Data Security Decoded

AI is changing how malware is built—and how it’s caught. In this episode, Caleb Tolin is joined by Amit Malik, Staff Security Researcher at Rubrik Zero Labs, to unpack how large language models are transforming malware analysis, enabling defenders to sift through thousands of samples and surface truly novel threats. From Chameleon malware abusing WSL to AI-generated attack code, this conversation explores what real data resilience looks like in an AI-driven threat landscape.

What You’ll Learn


How LLMs help analysts move from syntax-level review to intent-based malware analysis


Why processing thousands of samples daily requires AI-assisted triage and clustering


How attackers are abusing WSL and cloud-native environments to evade detection

What AI-generated, dynamically delivered malware code means for traditional defenses


Where LLMs excel—and where human validation remains essential

Why resilience matters more than speed in AI-driven security operations

Episode Highlights

[00:00] AI-generated malware and shrinking attacker footprints

[03:30] Why Rubrik Zero Labs built an LLM-driven malware analysis system

[05:45] Scaling from 6,000 samples to 20 worth investigating[07:40] Extracting malware “business logic” before sending code to LLMs

[10:05] Chameleon malware abusing Windows Subsystem for Linux

[13:00] APT-linked Linux RATs and what sophistication signals intent

[15:00] LLM hallucinations and the need for human verification

Episode Resources


Rubrik Zero Labs Research Reports

In this episode of Data Security Decoded, Cybersecurity veteran Dawn Cappelli joins host Caleb Tolin to unpack the rapidly evolving threat landscape facing operational technology environments. With decades of experience spanning CERT, Rockwell Automation, and now Dragos, Dawn breaks down how geopolitical conflicts, empowered hacktivists, and ransomware are reshaping OT risk. She shares the five critical ICS controls every organization should prioritize and discusses why community-driven defense models are now essential for resilience. A must-listen for leaders responsible for critical infrastructure, manufacturing, and industrial cybersecurity.

What you'll learn:

How global conflicts have dissolved previous norms that protected critical infrastructure from cyber retaliation.

Why hacktivist groups are becoming more dangerous — and how state actors quietly support them.

The five highest-impact ICS security controls and where most organizations fail.

Why OT environments remain decades behind IT security — and what leaders must immediately address.

How ransomware operators target manufacturing and critical infrastructure for maximum leverage.

The risks of insecure remote access and unmanaged third-party connections.

How OT-CERT and community defense can uplift organizations with limited resources.

Episode Highlights:

00:00 – Opening + Guest Introduction Caleb introduces Dawn and frames her decades of OT and insider threat leadership.

02:00 – Dawn’s Early Journey into OT and Security How nuclear engineering, the CDC bioterrorism portal, and 9/11 sparked her cybersecurity mission.

05:00 – Founding the CERT Insider Threat Center Inside the origin story and its impact on insider risk theory.

07:00 – Moving to Rockwell: The Hidden OT Backdoor Risk Why insider sabotage in OT environments was a turning point in her career.

08:00 – The Geopolitical Shift in OT Threats How Russia–Ukraine changed everything about attacking critical infrastructure.

10:00 – The Rise of State-Aligned Hacktivists Why groups like Cyber Avengers now have real disruption capability.

13:00 – The SANS Five ICS Controls Dawn breaks down the controls that prevent and detect most attacks.

17:00 – Ransomware Trends in OT Why manufacturing is a prime target and how attacks are evolving.

19:00 – The Promise and Peril of Agentic AI in OT Why autonomous agents could cause catastrophic outcomes.

21:00 – OT-CERT: Free Global Resources How Dragos is empowering organizations worldwide with practical support.

Episode Resources:

Information on OT-CERT: OT-CERT

Register for OT-CERT: Register for Dragos OT-CERT | Dragos

Information on Community Defense Program: Community Defense Program | Dragos

Register for Community Defense Program: Register for Dragos Community Defense Program | Dragos

SANS Five ICS Cybersecurity Critical Controls: The Five ICS Cybersecurity Critical Controls

In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk.

What You’ll Learn 


How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions.


Why dependency chains dramatically amplify both exposure and attacker leverage.


How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption.


Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns.


Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture.

Episode Highlights

00:00 — Welcome + Why Software Supply Chain Risk Matters

02:00 — Hayden’s Non-Cyber Passion + Framing Today’s Topic

03:00 — Why Open Source Powers Everything—and Why That Creates Exposure

06:00 — The Real Attack Vector: Contribution as Initial Access

08:00 — Inside the Indonesian “Fake Package” Campaign

10:30 — How to Evaluate Code + Contributor Identity Together

12:00 — Threat Hunting and AI-Enabled Code Interrogation

15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components

16:30 — How Recovery Works When Malware Is Already in Your Stack

19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security

22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices

24:00 — Where to Learn More About Hunted Labs

Episode Resources


Hunted Labs — https://huntedlabs.com


Hunted Labs Entercept


Hunted Labs “Hunting Ground” research blog


Open Source Malware (Paul McCarty)

Welcome to Data Security Decoded. Join host Caleb Tolin in conversation with Morgan Adamski who leads Cyber, Data, and Tech Risk at PwC and is a former US national security leader who spent 16 years tracking nation-state threats inside the US government. Coming out of a career spent inside secure facilities without windows or phones and working to address China’s prepositioning in US critical infrastructure, Morgan shares a direct view of how geopolitics is now shaping cyber risk decisions in boardrooms.

What You'll Learn:


Why only 24% invest in proactive defense, even while 60% call cyber a top priority


How AI agents are cutting breach timelines to under 80 days


Why cyber insurance is now a hygiene scorecard, not just financial protection


The real reason leaders lack confidence in resilience


Where legacy systems and supply chain dependencies expose blind spots


How public–private collaboration changed the response to China’s infrastructure campaign


What CISOs must confront now to avoid being blindsided by the next crisis

The conversation gives security leaders and decision-makers a clear view of where current strategies fall short and the choices required to build real resilience before the next crisis forces it.

Episode Highlights:

[03:43] Why China prepositions inside US critical infrastructure to trigger disruption and panic in a crisis

[04:20] Collective defense in action: how victims and industry exposed the campaign

[09:27] The truth behind cyber budgets: only 24% invest in proactive defense

[11:57] How AI agents are shortening breach lifecycles to under 80 days

[13:07] Why cyber insurance is now a security scorecard, not a safety net

Episode Resources


Caleb Tolin on LinkedIn


Morgan Adamski on LinkedIn

PwC’s 2026 Global Digital Trust Insights report

In this episode of Data Security Decoded, join host Caleb Tolin as he welcomes back Joe Hladik, Head of Rubrik Zero Labs, to unpack the findings from their new report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, Joe breaks down how the explosion of non-human identities, from API keys to AI agents, is rewriting the threat landscape and forcing security leaders to rethink the perimeter itself.

He explains why identity resilience is the new foundation of cyber defense, how to prioritize recovery when every system matters, and what steps teams can take now to stay ahead of emerging agentic AI-driven attacks.

What You'll Learn:


Why identity has replaced the network as the modern security perimeter


How non-human identities outnumber humans 82 to 1, and what that means for control and monitoring


Practical steps to build recovery plans around dependency mapping and minimal viable operations


Why ransom payments remain high and how better resilience planning can reverse that trend


How threat actors exploit backup systems to gain total business leverage


What agentic AI really means for cyber defense and how to prepare for its impact

The episode offers a clear framework for leaders to transform identity resilience from a reactive measure into a proactive pillar of enterprise security.

Episode Highlights:

[05:13] The 82:1 Ratio: Why Non-Human Identities Now Define Risk

[07:03] Prioritizing Recovery: Building for Minimal Viable Operations

[10:53] Declining Recovery Confidence and the Rise of Ransom Payments

[15:46] Backups Under Attack: How Threat Actors Seize Business Control

[16:32] Agentic AI and the Shifting Nature of Cyber Threats

[25:32] What Defenders Can Do Now to Build Identity Resilience

Episode Resources

Caleb Tolin on LinkedIn

Joe Hladik on LinkedIn

Rubrik Zero Labs report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats