Explore the podcast → <a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>&nbsp; In this special year-end episode of Security Intelligence, we reflect on 2025, a year of new attack methods (ClickFix), new vulnerabilities (vibecoding) and new worries on the horizon (shadow agents).&nbsp; From hijacked AI agents to massive supply chain breaches, 2025 forced security leaders to confront a sobering reality: trust might just be our biggest attack surface.&nbsp;&nbsp; Join hosts Matt Kosinski and Patrick Austin for a jam-packed look back at the biggest cybersecurity trends and cyberattacks of 2025, the lessons we can learn from them and what the road ahead looks like. Featuring:&nbsp; 00:00 – Introduction4:10 – AI and data security with Michelle Alvarez and Jeff Crume&nbsp;22:42 – Biggest cyberattacks of 2025 with Dave Bales and Nick Bradley&nbsp;38:18 – Major lessons, innovations and failures of cybersecurity in 2025 with Suja Viswesan and Sridhar Muppidi&nbsp; All that and more on Security Intelligence.&nbsp; The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp;&nbsp;Learn more about cybersecurity → <a href="https://www.ibm.com/think/security" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/security</a>&nbsp;

Dave Bales

X-Force Incident Command 

Suja Viswesan

Vice President, Security Products 

Sridhar Muppidi

IBM Fellow, CTO IBM Security 

Jeff Crume

Distinguished Engineer, Master Inventor, Data and AI Security  

Nick Bradley

Michelle Alvarez 

Manager, X-Force Strategic Threat Analysis

From AI security gaps and supply chain chaos to record-setting breaches, we look back at the biggest cybersecurity stories and trends of 2025. 

Cybersecurity’s year in review: ClickFix attacks, vibecoding vulnerabilities, shadow agents and more

Security Intelligence is a weekly news podcast for cybersecurity pros who need to stay ahead of fast-moving threats. Each week, we cover the latest threats, trend, and stories shaping the digital landscape, alongside expert insights that help make sense of it all. Whether you’re a builder, defender, business leader or simply curious about how to stay secure in a connected world, you’ll find timely updates and timeless principles in an accessible, engaging format. New episodes weekly on Wednesdays at 6am EST.

Security Intelligence

AI browsers are neat—but are they more trouble than they’re worth?&nbsp;&nbsp; In this episode of Security Intelligence, Austin Zeizel, Evelyn Anderson and Ryan Anschutz discuss Gartner’s recent advisory warning organizations to ban AI browsers from the workplace for the time being. Is there anything we can do to make them safe enough to use?&nbsp; And that leads to a broader conversation about the relationship between AI model providers and the cybersecurity community. In the wake of some high-profile attacks using AI models—like the spy ring Anthropic busted—cybersecurity pros are split on whether AI vendors are pulling their weight in threat intel circles. This one has it all: spam bombing, social engineering and malicious virtual machines.&nbsp; All that and more on Security Intelligence.&nbsp;&nbsp; 00:00 – Introduction&nbsp;01:14 -- Gartner: No AI browsers at work&nbsp;13:38 -- Should AI vendors share threat intel?&nbsp;23:11 -- MITRE’s top 25 most dangerous software flaws&nbsp;33:15 -- Are social logins safe?&nbsp;41:54 -- Bring-your-own-VM attacks&nbsp; The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp; Learn more about cybersecurity → <a href="https://www.ibm.com/think/security" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/security</a>&nbsp;

Austin Zeizel

Threat Intelligence Consultant 

Ryan Anschutz

North America Leader of X-Force Incident Response 

Evelyn Anderson

CSS CTO, IBM Distinguished Engineer, IBM Master Inventor

Are AI browsers safe for work? We unpack Gartner’s warning, MITRE’s 2025 Top 25 weaknesses, SSO risks and a surprising new VM-based attack. 

AI browser bans and the top software flaws of 2025

Just how big a deal is React2Shell? Depending on who you ask, it’s either a Log4Shell-level event or just another average, everyday application security vulnerability. Patch and move on.&nbsp; This week, on Security Intelligence, panelists Sridhar Muppidi, Claire Nuñez and Ian Molloy weigh in on the contentious debate React2Shell has sparked. However it shakes out, one thing is for sure: The response to this vulnerability has been anything but typical.&nbsp; We also dive into:&nbsp;13:01 -- Whether malicious LLMs like WormGPT live up to the hype&nbsp;23:40 -- How hackers can lock you out of your Gmail account by changing your age&nbsp;34:09 -- What happens when two different threat actors attack you at the same time&nbsp;42:37 -- Why cybersecurity pros should care about solar radiation grounding 6,000 flights&nbsp; All that and more on Security Intelligence.&nbsp;&nbsp;The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp;&nbsp;Explore the podcast → <a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>&nbsp;Subscribe for AI and security updates → <a href="https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120" rel="noopener noreferrer" target="_blank">https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120</a>&nbsp;

Ian Molloy

Department Head, Security Research 

Claire Nunez

Creative Director, IBM X-Force Cyber Range 

React2Shell debate, dark LLM reality check, Gmail lockout hack, ransomware exposing hidden APTs and the cybersecurity impacts of solar radiation. 

React2Shell makes waves, WormGPT falls flat and the latest threat to your Gmail account

Bryan Clark

Senior Technology Advocate 

Michelle Alvarez

Supply chain worms, leaky dev tools, the botnet in your living room and why you should never read your AI companion a poem.  

Your house might be a botnet, your devs are leaking secrets and poems are breaking your AI guardrails

Being a malware reverse engineer isn’t always glamorous work. You spend a lot of time digging through junk emails.&nbsp;&nbsp;&nbsp;But when you find something in there—well, that’s a whole different story.&nbsp;&nbsp;&nbsp;On this episode of Security Intelligence, X-Force Malware Reverse Engineer Raymond Joseph Alfonso tells us about the time he discovered a curious new malware loader in the honeypot. And that leads to a bigger conversation about how hackers hide malicious code from view—and some of the new techniques they’re cooking up to stay hidden.&nbsp;&nbsp;The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp;&nbsp;Learn more about QuirkyLoader → <a href="https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader</a>&nbsp;&nbsp;&nbsp;Follow the Security Intelligence podcast on your preferred platform → <a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>&nbsp;

Raymond Joseph Alfonso

Malware Reverse Engineer, X-Force Threat Intelligence

What happens when a malware reverse engineer discovers a new strain of malicious software right in their inbox? Security Intelligence tells the story.  

Trawling the honeypot: What it’s like to discover a new malware strain

Discovering a new malware strain

Do you think you’re too smart to fall for a Black Friday scam? Generative AI might knock you down a few pegs. On this episode of Security Intelligence, host Matt Kosinski and panelists Suja Viswesan, Dave McGinnis and Nick Bradley discuss how threat actors are using AI to turbocharge holiday scam season. Plus: - IBM X-Force makes malware research tools public - The dark web job market is thriving - AI fraud schemes are getting quite elaborate And the story of an enterprising insider threat who tried to turn his employer’s wind turbines into cryptojacking machines. Spoiler: He got caught. 00:00 – Introduction 02:45 – Holiday scam season 13:37 – X-Force malware research tools 19:47 – Dark web jobs report 24:41 – Factory finds an AI fraud ring 31:48 – Cryptojacking wind turbines The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about cybersecurity → <a href="https://www.ibm.com/think/security" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/security</a>Explore the podcast → <a href="https://www.ibm.com/think/podcasts/security-intelligence " rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence </a>Learn more about the X-Force Malware Threat Research GitHub → <a href="https://www.ibm.com/think/x-force/introducing-x-force-malware-threat-research-public-github-repository " rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/x-force/introducing-x-force-malware-threat-research-public-github-repository </a>

Dave McGinnis

Dave McGinnis, Global Partner, Cyber Threat Management Offering Group 

This week we cover AI fraud, holiday scams and the dark web job market. It’s not as grim as it sounds! 

The dark web job market thrives, AI fraud rings rise and it’s holiday scam season.

Anthropic says it disrupted a nearly fully autonomous espionage campaign carried out by AI agents. But some cybersecurity pros are skeptical of the framing. On the latest episode of Security Intelligence, host Matt Kosinski is joined by Ryan Anschutz, Evelyn Anderson, Seth Glasgow and Mixture of Experts podcast fixture Chris Hay to dig into Anthropic’s report and the range of responses to it. Plus: The newest OWASP Top 10 is here, the ransomware landscape is cracking up and does cyber insurance just encourage hackers? All that and more on Security Intelligence. 00:00 -- Introduction01:29 -- Anthropic’s AI spy ring bust15:44 -- OWASP Top 10 202524:41 -- Small ransomware gangs33:45 -- Is cyber insurance worth it?&nbsp;The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.&nbsp;Explore the podcast → <a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>Subscribe for AI and security updates → <a href="https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120" rel="noopener noreferrer" target="_blank">https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120</a>

North America Leader of X-Force Incident Response

Seth Glasgow

Cyber Range Executive Advisor

Chris Hay

Distinguished Engineer

Anthropic says it disrupted a nearly fully autonomous espionage campaign carried out by AI agents. Some cybersecurity pros are skeptical of the framing.

IBM

Recent Episodes

SEASON 1

Cybersecurity’s year in review: ClickFix attacks, vibecoding vulnerabilities, shadow agents and more

AI browser bans and the top software flaws of 2025

React2Shell makes waves, WormGPT falls flat and the latest threat to your Gmail account

Your house might be a botnet, your devs are leaking secrets and poems are breaking your AI guardrails

Trawling the honeypot: What it’s like to discover a new malware strain

The dark web job market thrives, AI fraud rings rise and it’s holiday scam season.

Anthropic stops AI spies, the new OWASP Top 10 and the rise of small-time ransomware

About The Show

Security Intelligence

Matt Kosinski

Host