Risky Business Features

How the CopyFail disclosure went sideways

In this episode, Theori’s Brian Pak and Andrew Wesie join James Wilson to discuss why the CopyFail exploit was publicly disclosed before Linux distributions had their patches ready. As you’ll hear in this episode, mistakes were made and lessons learned. It’s worth a podcast, too, because in our opinion this incident foreshadows the inevitable problems that open source software will face in the unfolding vulnpocalypse. SHOW NOTES

NCSC’s Ollie Whitehouse on surviving the "bugpocalypse"

In this edition of Risky Business Features Ollie Whitehouse, the CTO of the UK’s National Cyber Security Centre, joins Patrick Gray and James Wilson to talk about why “patch faster” will only get organisations so far in the face of the AI “bugpocalypse”. As Ollie explains, organisations will need to reduce internet-facing attack surface and make better architecture decisions as 0day discovery speeds up. This episode is also available on YouTube [https://youtu.be/0ygJ6XhDVjw]. SHOW NOTES

What a great agentic AI deployment plan looks like

In this podcast James Wilson and Brad Arkin workshop the advice they think the industry needs to hear when it comes to deploying agentic AI in the enterprise. Relegating agentic AI to non-sensitive and low-risk tasks doesn’t deliver value, and avoiding all risk stalls progress. James and Brad discuss the phases of AI adoption and contrast what a great plan looks like, versus an overly cautious one. SHOW NOTES

Mythos smythos! How to find 0day with lesser models

In this podcast James Wilson chats with Niels Provos about his research into using older AI models to successfully hunt for 0day vulnerabilities. Niels has had a long and prolific career in cybersecurity, having worked as a Distinguished Engineer at Google and then heading up security at Stripe. His interest in AI bug hunting was piqued recently when one of the Mythos 0day vulnerabilities that received lots of attention happened to be in code he wrote for the OpenBSD project 27 years ago. It got him thinking: Are these frontier models really that magical? Or could we replicate their findings with some clever orchestration instead of relying on the model’s smarts to find bugs with a single prompt? As it turns out, this was worth looking into. Niels’ orchestration framework, Iron Curtain, works extremely well. This episode is also available on YouTube [https://youtu.be/ksWbjE9uQyk] SHOW NOTES * Finding Zero-Days with Any Model [https://www.provos.org/p/finding-zero-days-with-any-model/] * Security Blueprints [https://securityblueprints.io/]

Solving the AI agent identity problem

In this podcast James Wilson and Brad Arkin chat about emerging trends in AI agent identity and credential management. Brad was formerly the CISO of Adobe, Cisco and Salesforce, and is now working with all sorts of companies that are deploying AI. With everyone now in at least a large-scale pilot of agentic AI, the issue of how to manage agent identities and credentials is still an unsolved problem. But, some interesting patterns are emerging. SHOW NOTES