineering scheme that manipulates stock prices and a banner year for bug bounties. 

Plus: When it comes to new tech, why does governance always lag so far behind implementation? 

All that and more on Security Intelligence.  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Read more about the AI governance gap → https://www.ibm.com/think/insights/cios-ai-risk-governance-gap

Check out our new special edition episode → https://www.ibm.com/think/podcasts/security-intelligence/social-engineering-expert-talks-physical-security

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52954

Could you break into an office armed with nothing more than a coffee-stained resume and some charisma? Meet someone who can. 

Today’s bonus episode of Security Intelligence features an in-depth interview with Stephanie Carruthers, Global Head of Cyber Range and Chief People Hacker at IBM X-Force.  

Stephanie shares the harrowing tale of one of her most daring physical security assessments. Along the way, we discuss why physical security and cybersecurity are two sides of the same coin, highlight common physical security gaps and reveal why your office trash is a criminal’s treasure.  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about physical security in cybersecurity: https://www.ibm.com/think/insights/physical-cybersecurity

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120    

Is a safe AI browser even possible?  

On this week’s super spooky Halloween episode of Security Intelligence, host Matt Kosinski and panelists Suja Viswesan, J.R. Rao and Dave McGinnis discuss the terrifying security risks of ChatGPT Atlas. Plus: The ghost network spreading malware on YouTube, an invisible worm that drops a “Zombi” payload and AWS’s brush with the grave. (Notice a theme?) 

And stick around for a sneak peek of a very special episode at the end.  

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence  

Is Windows 10 dead?

This week, panelists Michelle Alvarez, Sridhar Muppidi and Jeff Crume join host Bryan Clark to discuss support for Windows 10 coming to an end. We also talk AI use in SOCs, automated code repair and the battle against payroll pirates coming after your next paycheck.

00:00 – Intro

01:10 – RIP Windows 10

08:38 – The future of SOCs

19:41 – AI code repair

31:27 – Plundering payroll pirates

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

What does it take to trick an AI agent? Not a whole lot, it turns out. This week, panelists Nick Bradley, Claire Nuñez and Jeff Crume join host Matt Kosinski to discuss a couple of new methods for hijacking AI agents and breaking their guardrails. We also talk recent evolutions in DDoS attack trends, the legacy of zero trust and some glaring security flaws in an extremely popular AI training app.

Plus: We ring in Cybersecurity Awareness Month with the traditional airing of grievances.

00:00 – Introduction

01:38 – Tricking AI agents

15:18 – The DDoS comeback

26:03 – 15 years of zero trust

36:02 – Neon exposes user calls

44:34 – Cybersecurity myths

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120  

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

An AI security CEO thinks we’re six months away from an “AI vulnerability cataclysm.” Is this a legitimate threat, or just fear-mongering? On this week’s episode, host Matt Kosinski and panelists Cris Thomas, Suja Viswesan and Troy Bettencourt debate whether we're headed straight for an AI security disaster. We also react to reports on Scattered Spider’s return (surprise!), a potential new strain of the devastating Petya ransomware and a survey of common cloud misconfigurations. Plus: Hot takes on dumb cybersecurity rules. All this and more, on Security Intelligence.   

00:00 – Intro  

01:02 – The AI apocalypse 

12:53 – Scattered Spider’s back 

23:41 – Misconfiguration risks 

32:35 – What is HybridPetya? 

42:46 – Dumb cybersecurity rules 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.  

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

Has the most notorious cybercrime gang of the moment really hung up its keyboards? In this episode of Security Intelligence, host Matt Kosinski along with panelists Dave Bales, Michelle Alvarez and Sridhar Muppidi discuss Scattered Lapsus$ Hunters’ retirement announcement, the ethics of ransomware research, software supply chain security lessons from the npm hack, the state of OT security, and hiring fraud.  

Plus: Dave takes on CVSS scores. 

All this and more, on Security Intelligence.  

00:00 – Intro  

02:12 – Scattered Lapsus$ Hunters retire 

8:05 – AI ransomware is here 

15:43 – npm hijacking 

24:51 – X-Force on OT threats 

35:27 – AI hiring fraud 

41:36 – A hacker and Huntress EDR 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

Have we made cybercrime too easy? In the very first episode of Security Intelligence, panelists Jeff Crume, Suja Viswesan and Nick Bradley join host Matt Kosinski to discuss the invention of vibe hacking and HexStrike AI, an offensive security framework that threat actors are co-opting to command their own AI agent armies. We also discuss Scattered Lapsus$ Hunters’ unconventional new ransom demand and the rise of the RATs, or remote access trojans. Plus: A game of “Would You Rather?"  

00:00 – Intro 

1:40 – Introducing vibe hacking 

9:28 – HexStrike AI fuels AI agent crime 

14:42 – AI agent cyber attacks vs. Human cyber attacks 

18:16 – Scattered Lapsus$ Hunters want Google to fire employees 

26:03 – Remote Access Trojans on the rise 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe to the IBM Think newsletter: https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence 

Learn more about cybersecurity: https://www.ibm.com/think/security 

Cybersecurity moves fast: Old vulnerabilities are patched as new exploits appear. Cybercrime gangs form and strike and fade, disappearing with millions of ransom dollars. What protected the organization yesterday might leave it hopelessly exposed today. At the same time, cybersecurity pros rely on core principles—like the CIA triad of infosec, the principle of least privilege, zero trust architectures—to help them navigate this shifting terrain. 

Security Intelligence addresses both of these angles in a single, exciting, and digestible podcast episode every week. Listeners learn both the latest news and timeless insights, all from experts they can trust. This format speaks directly to the needs and preferences of cybersecurity practitioners, who want frequent, granular and technical content that gives need-to-know information.