エピソード

  • Inside Operation Disruption Week: Taking Down Southeast Asia's Scam Machine

    Inside Operation Disruption Week: Taking Down Southeast Asia's Scam Machine
    2026/06/25
    What does it actually take to dismantle an industrial-scale scam operation running bulletproof hosting, distributed ASNs, and crypto laundering across multiple countries? Mike Sweeney of Silent Push was in the room during Operation Disruption Week and tells us exactly how it went down — the intelligence, the coordination, and why this public-private model could be a blueprint for future cyber disruption efforts. Plus, reporter Tim Starks on the open source supply chain crisis: the volunteer maintainers holding up the internet, the threat groups coming after them, and the policy vacuum left behind after the Biden administration's momentum stalled.
    続きを読む 一部表示
    36 分
  • Zero days, zero order: The chaos reshaping vulnerability disclosure

    Zero days, zero order: The chaos reshaping vulnerability disclosure
    2026/06/18
    The rules of responsible disclosure were written for a different era — one where humans found bugs, humans reported them, and 90 days felt like plenty of time to patch. That era is over. In this episode, Greg sits down with Gal Elbaz, co-founder and CTO of Oligo Security, to unpack how AI-assisted vulnerability research is breaking the frameworks the security industry has relied on for decades. From MITRE admitting it can no longer keep up with the volume of CVE reports, to Linus Torvalds saying the same about the Linux kernel, the cracks in the system are impossible to ignore. Gal draws on his years as a hands-on researcher at Check Point — and his current work leading Oligo's research team — to offer perspective from both sides of the disclosure table. He and Greg dig into the Microsoft controversy, the tension between researcher leverage and community responsibility, and why the Spider-Man rule applies more than ever to the security research community right now. They also tackle the big questions: Should disclosure timelines be based on exploitability rather than a fixed number of days? Who owns the decision to accelerate a disclosure? And is it time to throw out CVSS scores and build something new? Gal's bottom line: the noise needs to be cut, the critical bugs need better definition, and both vendors and researchers need to get back to the table — as humans. For our reporter chat, Greg talked with Derek Johnson about the reaction to the Trump administration's fight with Anthropic.
    続きを読む 一部表示
    40 分
  • Why the autonomous SOC Is the wrong goal

    Why the autonomous SOC Is the wrong goal
    2026/06/11
    On this week's episode, we're joined by Mike Nichols, General Manager of Security at Elastic, fresh off the Gartner Security and Risk Summit in the D.C. area, where AI dominated every conversation on the conference floor. Mike walks us through what CISOs are actually asking about, what a real agentic SOC looks like in practice, and why keeping humans on the loop is the key philosophical distinction that separates a thoughtful AI implementation from a reckless one. The conversation covers "tribal knowledge," shadow AI, prompt injection, model sovereignty, and the exploding attack surface that AI agents themselves create, with Mike making the case that AI adoption is a dial and not a switch, and that transparency, explainability, and a healthy dose of skepticism are the foundation of building trust that actually sticks.
    続きを読む 一部表示
    34 分
  • The last layer standing

    The last layer standing
    2026/06/04
    What happens when an "assume breach" scenario turns into a total corporate wipeout? In this episode of Safe Mode, host Greg welcomes Brandon Willitts, Director of Cyber Resilience at Everpure, to pull back the curtain on a devastating "malwareless" attack that deleted over 80,000 endpoints at a Fortune 100 company. When adversaries exploit valid credentials to compromise the entire identity plane, your own endpoint management tools can be weaponized against you. Brandon breaks down how separating the storage layer from the identity blast radius—and leveraging immutable snapshot technology—allowed a non-technical engineer to jumpstart a full recovery in just days rather than months. In our reporter chat, Greg talks with Derek Johnson about all the AI security news that has happened over the past week.
    続きを読む 一部表示
    36 分
  • From Two Weeks to Three Days: The KEV Deadline Debate

    From Two Weeks to Three Days: The KEV Deadline Debate
    2026/05/29
    Drawing on his experience from his time in government working directly on CISA’s Known Exploited Vulnerabilities (KEV) catalog, Todd Beardsley, VP of Security Research at runZero, explains what it actually took behind the scenes to get a vulnerability added: verifying that real exploitation occurred, confirming the incident mattered to federal interests (including state/local governments, critical infrastructure, or allied nations), and ensuring there was a concrete remediation option before publishing. He walks Greg through how those judgments tied back to Binding Operational Directive 22-01 and how deadlines were set and adjusted from the two-week baseline—context that frames the recent trend toward three-day turnaround requirements. From that insider perspective, Beardsley outlines the practical risks of compressing timelines (especially around testing and change-control realities across 100+ civilian agencies) and why ultra-short deadlines can dilute KEV’s value as an “urgency signal,” even as they may push agencies to modernize staffing, automation, and patch processes to respond faster.
    続きを読む 一部表示
    37 分
  • Can specialized security survive Daybreak and Mythos?

    Can specialized security survive Daybreak and Mythos?
    2026/05/21
    In this episode, we sit down with Lior Div, CEO of 7AI, at a moment when the ground is shifting under the entire security industry. With AI lowering the barrier to entry for attackers, supply chain compromises spreading at worm speed, and OpenAI and Anthropic racing to plant their flags in enterprise cyber defense, the pressure on defenders has never been more acute. We push Div on the hard stuff — whether agentic defense actually closes the asymmetry gap or just keeps pace with it, what Mini Shai-Hulud exposes about the blind spots in how we trust software, how the arrival of Daybreak and Glasswing changes the competitive landscape for pure-play security companies, and whether the industry is building toward genuine resilience or just faster reactions to inevitable breaches. Speaking in Mini Shai-Hulud, Greg talks about a whirlwind week of reporting that covered all the security incidents tied to the malware.
    続きを読む 一部表示
    38 分
  • Why access brokers have stubbornly remained successful

    Why access brokers have stubbornly remained successful
    2026/05/14
    Anna Pham of Huntress joins Safe Mode to discuss the current landscape of initial access brokers and how their tactics continue to support ransomware operations. She explains that attackers are still finding success with drive-by downloads, Trojanized installers, fake browser updates, click-fix attacks, exposed RDP, VPN weaknesses, and vulnerable edge devices. The conversation also covers how access is monetized, what defenders can look for before ransomware deployment, and why limited endpoint visibility often leaves organizations exposed. Fam emphasizes that basic cyber hygiene still matters: close exposed ports, enforce MFA, use complex passwords, apply least privilege, patch systems, and maintain broad visibility across the environment. In our reporter chat, Greg talks with Matt Kapko about the security incident that impacted Canvas.
    続きを読む 一部表示
    32 分
  • Can you prove which agent did what?

    Can you prove which agent did what?
    2026/05/07
    In this week's episode, Greg Otto talks with Howard Ting, CEO of Opal Security, about the growing security challenges created by AI agents inside the enterprise, especially around identity governance, access control, and runtime authorization. As organizations adopt coding agents, workplace assistants, and other AI tools, traditional approaches to managing human access are being pushed beyond their limits by the speed, scale, and context required for agent-driven decisions. The conversation explores the risks of shadow AI, overprivileged agents, unintended data exposure, and the difficulty of enforcing least privilege when agents act on behalf of employees across sensitive systems. It also looks at what CISOs and security teams need to prioritize now, from gaining visibility into agent activity to building policy-aware controls that can make real-time access decisions and safely support AI adoption. In our reporter chat, Greg talks with Derek Johnson about a lawsuit where a dating app stole an influencer's TikTok videos to use in targeted ads to people she knew, all without her consent.
    続きを読む 一部表示
    28 分