Podcasts

On this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including:

• The US government is mad as hell about Chinese firms stealing American AI technology
• Dmitri has an opinion or two about the US selling Nvidia chips to China
• Speaking of Chinese AI, Kimi’s new 2.6 is very interesting
• The US sanctions a Cambodian senator for earning mega bucks through scam compounds
• And a ransomware family is promoting itself as being … quantum-safe?

This week’s show is sponsored by Trail of Bits. CEO and co-founder Dan Guido chats to Pat about how private inference works and Trail of Bits’ audit of WhatsApp’s private AI setup.

This episode is also available on Youtube.

In this solo episode of Risky Business Features James Wilson explores how distillation techniques are both a legitimate way to train smaller models, as well as a way to steal model capabilities. It’s not just a problem for frontier labs! Any LLM-based product could have its competitive advantage stolen through these attacks.

James covers:

• High-level concept of distillation
• Why it matters including close/open-weight/open-source explanation
• Types of distillation and the prompts used
• The distillation pipeline end to end
• Distillation at scale and mitigation techniques
• Hardware resource constraints for distillation

Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a Scattered Spider hacker was arrested in Finland.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the North Korean hack of Drift can tell us about the future of hacking.

This episode is also available on YouTube.

A fingerprinting technique can track Tor users, Intellexa had an American exploit provider, the US accuses China of copying its AI, and the US router ban also covers WiFi hotspots.

In this Risky Business sponsored interview Casey Ellis chats to RunZero’s founder and CEO HD Moore about RunZero’s new release: 4.9. It drops this week and doubles down on OT scanning. Animated world and network maps add another layer to visualisation and for those that have been asking: yes, there’s a dark mode.

Sean Plankey withdraws his CISA Director nomination, Russians hacked the Bundestag President, Discord users gain unauthorised access to Anthropic’s Mythos, and the US sanctions a Cambodian senator for running cyber scam compounds.

In this episode, Anthropic’s Nicholas Carlini joins Patrick Gray and James Wilson to talk about advancements in AI-driven vulnerability research and exploit development.

Nicholas’ talk at the recent [un]prompted conference demonstrated how Anthropic’s Opus 4.6 could find and exploit vulnerabilities in popular open source projects. In the short few weeks since then, Anthropic announced a new model that’s already identifying hundreds of bug fixes across critical software. Nicholas talks us through the work he does at Anthropic, what’s possible and the limitations with current frontier models, and where this goes from here.

This episode is also available on YouTube

Tom Uren and James Wilson talk about the French criminal investigation into bias and illegal content on X. Elon Musk and former X CEO Linda Yaccarino didn’t appear for voluntary interviews scheduled this week, but refusing meetings won’t make X’s problems go away. European countries are concerned about X’s influence and regulators will be exploring all other options beyond criminal investigations.

They also discuss the fight to renew authorisation of Section 702 collection. It’s a valuable intelligence source, but in the past the FBI pointlessly overused it.

This episode is also available on YouTube

On this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including:

• Vercel got owned, and there’s a few infostealer and compromised employee dots to connect
• Mozilla used Mythos to find 271 bugs, which feels like a sign of the bug-pocalypse
• Speaking of the bug-pocalypse, is that why NIST is noping out of enriching a bunch of bugs?
• The NSA is using Mythos even though the government did that whole Anthropic blacklisting thing
• And DDos attacks hit a couple of smaller-player socials

This week’s episode is sponsored by Permiso. Ian Ahl chats to Pat about the subtle signals Permiso uses to detect ShinyHunters-style activity in cloud and on-prem environments.

This episode is also available on Youtube.