Risky Business Features
Technology
About
Join reformed CTO James Wilson as he dives deep on cybersecurity topics through an enterprise lens. From solo content and interviews with CISOs and researchers to vendor and startup deep dives, James does a bit of everything.
Episodes
- Mythos smythos! How to find 0day with lesser models
Niels Provos discusses his research on using older AI models and an orchestration framework called Iron Curtain to find 0-day vulnerabilities, questioning the necessity of frontier models for such tasks.
- Solving the AI agent identity problem
James Wilson and Brad Arkin discuss the unsolved problem of managing AI agent identities and credentials as companies deploy agentic AI. Brad Arkin, formerly CISO of major tech companies, shares insights on emerging patterns in this field.
- A deep dive on AI model distillation attacks
In this episode, James Wilson explains AI model distillation, detailing how it can be used to steal model capabilities, affecting LLM products. The discussion covers the concept, types of distillation, the process, and mitigation strategie…
- Feature Interview: Nicholas Carlini, Anthropic
Nicholas Carlini from Anthropic discusses AI advancements in vulnerability research and exploit development with Risky Business hosts. He covers how Anthropic's models identify and exploit vulnerabilities in open source projects and highli…
- A builder's perspective on Mythos and frontier models
James Wilson hosts Yaniv Bernstein, an investor and entrepreneur, to discuss Anthropic's Mythos. They explore its implications for startups and business growth, drawing on Bernstein's background as Google's former VP of Engineering and his…
- Mythos and 0day: Fixing exploits is not safety
James Wilson and Brad Arkin discuss Anthropic's Mythos. Arkin, with experience as CISO at Adobe, Cisco, and Salesforce, shares his perspective on whether finding and fixing exploits truly enhances safety.
- Mythos and 0day: A hacker’s perspective
Jamieson O’Reilly, CEO of DVULN and co-founder of Aether AI, shares his decade-plus experience as a hacker with James Wilson on Risky Business Features. They discuss Anthropic's Mythos and its implications for offensive security, particula…
- What happens after North Korea infiltrates?
Geoff White and James Wilson explore North Korea's IT worker infiltration scheme, detailing the interview process, how hired workers generate value for the regime, and the methods used for financial transactions.
- Why CISOs need to be more flexible in the AI era
James Wilson and Brad Arkin discuss the increasing pressure on CISOs resulting from the AI era's challenges, including large-scale attacks and rapid internal AI adoption. This necessitates greater flexibility in security controls and revis…
- A Risky Biz Experiment: Hunting for iOS 0day with AI
James Wilson explores whether LLMs can assist in identifying, modifying, or creating sophisticated iOS exploits. The episode discusses the role of AI in analyzing mature codebases like WebKit for zero-day vulnerabilities.
- Interview: Former NSA and CIA cyber leaders on offensive AI
Former NSA executive Rob Joyce and CIA cyber intelligence leader Andy Boyd discuss the evolving landscape of offensive AI with host Patrick Gray. The conversation, recorded live, also touches on recent iOS exploit chain leaks.
- When disaster strykes
In this episode, James Wilson and Brad Arkin review the cyber attack on medtech company Stryker. The attackers utilized Microsoft's inTune to wipe company devices, prompting a discussion on other potential vulnerabilities exploited during…
- MCP is Dead
James Wilson explains that the Model Context Protocol (MCP), crucial for making Large Language Models and AI Agents functional, is becoming obsolete. LLMs are now preferring to interact directly with the shell, which presents significant c…
- They don't break in, they log in. What's an enterprise to do?
James Wilson interviews Brad Arkin on Risky Business about defending enterprises against attackers who log in with valid credentials. The discussion covers stolen identities, weak special-use credentials, and over-scoped API keys, emphasiz…
- A ridiculously deep dive into the Coruna Exploits
James Wilson provides an in-depth analysis of the Coruna exploit kit, explaining its sophisticated methods for compromising devices and its nation-state-grade capabilities.
- Being a wartime CISO
James Wilson and Brad Arkin discuss the complexities of being a CISO during wartime. The conversation covers managing key material in abandoned offices, dealing with cloud infrastructure in enemy-controlled data centers, and assessing supp…
- What to do about North Korean remote workers
James Wilson and Brad Arkin discuss the complex methods North Korean actors use to create a fake IT worker ecosystem, involving stolen identities and sophisticated fraud. They cover the technical detection challenges and why enterprises st…
- Former Adobe, Cisco and Salesforce CISO talks AI pentesting
Brad Arkin, former Chief Security Officer at Adobe, Cisco, and Salesforce, discusses AI pentesting with James Wilson. The conversation covers whether pentesting improves overall product security, the importance of post-test debriefings, an…
- History Repeats: Security in the AI Agent Era
AI agents are using outdated security models, leading to rapid vulnerabilities like malicious skills and cookie theft. James Wilson explains why banning these agents is ineffective and urges organizations to address these emerging security…