Episodes

  • Soap Box: Where does AI fit into cloud security?

    Soap Box: Where does AI fit into cloud security?
    May 15 2026

    In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler.

    Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud security business. In this interview Toni talks us through how AI is changing the game for him as an open source project owner, and as a vendor. In short, reports of the death of IT and security tooling at the hands of frontier models have been greatly exaggerated.

    This episode is also available on Youtube.

    Show notes
      Show More Show Less
      34 mins
    • Risky Business #837 -- GitHub Actions footgun claims TanStack

      Risky Business #837 -- GitHub Actions footgun claims TanStack
      May 13 2026
      On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Mini Shai-Hulud and the TanStack compromise using Github ActionsInstructure pays Canvas elearning platform data extortionistsMore Linux privilege escalation 0days!CISA helping critical infrastructure operators rearchitect their networks so they work offline This week’s episode is sponsored by email security platform Sublime Security. Bobby Filar chats with Patrick about how agentic AI is being evaluated by buyers in a marketplace that’s experiencing “AI fatigue”. This episode is also available on Youtube. Show notes ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack | CyberScoopHardening TanStack After the npm Compromise | TanStack BlogCanvas Breach Disrupts Schools & Colleges Nationwide – Krebs on SecurityInstructure pays ransom after Canvas incident as Congress announces investigation | The Record from Recorded Future NewsWhen DNSSEC goes wrong: how we responded to the .de TLD outageAdversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access | Google Cloud BlogMythos smythos! How to find 0day with lesser models - Risky Business MediaGitHub - V4bel/dirtyfrag · GitHubretr0.zipNVD - CVE-2026-42511Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI | CyberScoopIvanti customers confront yet another actively exploited zero-day | CyberScoopPalo Alto warns of critical software bug used in firewall attacks | The Record from Recorded Future NewsWhere Have All the Complex Windows Malware and Their Analyses Gone?Meet Rassvet, Russia’s Answer to Starlink | WIREDDOJ says ransomware gang tapped into Russian government databases | TechCrunchIranian government hackers using Chaos ransomware as cover, researchers say | The Record from Recorded Future NewsFoxconn confirms cyberattack impacting North American factories | The Record from Recorded Future NewsNew CISA initiative aims for critical infrastructure to operate offline during cyberattacks | The Record from Recorded Future News‘HELLO BOSS’: Inside the Chinese Realtime Deepfake Software Powering Scams Around the WorldHow to Disable Google's Gemini in Chrome | WIREDFCC pushes ban on security updates for foreign-made routers, drones to 2029 | The Record from Recorded Future News
      Show More Show Less
      1 hr and 5 mins
    • Risky Business #836 -- You can't patch the bugpocalypse

      Risky Business #836 -- You can't patch the bugpocalypse
      May 6 2026

      On this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including:

      • The US Government says we just have to patch faster, but…
      • Bugs in cPanel, MoveIt and all Linux distributions this week show that patching alone isn’t enough
      • James gets mad about lame AI Agent adoption advice from the US and Australian Governments
      • James Kettle and Niels Provos both showed us that any model can find 0day like Mythos
      • And the cyber-assisted theft of cargo results in an astonishing loss of $725 million dollars

      This week’s show is sponsored by SpecterOps. Their CTO, Jared Atkinson, chats to Pat about the big changes in the threat landscape, brought about by AI, that are causing a pivot away from detection and remediation, and toward prevention.

      This episode is also available on Youtube.

      Show notes
      • Exclusive: US officials weigh cutting deadlines to fix digital flaws amid worries over AI-powered hacking, sources say | Reuters
      • British cyber agency warns of looming ‘patch wave’ as AI speeds flaw discovery | The Record from Recorded Future News
      • Federal agencies must patch cPanel bug by Sunday, CISA says | The Record from Recorded Future News
      • cPanel zero-day exploited for months before patch release (CVE-2026-41940) - Help Net Security
      • The most severe Linux threat to surface in years catches the world flat-footed - Ars Technica
      • New MOVEit vulnerabilities prompt urgent patch warning | Cybersecurity Dive
      • US and allies urge ‘careful adoption’ of AI agents | Cybersecurity Dive
      • careful_adoption_of_agentic_ai_services.pdf
      • User just tricked Grok and Bankrbot to send tokens with Morse code - Cryptopolitan
      • Finding Zero-Days with Any Model
      • (1872) Sponsored: James Kettle built an AI hacker - YouTube
      • Feature Interview: Nicholas Carlini, Anthropic - Risky Business Media
      • Trellix investigating breach of source code repository | Cybersecurity Dive
      • Popular DAEMON Tools software compromised | Securelist
      • Komari Red: The Monitoring Tool with a Built-in Reverse Shell | Huntress
      • Hackers earning millions from hijacked cargo, FBI says | The Record from Recorded Future News
      • Congress punts FISA renewal to June | The Record from Recorded Future News
      • Cops Use Apple Data And Car Bluetooth To Identify Crypto Robbery Suspect
      • Stewart Baker, outspoken voice on cybersecurity and national security law, dies at 78 | IAPP
      Show More Show Less
      1 hr and 2 mins
    • Snake Oilers: Ent AI, Spacewalk and Mondoo

      Snake Oilers: Ent AI, Spacewalk and Mondoo
      May 1 2026

      In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products:

      • Ent AI: Co-founder Brandon Dixon pitched Ent, an intent-aware, AI-powered endpoint security control.

      • Spacewalk AI: Founders Chris Fuller and Tim Wenzlau pitch Spacewalk, an AI-powered incident response platform.

      • Mondoo: Co-founder Dominik Richter pitches Mondoo, an AI-powered “service as software” in the vulnerability management space.

      This episode is also available on YouTube.

      Show notes
        Show More Show Less
        44 mins
      • Risky Business #835 -- Why the Fast16 malware is badass

        Risky Business #835 -- Why the Fast16 malware is badass
        Apr 29 2026
        On this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including: The US government is mad as hell about Chinese firms stealing American AI technologyDmitri has an opinion or two about the US selling Nvidia chips to ChinaSpeaking of Chinese AI, Kimi’s new 2.6 is very interestingThe US sanctions a Cambodian senator for earning mega bucks through scam compoundsAnd a ransomware family is promoting itself as being … quantum-safe? This week’s show is sponsored by Trail of Bits. CEO and co-founder Dan Guido chats to Pat about how private inference works and Trail of Bits’ audit of WhatsApp’s private AI setup. This episode is also available on Youtube. Show notes Exclusive: US State Dept orders global warning about alleged AI thefts by DeepSeek, other Chinese firms | Reutersmoonshotai/Kimi-K2.6 · Hugging FaceDiscord Sleuths Gained Unauthorized Access to Anthropic’s Mythos | WIREDNewly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet | WIREDHackers deployed wiper malware in destructive attacks on Venezuela’s energy sector | The Record from Recorded Future NewsMystery Around Venezuelan Cyberattack Deepens, with New Discovery of "Highly Destructive" WiperRisky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack - Risky Business MediaAI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIREDCISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March | The Record from Recorded Future NewsUS, UK authorities warn that Firestarter backdoor malware survives patching | Cybersecurity DiveSurveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities | CyberScoopUK regulator closes loophole that allowed rogue companies to track phone users' location | ReutersUS sanctions Cambodian senator for millions earned through scam compounds | The Record from Recorded Future NewsVercel says some of its customers' data was stolen prior to its recent hack | TechCrunchSupply Chain Security Incident UpdateApple fixes bug that cops used to extract deleted chat messages from iPhones | TechCrunchKyle Daigle on X: "Wanted to provide more clarity about this. Yesterday, we had a regression in merge queue behavior where, in some cases, squash or rebase commits were generated from the wrong base state, making earlier changes appear reverted in branch history. 2,804 pull requests out of over 4M" / XSecuring the git push pipeline: Responding to a critical remote code execution vulnerability - The GitHub BlogOne ransomware crew now drives half of all cyber claims: At-Bay | Insurance BusinessIn a first, a ransomware family is confirmed to be quantum-safe - Ars TechnicaWhat we learned about TEE security from auditing WhatsApp's Private Inference
        Show More Show Less
        1 hr and 6 mins
      • Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs

        Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs
        Apr 22 2026
        On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including: Vercel got owned, and there’s a few infostealer and compromised employee dots to connectMozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypseSpeaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs?The NSA is using Mythos even though the government did that whole Anthropic blacklisting thingAnd DDos attacks hit a couple of smaller-player socials This week’s episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments. This episode is also available on Youtube. Show notes Vercel April 2026 Security incidentVercel breach linked to infostealer infection at Context.aiVercel confirms breach as hackers claim to be selling stolen dataMatt Johansen: “This is not a good look” | XNIST limits vulnerability analysis as CVE backlog swells | Cybersecurity DiveCISA Cyber on XRansomware attack continues to disrupt healthcare in London nearly two years later | The Record from Recorded Future NewsLawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks | CyberScoopIn defeat for Trump, House extends electronic spying program for just 10 days | The Record from Recorded Future NewsCrypto infrastructure company blames $290 million theft on North Korean hackers | The Record from Recorded Future NewsUS-sanctioned currency exchange says $15 million heist done by "unfriendly states" - Ars TechnicaHackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunchMozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox | WIREDNSA using Anthropic's Mythos despite Defense Department blacklistBeyond the breach: inside a cargo theft actor’s post-compromise playbook | Proofpoint USBeware scam messages offering ships safe transit through Hormuz Strait, says security firm | The Straits TimesNew Jersey men given lengthy sentences for running North Korean laptop farms | The Record from Recorded Future NewsTurns Out We’re Not Alone - Volodymyr StyranUS joins nearly two dozen other countries in striking back against DDoS-for-hire platforms | Cybersecurity DiveBluesky blames app outage on ‘sophisticated’ DDoS attack | The Record from Recorded Future NewsMastodon says its flagship server was hit by a DDoS attack | TechCrunchAn IT expert explained under what conditions using a VPN can cause a smartphone to explode
        Show More Show Less
        1 hr and 1 min
      • Risky Business #833 -- The Great Mythos Freakout of 2026

        Risky Business #833 -- The Great Mythos Freakout of 2026
        Apr 15 2026
        On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Everyone has an opinion about Claude Mythos… even though almost nobody has used it yetCISA adds a 2009 Excel bug to the KEV list, u wot?Adobe also parties like it’s the 2000s, and fixes an Acrobat Reader bugDisgraced former Trenchant exec Peter Williams’ sob story fails to resonate with … anyoneRemember those crosswalk buttons hacked to play audio mocking Trump and Zuck? They were “secured” by the password: 1234. This week’s episode is sponsored by mobile network operator, Cape. Ajit Gokhale talks with James about the ways to get being a telco right when you’re starting from scratch and solving the security problems of 2026. This episode is also available on Youtube. Show notes Lab SpaceThe “AI Vulnerability Storm”: Building a “Mythosready” Security ProgramPolymarket on X: "JUST IN: Goldman Sachs is reportedly ramping up its cyber defenses in preparation for Claude Mythos." Ananay on X: "Marcus Hutchins probably has the best take on Mythos doing vulnerability research"solst/ICE of Astarte on X: "Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days"Charlie Miller on X: "we’ve gone through this before with early fuzzers, afl, etc"James Kettle on X: "'Can AI Do Novel Security Research? Meet the HTTP Terminator' will premiere at Blackhat"jeffrey lee funk on X: "We've been tricked, again. Many of the thousands of bugs and vulnerabilities Mythos found are in older software are impossible to exploit."Claude is getting worse, according to Claude • The RegisterYour Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply ChainOpenAI's Mac apps need updates thanks to the Axios hack | CyberScoopHack at Anodot leaves over a dozen breached companies facing extortion | TechCrunchSnowflake customers hit in data theft attacks after SaaS integrator breachBooking.com confirms hackers accessed customers’ dataCPUID hijacked to serve malware as HWMonitor downloads • The RegisterKnown Exploited Vulnerabilities Catalog | CISAAdobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunchThe Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian BuyerFBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification DatabaseUS operation evicts Russia from hacked SOHO routers used to breach critical infrastructure | Cybersecurity DiveTelegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market | WIREDThe Dumbest Hack of the Year Exposed a Very Real Problem | WIRED
        Show More Show Less
        1 hr
      • Snake Oilers: Burp AI, Sondera and Truffle Security

        Snake Oilers: Burp AI, Sondera and Truffle Security
        Apr 9 2026

        In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products:

        • Burp AI and DAST: The founder of PortSwigger and creator of legendary security software Burp Suite, Dafydd Stuttard, drops by to pitch listeners on Burp AI and Burp Suite DAST.

        • Sondera: Josh Devon talks about Sondera, a technology designed to intervene when AI models start doing the wrong thing by statefully tracking their trajectories. This isn’t a permissions suite for AI agents, it’s a way to stick agents in a harness and make sure they adhere to hard policy boundaries.

        • Truffle Security: Dylan Ayrey, the founder of Truffle Security, joins Risky Business again to talk through the latest bells and whistles in Trufflehog, a security tool that searches for exposed secrets and validates them. The Truffle team has done a lot of work on the remediation part of their product over the last few years, and Dylan tells us all about it!

        This episode is also available on YouTube

        Show notes
          Show More Show Less
          48 mins