Podcasts

In this podcast episode James Wilson and Brad Arkin talk about how to safely use open weight large language models in the enterprise. The cost of frontier models was already driving interest in freely available open weight models like DeepSeek, Kimi and Qwen. But now the US government is forcing Anthropic to pull its Fable and Mythors models from the market, the argument for having greater control over your own AI stack is stronger than ever.

But as you’ll hear in this episode, the model itself is just one component of the complex tech stack you’ll need to spin up if you want local inference. There’s a lot of moving parts, each of which comes with its own supply chain risks.

So whether you’re hosting these models on your own hardware or via a SaaS provider, there’s a lot to ponder!

A LOT of Fortinet creds have leaked online, Canada’s spy agency allowed to remove a botnet from Canadian devices, a supply chain attack hits the Mastra AI framework, and Europol disrupts SocGolish.

Tom Uren and James Wilson talk about Anthropic rolling out its latest models only to have them effectively banned by the US government within days. Although the administration’s process for assessing new models is, ahem, amorphous, Anthropic is doing itself no favours by dismissing its concerns. The company needs to show some emotional intelligence and learn how to manage upwards.

They also discuss Section 702 Foreign Intelligence Surveillance Act collection. The law authorising it has lapsed amidst political shenanigans, but it looks like collection can continue until next year. Plenty of time for kicking of political footballs!

This episode is also available on YouTube

66 members of the Silver Fox cybercrime group arrested in China, the EU will help Ukraine in the event of a major cyberattack, MS-ISAC loses 70% of its members after a DHS funding cut, and S-BOMs are still not widely adopted.

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”
• Why “guardrails” won’t keep the world safe from your AI doomsday machine
• The FISA 702 statute expired, but the spying can (probably) continue!
• NPM v12 delivers some protection against supply chain attacks, but not enough.
• Microsoft has a series of bugs that prevent Windows Update from … updating
• Much, much more!

This episode is also available on YouTube

In this solo podcast episode, James Wilson breaks down the current state of AI model jailbreaks.

If you’ve somehow missed the story, last week Anthropic released its Fable 5 and Mythos 5 models to the public. In the name of safety, both models were guardrailed up the wazoo, but that didn’t stop a bunch of jailbreakers from figuring out how to bypass at least some of their safety restrictions.

In response to these guardrail bypasses the White House issued an export control directive on the models, citing national security concerns. But was the Trump administration right to do this? Do these jailbreaks represent a threat to the security of the USA, or was the export restriction overkill? Tune in to find out!

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that are intended to confound adversaries.

This episode is also available on YouTube.

Almost 2,000 Arch Linux packages have been infected with malware in a supply chain attack, FISA surveillance powers expire for the first time since 2008, the FBI takes down a Chinese phishing service, and a major supply chain attack hits the WordPress ecosystem.

In this Risky Business sponsored interview, Catalin Cimpanu talks with Brandon Dixon, co-founder and CTO of Ent AI, about the company’s innovative use of local LLMs to track user behavior on the endpoint, and add context to suspicious events to detect or prevent malicious activity.

In this podcast episode, James Wilson is joined by Open Source Malware Security co-founder Paul McCarty to talk about the supply chain attack mitigations coming in NPM v12.

NPM disabling (by default) auto-run install scripts and dynamic dependencies is a positive step forward… but it’ll take years for this new version to be adopted, and these changes do nothing to prevent malicious packages being imported into projects.

Further, Paul thinks disabling these features by default will introduce friction that will cause them to be re-enabled. When the choice is “this builds” and “this is less prone to malware”, the former will always win.