﻿Learn more about solving agentic AI identity and access gaps → <a href="https://www.hashicorp.com/en/blog/agentic-runtime-security-solving-agentic-ai-identity-and-access-gaps" rel="noopener noreferrer" target="_blank">https://www.hashicorp.com/en/blog/agentic-runtime-security-solving-agentic-ai-identity-and-access-gaps</a> LiteLLM is a nifty little Python library that gives you access to about 100 different AI services through one API. It gets an estimated 3.4 million downloads a day.&nbsp; And last week, it was turned into a Trojan horse, distributing infostealers to hundreds of thousands of devices. (At least, that’s what TeamPCP says—the hackers behind the LiteLLM breach and a slew of other high-profile software supply chain attacks in recent weeks.)&nbsp; Quote Andrej Karpathy: This is “basically the scariest thing imaginable in modern software.”&nbsp; On this episode of Security Intelligence, Suja Viswesan, Dave McGinnis and Jeff Crume help us break down the LiteLLM breach and the broader campaign TeamPCP is waging.&nbsp; We’re also joined by HashiCorp Field CTO Jake Lundberg in the first segment for a discussion of how organizations are trying—with varying degrees of success—to tackle the agentic AI problem.&nbsp;&nbsp; AI agents are identities—but identities our existing frameworks weren’t built to house. Simply porting existing human and non-human identity management practices onto them won’t cut it.&nbsp; But the question remains: What do we need instead?&nbsp; All that and more on Security Intelligence.&nbsp; Segments&nbsp; 00:00 -- Intro&nbsp;1:13 -- Who will fix AI agent security?&nbsp;&nbsp;21:17 -- RSAC 2026 Recap&nbsp;&nbsp;29:31 -- 2026's most dangerous cyberattacks&nbsp;&nbsp;40:45 -- The LiteLLM breach&nbsp;&nbsp; The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp; Explore the podcast → <a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>

The latest in AI agent security, the LiteLLM breach, key takeaways from RSAC 2026 and SANS’s most dangerous cyberattacks of the year. 

RSA recap, the LiteLLM breach, and the quest to fix AI agent security

Security Intelligence is a weekly news podcast for cybersecurity pros who need to stay ahead of fast-moving threats. Each week, we cover the latest threats, trend, and stories shaping the digital landscape, alongside expert insights that help make sense of it all. Whether you’re a builder, defender, business leader or simply curious about how to stay secure in a connected world, you’ll find timely updates and timeless principles in an accessible, engaging format. New episodes weekly on Wednesdays at 6am EST.

Security Intelligence

Most cybersecurity pros only run into cryptocurrency when they’re dealing with ransomware gangs demanding payouts in Bitcoin.&nbsp;&nbsp; But what if crypto infrastructure were more than just a means of money laundering?&nbsp; In this episode of IBM’s Security Intelligence podcast, X-Force threat intelligence consultant Austin Zeizel makes the case that blockchain — the decentralized ledger underlying many cryptocurrency systems — has powerful, largely untapped applications for cybersecurity. In fact, Austin makes a pretty convincing argument that blockchain could be the key to a genuinely zero trust architecture.&nbsp; We also get into how cybercriminals actually exploit cryptocurrency — coin mixers, non-KYC exchanges, the pseudonymous nature of Bitcoin — and why understanding those mechanics matters for defenders.&nbsp; The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp;

Cryptocurrency isn’t just ransomware gangs’ favorite payment. It might also be the key to finally realizing genuine zero trust. 

Cryptocurrency: The most misunderstood technology in cybersecurity

Follow the Security Intelligence podcast on your preferred platform → <a href=" https://www.ibm.com/think/podcasts/security-intelligence " rel="noopener noreferrer" target="_blank"> https://www.ibm.com/think/podcasts/security-intelligence </a> Someone finally cracked the Xbox One after 13 years. Here’s why security pros should care. On this episode of Security Intelligence, panelists Ian Molloy, Seth Glasgow and Kimmie Farrington discuss the Xbox One hack presented at RE//verse 2026. More than just a neat story of one hacker’s ingenuity, there are some important takeaways for practitioners here. But before that, we get into promptware, a new model for understanding attacks on LLMs that goes beyond the basics of prompt injections. Formulated by a handful of prominent cybersecurity researchers, including Bruce Schneier, promptware urges defenders to start thinking about the full AI attack kill chain, not just the front door. Then we dive into a new analysis of cloud attack trends from IBM X-Force's Omari Jones, which finds that cybercriminals are targeting cloud ecosystems rather than cloud infrastructure. How do we need to shift our own mindsets to counter this? Meanwhile, Google Threat Intelligence Group and Coveware find ransomware gangs increasingly ditching their flashy external tools in favor of PowerShell and other built-in system utilities—making detection significantly harder. And Chuck Everette's Dark Reading op-ed raises a question that doesn't get enough airtime: With everyone focused on cutting-edge AI tech, what about the downright ancient OT systems and PLCs that underpin large swaths of American critical infrastructure? All that and more on Security Intelligence. In this episode: 00:00 – Introduction 1:01 -- From prompt injection to promptware 11:15 -- Cloud security trends 2026 19:59 -- Ransomware attackers live off the land 28:53 -- OT security: cybersecurity’s “rusting edge” 34:41 -- The Xbox One hack The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Cloud attacks are evolving: What 2025 trends mean for defenders in 2026 → <a href="https://www.ibm.com/think/x-force/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026 " rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/x-force/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026 </a>

This week: Xbox hacks, promptware attacks, cloud security trends in 2026, new ransomware techniques, and the perpetual OT security problem.  

Promptware, cloud security trends for 2026, and what the Xbox One hack means for cybersecurity

Listen to our latest episode, Can IAM handle AI? → &nbsp;<a href="https://www.ibm.com/think/podcasts/security-intelligence/ai-agent-access-problem-iam-handle-ai" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence/ai-agent-access-problem-iam-handle-ai</a> &nbsp;Does your AI agent talk too much? It’s not just an annoying habit—it’s a security concern.&nbsp; On this episode of Security Intelligence, Sridhar Muppidi, Claire Nuñez and Dave Bales join me to discuss Guardio’s research into “agentic blabbering,” and how attacks can use an agent’s reasoning process against it.&nbsp;&nbsp; In experiments with the agentic Perplexity Comet browser, Guardio researchers were able to design foolproof phishing websites just by listening to agent’s running monologue as it traversed the web.&nbsp;&nbsp; What does it mean for agentic security when sophisticated AI reasoning processes can be weaponized?&nbsp; Then, we chat about Microsoft Azure CTO Mark Russinovich’s discovery that Claude Opus can reverse engineer 40-year-old (practically ancient, by software standards) code. Did AI just expand the attack surface to include every compiled binary ever written?&nbsp; Plus: Contrast Security CISO David Lindner claims that shift left has failed. Dramatic increases in the exploitation go vulnerable code—confirmed by the IBM Threat Intelligence Index 2026, among many other reports—suggest he might be onto something. But is there more to the story?&nbsp; And, finally, we dig into two new pieces of research from IBM X-Force: One about a new piece of AI-generated malware, and another about reframing how we think about authentication.&nbsp;&nbsp; All that and more on Security Intelligence.&nbsp; 00:00 -- Introduction&nbsp;1:19 -- Perplexity Comet’s “agentic blabbering”&nbsp;13:06 -- AI resurrects old vulnerabilities&nbsp;21:28 -- Did shift left fail?&nbsp;30:05 -- AI slop and the post-auth perimeter&nbsp; The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp; Read more about “Slopoly” →&nbsp;<a href="https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks</a>&nbsp;

When agentic browsers like Perplexity Comet share their reasoning, they give cybercriminals valuable information. Plus: 40-year-old code liabilities, the failure of shift lift, and new X-Force research. 

Perplexity Comet, agentic blabbering, and the shift-left failure

Follow the Security Intelligence podcast on your preferred platform →&nbsp; <a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>&nbsp; Did you miss out on the [un]prompted AI security conference? So did most of us. Except our very own Dustin “Evil Mog” Heywood, who joins us today to share highlights from the event.&nbsp; And speaking of [un]prompted, we also discuss one of the biggest announcements to come out of the event: the Zero Day Clock. This coalition of experts is arguing that we need to radically rethink vulnerability management in the face of plummeting time-to-exploit values for new vulnerabilities.&nbsp;&nbsp; Among their demands that might prove to be quite controversial: holding software makers liable for flaws and building more disposable architecture.&nbsp; Then we talk about some notably nasty AI agent behavior, including manipulating prescriptions and writing mean blog posts about human users.&nbsp; Finally, we round out the week with a discussion of burnout among cybersecurity pros. We’re working, on average, 10 overtime hours per week. It’s exhausting—and really, really bad for security.&nbsp; All that and more on Security Intelligence.&nbsp; 00:00 -- Introduction&nbsp;01:26 -- Report back from [un]prompted&nbsp;&nbsp;09:07 -- The zero day collapse&nbsp;&nbsp;21:26 -- AI agents harassing humans&nbsp;&nbsp;31:26 -- Burnout in cybersecurity&nbsp; The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp; Subscribe to the IBM Think newsletter → <a href="https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120" rel="noopener noreferrer" target="_blank">https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120</a>&nbsp; #zerodaysexploits #AIsecurity #AIagentsecurity #vulnerabilitymanagement

Dustin Heywood

X-Force Executive Managing Hacker, Senior Technical Staff Member 

Austin Zeizel

Threat Intelligence Consultant 

Nick Bradley

Manager, X-Force Threat Intelligence 

How the year’s hottest AI security conference changed our minds about AI. Plus: Cybersecurity burnout, AI agents writing bully blog posts, and the ‘Zero Day Collapse.’ 

The conference that changed our minds about AI

Can IAM handle AI? Find out →&nbsp;<a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>&nbsp; A consumer just wanted to control his own personal robot vacuum with a PlayStation controller. He ended up controlling thousands of strangers’ vacuums, too.&nbsp; This week on Security Intelligence, we cover one of the wildest IoT security stories in recent memory: How one user accidentally built an army of 6,700 robot vacuums, and what it means for cybersecurity pros. &nbsp;&nbsp;Then we turn to TOAD — telephone-oriented attack delivery — a deceptively low-tech social engineering method that's quietly becoming one of attackers' favorite tools. We talk about why it works and what defenders can actually do about an attack that skips most of your defenses entirely.&nbsp; And finally: healthcare's cybersecurity problems. This season of the hit medical drama The Pitt features a hospital-debilitating ransomware attack, which is perhaps one of the most realistic things to ever happen on a show known for its verisimilitude. We explore why ransomware is so prevalent in healthcare, why patching is rare and what it would actually take to change that.&nbsp; 00:00 -- Introduction&nbsp;0:58 -- Rise of the robot vacuum army&nbsp;10:02 -- Anthropic debuts Claude Code Security&nbsp;24:39 -- Thwarting distillation attacks&nbsp;34:23 -- Why hackers love TOADs&nbsp;44:14 -- Healthcare’s cybersecurity woes&nbsp; The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp;&nbsp;Explore the Threat Intelligence Index 2026 →&nbsp;<a href="https://www.ibm.com/reports/threat-intelligence#sipod" rel="noopener noreferrer" target="_blank">https://www.ibm.com/reports/threat-intelligence#sipod</a>&nbsp;&nbsp;#AIcodesecurity #vibecoding #securitydebt #IoTsecurity #vishing&nbsp;

Michelle Alvarez

Manager, X-Force Strategic Threat Analysis 

Ryan Anschutz 

North America Leader of X-Force Incident Response

Dave McGinnis

VP/Sr. Partner, Global Cyber Threat Management 

Thousands of hacked vacuums, why ransomware gangs love hospitals and why social engineers love TOADs. 

Is your robot vacuum safe? Here’s why it matters.

For years, stolen credentials were king—the hacker’s attack vector of choice. Until now.&nbsp; The 2026 IBM X-Force Threat Intelligence Index reveals a surge in the exploitation of public-facing applications, overtaking identity-based attacks as the top initial access vector.&nbsp;&nbsp; Why are threat actors changing their tactics so dramatically—and what does it mean for defenders?&nbsp;&nbsp;In this episode of Security Intelligence, panelists Claire Nuñez, Chris Caridi and Joe Xatruch break down the biggest findings from the latest Threat Intelligence Index, plus:&nbsp;<ul><li>Infostealers that grab AI agents’ “souls”&nbsp;</li><li>Compromised packages that drop AI agents as malware&nbsp;</li><li>The AI infrastructure flaws we can’t seem to fix&nbsp;</li><li>Why threat intelligence is so siloed—and what we can do about it&nbsp;</li></ul> All that and more—on Security Intelligence.&nbsp; 00:00 - Intro&nbsp;1:17 - Threat Intelligence Index 2026&nbsp;&nbsp;16:22 - Stealing AI agents’ souls&nbsp;&nbsp;28:03 - AI infrastructure flaws&nbsp;&nbsp;36:36 - Threat intelligence made human&nbsp; &nbsp;The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp;&nbsp; Follow the Security Intelligence podcast on your preferred platform →&nbsp;<a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>&nbsp;Explore the Threat Intelligence Index 2026 →&nbsp;<a href="https://www.ibm.com/reports/threat-intelligence#sipod" rel="noopener noreferrer" target="_blank">https://www.ibm.com/reports/threat-intelligence#sipod</a>&nbsp;&nbsp;&nbsp;&nbsp;

Claire Nuñez

Creative Director, X-Force Cyber Range 

Chris Caridi

Cyber Threat Analyst, X-Force Strategic Threat Analysis 

Joe Xatruch

CTM Chief Architect 

The 2026 IBM X-Force Threat Intelligence Index reveals surging app exploitation, AI credential theft and growing supply chain security risks. 

IBM

Recent Episodes

SEASON 1

RSA recap, the LiteLLM breach, and the quest to fix AI agent security

Cryptocurrency: The most misunderstood technology in cybersecurity

Promptware, cloud security trends for 2026, and what the Xbox One hack means for cybersecurity

Perplexity Comet, agentic blabbering, and the shift-left failure

The conference that changed our minds about AI

Is your robot vacuum safe? Here’s why it matters.

Exploits of public-facing apps are surging. Why?

About The Show

Security Intelligence

Matt Kosinski

Host