00:00 Introduction & BlackHat

03:14 AI Action Plan Overview

13:30 Chip Security Act

20:48 Government led AI-ISAC?

23:16 UK government considering banning public sector ransomware payments

28:14 Microsoft probing if Chinese hackers learned SharePoint flaws through alert

42:07 Ethics in Vendor Relationships – Gifts for meetings

America's AI Action Plan

“America’s AI Action Plan,” released by the Trump administration, outlines a roadmap with over 90 federal actions across three pillars—accelerating AI innovation, building U.S. AI infrastructure, and asserting international AI leadership through exports and technology alliances.

The Chip Security Act: A Bipartisan Solution to Chip Smuggling

The Chip Security Act, introduced by U.S. lawmakers, mandates that export‑controlled AI chip makers (like NVIDIA) embed on‑chip location‑verification mechanisms to ensure devices go only where they’re authorized—aiming to deter smuggling (especially to China) without deploying intrusive GPS or kill switches.

Why a Government-Led AI-ISAC is a Missed Opportunity

Errol Weiss argues that an AI‑ISAC led by the U.S. government, as proposed in the July 2025 White House AI Action Plan, represents a missed opportunity, because government-led initiatives tend to be bureaucratic, slow, less innovative, struggle to win private-sector trust and buy‑in, risk duplicating existing ISAC efforts, and may be perceived as politically biased—undermining effective, rapid, cross-industry intelligence sharing

UK plans to ban public sector bodies from paying ransom to cyber criminals

The UK government is set to ban public sector bodies and operators of critical national infrastructure from paying ransom demands to cyber criminals, as part of a wider package also mandating mandatory reporting for other organisations planning to pay, aimed at dismantling the ransomware business model and protecting essential services from dangerous disruptions.

Microsoft probing if Chinese hackers learned SharePoint flaws through alert, Bloomberg News reports

Microsoft is investigating whether a leak from its Microsoft Active Protections Program (MAPP)—which provides early vulnerability alerts to security partners—may have enabled Chinese-aligned hackers (Linen Typhoon, Violet Typhoon, and Storm-2603) to exploit critical zero‑day flaws in on-premises SharePoint servers before Microsoft fully patched the software, fueling a global espionage and ransomware campaign.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)

00:00 Intro

3:23 Cybersecurity stocks: why now might be the time to buy?

8:55 AI in cyber investment and business

29:28 Microsoft is moving antivirus providers out of the Windows kernel

34:29 New AI Malware PoC Reliably Evades Microsoft Defender

37:08 VSCode Fork; Putting Millions at Risk

43:39 Extensions turn Trojan and infect 2.3M Chrome and Edge users

54:20 US government takes down major North Korean ‘remote IT workers’ operation

1:06:06 Phishing Training Doesn't Work

Cybersecurity stocks: why now might be the time to buy?

https://moneyweek.com/investments/tech-stocks/buy-cybersecurity-stocks

AI Is Driving A Shift Towards Outcome-Based Pricing

Cloudflare will now, by default, block AI bots from crawling its clients’ websites

Microsoft is moving antivirus providers out of the Windows kernel

https://www.theverge.com/news/692637/microsoft-windows-kernel-antivirus-changes

New AI Malware PoC Reliably Evades Microsoft Defender

https://www.darkreading.com/endpoint-security/ai-malware-poc-evades-microsoft-defender

Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk

https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44

Massive browser hijack: extensions turn Trojan and infect 2.3M Chrome and Edge users

https://cybernews.com/security/chrome-edge-hijacked-by-eighteen-malicious-extensions

US government takes down major North Korean ‘remote IT workers’ operation https://techcrunch.com/2025/06/30/us-government-takes-down-major-north-korean-remote-it-workers-operation/

We've All Been Wrong: Phishing Training Doesn't Work

https://www.darkreading.com/endpoint-security/phishing-training-doesnt-work

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway

00:00 Intro

03:17 Banks call out US Treasury's cybersecurity failures

28:54 SEC scraps proposed cybersecurity rules

38:05 What makes AI Security different

Banks Challenge Treasury on Cybersecurity Failures. A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt private-sector cybersecurity standards, decentralize sensitive data, enforce rapid breach notifications, and streamline data collection following high-profile email breaches at federal regulators. https://www.theglobaltreasurer.com/2025/06/10/banking-groups-demand-regulator-cybersecurity-standards/

SEC scraps proposed cybersecurity rules for investment advisers, market participants. The U.S. Securities and Exchange Commission (SEC) has scrapped proposed cybersecurity regulations targeting investment advisers, funds, and market participants. The withdrawal reflects pushback from the financial industry, which cited concerns over compliance burdens and regulatory overlap. Critics argue the move weakens oversight as cyber threats continue to rise across the financial sector. https://www.cybersecuritydive.com/news/sec-withdraw-cyber-rules-investment-advisers-funds/750786/

Exclusive: New Microsoft Copilot flaw signals broader risk of AI agents being hacked—‘I would be terrified’. A newly discovered vulnerability in Microsoft’s Copilot platform—dubbed “Echoleak”—allows malicious actors to extract private user data from AI agent interactions. The flaw underscores the broader risks associated with AI-powered assistants, particularly as they become more deeply embedded in enterprise workflows. Experts warn this class of attacks could signal a new era of AI exploitation. https://fortune.com/2025/06/11/microsoft-copilot-vulnerability-ai-agents-echoleak-hacking/

Hosts:

• Jerry Perullo (Founder, https://adversarial.com/)
• Sounil Yu (Founder, https://www.knostic.ai/)
• Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)