Security Intelligence

We’ve all heard tales of what lurks on the dark web. Black markets dealing in contraband. Roving criminal gangs. Troves and troves of private data for sale. Much, much worse.

Thankfully, most of it’s fake. The real trouble is figuring out what isn’t.

In this episode of Security Intelligence, Senior Threat Intelligence Analyst Robert Gates helps us untangle the web of lies that cybercriminals spin on the dark web—the lies they tell their victims, their customers, and even themselves.

By walking us through a few real-world investigations—including a panicked airline that thought it had been breached and the still-unsolved case of a hacker who may or may not have stockpiled millions of sensitive records—Robert shows us how threat intelligence experts and cybersecurity pros separate fact from fiction.

The dark web can be your most reliable early warning system. But only if you know how to use it.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Read more about the dark web → https://www.ibm.com/think/topics/dark-web
Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

Sophos let OpenClaw run wild on its network (sort of). It wasn’t as bad an idea as it sounds!

With a few guardrails and restrictions in place, the security software firm turned OpenClaw into a serious little pen tester, surfacing “23 actionable, high-quality findings.”

But is this a sustainable model for introducing AI agents to the security process? And how do we deal with the inevitable friction between a model meant to find exploits and the guardrails telling it to do no harm?

This week, host Matt Kosinski and panelists Claire Nuñez, Dave McGinnis and Kimmie Farrington discuss the wisdom and folly of letting an AI agent pen test your system.

Plus: We dig into Bruce Schneier’s thoughts on “security in the age of instant software” and a report from CipherCue that ransomware is growing three times faster than security spending.

All that and more on Security Intelligence.

Segments:

00:00 – Intro

1:07 -- OpenClaw as a pen tester

14:23 -- Cybersecurity for instant software

25:36 -- Ransomware outpaces security spending

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Learn more about how enterprises confront agentic attacks → https://newsroom.ibm.com/2026-04-15-ibm-announces-new-cybersecurity-measures-to-help-enterprises-confront-agentic-attacks
Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

Earlier this week, OpenAI dropped GPT-5.4-Cyber, a “cyber-permissive” variant of GPT-5.4 .

Basically: It's lets you do some things in the name of security research and defense that you can’t normally do with a regular GPT model.

But you have to prove you’re a cybersecurity pro with good intentions to get access.

On this bonus episode of Security Intelligence, Jeff Crume and Martin Keen join host Matthew Kosinski to break down what the new model means for cybersecurity and the big picture trends driving the evolution of LLMs.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

#GPT-5.4Cyber #OpenAI #AISecurity

Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

Where does that leave the rest of us, who don’t get to tinker with perhaps the most advanced model yet?

This week on Security Intelligence, Sridhar Muppidi, Michelle Alvarez, and Dustin “EvilMog” Heywood join host Matt Kosinski to discuss what Mythos and Glasswing really mean for the average security pro.

How much is hype? How much is the real deal? And how could this limited release backfire?

Then: The FBI’s 2025 Internet Crime Report saw scam losses jump 26%, and Accenture found a 127% increase in malicious hackers trying to recruit the employees of their targets.

All that and more on Security Intelligence.

00:00 – Intro
1:22 -- Claude Mythos and Project Glasswing
12:26 -- The 2025 Internet Crime Report
20:19 -- Attackers recruiting more insiders

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Read more about AI raising cybersecurity stakes → https://www.ibm.com/think/news/anthropic-claude-ai-mythos-project-glasswing-raises-stakes-cybersecurity
Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

What happens when one of the world’s most popular AI coding tools falls into the wrong hands?

On this episode of Security Intelligence, Nick Bradley, Dave Bales and JR Rao discuss the Claude Code source code leak. Attackers are already using the opportunity to spread malware through fake repos, but the real question is how threat actors might use their newfound knowledge of Claude Code’s internals to wreak havoc on AI agents and the CI/CD pipeline.

Then, we follow up on our old friends TeamPCP, Shiny Hunters and Lapsus$, whose overlapping data breach claims are causing no small amount of confusion and consternation among security pros. We examine the credential rotation problem and the uneven security surface of modern supply chains that helped get us in this mess.

Plus: Threat intelligence usually focuses on attacks that did happen. But what if we started talking about the ones that didn’t? And do cybercriminals have anything to teach us about “mature” AI adoption? Some big names seem to think so.

All that and more on Security Intelligence.

Segments:

00:00 – Introduction
1:12 -- The Claude Code leak
11:19 -- TeamPCP’s breach spree
21:21 -- “Close-call” databases
29:28 -- Cybercrime and AI adoption

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Visit the Security Intelligence the podcast page → https://www.ibm.com/think/podcasts/security-intelligence

Explore to securely deploy and operate agentic AI workloads at runtime → https://ibm.webcasts.com/starthere.jsp?ei=1755597&tp_key=10f0b8919a&sti=inbound