Exploits of public-facing apps are surging. Why?

All episodes
Media Thumbnail
00:00
00:00
1x
  • 0.5
  • 1
  • 1.25
  • 1.5
  • 1.75
  • 2
This is a podcast episode titled, Exploits of public-facing apps are surging. Why?. The summary for this episode is: <p>For years, stolen credentials were king—the hacker’s attack vector of choice. Until now.&nbsp;</p><p><br></p><p>The 2026 IBM X-Force Threat Intelligence Index reveals a surge in the exploitation of public-facing applications, overtaking identity-based attacks as the top initial access vector.&nbsp;&nbsp;</p><p><br></p><p>Why are threat actors changing their tactics so dramatically—and what does it mean for defenders?&nbsp;</p><p>&nbsp;</p><p>In this episode of <em>Security Intelligence</em>, panelists Claire Nuñez, Chris Caridi and Joe Xatruch break down the biggest findings from the latest Threat Intelligence Index, plus:&nbsp;</p><ul><li>Infostealers that grab AI agents’ “souls”&nbsp;</li><li>Compromised packages that drop AI agents as malware&nbsp;</li><li>The AI infrastructure flaws we can’t seem to fix&nbsp;</li><li>Why threat intelligence is so siloed—and what we can do about it&nbsp;</li></ul><p><br></p><p>All that and more—on <em>Security Intelligence</em>.&nbsp;</p><p><br></p><p>00:00 - Intro&nbsp;</p><p>1:17 - Threat Intelligence Index 2026&nbsp;&nbsp;</p><p>16:22 - Stealing AI agents’ souls&nbsp;&nbsp;</p><p>28:03 - AI infrastructure flaws&nbsp;&nbsp;</p><p>36:36 - Threat intelligence made human&nbsp;</p><p><br></p><p>&nbsp;</p><p><em>The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.</em>&nbsp;</p><p>&nbsp;</p><p><br></p><p>Follow the Security Intelligence podcast on your preferred platform →&nbsp;<a href="https://www.ibm.com/think/podcasts/security-intelligence" rel="noopener noreferrer" target="_blank">https://www.ibm.com/think/podcasts/security-intelligence</a>&nbsp;</p><p>Explore the Threat Intelligence Index 2026 →<strong><em>&nbsp;</em></strong><a href="https://www.ibm.com/reports/threat-intelligence#sipod" rel="noopener noreferrer" target="_blank">https://www.ibm.com/reports/threat-intelligence#sipod</a><strong>&nbsp;&nbsp;&nbsp;</strong>&nbsp;</p>

DESCRIPTION

For years, stolen credentials were king—the hacker’s attack vector of choice. Until now. 


The 2026 IBM X-Force Threat Intelligence Index reveals a surge in the exploitation of public-facing applications, overtaking identity-based attacks as the top initial access vector.  


Why are threat actors changing their tactics so dramatically—and what does it mean for defenders? 

 

In this episode of Security Intelligence, panelists Claire Nuñez, Chris Caridi and Joe Xatruch break down the biggest findings from the latest Threat Intelligence Index, plus: 

  • Infostealers that grab AI agents’ “souls” 
  • Compromised packages that drop AI agents as malware 
  • The AI infrastructure flaws we can’t seem to fix 
  • Why threat intelligence is so siloed—and what we can do about it 


All that and more—on Security Intelligence


00:00 - Intro 

1:17 - Threat Intelligence Index 2026  

16:22 - Stealing AI agents’ souls  

28:03 - AI infrastructure flaws  

36:36 - Threat intelligence made human 


 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

 


Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence 

Explore the Threat Intelligence Index 2026 → https://www.ibm.com/reports/threat-intelligence#sipod    

Today's Host

Guest Thumbnail

Matt Kosinski

|Host

Today's Guests

Guest Thumbnail

Claire Nuñez

|Creative Director, X-Force Cyber Range
Guest Thumbnail

Chris Caridi

|Cyber Threat Analyst, X-Force Strategic Threat Analysis
Guest Thumbnail

Joe Xatruch

|CTM Chief Architect

Related Resources

Explore the Threat Intelligence Index 2026

Follow the Security Intelligence podcast on your preferred platform

Recent Episodes

Romance scams: How they work, how they win and what we do about it

Romance scams: How they work, how they win and what we do about it

Episode 21 | 02.18.2026

OpenClaw and Claude Opus 4.6: Where is AI agent security headed?

OpenClaw and Claude Opus 4.6: Where is AI agent security headed?

Episode 20 | 02.11.2026

What cybersecurity pros need to know about OpenClaw and Moltbook

What cybersecurity pros need to know about OpenClaw and Moltbook

Episode 19 | 02.04.2026

The newest AI malware vs. 40 years of hacker culture

The newest AI malware vs. 40 years of hacker culture

Episode 18 | 01.28.2026

Most cybersecurity training doesn’t work. Can we change that?

Most cybersecurity training doesn’t work. Can we change that?

Episode 17 | 01.21.2026

Ransomware whack-a-mole, AI agents as insider threats and how to hack a humanoid robot

Ransomware whack-a-mole, AI agents as insider threats and how to hack a humanoid robot

Episode 16 | 01.14.2026