Videos

In this edition of Between Two Nerds, Tom Uren and The Grugq discuss whether cyber organisations should be separated from Signals Intelligence organisations. The Grugq argues that having cyber expertise subordinate to intelligence collection means that many opportunities are never explored.

Tom Uren and James Wilson talk about the Five Eyes cyber security agencies warning about the arrival of AI-enabled cyber threats. The call-to-action is driven by the recognition that it is no longer possible to limit AI’s offensive cyber security capabilities to benign actors. The genie is out of the bottle, regardless of export controls on frontier models.

They also discuss the progress of Operation Endgame, the multinational joint operation that has been disrupting the cybercriminal ecosystem. It’s been a great success, but criminal enterprises bounce back. Keeping a lid on cybercrime will require continuous disruption programs.

On this week’s show special guest co-host Rob Joyce joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Rob served as an advisor to Donald Trump during his first term as president and also served at NSA for 34 years. While at the agency, Joyce led Tailored Access Operations (TAO), and later became NSA’s Director of Cybersecurity.

They cover:

• The surprisingly well done Fortibleed campaign
• Stolen Klue OAuth tokens lead to Salesforce data theft
• OpenAI wants to patch the planet
• runZero gets acquired by Accenture, congrats HD Moore!
• Much, much more!

In this podcast Patrick Gray and James Wilson chat with Decibel Partners founder and Managing Partner Jon Sakoda to talk about pitching cybersecurity startups to VC firms in the AI age.

Coding agents and large language models have made it easier than ever to create software products, but despite this, the bar for what interests an investor is still largely the same. Everyone can run the marathon, but it’s usually the same few folks who finish first.

So tune in to hear Jon share with us his wisdom on when to start the conversation with investors, how to leverage the experience of the founder community, and what founders should watch out for.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the idea that the People’s Republic of China has mobilised its influence operations against the construction of US data centres and its build out of AI capacity.

Tom Uren and James Wilson talk about Anthropic rolling out its latest models only to have them effectively banned by the US government within days. Although the administration’s process for assessing new models is, ahem, amorphous, Anthropic is doing itself no favours by dismissing its concerns. The company needs to show some emotional intelligence and learn how to manage upwards.

They also discuss Section 702 Foreign Intelligence Surveillance Act collection. The law authorising it has lapsed amidst political shenanigans, but it looks like collection can continue until next year. Plenty of time for kicking of political footballs!

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”
• Why “guardrails” won’t keep the world safe from your AI doomsday machine
• The FISA 702 statute expired, but the spying can (probably) continue!
• NPM v12 delivers some protection against supply chain attacks, but not enough.
• Microsoft has a series of bugs that prevent Windows Update from … updating
• Much, much more!

This episode is also available on YouTube

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that tackle adversaries.

Tom Uren and James Wilson talk about the European Union’s digital sovereignty push. A divorce from US tech giants is on the cards, but building sovereign infrastructure and chip capacity will be hard. From an American perspective this is an entirely predicable own-goal. You can have internationally competitive tech giants or you can have an aggressive and coercive foreign policy. You can’t have both at the same time.

They also discuss the reanimated corpse of NSO Group. It’s in a hole, but it just keeps digging.

On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.

They cover:

• Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them
• Meanwhile, researchers are choosing full disclosure instead of engaging MSRC
• Meta’s AI support agent allowed a staggering 20,000 accounts to be stolen!
• Apple pulls Russia’s MAX messenger from the App Store and disables notifications
• Anthropic gives the public our first Mythos-class model but it won’t do cybersecurity work…