How to survive supply chain attacks

Solo podcast: A deep dive on TeamPCP

In this solo episode, James Wilson takes a detailed look at TeamPCP. It started off by launching clumsy attacks against misconfigured Kubernetes clusters in September 2025. But by February this year, TeamPCP had skilled up and was smashing global software supply chains in the highest profile attacks of 2026. TeamPCP upskilled and turned the software development ecosystem into its personal credential harvesting machine. Here’s how TeamPCP did it, and what we can learn from it. SHOW NOTES

How to survive supply chain attacks

In this podcast James Wilson chats with Brad Arkin about why software supply chain attacks have gone from rare, once-in-a-while disasters to an operational problem affecting mainstream enterprises almost daily. AI has made attackers faster, and “vibe coding” means the number of environments pulling packages from the internet has gone to the moon. It also means legacy tooling that seeks out the bad packages and cleans them up isn’t enough. Package cooldown windows won’t fix this either. But all hope is not lost! Tune in to this podcast to find out how you can get a grip on the disaster de jour! SHOW NOTES

How the CopyFail disclosure went sideways

In this episode, Theori’s Brian Pak and Andrew Wesie join James Wilson to discuss why the CopyFail exploit was publicly disclosed before Linux distributions had their patches ready. As you’ll hear in this episode, mistakes were made and lessons learned. It’s worth a podcast, too, because in our opinion this incident foreshadows the inevitable problems that open source software will face in the unfolding vulnpocalypse. SHOW NOTES

NCSC’s Ollie Whitehouse on surviving the "bugpocalypse"

In this edition of Risky Business Features Ollie Whitehouse, the CTO of the UK’s National Cyber Security Centre, joins Patrick Gray and James Wilson to talk about why “patch faster” will only get organisations so far in the face of the AI “bugpocalypse”. As Ollie explains, organisations will need to reduce internet-facing attack surface and make better architecture decisions as 0day discovery speeds up. This episode is also available on YouTube [https://youtu.be/0ygJ6XhDVjw]. SHOW NOTES

What a great agentic AI deployment plan looks like

In this podcast James Wilson and Brad Arkin workshop the advice they think the industry needs to hear when it comes to deploying agentic AI in the enterprise. Relegating agentic AI to non-sensitive and low-risk tasks doesn’t deliver value, and avoiding all risk stalls progress. James and Brad discuss the phases of AI adoption and contrast what a great plan looks like, versus an overly cautious one. SHOW NOTES